Bezpečnost není jen antivirus

Bezpečnost není jen an.virus 1

Bezpečnost není jen an/virus

Mar/n Bobek Product Manager, Arrow ECS a.s.

ENDPOINT SUITE – TWO VERSIONS


SymantecTM Endpoint Suite SymantecTM Endpoint Suite with Email

•  Symantec Endpoint Protec8on •  Symantec Endpoint Encryp8on •  Symantec Mobile Device Management •  Symantec Mobile Threat Protec8on

•  Symantec Endpoint Protec8on •  Symantec Endpoint Encryp8on •  Symantec Mobile Device Management •  Symantec Mobile Threat Protec8on

And email protec8on:

•  Symantec Messaging Gateway •  Symantec Gateway Email Encryp8on •  Symantec Mail Security for MicrosoB

Exchange

ENDPOINT SUITE SIMPLIFIES SECURITY Protect the users, devices and data for less money


•  Symantec Messaging Gateway defends your email and infrastructure at the perimeter with real-‐8me an8spam and an8malware protec8on.

•  Symantec Email Encryp8on Gateway, powered by PGP, encrypts messages to safeguard the confiden8al data.

•  Symantec Mail Security for MicrosoB Exchange prevents the spread of email-‐borne threats.

•  Measurable savings from simplified subscrip8on-‐based pricing and take the mystery out of license, support, and renewal costs.

•  Remove complexity and consolidate patchwork, mul8-‐vendor, solu8ons.

•  Single purchase, single support for trouble-‐shoo8ng, reduces up-‐front and on-‐going costs.

•  Symantec Endpoint Protec8on provides the security with a single, high-‐powered agent, for the fastest, most-‐effec8ve protec8on available.

•  Symantec Endpoint Encryp8on, powered by PGP, protects data with strong full-‐disk and removable media encryp8on.

•  Symantec Mobile threat protec8on and device management provides trusted security for mobile devices.

Prevent data loss at email gateway/server, and

email encryp8on

Single solu8on to drive down costs and

stretch IT budgets

Complete malware protec8on for endpoints and mobile

Informa8on Protec8on

Lower Cost Solu8on

Threat Protec8on

ENDPOINT SUITE`S PRODUCTS AND BENEFITS


UNRIVALED SECURITY WITH UNIQUE VISIBILITY Symantec has unique visibility into today`s threat landscape


175M endpoints

57M aRack sensors in 157 countries

182M web aRacks blocked last year

3.7T rows of telemetry

30% of world’s enterprise email traffic scanned/day

9 threat response centers

ENDPOINT PROTECTION 12.1


UNRIVALED SECURITY

BLAZING PERFORMANCE

SMARTER MANAGEMENT

Stops targeted a?acks and advanced persistent

threats with intelligent security and layered protec.on that goes beyond an.virus

Performance so fast your users won’t even know its

there

A single management console across Windows, Mac, Linux, and Virtual plaLorms with granular

policy control

UNRIVALED SECURITY WITH LAYERED PROTECTION Layered protec/on to stop targeted a]acks and zero-‐days


FIREWALL AND INTRUSION PREVENTION

ANTIVIRUS

SONAR

Blocks malware before it spreads to your machine and controls

traffic

Scans and eradicates

malware that arrives on a system

Determines safety of files and

websites using the wisdom of the community

Monitors and blocks files that exhibit suspicious behaviors

Aggressive remedia.on of hard-‐to-‐remove

infec.ons

NETWORK

FILE

REPUTATION

BEHAVIOR

REPAIR

POWER ERASER

INSIGHT

UNRIVALED SECURITY WITH INSIGHT Age, frequency and loca/on are used to expose unknown threats


Big Data Analy8cs

Analy8cs

Warehouse

Analysts

ARack Quaran8ne System

Endpoints

Gateways

3rd Party Affiliates

Global Sensor Network

Global Data Collec8on

Honeypots

Bad safety ra8ng File is blocked

No safety ra8ng yet Can be blocked

Good safety ra8ng File is whitelisted

BLAZING PERFORMANCE WITH INSIGHT Up to 70% reduc/on in scan overhead


Insight allows you to skip known good files only scanning unknown flies

Tradi8onal scanning has to scan every file

ü ü ü ü ü

ü ü ü ü ü

ü ü ü ü ü

UNRIVALED SECURITY WITH SONAR Behavioral monitoring stops zero-‐day and unknown threats


Human-‐authored Behavioral Signatures

Behavioral Policy Lockdown

Who is it related to? What did it contain? Where did it come from? What has it done?

