1 / 32

Endpoint compliance & security in the boundless enterprise

Endpoint compliance & security in the boundless enterprise. Vulnerability—Exploit Gap Decreasing. 5 variants, 359,000 machines infected. Vulnerability Announced. 75 variants, 500,000+ machines infected. 17 variants, 1,000,000+ machines infected. Days Until First Attack.

hess
Download Presentation

Endpoint compliance & security in the boundless enterprise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Endpoint compliance & security in the boundless enterprise

  2. Vulnerability—Exploit Gap Decreasing 5 variants, 359,000 machines infected Vulnerability Announced 75 variants, 500,000+ machines infected 17 variants, 1,000,000+ machines infected Days Until First Attack

  3. Vulnerabilities in the Enterprise Vulnerabilities Exploited—Gartner Misconfiguration Agent + PFW + Host Integrity Old Patch Recent Patch New Vulnerability Agent+PFW+Host Integrity IPS 0-Day

  4. Complexity Vulnerability Lack ofControl Inefficiency Endpoint Protection Challenges Increasingly Complex IT Infrastructure • Diverse devices, access points, users,agents, applications Exploits are attacking at every layer • Operating System, Application, Network, Device • Spreading faster than patches or signatures Difficult to control w/out curtailing benefits • Wireless, Guests, Outsourcing, Mobility, USB, IM, Rogues Traditional security products aren’t efficient • 99% have AV–68% get viruses • New agent for every threat, poor management, no integration • Enterprises have to choose between security and productivity

  5. Traditional Enterprise Security Has Been Circumvented Ex: Zero-Day Worm Perimeter Firewalls • Can’t block access to ports used for legitimate purposes • Packet scanning only effective against recognizable signatures Network Intrusion Detection • Can only reliably detect worms after they have compromised some systems and are actively spreading Basic Personal Firewall • Can’t lockdown the system enough to prevent worms from actinglike authorized applications or traffic Patch Management Solutions • Window of vulnerability prior to patch being applied/configured • Not effective against unknown attacks Antivirus Alone • Damage is done by the time the virus definition is deployed Comprehensive NAC and Host-based Intrusion Prevention capabilities are required…

  6. Most Common Sources of Worm Attacks In your experience, what were the most common sources of the automated Internet worm attack(s)? (N=251) Carried in on a laptopof an employee 43% Protection (Firewall , HIPS), NAC (802.1x, DHCP, CNAC) 39% Directly from the Internetthrough the firewall Protection (Firewall & HIPS) Carried in on a laptopof a non-employee 34% Guest NAC (On-Demand) Through a VPN-connected home system 27% NAC (Gateway, API, Self) 8% Don’t know 8% Other Source: Enterprise Security Group, January 2005 ESG Research Report, Network Security and Intrusion Prevention

  7. Mass Attacks Networked based threats designed to take advantage of wide spread vulnerabilities Designed to take advantage of as many systems as possible in the least amount of time Motive – Spammers, Script-kiddies, Info theft Payloads – Nuisance, non-destructive Mass & Targeted Attacks Attacks targeted as specific users or class of users. Very limited in scope Multiple attack vectors - Exploitation of unannounced vulnerabilities, Phishing attacks, Insider threats Motive – Extortions, Information theft, organized attackers Payloads – Theft, data export, destructive Endpoints are targeted for entry into the network Targeted attacks are the future Today Future

  8. How it Works: Symantec Endpoint Security & Compliance Process • Define Policy • Discover Policy Compliance • Agent • On-Demand Agent • Network Interrogation • Enforce Network Access • LAN, DHCP, Gateway Enforcer • Self-Enforcement • Infrastructure Integration • Universal Enforcement API • Remediate Non-Compliant Endpoints • Continuous Monitoring • Result is complete protection from known & unknown threats Protect Discover Monitor Enforce Protect Protect Policy Remediate Protect

  9. Symantec’s Newest Endpoint Security Solutions Symantec’s acquisition of Sygateaddresses several new aspects of endpoint protection and compliance Symantec Sygate Enterprise Protection Symantec Critical System Protection Symantec AntiVirus Corporate Edition Symantec Client Security Symantec On-Demand Protection Symantec Embedded Security Symantec Network Access Control

  10. Problem • Malicious code propagation • Theft of sensitive information • Exposure to regulatory penalties Solution • Endpoint compliance and networkaccess control for managed systems • Discovers endpoints and their compliance w/security policies • Leverages existing networks to detect and control access for connected devices • Remediates non-compliant endpoints • Lowers security application management costs using existing network systems Symantec Network Access Control

  11. VulnerabilityDiscovered ExploitReleased PatchAvailable PatchDeployed 0–200 Days 14–90 Days 3 Days to Never Network Access Control Network Access Control and The Vulnerability Lifecycle Behavioral (HIPS) & White List (Firewall) Blacklist (Anti-Virus & IDS Signatures) Patches

