Symantec Endpoint Protection is a client-server solution that protects laptops, desktops, Windows and Mac computers, and servers in your network against malware.
Symantec Endpoint Protection combines virus protection with advanced threat protection to proactively secure your computers against known and unknown threats.
3. INTRODUCTION TO SYMANTEC ENDPOINT
PROTECTION
Symantec Endpoint Protection is a client-server solution that protects
laptops, desktops, Windows and Mac computers, and servers in your
network against malware.
Symantec Endpoint Protection combines virus protection with advanced
threat protection to proactively secure your computers against known
and unknown threats.
3
4. TYPES OF PROTECTION
Virus and Spyware Protection
Network Threat Protection
Proactive Threat Protection
4
5. VIRUS AND SPYWARE PROTECTION
Virus and Spyware Protection protects computers from viruses and
security risks, and in many cases can repair their side effects.
The protection includes real-time scanning of files and email as well as
scheduled scans and on-demand scans.
5
7. NETWORK THREAT PROTECTION
Network Threat Protection provides a firewall and an intrusion
prevention system to prevent intrusion attacks and malicious content
from reaching the computer that runs the client software.
7
9. PROACTIVE THREAT PROTECTION
Proactive Threat Protection uses SONAR to protect against zero-day
attack vulnerabilities in your network.
Zero-day attack vulnerabilities are the new vulnerabilities that are not
yet publicly known.
9
12. CAUSES OF SENSITIVE DATA LOSS
Cause of Data Losses by Number of Events
Internet Threats,
Attacks and Hacks
Violations of Policies
User Errors
0%
10%
20%
30%
40%
50%
ITPolicyCompliance.com
“Taking Action to Protect Sensitive Data”, Feb. 2007
12
13. ADDRESSING IT RISKS &
ENABLING IT PERFORMANCE
Interactions
Manage
IT Risk
Information
Maximize
IT Performance
Infrastructure
13
13
14. SYMANTEC ENTERPRISE SOLUTIONS:
A POWERFUL COMBINATION OF PRODUCT & SERVICES
INFORMATION
MANAGEMENT
IT COMPLIANCE
SECURITY
Manage
IT Risk
STORAGE
Maximize
IT Performance
IT OPERATIONS
BUSINESS CONTINUITY
14
15. SYMANTEC ENDPOINT PROTECTION IN A
NUTSHELL
•
AntiVirus
Restricts access to registry, files, folders, and processes
Behavior-based Intrusion prevention (Whole Security)
•
Network traffic inspection adds vulnerability-based
protection
Industry’s best managed desktop firewall
•
Adaptive policies lead the pack for location awareness
•
Sygate and Symantec Client Security
Best anti-spyware, leading the pack in rootkit detection
and removal
•
Includes VxMS scanning technology (Veritas)
•
Antispyware
•
•
Firewall
Device control to prevent data leakage at the endpoint
(Sygate)
•
Intrusion
Prevention
Adds endpoint compliance to endpoint protection
•
Device and Application
Control
•
•
Network Access
Control
Includes a NAC agent to ensure each endpoint is “NACready” (Sygate)
The World’s leading anti-virus solution
•
More consecutive Virus Bulletin certifications (31) than
any vendor
15
17. INGREDIENTS FOR ENDPOINT
PROTECTION Antispyware
• Best rootkit detection and removal
• Raw Disk Scan for superior Rootkit protection
Antispyware
AntiVirus
Source: Thompson Cyber Security Labs, August 2006
17
18. INGREDIENTS FOR ENDPOINT
PROTECTION Firewall
• Industry leading endpoint firewall technology
• Gartner MQ “Leader” – 4 consecutive years
• Rules based FW can dynamically adjust port
settings to block threats from spreading
Firewall
Antispyware
AntiVirus
18
19. INGREDIENTS FOR ENDPOINT PROTECTION
Intrusion Prevention
• Most Comprehensive IPS capabilities in the industry
• Generic Exploit Blocking (GEB) – one
signature to proactively protect against all
variants
Intrusion