Ar8ficial Intelligence Based Classifica8on Engine

SMARTER MANAGEMENT WITH POLICY CONTROL Customize polices based on user or loca/on


HOST INTEGRITY

Detect unauthorized change, conduct damage assessment and ensures endpoints are protected

and compliant

EXTERNAL MEDIA CONTROL

Restrict and enable access to the hardware (USB, DVD, SD, etc.) that can be used to protect

and increase produc.vity

APPLICATION CONTROL

Monitor and control applica.ons behavior, including automated system lockdown, and advanced whitelis.ng

and blacklis.ng capabili.es

ENDPOINT ENCRYPTION Protect data stored on endpoint devices


•  Supports USBs, portable hard drives, SD cards, and CD/DVD/Blu-‐ray media

•  Access U8lity Drive – tool to view data on machines without SEE client installed

Also known as Full-‐Disk or Whole Disk Encryp8on

•  Encryp8on happens in the background •  No interac8on required by end user •  Self-‐Recovery and Help Desk recovery capabili8es •  Single Sign-‐On capability •  Smart card support for pre-‐boot authen8ca8on

•  FileVault Management •  Management of Opal Self-‐Encryp8ng Drives* •  BitLocker management coming in 2H2015

LAPTOPS AND DESKTOPS

REMOVABLE MEDIA ENCRYPTION

MOBILE DEVICE MANAGEMENT Enable, secure and manage your heterogeneous mobile environment


Ac8vate enterprise access easily and automa8cally

ENABLE SECURE

Enforce device policies and compliance

MANAGE

Visibility and repor8ng with web-‐based management

THREAT PROTECTION


Advanced, proac8ve protec8on

against risky apps

APP ADVISOR ANTI-‐MALWARE

Protect against latest threats with Live-‐Update

Compliance rules based on device security posture

WEB PROTECTION

Detect and block phishing

websites

APP ADVISOR IDENTIFIES RISKY APPS


•  Apps that leak informa8on

•  Apps that drain baRery

•  Apps that consume too much bandwidth

•  Proac8ve protec8on before download from Google Play

•  Enable users to make informed decisions about apps

PROTECT AGAINST MALICIOUS THREATS


ANTI-‐MALWARE

•  Fast and effec8ve on-‐device scans

•  Protect against latest threats with Live-‐Update integra8on

•  Implement compliance rules based on device security posture

WEB PROTECTION

•  Detect and block phishing websites

•  Enable safe mobile browsing

SPEAR-‐PHISHING EMAIL CAMPAIGNS


SPEAR-‐PHISHING ATTACKS BY SIZE OF TARGETED ORGANIZATION


ANALYSIS OF SPEAR-‐PHISHING EMAILS USED IN TARGETED ATTACKS


EMAIL SECURITY IS MORE THAN JUST STOPPING SPAM


Lower the expense and

investment in administra8on and infrastructure.

REDUCE COST

Keep unwanted email out of the inbox without blocking

legi8mate messages.

PROTECT USERS

Iden8fy and control the spread of confiden8al informa8on and comply with regula8ons.

CONTROL DATA

Detect and block targeted aRacks, malware, and phishing from entering your environment.

PREVENT THREATS

$

PROACTIVE DEFENSE IS REQUIRED


•  Strongest malware preven8on •  Protec8on against malicious

URLs and aRachments •  Domain valida8on to block

phishing •  Data control and protec8on •  Intelligent email encryp8on

BASIC EMAIL SECURITY STRATEGY

•  Integra8on with full Symantec DLP for inspec8on, encryp8on, and control

•  Integra8on with Symantec Cynic™ sandbox execu8on technology for email aRachments.

•  Targeted aRack repor8ng and security event correla8on.

ADVANCED EMAIL SECURITY STRATEGY

MESSAGING GATEWAY

• 18 years on market • Acquired by Symantec in 2004

• Hardware/virtual appliance •  Linux based opera.ng system

• Two subcomponents •  Scanner (inbound/outbound messages, download updates, apply ac.ons to messages)

•  Control Center (message management, sta.s.c, hosted spam quaran.ne)

• Targeted a?ack protec.on


CUSTOMIZABLE PROTECTION AGAINST MALWARE, SPAM AND GREY MAIL


Scans for newsleRers, marke8ng email, and

suspicious URLs

Configure policies by group with dis8nct

ac8ons for each type of mail

PERSONALIZED PROTECTION

Tracks over 400 million known spam and safe

senders IPs.

Filters out up to 95% of spam traffic based on

reputa8on.

ADAPTIVE REPUATATION MANAGEMENT

Disarm aRachment cleaning

Over 20 detec8on

technologies

Greater than 99% an8spam effec8veness

ANTISPAM & ANTIMALWARE

PROTECT AGAINST TARGETED ATTACKS OVER EMAIL


Email and a?acks using malicious document a?achments –  Primarily used in spear phishing emails – Advanced Persistent Threat (APT)

–  Contain malicious ac.ve content, or exploit payloads targe.ng parser vulnerabili.es

Exis.ng solu.ons only scan a?achments of certain file types –  They target only spam and known malicious executables/documents

–  Current protec.on is inadequate

Disarm will reconstruct the a]achment documents, without the malicious content, before delivering to the user.

