Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager...
-
date post
18-Dec-2015 -
Category
Documents
-
view
229 -
download
1
Transcript of Symantec Endpoint Protection 11.0 Overview and Architecture Silviu Popescu Symantec Product Manager...
Symantec Endpoint Protection 11.0 Overview and Architecture
Silviu Popescu
Symantec Product Manager at Omnilogic SRL
2
Symantec™ Global Intelligence Network
> 6,000 Managed Security Devices + 120 Million Systems Worldwide + 30% of World’s email Traffic + Advanced Honeypot Network
Reading, England
Alexandria, VA
Sydney, Australia
Mountain View, CA
Santa Monica, CA
Calgary, Canada
San Francisco, CA
Dublin, Ireland
Pune, India
Taipei, Taiwan
Tokyo, Japan
3 Symantec SOCs80 Symantec Monitored
Countries40,000+ Registered Sensors
in 180+ Countries8 Symantec Security Response Centers
3
Attack TrendsData Breaches
• Information on data breaches that could lead to identity theft. Data collected is not Symantec data.
• The government sector accounted for the majority of data breaches with 25%, followed by Education (20%) and Healthcare (14%) - the majority of breaches (54%) were due to theft or loss with hacking only accounting for 13%.
4
Attack TrendsUnderground Economy Servers
• Trading in credit cards, identities, online payment services, bank accounts, bots, fraud tools, etc. are ranked according to goods most frequently offered for sale on underground economy servers.
• Credit cards were the most frequently advertised item (22%) followed by bank accounts (21%).
• Email passwords sell for almost as much as a bank account.
5
Attack Trends„underground” black trading
6
Finance sector – headlines
http://money.cnn.com/2005/05/23/news/fortune500/bank_info/
7
Finance II
http://www.theregister.co.uk/2007/04/19/phishing_evades_two-factor_authentication/
8
Malicious Code TrendsNew malicious code threats
• In the first half of 2007, 212,101 new malicious code threats were reported to Symantec. This is a 185% increase over the second half of 2006.
• This increase can mainly be attributed to new Trojans such as staged downloaders.
• The first stage of a staged downloader is usually written for a specific target or purpose, resulting in the creation of a very large number of them.
9
’05 Threat Landscape Shift
Threats are indiscriminate, hit everyoneThreats are highly targeted,
regionalized
Threats are disruptive impact visibleThreats steal data & damage brands
impact unclear
Remediation action is technical (“remove”)Remediation more complex, may
need to investigate data leak
Going through perimeter and gateway Going after uneducated network clients and other endpoints
2006 LandscapeCrimeware
2004 LandscapeVirus
Threats are noisy & visible to everyoneThreats are silent & unnoticed
with variants
The Battle has changed
10
Client Firewall
O/S Protection
Buffer overflow &exploit protection
Behaviour Blocking
Devicecontrols
Network IPS
Host integrity & remediation
ProtectionTechnology
Anti-spyware
AntiVirus
NetworkConnection
OperatingSystem
Memory/Processes
Applications
Worms, exploits & attacks
Viruses, Trojans, malware & spyware
Malware, Rootkits, day-zero vulnerabilities
Buffer Overflow, process injection, key logging
Zero-hour attacks, identity theft, application injection
I/O DevicesiPod slurping, IP theft
EndpointExposures
Always on, always up-to-
date
Data & FileSystem
Symantec ConfidenceOnline
Symantec SygateEnterprise Protection
Symantec CriticalSystem Protection
Symantec ClientSecurity
Symantec Mobile Security
Symantec Network
Access Control
SymantecSolution
SymantecAntiVirus
Sym
antec E
nd
po
int P
rotectio
n
Anatomy of Layered Endpoint Protection
Scope of Endpoint Protection
12
Symantec Endpoint Protection - Summary
• The World’s leading anti-virus solution
• More consecutive Virus Bulletin certifications (31) than any vendor
• Best anti-spyware, leading the pack in rootkit detection and removal
• Includes VxMS scanning technology (Veritas)
• Industry’s best managed desktop firewall
• Adaptive policies lead the pack for location awareness
• Sygate and Symantec Client Security
• Behavior-based Intrusion prevention (Whole Security)
• Network traffic inspection adds vulnerability-based protection
• Device control to prevent data leakage at the endpoint (Sygate)
• Protection against mp3 players, USB sticks, etc
• Includes a NAC agent to ensure each endpoint is “NAC-ready” (Sygate)
• Adds endpoint compliance to endpoint protection
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device Control
Network AccessControl
13
Ingredients for Endpoint Security
Symantec Endpoint Protection 11.0
AntiVirus
Antspyware
Firewall
IntrusionPrevention
Device Control
Network AccessControl
Symantec Network Access Control 11.0
14
Ingredients for Endpoint Protection
AntiVirus
AntiVirus
• World’s leading AV solution
• Most (31) consecutive VB100 Awards
15
Few more detailed information ...
