Teleworking and Security: IT All Begins with Endpoints Jim Jessup Solutions Manager, Information Risk Management June 19, 2007 Agenda 1 Today’s Landscape 2 Trends at the Endpoint 3 Endpoint Security 4 Network Access Control 5 A Complete Enterprise Security Solution Copyright © Symantec Corporation 2007 2 Today’s landscape • New technologies are changing the way we communicate – Government agencies see the need to share information across their extended enterprises – Agencies are moving towards a mobile workforce: Teleworking, COOP, Remote Access: Traditional perimeter defenses are not enough. • New technologies are also introducing new security risks – No longer focused on just the device – it’s about the information and interactions – Phishing, ID theft, malicious users and non-compliance are all risks – Must keep the threats out, and ensure the information stays inside – Internal Threats Such As Data Theft and Data Leakage • New Policies and Regulations (FIPS, FISMA, HIPAA etc) change the way we think about security – Security Policy and Reporting mandated – Adequate Controls Or Evidence Collection – Standard Desktop Configuration Required Copyright © Symantec Corporation 2007 3 Network Is Continually Exposed Internet Kiosks & Shared Computers Guests WANs & Extranets SSL VPN Consultants IPsec VPN Employees Working at Home Wireless Networks Web Applications “Because of worms and other threats, you can no longer leave your networks open to unscreened devices and users.” Protect Your Network with a NAC Process, Gartner ID# G00124992 Copyright © Symantec Corporation 2007 Symantec™ Global Intelligence Network 4 Symantec SOCs + 74 Symantec Monitored Countries >6,200 Managed Security Devices + + 40,000+ Registered Sensors in 180+ Countries + 8 Symantec Security Response Centers 200,000 Millions Millions Hundreds malware of of security threat ofsubmissions MSS reports alerts customers per per month month month 120 Million Systems Worldwide 30% of World’s email Traffic +per + Advanced Honeypot Network Dublin, Ireland Tokyo, Japan Calgary, Canada San Francisco, CA Redwood City, CA Twyford, England Santa Monica, CA Munich, Germany Alexandria, VA Pune, India Taipei, Taiwan Sydney, Australia Copyright © Symantec Corporation 2007 5 It Begins At The Endpoint … • Compromised and non-compliant endpoints endanger the network and your data • Every user accesses the network and the Internet from an endpoint • But not all endpoints are protected and compliant • For employees, the endpoint may be – Company-issued laptop that hasn’t had a patch or AV update in two weeks – Personal computer – desktop or laptop – Kiosk computer in an airport, hotel, or office center • For guests, the endpoint could be anything, with no ability to know its security health • Endpoints are at risk even when not connected to the corporate network How do I ensure that all the nodes on my network are protected and compliant? Copyright © Symantec Corporation 2007 Problems at the Endpoint • Endpoint management costs are increasing Number of Zero Day threats – Cost of downtime impacts both productivity and revenue, productivity hit largest in enterprise – Costs to acquire, manage and administer point products are increasing, as well as the demand on system resources • Complexity is increasing as well – Complexity and man power to manage disparate endpoint protection technologies are inefficient and time consuming Source: Infonetics Research - The Cost of Network Security Attacks: North America 2007 • Growing number of known and unknown threats – Stealth-based and silent attacks are increasing, so there is a need for antivirus to do much more Copyright © Symantec Corporation 2007 7 Causes of Sensitive Data Loss •The leading causes of sensitive data loss are: –User error –Violations of policy –Internet threats, attacks and hacks ITPolicyCompliance.com, “Taking Action to Protect Sensitive Data”, Feb. 2007 Copyright © Symantec Corporation 2007 8 Protection From External Malicious Threats • Protection Starts At The Endpoint – Broad Range Of Client Devices : Laptop, Desktop, Cell Phone – Broad Range Of Threats : Virus, Worms, Spyware … Crimeware Crimeware Spyware Windows Smartphone Worm Symbian Device Virus Laptop PC Desktop PC Copyright © Symantec Corporation 2007 9 Is Endpoint Protection Enough Protection? “What Are The Most Common Sources Of Automated Internet Worm Attacks ?” 43% Employee Laptop 39% Internet Through Firewall 34% Non-Employee Laptop 27% VPN Home System Don’t Know 8% Other 8% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% Source: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention Copyright © Symantec Corporation 2007 10 Compliance Protection The Need for Complete Endpoint Security: Endpoint Protection + Endpoint Compliance 1010101 1010101 1010101 Viruses ID Theft Unknown Attacks Worms Endpoint Security Policy Status Antivirus On Antivirus Signature Updated Personal Firewall On Service Pack Updated Patch Updated Copyright © Symantec Corporation 2007 11 Symantec Endpoint Compliance Process Step 1 Endpoint Attaches to Network Configuration Is Determined ✗ Step 4 Monitor Endpoint to Ensure Ongoing Compliance IT Policy Step 2 Compliance of Configuration Against Policy Is Checked Step 3 Take Action Based on Outcome of Policy Check Patch Quarantine Virtual Desktop Copyright © Symantec Corporation 2007 12 Symantec Network Access Control Ensures endpoints are protected and compliant