Prevention
• Proactive Threat Scan –
Firewall
Detects 1,000 threats/month
not detected by top 4 leading
antivirus engines
Antispyware
• Very low false positive rate (0.004%)
• Only 40 FP for every 1M computers
Antivirus
• No set up or configuration required
19
19
20. INTRUSION PREVENTION SYSTEM (IPS)
COMBINED TECHNOLOGIES OFFER BEST DEFENSE
Intrusion
Prevention
(IPS)
(N)IPS
Network IPS
(H)IPS
Host IPS
Generic Exploit Blocking
Vulnerability-based
(Sigs for vulnerability)
Deep packet inspection
Signature–based
(Can create custom
sigs, SNORT-like)
Proactive Threat Scan
Application Control
Behavior-based
(Whole Security)
Rules-based
(System lockdown by
controlling an
application’s ability to
read, write, execute and
network connections)
=Services Opportunity
20
21. INGREDIENTS FOR ENDPOINT
PROTECTION Device Control
• Prevents data leakage
Device Control
• Restrict Access to devices (USB keys, Backup drives)
• W32.SillyFDC (May 2007)
Intrusion
Prevention
Firewall
Antispyware
AntiVirus
=Services Opportunity
21
22. INGREDIENT FOR ENDPOINT COMPLIANCE
Network Access Control
Network Access
Control
• Network access control – ready
Device Control
• Agent is included, no extra agent deployment
• Simply license SNAC Server
Intrusion
Prevention
Firewall
Antispyware
AntiVirus
22
23. SYMANTEC NETWORK ACCESS CONTROL
Ensures endpoints are protected and compliant prior to
accessing network resources
1.
Reduce IT costs & greater network availability
2.
Increased control over unmanaged and managed
endpoints
3.
Maximize investment of security technologies
23
24. INTRODUCING:
SINGLE AGENT, SINGLE CONSOLE
Network Access
Control
Results:
Device Control
Increased
Protection, Control &
Manageability
Intrusion
Prevention
Firewall
Reduced
Cost, Complexity &
Risk Exposure
Antispyware
Symantec Endpoint
Protection 12.0
Symantec Network
Access Control 11.0
AntiVirus
24
24
25. HOW DO WE LOWER COST, COMPLEXITY AND RISK?
Cost
Lowered system resource demands, smaller
footprint
Single product, license, support program
Operational efficiency
Product
Baseline
Memory Usage
Symantec AntiVirus Corporate Edition
62 MB
Complexity
Symantec Client Security
129 MB
Fewer consoles and agents allows
standardization of technologies
Improved UI suits any size organization
Symantec AntiVirus +
Symantec Sygate Enterprise Protection
72 MB
McAfee Total Protection SMB
71 MB
Trend Micro OfficeScan Client Server
50 MB
Risk
Includes behavior-based IPS to protect
against unknown attacks
Device control helps protect against data loss
and intellectual
property theft
Symantec Endpoint
Protection 12.0
21 MB!
????
Average of 84% reduction in memory usage requirements
25
25
27. SNAC PACKAGING
Enforcement Type
Agent Type
Endpoint
Gateway
DHCP
(Uses SEP Desktop
Firewall)
(Appliance)
(Appliance/Plug-in) (Appliance)
LAN-802.1x
Client
(Persistent)
On-Demand
(Dissolvable)
Agentless
(Scanner)
Symantec
Network
Access
Control
v11.0
PPP P P P P
Symantec
Network
Access
Control
Starter Edition
V 11.0
PP
P
27
28. COMPONENTS OF SYMANTEC ENDPOINT
PROTECTION
Symantec Endpoint Protection
Manager
Database
Symantec Protection Center (optional)
LiveUpdate Administrator (optional)
Central Quarantine (optional)
Symantec Endpoint Protection client
28
Symantec Endpoint Protection protects against malware such as viruses, worms, Trojan horses, spyware, and adware. It provides protection against even the most sophisticated attacks that evade traditional security measures, such as rootkits, zero-day attacks, and spyware that mutates. Providing low maintenance and high power, Symantec Endpoint Protection communicates over your network to automatically safeguard for both physical systems and virtual systems against attacks.