DISARM REMOVES ALL VULNERABLE CONTENT, NOT JUST KNOWN THREATS


Vulnerable Content PDF Office 2003 Office 2007+

Javascript !"

Launch !"

Macros !" !"

Flash !" !" !"

3d !"

A]achments !" !" !"

Unused Objects !" !"

Custom Fonts !"

Image Reconstruct !"

Ac/ve X !" !"

Unknown !" !" !"

Embedded Doc !" !" !"

DISARM PROTECTS AGAINST THE MOST COMMONLY EXPLOITED FILE TYPES


•  Remove JavaScripts and “launch” ac8on •  Remove/replace embedded objects/files, e.g. Flash •  Sani8ze XML Forms Architecture (XFA) objects

•  Remove macros •  Remove/replace embedded objects, e.g. Flash •  Reconstruct supported embedded objects, e.g. PDF, images, …

•  Remove macros •  Remove/replace embedded Flash, EXEs •  Reconstruct supported objects, e.g. PDF, OLE inside OLE, …

2007/

CONTROL OUTBOUND EMAIL TO PREVENT DATA LOSS


Use on-‐premise Gateway Email Encryp8on or

cloud-‐based encryp8on

Policy based for automa8c encryp8on

ADD-ON CONTENT ENCRYPTION

Protect confiden8al data across Endpoint,

Network and Storage Systems

Tight integra8on and unified management

INTEGRATE WITH SYMANTEC DLP

Over 100 pre-‐built dic8onaries, paRerns, and policy templates

Workflow and

remedia8on tools

Dedicated DLP quaran8ne

BUILT-‐IN DATA LOSS PREVENTION

CHOICE IN EMAIL ENCRYPTION *ADD ON OPTIONS


Unencrypted Communica8ons

TLS users

admin

Email server

Messaging Gateway

Policy Configura8on

Encrypted Email

Encrypted response

Unencrypted recipient

Encrypted recipient

Symantec Content Encryp8on

On-‐premise op8on

Unencrypted communica8ons

users

admin

Email server

Messaging Gateway Unencrypted recipient

Encrypted recipient

Symantec Gateway Encryp8on

Encrypted communica8ons

SIMPLE MANAGEMENT WITH POWERFUL CAPABILITIES


•  Iden8fy email security trends using over 50 pre-‐built reports •  Quickly iden8fy top Spam sender, reputa8on effec8veness, and trending analysis to determine ROI.

•  Customizable reports can be scheduled to run as needed.

On Demand Repor.ng

•  Con8nuous automa8c Spam and Malware updates ensure protec8on stays up to date.

•  In-‐product soBware download and update process streamlines product upgrades.

Streamlined Update Process

•  Single web based console allows management of mul8ple scanners. •  Customizable dashboard quickly highlights problem areas in the email environment.

•  Custom group policies through exis8ng LDAP groups, individual users, or domains

Unified Management

and Administra.on

REDUCE COSTS WITH THE POWER OF VIRTUAL APPLIANCE


•  Dynamic Resource Alloca.on –  Easily accommodate infrastructure growth requirements –  Quickly respond to changes in traffic volume

•  Cost Savings –  Be?er hardware u.liza.on –  Lower power consump.on (“green” IT)

•  Easy Backup & Disaster Recovery –  Cost-‐effec.ve high-‐availability –  Easily restore in the event of disaster recovery

•  Zero-‐Down.me Maintenance –  Decouple physical server maintenance from sokware –  Test new sokware versions before deploying

•  Flexible Deployment –  VMWare ESXi & vSphere –  Microsok Hyper-‐V –  Same sokware license for virtual or appliance

Hypervisor


MAIL SECURITY FOR MICROSOFT EXCHANGE

• An.virus / An.virus & an.spam • Superior Protec.on

•  An.malware technology

•  Ability to scan messages in transit or on the mailbox

•  Powered by Premium An.Spam •  Rapid release defini.ons •  Advanced content filtering

• Flexible and Easy to Use Management

• Op.mized for Exchange

Thank you!

Copyright © 2011 Symantec Corpora/on. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corpora.on or its affiliates in the U.S. and other countries. Other names may be trademarks of their respec.ve owners. This document is provided for informa.onal purposes only and is not intended as adver.sing. All warran.es rela.ng to the informa.on in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The informa.on in this document is subject to change without no.ce.

34

Děkuji! Mar.n Bobek [email protected] +420 607 275 843

Bezpečnost není jen an.virus

Bezpečnost není jen antivirus

Technology

Transcript of Bezpečnost není jen antivirus