  12. Enterprise Network Access Control Requirements • Pervasive Endpoint Coverage • Managed Laptops, Desktops, Servers • Unmanaged Guests, Contractors, Home Computers • Central, Scalable, Flexible Policy Management • Distributed servers, redundancy, data base replication, AD integration • Universal enforcement • (W)LAN, IPSec VPN, SSL VPN, Web Portal • Integration with Existing and Emerging Standards • 802.1x, Cisco NAC, Microsoft NAP, TCG’s TNC • Automated Remediation Process • No user intervention required • Learning mode and discovery tools

  13. Symantec Universal NAC Solution Mobile User SSL VPN On-Demand NAC Wireless On-Demandand 802.1xNAC Mobile User or Guest Ethernet DHCP NAC Wired User In LineNAC IPSec VPN API NAC WANRouter Wired User Ethernet 802.1x NAC HomeUserPartneror Supplier EmbeddedWindows Device Web Application On-Demand NAC Remote Office

  14. Problem • Eavesdropping and theft of data from unmanaged devices • Unprotected or compromised devices connecting to the enterprise via the web • Delivering endpoint security to unmanaged devices (contractors, kiosks, home machines) Solution • On-Demand Host Integrity and Malicious Code Prevention for unmanaged systems • Protects confidential data with a secure encrypted environment and file deletion upon session termination • Prevents viruses/worms by enforcing AV & firewall via endpoint compliance enforcement or malicious code prevention • Lowers TCO on-demand endpoint protection using existing web infrastructure Symantec On-Demand Protection

  15. WAP username ************ Integrated Corporate and Guest Enforcement Corporate Devices • Authenticate using 802.1X/EAP (optional) • Symantec AntiVirus™ & Norton AntiVirus™, Symantec Security Agent, Patches Enforced using LAN Enforcer + 802.1x/EAP • Dynamically assigned to corporate network • Devices remediated if necessary Symantec LAN Enforcer Symantec Policy Manager RADIUS Remediation Internet Wireless Switch Router Guest/Rogue Devices • Authenticate using Web Login • Symantec AntiVirus™, Norton AntiVirus™, Symantec Security Agent, Patches Enforced Symantec On-Demand Agent (Java) • Dynamically assigned to isolated network • Devices remediated if necessary Compliant Quarantined Corporate Laptop Guest

  16. When Do You Need Symantec On-Demand? Thin Client/Server Applications • SSL VPN • Guest Wireless • Webmail • Enterprise Web Apps (ERP/CRM) • Online Banking/E-Commerce • Terminal Services (Citrix) Web-based Applications TraditionalClient/ServerApplications File Share Public Kiosk Traveling Executives Partner Extranet

  17. The Market in Which Symantec On-Demand Plays—Gartner Has Defined the Market… Six Critical Requirements for On-Demand Security: • Client integrity checkers • SODP Host Integrity • Browser cache file cleanup • SODP Cache Cleaner • Behavioral malicious code scanners • SODP Malicious Code Prevention • Personal firewall mini-engines: • SODP Connection Control • Protected virtual user sessions • SODP Virtual Desktop • Dynamic user access policies • SODP Adaptive Policies Source: “Access From Anywhere Drives Innovation for On-Demand Security, Gartner, ID Number: G00126242”, March 21, 2005.

  18. Problem • Propagation of malicious code • Leakage of sensitive information • Lost user productivity • Increased support costs Solution • Comprehensive Firewall, IPS and non-AV Host Protection for managed PCs • Provides industry leading firewall & IPS capabilities • Protects endpoints with easily configured host intrusion prevention • Controls use of peripheral devices • Limits buffer overflow attacks • Simplifies management Symantec Sygate Enterprise Protection

  19. Applications Applications Device Device File Registry File Registry Memory Memory Network Network Symantec endpoint protection capabilities (Symantec Sygate Enterprise Protection for Microsoft Windows) • Process Execution • Application Behavior • Block DLL Loading • SQL Injection • Privilege Escalation • Account Creation • Auto Start • Code Execution • File Integrity • File Access • Registry Control • Anti-Hijacking • Data Theft • Spyware CPU & Kernel CPU & Kernel • Device Control • File Read/Write/Exe • System Lockdown • Rootkits • DoS • Worms • Firewall • IPS • Buffer Overflows • Shatter Attacks • Memory Firewall • NX Emulation

  20. Enterprise-Class Management • Scalable Multi-Server Architecture • Policy and Log Replication • Policy Distribution (Push/Pull) • Configurable Priority/Load Balancing • Policy Management • Group hierarchy w/ inheritance • Manage by computer or user • Reusable policy objects • AD user and group synchronization • Centralized Logging and Reporting • Event forwarding (Syslog, SIMs) • Daily or Weekly E-mailed Reports

  21. Problem • Embedded devices are connected to the network and are susceptible to malicious attacks • Embedded devices are rarely patched or protected • Deploying endpoint security to remote embedded devices Solution • Robust Firewall and IPS for Embedded Systems • Prevents device hijacking via network attacks • Protects from viruses, worms by restricting network access • Lowers TCO by providing endpoint protection for internal devices and business critical devices Symantec Embedded Security

