symantec endpoint protection 11.0 update and review

Symantec Endpoint Protection 11.0Update and Review

Endpoint Security Group

September 2008

2

Agenda

New features and improvements in SEP MR2/MR311

22

Upsell/Cross-sell Opportunities33

Selling Tips and Resources44

NEW! Third Party SEP Research Results

Q&A55

3

Symantec Endpoint Protection MR2

• Applications • Windows 2008 support (client)• Windows Vista SP1 support (client)

• MSFT NAP Framework

• Enhanced Device Control Support

• Performance• Fixed port leaks

• Optimized/fixed disk space utilization (LiveUpdate, database, AV Logs)

• Reduced CPU utilization

• Client communication speed improvement

• Functionality/Usability

• Stability – Reduced the amount of crashes and errors that appear

on the screen

• Communication and Connectivity– Improved communication between SEPM and SEP client

•Resolved inconsistent scanning of files on SEP client • Improvements to SEPM console home page include all charts displayed properly, all agents and agent status appear correctly • Fixed site and agent replication issues • Fixed ClientRemote Utility • Optimized creation of group folders so that they can be created in a timely manner • Optimized performance of Active Directory synchronization to avoid database deadlocks • Minimized boot time on SEP client by optimizing Symantec processes during startup • Device control enhancements that permit more specific granularity of choices i.e. Vendor Device ID

4

SEP 11.0 Maintenance Release 3 (MR3) enhancements

5


• Improved Client Performance• Significant Boot Time improvement

• Reduced Virtual Memory

• Reduced Application Load time

• Improved Management Server Performance• Reduction in resources with new delta creation process

• Smaller incremental virus definitions

• Improved Reporting Management– Additional information added and easier to read

• IIS Custom website now utilized• More secure

• Avoid Conflicts

• Virtualization Support• Randomize Client connections to SEPM for obtaining

Content Updates

• Scalability Controls• Group Update Provider modifications

• Other• SNAC trialware now included!

Boot Time

• Significant boot time impact improvement

• Utilize persistent cache of known good files between reboots

• Delayed loading of definitions reduces memory usage by 60MB when not on-demand scanning

• Reduced On Disk Footprint: 284MB

• Less disk I/O• Reduced thread count

Comparisons based on Symantec internal tests on a test system of 1.0 Ghz CPU and 256MB RAM.

Competitive Boot Time (seconds)

• McAfee VirusScan Enterprise 8.5i• McAfee AntiSpyware Enterprise 8.5• McAfee HIPS 7.0• McAfee SiteAdvisor 1.5

Comparisons based on Symantec internal tests using competitive trialware for the products referenced above .

Application Load Time (seconds)


Comparisons based on Symantec internal tests using competitive trialware for the products referenced above on a test system of 1.0 Ghz CPU and 256MB RAM.

Website Load Time (seconds)


Comparisons based on Symantec internal tests using competitive trialware for the products referenced above on a test system of 1.0 Ghz CPU and 256MB RAM.

• Utilizes a new delta creation process called X-Delta.

• Typically delta creation takes seconds instead of minutes (as was the case with MR2 and previous).

• Managed clients must be running MR3 also for this X-Delta process to work.

• Previous process (mdef25builder )is still present and utilized for all preMR3 managed clients.

Improved Management Server Performance

Symantec Endpoint Protection 11.0 – MR3 and Beyond… 10

Significant reduction in resource usage during delta content creationExample shows a one month delta being created (in seconds)

11

SEPM Performance MR3 vs. MR2

Symantec Endpoint Protection 11.0 – MR3 and Beyond…

Significant speed improvement…

Smaller delta sizes in certain cases…

SEPM Performance MR3 (X-Delta) vs MR2

Symantec Endpoint Protection 11.0 – MR3 and Beyond… 12

Time in seconds

• Content download more virtualization friendly.

• Configurable option to randomize when client will pull content from SEPM after it is available on the server.

• Ensures less chance of heavy disk I/O due to the SEP client on different VMs loading new content at the same time.

13

Content Download Randomization


• Control # days content is stored

• Control amount of disk space used on client

• Configure client to never bypass GUP

– Configure the hours and days clients will wait for GUP until the download directly from SEPM

– Configure client to never bypass so that traffic is minimized

• Increased Scalability of client to GUP ratio

– Now officially supports up to 1000 clients

– Configurable thread pool used to serve clients (10-1000)

14

GUP Enhancements


15

• Allows admin to have control over specific policies

• AntiVirus and AntiSpyware

• Firewall

• Intrusion Prevention

• Application and Device Control

• Centralized Exceptions

• Host Integrity

• Policies not selected, will not appear in UI

• All policies enabled by default

• Policies filtered in Clients and Policy Library

Granular Roles Administration


• More secure because we only enable the options we need.

• Previous website (IIS default) enabled many options, was more prone to vulnerability and attack.

• Custom helps avoid conflicts with other apps or specific configuration which are used with the default website.

16

IIS custom website now utilised by default


17


• LiveUpdate in SEPM• Automatic download of new releases to the SEPM console via

LiveUpdate

• Virtualization Support• Randomize Client connections to SEPM for obtaining Content

Updates

• Scalability Controls• Group Update Provide modifications

• Other• SNAC SE trialware now available

• And more!!!

18

MR3 Beta Customer

“ Great news… I have created a Pilot group on the management server … We have heard great feedback at this point. Pre MR3 reports of 30 minutes from startup to usability to presently not even noticing it is running at startup are good signs.. Additionally, sluggishness during full scans has dropped dramatically… I would like to pilot a larger group on the MR3 but for now, I am getting very positive feedback…”

•US Financial Services company specializing in tax services

19

The Tolly Group: Impact on Office Productivity

Productivity Impact

• Highlight Symantec’s strengths vs. McAfee

– Less impact on typical office usage

– Faster open and save time for Word and PowerPoint

• The Test

– Symantec Endpoint Protection11.0 vs. McAfee Total Protection for Endpoint bundle

– Measure time to open and save 5MB Microsoft Word file

– Measure time to open and save 20MB Microsoft PowerPoint file

• The Result

– Better Open and Save times when compared to McAfee

20

Productivity Impact

Microsoft Office 2007/Vista File “Open” Times(Increase Over Unprotected System)

Source: The Tolly Group – Symantec Endpoint Protection vs. McAfee Total Protection for Endpoint Page 1 (08/2008)

Productivity Impact

Microsoft Office 2007/Vista File “Save/Close” Times(Increase Over Unprotected System)

Source: The Tolly Group – Symantec Endpoint Protection vs. McAfee Total Protection for Endpoint Page 1 (08/2008)

23

Up selling Customers to SMP

Symantec™ Multi-tier Protection 11.0• Symantec Endpoint Protection 11.0 • Symantec AntiVirus for Macintosh & Linux• Symantec Mail Security for Domino & MS Exchange • Symantec Mobile AntiVirus for Windows Mobile (NEW!)• SMS 8300 Software Subscription (AV & AS) (NEW!)• Premium Antispam (NEW!)

Heterogeneous protection for larger organizationsHeterogeneous protection for larger organizations

24

&ANSWERSQUESTIONS

symantec endpoint protection 11.0 update and review

Technology