Forrás: Andreas Clementi, Antivirus comparative summary report 2006
16
Ingredients for Endpoint Protection
AntiVirus
Antispyware
Antispyware
• Best rootkit detection and removal
• Raw Disk Scan for superior Rootkit protection
Source: Thompson Cyber Security Labs, August 2006
17
Ingredients for Endpoint Protection
AntiVirus
Antispyware
Firewall
Firewall
• Industry leading endpoint firewall technology
• Gartner MQ “Leader” – 4 consecutive years
• Rules based FW can dynamically adjust port settings to block threats from spreading
18
Ingredients for Endpoint Protection
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Intrusion Prevention
• Combines network- and host based prevention
• Generic Exploit Blocking (GEB) – one signature to proactively protect against all variants
• Granular application access control
• Proactive Threat Scans - Very low (0.002%) false positive rate
No False Alarm
False Alarms
16M Installations
Only 20 False Positives for every 1 Million PC’s
19
Ingredients for Endpoint Protection
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device Control
Device Control
• Prevents data leakage
• Restrict Access to devices (USB keys, Back-up drives, MP3)
New Worm - W32.SillyFDC
• targets removable memory sticks
• spreads by copying itself onto removable drives
such as USB memory sticks
• automatically runs when the device is next
connected to a computer
20
Ingredient for Endpoint Compliance
AntiVirus
Antispyware
Firewall
IntrusionPrevention
Device Control
Network AccessControl
Network Access Control
• Network access control – ready
• Agent is included, no extra agent deployment
• Simply license SNAC Server
New Key Features
22
Symantec Endpoint Protection Manager Features Overview
Monitoring & Reporting
Email report distribution
Centralized event logging
Customizable report filters
Real-time event viewing
Command system
Network security status view
Notifications view
Event export to SSIM & 3rd-party SIEM solutions
Embedded and MSSQL support
Administration
Centralized, web-based console
Simplified user interface for SMB and enterprises
Role-based access
Administrative domains
Assign rights by user or group
User-defined, multi-tiered groups
RSA SecurID authentication
Policy Actions
Integrated management of all agent components
Single console to define & manage AV, FW, NAC and other policies
Group-based policy application
Reusable policy objects
Centralized setting of exclusions and exceptions
Deployment & Integration
Client Install package builder
Patch & update
Remote agent installation
Import and sync AD users and Org Units
Authenticate admin users via AD
Customizable agent package installation settings
Migration from SAV, SCS, SSEP & SNAC
23
Symantec Endpoint Protection 11Proactuv security solution for endpoints
• The traditional signature based technology is obsolated
• 24 MB memory footprint – full arenal;layered securty
• Network Access Control functionality
– LAN (802.1x), Layer-2 and DHCP
• Device Control
– USB, Fireware, Bloototh, Infrared, SCSI, ...
– „System lockdown” – even the admin can not change ...
• Full, complete integration
– Single management console, centralized log, report
• The price is not a question...
– and this all for unchanged price – in symantec antivirus priceand this all for unchanged price – in symantec antivirus price
24
© 2006 Symantec Corporation. All rights reserved.
THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE.
Thank You