Symantec

Transcription

Symantec
A Secure Foundation for Your Business
Lauren Duda - Product Marketing Manager
March 13th, 2007
Sample Agenda Slide
1
Corporate issues and threat landscape
2
MS Vista and Symantec Security
3
Symantec Endpoint Security
4
Network Access Control
5
Closing Thoughts
Presentation Identifier Goes Here
2
Corporate Network Is Continually
Exposed
Internet Kiosks
& Shared Computers
Guests
WANs
& Extranets
SSL VPN
Consultants
IPsec VPN
Employees
Working at Home
Wireless
Networks
Web
Applications
Presentation Identifier Goes Here
3
Endpoint Security Challenges
• Endpoint management costs are increasing
– Costs to acquire, manage and administer point products are
increasing, as well as the demand on system resources
• Complexity as well
– Complexity and man power to manage disparate endpoint protection
technologies are inefficient and time consuming
• Growing number of new known and unknown threats
– Stealth-based and silent attacks are increasing, so there is a need for
anti-virus to do much more
– Large amount of threats coming from internal sources
Presentation Identifier Goes Here
4
Is Vista the
answer to all
security issues?
Presentation Identifier Goes Here
5
Breaches and Implications
CSO magazine 2006 E-Crime
Watch Survey:
• 60% of organizations
dealing with financial loss
• 40% reporting financial loss
averaging $740,000
• 23% reporting harm done to
company reputation
• 27% of threats coming from
Insiders
Presentation Identifier Goes Here
6
Is Endpoint Protection Enough
Protection ?
“What
“What Are
Are The
The Most
Most Common
Common Sources
Sources Of
Of Automated
Automated Internet
Internet Worm
Worm Attacks
Attacks ?”
?”
43%
Employee Laptop
39%
Internet Through Firewall
34%
Non-Employee Laptop
27%
VPN Home System
Don’t Know
8%
Other
8%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Source: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention
Presentation Identifier Goes Here
7
Windows Vista & Security
• Vista provides a more secure Operating System
• Companies need a multi-tier security approach
on top of Vista
– Complex threats attacking all system layers, not only the O/S
– 69% of vulnerabilities target web applications (ISTR X)
• Web application vulnerabilities often require no exploit code, allowing for quick
attacks right through the firewall with little attacker skill required
– Client users are often responsible for system infection
• Device usage
– MP3 players, USB drives, CD/DVD
• Software downloads
– Screen savers, P2P, Network games
• Misleading Applications
– SpySherrif/WinFixer
Presentation Identifier Goes Here
8
Symantec-Microsoft
• Symantec has a long term partnership with Microsoft
• Working together on Vista launch
– Symantec Ghost-Backup and AntiVirus ready for Vista
• Opportunity for incremental sales revenue with Microsoft
sales
– Microsoft Servers
– Microsoft Exchange
– Microsoft Vista
Presentation Identifier Goes Here
9
Top 10 reasons why you need Symantec
AntiVirus with Windows Vista
10
Vista is an operating, not a security
solution
9
Microsoft, CRN and eWeek
recommend having an antivirus
solution on top of Vista
4
8
Microsoft’s own antivirus even failed to
secure Vista!
3
Symantec Global Intelligence &
Response provides deeper and faster
analysis of threats around the globe
2
Symantec Endpoint Security portfolio
provides the most complete & trusted
technology for your network & assets
1
Symantec is the dominant worldwide
security leader
7
Polymorphic viruses, spyware and other complex
threats will go around the O/S and Windows Defender
6
Average financial loss from data theft
is $740,000, is that in your security
budget???
Trojans/Spyware
5
Your company needs robust &
consistent security across the
organization
Managing security needs to be easy,
automated and cost efficient
Presentation Identifier Goes Here
10
Compliance
Protection
Endpoint Security Defined
Worms
Unknown
Attacks
Spyware
Endpoint Security Policy
Status
Viruses
Trojans
Anti-Virus On
Anti-Virus Signature Updated
Personal Firewall On
Service Pack Updated
Patch Updated
Presentation Identifier Goes Here
11
Symantec Endpoint Compliance
Process
Step 1
Endpoint Attaches To Network
Configuration Is Determined
Step 4
Monitor Endpoint To
Ensure Ongoing Compliance
✗
Step 2
Compliance Of Configuration
Against Policy Is Checked
Step 3
Take Action Based On
Outcome Of Policy Check
Patch
Quarantine
Virtual Desktop
Presentation Identifier Goes Here
12
Forrester Research
The State Of Security In Enterprises & SMB
December 26th 2006
“… 66% of enterprises will increase their spending on
network security equipment and services this year.”
“….the widgets most in demand technology is network
access control (NAC)…
Presentation Identifier Goes Here
13
Symantec Network Access Control
Sales Opportunity #1
Mobile Computers Accessing Network Remotely
Managed
User
VPN
Corporate
Network
WEB
Hotel
Symantec
Gateway
Enforcer
Email Server
HR Server
Airport
CRM Server
Café
Home
Office
Symantec Sygate
File Server
Policy Manager
Presentation Identifier Goes Here
14
Symantec Network Access Control
Sales Opportunity #2
Local Computers using network
Symantec
LAN Enforcer
Managed
Endpoint
Corporate
Network
Corporate Servers
Symantec Sygate
Policy Manager
Presentation Identifier Goes Here
15
Symantec Network Access Control
Sales Opportunity #2A
Local Computers with DHCP Servers
Corporate
Network
Symantec
DHCP
Enforcer
Managed
Endpoint
DHCP
Server
Corporate Servers
Symantec Sygate
Policy Manager
Presentation Identifier Goes Here
16
SNAC slide
• May be a change between content on this slide and the next
Presentation Identifier Goes Here
17
SNAC Scanner Checks
• Over 200 checks
– 75 Windows-specific – no Admin credentials
– Includes server and desktop checks
• Scans for
– Buffer overflow vulnerabilities in services and applications (IIS,
SSH,
– Presence of viruses, worms, or backdoors (Welchia, MyDoom,
Trinoo, etc.)
