symantec endpoint protection 11.0 overview and architecture silviu popescu symantec product manager...
Post on 18-Dec-2015
229 views
TRANSCRIPT
![Page 1: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/1.jpg)
Symantec Endpoint Protection 11.0 Overview and Architecture
Silviu Popescu
Symantec Product Manager at Omnilogic SRL
![Page 2: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/2.jpg)
2
Symantec™ Global Intelligence Network
> 6,000 Managed Security Devices + 120 Million Systems Worldwide + 30% of World’s email Traffic + Advanced Honeypot Network
Reading, England
Alexandria, VA
Sydney, Australia
Mountain View, CA
Santa Monica, CA
Calgary, Canada
San Francisco, CA
Dublin, Ireland
Pune, India
Taipei, Taiwan
Tokyo, Japan
3 Symantec SOCs80 Symantec Monitored
Countries40,000+ Registered Sensors
in 180+ Countries8 Symantec Security Response Centers
![Page 3: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/3.jpg)
3
Attack TrendsData Breaches
• Information on data breaches that could lead to identity theft. Data collected is not Symantec data.
• The government sector accounted for the majority of data breaches with 25%, followed by Education (20%) and Healthcare (14%) - the majority of breaches (54%) were due to theft or loss with hacking only accounting for 13%.
![Page 4: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/4.jpg)
4
Attack TrendsUnderground Economy Servers
• Trading in credit cards, identities, online payment services, bank accounts, bots, fraud tools, etc. are ranked according to goods most frequently offered for sale on underground economy servers.
• Credit cards were the most frequently advertised item (22%) followed by bank accounts (21%).
• Email passwords sell for almost as much as a bank account.
![Page 5: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/5.jpg)
5
Attack Trends„underground” black trading
![Page 6: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/6.jpg)
6
Finance sector – headlines
http://money.cnn.com/2005/05/23/news/fortune500/bank_info/
![Page 7: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/7.jpg)
7
Finance II
http://www.theregister.co.uk/2007/04/19/phishing_evades_two-factor_authentication/
![Page 8: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/8.jpg)
8
Malicious Code TrendsNew malicious code threats
• In the first half of 2007, 212,101 new malicious code threats were reported to Symantec. This is a 185% increase over the second half of 2006.
• This increase can mainly be attributed to new Trojans such as staged downloaders.
• The first stage of a staged downloader is usually written for a specific target or purpose, resulting in the creation of a very large number of them.
![Page 9: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/9.jpg)
9
’05 Threat Landscape Shift
Threats are indiscriminate, hit everyoneThreats are highly targeted,
regionalized
Threats are disruptive impact visibleThreats steal data & damage brands
impact unclear
Remediation action is technical (“remove”)Remediation more complex, may
need to investigate data leak
Going through perimeter and gateway Going after uneducated network clients and other endpoints
2006 LandscapeCrimeware
2004 LandscapeVirus
Threats are noisy & visible to everyoneThreats are silent & unnoticed
with variants
The Battle has changed
![Page 10: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/10.jpg)
10
Client Firewall
O/S Protection
Buffer overflow &exploit protection
Behaviour Blocking
Devicecontrols
Network IPS
Host integrity & remediation
ProtectionTechnology
Anti-spyware
AntiVirus
NetworkConnection
OperatingSystem
Memory/Processes
Applications
Worms, exploits & attacks
Viruses, Trojans, malware & spyware
Malware, Rootkits, day-zero vulnerabilities
Buffer Overflow, process injection, key logging
Zero-hour attacks, identity theft, application injection
I/O DevicesiPod slurping, IP theft
EndpointExposures
Always on, always up-to-
date
Data & FileSystem
Symantec ConfidenceOnline
Symantec SygateEnterprise Protection
Symantec CriticalSystem Protection
Symantec ClientSecurity
Symantec Mobile Security
Symantec Network
Access Control
SymantecSolution
SymantecAntiVirus
Sym
antec E
nd
po
int P
rotectio
n
Anatomy of Layered Endpoint Protection
![Page 11: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/11.jpg)
Scope of Endpoint Protection
![Page 12: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/12.jpg)
12
Symantec Endpoint Protection - Summary
• The World’s leading anti-virus solution
• More consecutive Virus Bulletin certifications (31) than any vendor
• Best anti-spyware, leading the pack in rootkit detection and removal
• Includes VxMS scanning technology (Veritas)
• Industry’s best managed desktop firewall
• Adaptive policies lead the pack for location awareness
• Sygate and Symantec Client Security
• Behavior-based Intrusion prevention (Whole Security)
• Network traffic inspection adds vulnerability-based protection
• Device control to prevent data leakage at the endpoint (Sygate)
• Protection against mp3 players, USB sticks, etc
• Includes a NAC agent to ensure each endpoint is “NAC-ready” (Sygate)
• Adds endpoint compliance to endpoint protection
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device Control
Network AccessControl
![Page 13: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/13.jpg)
13
Ingredients for Endpoint Security
Symantec Endpoint Protection 11.0
AntiVirus
Antspyware
Firewall
IntrusionPrevention
Device Control
Network AccessControl
Symantec Network Access Control 11.0
![Page 14: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/14.jpg)
14
Ingredients for Endpoint Protection
AntiVirus
AntiVirus
• World’s leading AV solution
• Most (31) consecutive VB100 Awards
![Page 15: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/15.jpg)
15
Few more detailed information ...