  22. Symantec Embedded Security Applications Gateway/Media Store MedicalDevices Thin Clients Retail POS Set-Top-Box Office Automation Game Platforms IndustrialAutomation Kiosk/ATM

  23. Problem • Propagation of malicious code • Security policy compliance • Increasing costs of monitoring compliance for regulations Solution • Comprehensive Host Intrusion Prevention for managed systems • Locks down system configurations • Protects via control of OS, application and user behaviors • Provides central monitoring & reporting on security events from heterogeneous server platforms Symantec Critical System Protection • Locking down system configurations • Protecting with host intrusion prevention • Centrally monitoring & reporting on security events from heterogeneous server platforms

  24. Applications Applications Events Device Device Monitor & Audit File Registry File Registry Memory Memory Network Network Symantec server protection capabilities(Symantec Critical System Protection for UNIX, Linux & MS Windows) • SQL Injection • Privilege Escalation • Process Execution • Application Behavior • Centralized monitoring & altering • Unauthorized access detection • Regulatory compliance • Centralized monitoring & altering • Automated smart response • Event forwarding & reporting • File Access • Registry Control • Anti-Hijacking • Account Creation • Auto Start • Code Execution • Data Theft • Spyware • Device Control CPU & Kernel CPU & Kernel • System Lockdown • Rootkits • Firewall • DoS • Worms • Buffer Overflow protection • Buffer Overflows • Shatter Attacks

  25. Problem • Protection from viruses, adware and spyware • Removal & repair of risks is inefficient and expensive • Enterprise productivity impact Solution • Detect and eliminate viruses and other security risks • Automatically remove spyware & adware • Centrally managed security policy & software distribution and automated updates Symantec AntiVirus Corporate Edition 10.0

  26. Symantec AntiVirus & Symantec Client SecuritySpyware & Threat Protection Enhancements • Spyware enhancements are included in Symantec AntiVirus Corporate Edition 10.0 and Symantec Client Security 3.0 • Real-time spyware protection • AutoProtect used for detection • Exclusions • Simple exclusions for corporate approved applications • Automatic removal • Files, registry entries, load points • Ease of management • Simplified and familiar management capabilities • Generic Exploit Blocking in Symantec Client Security 3.0 • Reduces the need for virus signatures by protecting exploitable vulnerabilities • Vulnerability protection based on regular IPS signature updates

  27. Latest Progress in Symantec’s Endpoint Protection Against Security Risks and Threats • Continued aggressive development of anti-spyware repairs • Working with third-party testing organizations to create benchmark testing that accurately reflect real world conditions • Fall ‘05 Anti-Spyware Engine Update & SAV Patch (released) • Auto-Protect Blocking of Spyware Installation • Directory removal • HOSTS & Winsock LSP Repairs • Reduced definition size • Daily Definitions • All SAV 10 customers will have new definitions available via LU on a daily basis • No configure changes are needed on SAV 10 management servers except LU schedule • Only ability to download from LU is version restricted • Can push daily defs to all SAV clients from SAV 10 management server

  28. Problem • Protection from viruses, adware and spyware • Proactive protection from blended threats • Defend against network threats Solution • Detect and eliminate viruses and other security risks • Generic Exploit Blocking IPS • Coordinated defense • Centrally managed security policy & software distribution and automated updates Symantec Client Security

  29. Applications Applications CPU & Kernel Device Device File Registry File Registry Memory Memory Network Network • Read, write, create executable scanning • Security risk removal capabilities • Devicescanning • Personal firewall • Genericexploitblocking IPS • AutoProtect real time monitoring Symantec Client Security capabilities • Executablealteration • Auto Start • Load points • Spyware/adware infections • Infectedmedia CPU & Kernel • Retro Viruses • Worms • BlendedThreats • Memory attacks

  30. WholeSecurity Introduction • WholeSecurity is the leading provider of behavioral endpoint protection • Confidence Online technology offers protection against emerging threats without the need for signatures • WholeSecurity provides critical proactive technologies for B-to-C online applications to stop eavesdropping threats & phishing • Malicious code and anti-phishing become new core Symantec technologies • Symantec integration of Confidence Online into Symantec AntiVirus and Symantec On-Demand Protection increases enteprises’ zero-day protection

  31. SAV SCSP SSEP SNAC SCSP SCS SCS SCSP SODP SAV SODP Company users on unmanaged laptops, kiosks, home PCs, etc. SNAC SCSP SODP Business partners on managed or unmanaged endpoints SODP SCSP SCSP SCSP Customers on unmanaged endpoints Portals Mail A Comprehensive Endpoint Solution Suite Mobile Enterprise Corporate Network Datacenter Company users on managed desktops Company users on managed laptops Company users on managed laptops Unix Servers Guest Users on Unmanaged endpoints Windows Servers IPSec VPN SSL VPN Linux Servers DMZ Web Farm

  32. Thank you

More Related