prior to accessing network resources • Choose quarantine, remediation or federated access – Enforce policy before access is granted – Execute updates, programs, services, etc – Limit connection to VLAN, etc • Broadest enforcement options of any vendor – Remote connectivity (IPSec, SSL VPN) – LAN-based, DHCP, Appliance – Standards-based, CNAC, MSNAP Copyright © Symantec Corporation 2007 13 Symantec On-Demand Protection Layered security technology solution for unmanaged endpoints Web-based Applications Thin Client/Server Applications Traditional Client/Server Applications File Share • Ideal for use with: – Outlook Web Access (OWA) – Web-enabled applications • Most complete On-Demand security solution – Virtual Desktop – Malicious Code Prevention – Cache Cleaner – Mini personal firewall – Host Integrity – Adaptive Policies Public Kiosk Traveling Executives Partner Extranet Copyright © Symantec Corporation 2007 14 Network Access Control + On-Demand Protection • Complete security compliance regardless of network access method – Managed Devices: laptops, mobile phones – Unmanaged Devices: Guest, contractor, partners, kiosks OWA Kiosk Windows Smartphone Partner Symbian Device Temp Laptop PC Desktop PC Copyright © Symantec Corporation 2007 15 Today’s Endpoint Problems Addressed by Too Many Technologies… Protection Technology Endpoint Exposures Always on, always up-todate Host integrity & remediation Zero-hour attacks, Malware, Trojans, application injection Applications Anti crimeware Slurping, IP theft, malware I/O Devices Device controls Buffer Overflow, process injection, key logging Memory/ Processes Buffer overflow & exploit protection Malware, Rootkits, day-zero vulnerabilities Operating System O/S Protection Network Connection Network IPS Worms, exploits & attacks Viruses, Trojans, malware & spyware Client Firewall Antivirus Data & File System Antispyware Copyright © Symantec Corporation 2007 16 …even from Symantec Protection Technology Symantec Solution Endpoint Exposures Always on, always up-todate Host integrity & remediation Symantec Network Access Control Zero-hour attacks, Malware, Trojans, application injection Applications Anti crimeware Symantec Confidence Online Slurping, IP theft, malware I/O Devices Device controls Buffer Overflow, process injection, key logging Memory/ Processes Buffer overflow & exploit protection Malware, Rootkits, day-zero vulnerabilities Operating System O/S Protection Network Connection Network IPS Worms, exploits & attacks Viruses, Trojans, malware & spyware Client Firewall Antivirus Data & File System Symantec Sygate Enterprise Protection Antispyware Symantec AntiVirus Copyright © Symantec Corporation 2007 17 Ingredients for Endpoint Protection AntiVirus • Worlds leading AV solution • Most (30) consecutive VB100 Awards Virus Bulletin – Feb 2007 Antivirus Copyright © Symantec Corporation 2007 18 Ingredients for Endpoint Protection Antispyware • Best rootkit detection and removal • Raw Disk Scan (VxMS) = superior rootkit protection Antispyware Antivirus Source: Thompson Cyber Security Labs, August 2006 Copyright © Symantec Corporation 2007 19 Ingredients for Endpoint Protection Firewall • Industry leading endpoint firewall technology • Gartner MQ “Leader” – 4 consecutive years • Rules based FW can dynamically adjust port settings to block threats from spreading Firewall Antispyware Antivirus Copyright © Symantec Corporation 2007 20 Ingredients for Endpoint Protection Intrusion Prevention • Combines NIPS (network) and HIPS (host) • Generic Exploit Blocking (GEB) – one signature to proactively protect against all variants • Granular application access control Intrusion Prevention Firewall • Proactive Threat Scans (SONAR) - Very low (0.002%) false positive rate No False Alarm 16M Installations Antispyware False Alarms Antivirus Only 20 False Positives for every 1 Million PC’s Copyright © Symantec Corporation 2007 21 Ingredients for Endpoint Protection Device Control • Prevents data leakage Device Control • Restrict Access to devices (USB keys, Backup drives) • W32.SillyFDC (May 2007) Intrusion Prevention Firewall Antispyware ives ticks r s d y r e C l o D ovab mem m SillyF . e l e 2 r b 3 W mova f onto l e r e s s t i t ge pying y sticks o next • tar c s i y r b e o c s i mem read e dev h t • sp h as USB n s whe r n suc u r tically a compute a m o t • au nected to con Antivirus Copyright © Symantec Corporation 2007 22 Ingredients for Endpoint Compliance Network Access Control Network Access Control • Network access control – ready Device Control • Agent is included, no extra agent deployment • Simply license SNAC Server Intrusion Prevention Firewall Antispyware Antivirus Copyright © Symantec Corporation 2007 23 Unmatched Protection Symantec Endpoint Protection Secure • Unmatched combination of technologies • Much more than antivirus • Backed by the industry standard Symantec Global Intelligence Network Simple • • • • Single agent Single console Single license Single support program Seamless • Fits into your network • Easily configurable, use only what you need • Combines essential Protection and compliance functions 24 Copyright © Symantec Corporation 2007 For More Information… www.symantec.com/endpointsecurity Copyright © Symantec Corporation 2007 25 Thank You! www.symantec.com Jim Jessup [email protected] Copyright © 2007 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. Copyright © Symantec Corporation 2007 26