– Unpatched or outdated versions of applications (sendmail, BIND,
Oracle, OpenSSL)
– Services/applications: Windows Messenger, Oracle Listener,
MSSQL, SNMP, etc.
– NULL or weak passwords
– CGI and web server/file retrieval vulnerabilities
Presentation Identifier Goes Here
18
Symantec AntiVirus v10.2
• Available now
• Same award winning security features as 10.1
– Complete malware detection and removal
– Integrated Reporting
• Products released
– Symantec AntiVirus Corporate Edition 10.2
• Now supporting Windows Vista (32 and 64 bit)
– Symantec AntiVirus Enterprise Edition 10.2
• Multi-tier AV protection at desktop, server and gateway
• Now includes Symantec Client Security 3.1 (pre-Vista version)
Presentation Identifier Goes Here
19
And Coming Soon…
• Next-generation of Symantec AntiVirus
– Unified management console
– Unified agent that combines SYMC, Sygate and Whole Security
– Includes proactive, behavioral based protection
– Provides layered security: AV,FW, HIPS, device control, SNAC &
behavior blocking
• We encourage customers to maintain a valid maintenance
contract with Symantec
• Explore our new license and support programs:
– http://www.symantec.com/enterprise/licensing/index.jsp
Presentation Identifier Goes Here
20
Q&A
Lauren_Duda@symantec.com
Q&A
Lauren Duda
lauren_duda@symantec.com
© 2006 Symantec Corporation. All rights reserved.
THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS
DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE
WITHOUT NOTICE.
Presentation Identifier Goes Here
22
Back Up Slides
Symantec Security Response at a Glance
Global Intelligence Network
• 150 million client, server, and
gateway anti-virus systems
• 40,000 sensors in 180 different
countries
• Over 15 years combating threats
• 200+ security specialists
• 24x7x365 worldwide operations
• 2000 Technical Support Expert
• 2 million decoy
email accounts
• Tracking vulnerabilities in
35,000 product versions from
4,200 vendors
• 500 Symantec Managed
Security Services customers
• Bi-annual Internet Security Threat
Reports
Presentation Identifier Goes Here
24
Best-of-Breed Personal Firewall
Personal Firewall Features
• Rule-based firewall engine
• Firewall rule triggers
• Application, host, service, time
• Full TCP/IP support
• TCP, UDP, ICMP, Raw IP Protocol
• Support for Ethernet protocols
• Allow or block
• Token ring, IPX/SPX, AppleTalk,
NetBEUI
• Able to block protocol drivers
• E.g., VMware, WinPcap
• Adapter-specific rules
This Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available
upon request from Symantec.The Magic Quadrant is copyrighted Junel 2006 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a
marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not
endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic
Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims allSource:
warranties,
express
or implied,
with respect
to 1Q06,
this research,
including
Magic
Quadrant
for Personal
Firewalls
John Girald,
27
Presentation Identifier Goes Here
any warranties of merchantability or fitness for a particular purpose.
June 2006
25
Protection Versus The Most Complex
Threats
• Symantec best at handling sophisticated, dynamic threats
• The latest AV Comparative test shows Symantec the top performer in
protection versus polymorphic threats
Protection Versus Polymorphic Threats
100
99.4
99.4
94.3
84
79.5
N
or
m
an
nd
a
nd
itD
ef
e
Pa
er
e
36
B
M
cA
fe
et
eS
ur
e
ec
FS
as
pe
r
K
Sy
m
an
te
sk
y
c
37
Source: Andreas Clementi, February 2006
Presentation Identifier Goes Here
26
Symantec for Accurate, Reliable
Detection
Ziff Davis Editor’s Choice
“Symantec… blitzed the field in detection which is what you really want”
Ziff Davis Detection Accuracy Comparison
Symantec
PC Tools
Computer Associates
Webroot
Microsoft
McAfee
Trend Micro
Lavasoft
0
1
2
3
4
5
6
7
8
9
http://www.zdnet.com.au/reviews/software/security/soa/To_catch_a_spy_Eight_anti_spyware_tools_reviewed/0,39023452,39225147,00.htm
Presentation Identifier Goes Here
27
Surgical Remediation
“Symantec clearly establishes itself as the leader when remediating critical files,
which comprises of executable content (i.e. *.exe, *.dll) and essential registry keys.”
-Thompson CyberSecurity Labs, 2005
Competitive Comparison - Removal of Executables Files
200
195
190
Symantec
Webroot
185
180
175
170
165
160
Microsoft
McAfee
Spyware
Doctor
155
150
Executable Components Removed
Presentation Identifier Goes Here
28
Best-of-Breed
Spyware Detection & Removal
• SAV 11.0 outperforms the competition in
spyware detection, disinfection and removal
100%
80%
60%
40%
Removal Rate
Disinfection Rate
20%
Detection Rate
W
elt
S
Su
nb
so
ft
Mi
c ro
We
br
oo
t
Mc
Af
ee
Sy
ma
nte
c
PC
To
ols
0%
From tests performed by Thompson Cyber Security Labs
Presentation Identifier Goes Here
29
Endpoint protection built on
Symantec AntiVirus
Symantec:
• Submitted all
supported
environments
for analysis
since Nov. ‘99
• ONLY vendor
to obtain 30
consecutive
VB100
Awards
• Pass: Detected all "In the Wild viruses" in
comparative tests (with no false positives)
• Fail: Missed detection after three attempts
• —: Chose not to submit for testing
Presentation Identifier Goes Here
30