Forrás: Andreas Clementi, Antivirus comparative summary report 2006
![Page 16: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/16.jpg)
16
Ingredients for Endpoint Protection
AntiVirus
Antispyware
Antispyware
• Best rootkit detection and removal
• Raw Disk Scan for superior Rootkit protection
Source: Thompson Cyber Security Labs, August 2006
![Page 17: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/17.jpg)
17
Ingredients for Endpoint Protection
AntiVirus
Antispyware
Firewall
Firewall
• Industry leading endpoint firewall technology
• Gartner MQ “Leader” – 4 consecutive years
• Rules based FW can dynamically adjust port settings to block threats from spreading
![Page 18: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/18.jpg)
18
Ingredients for Endpoint Protection
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Intrusion Prevention
• Combines network- and host based prevention
• Generic Exploit Blocking (GEB) – one signature to proactively protect against all variants
• Granular application access control
• Proactive Threat Scans - Very low (0.002%) false positive rate
No False Alarm
False Alarms
16M Installations
Only 20 False Positives for every 1 Million PC’s
![Page 19: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/19.jpg)
19
Ingredients for Endpoint Protection
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device Control
Device Control
• Prevents data leakage
• Restrict Access to devices (USB keys, Back-up drives, MP3)
New Worm - W32.SillyFDC
• targets removable memory sticks
• spreads by copying itself onto removable drives
such as USB memory sticks
• automatically runs when the device is next
connected to a computer
![Page 20: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/20.jpg)
20
Ingredient for Endpoint Compliance
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device Control
Network AccessControl
Network Access Control
• Network access control – ready
• Agent is included, no extra agent deployment
• Simply license SNAC Server
![Page 21: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/21.jpg)
New Key Features
![Page 22: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/22.jpg)
22
Symantec Endpoint Protection Manager Features Overview
Monitoring & Reporting
Email report distribution
Centralized event logging
Customizable report filters
Real-time event viewing
Command system
Network security status view
Notifications view
Event export to SSIM & 3rd-party SIEM solutions
Embedded and MSSQL support
Administration
Centralized, web-based console
Simplified user interface for SMB and enterprises
Role-based access
Administrative domains
Assign rights by user or group
User-defined, multi-tiered groups
RSA SecurID authentication
Policy Actions
Integrated management of all agent components
Single console to define & manage AV, FW, NAC and other policies
Group-based policy application
Reusable policy objects
Centralized setting of exclusions and exceptions
Deployment & Integration
Client Install package builder
Patch & update
Remote agent installation
Import and sync AD users and Org Units
Authenticate admin users via AD
Customizable agent package installation settings
Migration from SAV, SCS, SSEP & SNAC
![Page 23: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/23.jpg)
23
Symantec Endpoint Protection 11Proactuv security solution for endpoints
• The traditional signature based technology is obsolated
• 24 MB memory footprint – full arenal;layered securty
• Network Access Control functionality
– LAN (802.1x), Layer-2 and DHCP
• Device Control
– USB, Fireware, Bloototh, Infrared, SCSI, ...
– „System lockdown” – even the admin can not change ...
• Full, complete integration
– Single management console, centralized log, report
• The price is not a question...
– and this all for unchanged price – in symantec antivirus priceand this all for unchanged price – in symantec antivirus price
![Page 24: Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager at Omnilogic SRL](https://reader038.vdocuments.us/reader038/viewer/2022102616/56649d235503460f949f9c46/html5/thumbnails/24.jpg)
24
© 2006 Symantec Corporation. All rights reserved.
THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE.
Thank You