Virus and spyware scans detect viruses and the security risks that can put a computer, as well as a network, at risk. Security risks include spyware, adware, and other malicious files.
Virus and Spyware Protection detects new threats earlier and more accurately using not just signature-based and behavioral-based solutions, but other technologies as well. Symantec Insight provides faster and more accurate malware detection to find the new and the unknown threats that other approaches miss. Insight identifies new and zero-day threats by using the collective wisdom of millions of systems in hundreds of countries.Bloodhound uses heuristics to detect known and unknown threats.Auto-Protect scans files from a signature list as they are read from or written to the client computer.
The firewall allows or blocks network traffic based on the various criteria that the administrator sets. If the administrator permits it, end users can also configure firewall policies. The Intrusion Prevention System (IPS) analyzes all the incoming and the outgoing information for the data patterns that are typical of an attack. It detects and blocks malicious traffic and attempts by outside users to attack the client computer. Intrusion prevention also monitors outbound traffic and prevents the spread of worms.
The rules-based firewall engine blocks malicious threats before they can harm the computer. The IPS scans network traffic and files for indications of intrusions or attempted intrusions.Browser Intrusion Prevention scans for the attacks that are directed at browser vulnerabilities.Universal download protection monitors all downloads from browsers and validates that the downloads are not malware.
Threats that exploit these vulnerabilities can evade signature-based detection, such as spyware definitions. Zero-day attacks may be used in targeted attacks and in the propagation of malicious code. SONAR provides real-time behavioral protection by monitoring processes and threats as they execute. Application and Device Control monitors and controls the behavior of applications on client computers and manages the hardware devices that access client computers.
Symantec Endpoint Protection Manager system requirementsComponent RequirementsProcessor■ 32-bit processor: 1-GHz Intel Pentium III or equivalent minimum(Intel Pentium 4 or equivalent recommended)■ 64-bit processor: 2-GHz Pentium 4 with x86-64 support orequivalent minimumNote: Intel Itanium IA-64 processors are not supported.Physical RAM1 GB of RAM for 32-bit operating systems, 2 GB of RAM for 64-bitoperating systems, or higher if required by the operating systemHard drive 4 GB ormore free space; plus 4 GB for the locally installed database.Display 1024 x 768Operating system■ Windows XP (32-bit, SP2 or later; 64-bit, all SPs; all editions exceptHome)■ Windows 7 (32-bit, 64-bit;RTMand SP1; all editions except Home)■ Windows 8 (32-bit, 64-bit)■ Windows Server 2003 (32-bit, 64-bit, R2, SP1 or later)■ Windows Server 2008 (32-bit, 64-bit, R2, RTM, SP1 and SP2)■ Windows Server 2012■ Windows Small Business Server 2003 (32-bit)■ Windows Small Business Server 2008 (64-bit)■ Windows Small Business Server 2011 (64-bit)■ Windows Essential Business Server 2008 (64-bit)Browser■ Microsoft Internet Explorer 7, 8, 9, 10■ Mozilla Firefox■ Google Chrome
Processor■ 32-bit processor for Windows: 1-GHz Intel Pentium III orequivalent minimum (Intel Pentium 4 or equivalentrecommended)■ 32-bit processor for Mac: Intel Core Solo, Intel Core Duo. PowerPCprocessors are not supported.■ 64-bit processor for Windows: 2-GHz Pentium 4 with x86-64support or equivalent minimum. Itanium processors are notsupported.■ 64-bit processor for Mac: Intel Core 2 Duo, Intel Quad-Core XeonPhysical RAMWindows: 512MBofRAM(1GBrecommended), or higher if requiredby the operating systemMac: 1 GB of RAM for 10.6; 2 GB for 10.7 and 10.8Hard driveWindows: 850 MB of available hard disk space for the installation;additional space is required for content and logsNote: Space requirements are based on NTFS file systems.Mac: 500 MB of available hard disk space for the installationDisplay 800 x 600