Teleworking and Security: IT All Begins with Endpoints Jim Jessup

Teleworking and Security:
IT All Begins with Endpoints
Jim Jessup
Solutions Manager, Information Risk Management
June 19, 2007
Agenda
1
Today’s Landscape
2
Trends at the Endpoint
3
Endpoint Security
4
Network Access Control
5
A Complete Enterprise Security Solution
Copyright © Symantec Corporation 2007
2
Today’s landscape
• New technologies are changing the way we communicate
– Government agencies see the need to share information across their extended
enterprises
– Agencies are moving towards a mobile workforce: Teleworking, COOP, Remote
Access: Traditional perimeter defenses are not enough.
• New technologies are also introducing new security risks
– No longer focused on just the device – it’s about the information
and interactions
– Phishing, ID theft, malicious users and non-compliance are all risks
– Must keep the threats out, and ensure the information stays inside
– Internal Threats Such As Data Theft and Data Leakage
• New Policies and Regulations (FIPS, FISMA, HIPAA etc) change the way we think
about security
– Security Policy and Reporting mandated
– Adequate Controls Or Evidence Collection
– Standard Desktop Configuration Required
Copyright © Symantec Corporation 2007
3
Network Is Continually Exposed
Internet Kiosks
& Shared Computers
Guests
WANs
& Extranets
SSL VPN
Consultants
IPsec VPN
Employees
Working at Home
Wireless
Networks
Web
Applications
“Because of
worms and
other
threats, you
can no
longer
leave your
networks
open to
unscreened
devices and
users.”
Protect Your
Network with a
NAC Process,
Gartner ID#
G00124992
Copyright © Symantec Corporation 2007
Symantec™ Global
Intelligence Network
4 Symantec SOCs
+
74 Symantec Monitored
Countries
>6,200 Managed Security Devices
+
+
40,000+ Registered Sensors
in 180+ Countries
+
8 Symantec Security
Response Centers
200,000
Millions
Millions
Hundreds
malware
of
of security
threat
ofsubmissions
MSS
reports
alerts
customers
per
per
month
month
month
120
Million
Systems
Worldwide
30%
of World’s email Traffic
+per
+
Advanced
Honeypot Network
Dublin, Ireland
Tokyo, Japan
Calgary, Canada
San Francisco, CA
Redwood City, CA
Twyford, England
Santa Monica, CA
Munich, Germany
Alexandria, VA
Pune, India
Taipei, Taiwan
Sydney, Australia
Copyright © Symantec Corporation 2007
5
It Begins At The Endpoint …
• Compromised and non-compliant endpoints
endanger the network and your data
• Every user accesses the network and the
Internet from an endpoint
• But not all endpoints are protected and
compliant
• For employees, the endpoint may be
–
Company-issued laptop that hasn’t had a
patch or AV update in two weeks
–
Personal computer – desktop or laptop
–
Kiosk computer in an airport, hotel, or office
center
• For guests, the endpoint could be anything,
with no ability to know its security health
• Endpoints are at risk even when not
connected to the corporate network
How do I ensure that all the nodes on my network are protected and compliant?
Copyright © Symantec Corporation 2007
Problems at the Endpoint
• Endpoint management costs
are increasing
Number of Zero Day threats
– Cost of downtime impacts both
productivity and revenue, productivity
hit largest in enterprise
– Costs to acquire, manage and
administer point products are
increasing, as well as the demand on
system resources
• Complexity is increasing as well
– Complexity and man power to
manage disparate endpoint
protection technologies are inefficient
and time consuming
Source: Infonetics Research - The Cost of Network Security
Attacks: North America 2007
• Growing number of known and unknown threats
– Stealth-based and silent attacks are increasing, so there is a need for antivirus
to do much more
Copyright © Symantec Corporation 2007
7
Causes of Sensitive Data Loss
•The leading causes
of sensitive data loss
are:
–User error
–Violations of
policy
–Internet threats,
attacks and hacks
ITPolicyCompliance.com, “Taking Action to Protect Sensitive Data”, Feb. 2007
Copyright © Symantec Corporation 2007
8
Protection From External
Malicious Threats
• Protection Starts At The Endpoint
– Broad Range Of Client Devices : Laptop, Desktop, Cell Phone
– Broad Range Of Threats : Virus, Worms, Spyware … Crimeware
Crimeware
Spyware
Windows
Smartphone
Worm
Symbian
Device
Virus
Laptop
PC
Desktop
PC
Copyright © Symantec Corporation 2007
9
Is Endpoint Protection
Enough Protection?
“What Are The Most Common Sources Of Automated Internet Worm Attacks ?”
43%
Employee Laptop
39%
Internet Through Firewall
34%
Non-Employee Laptop
27%
VPN Home System
Don’t Know
8%
Other
8%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Source: Enterprise Strategy Group, January 2005 ESG Research Report, Network Security And Intrusion Prevention
Copyright © Symantec Corporation 2007
10
Compliance
Protection
The Need for Complete Endpoint Security:
Endpoint Protection + Endpoint Compliance
1010101
1010101
1010101
Viruses
ID Theft
Unknown
Attacks
Worms
Endpoint Security Policy
Status
Antivirus On
Antivirus Signature Updated
Personal Firewall On
Service Pack Updated
Patch Updated
Copyright © Symantec Corporation 2007
11
Symantec Endpoint Compliance
Process
Step 1
Endpoint Attaches to Network
Configuration Is Determined
✗
Step 4
Monitor Endpoint to
Ensure Ongoing Compliance
IT Policy
Step 2
Compliance of Configuration
Against Policy Is Checked
Step 3
Take Action Based on
Outcome of Policy Check
Patch
Quarantine
Virtual Desktop
Copyright © Symantec Corporation 2007
12
Symantec Network Access Control
Ensures endpoints are protected
and compliant prior to accessing
network resources
• Choose quarantine, remediation or federated access
– Enforce policy before access is granted
– Execute updates, programs, services, etc
– Limit connection to VLAN, etc
• Broadest enforcement options of any vendor
– Remote connectivity (IPSec, SSL VPN)
– LAN-based, DHCP, Appliance
– Standards-based, CNAC, MSNAP
Copyright © Symantec Corporation 2007
13
Symantec On-Demand Protection
Layered security technology
solution for unmanaged
endpoints
Web-based
Applications
Thin
Client/Server
Applications
Traditional
Client/Server
Applications
File
Share
• Ideal for use with:
– Outlook Web Access (OWA)
– Web-enabled applications
• Most complete On-Demand security solution
– Virtual Desktop
– Malicious Code Prevention
– Cache Cleaner
– Mini personal firewall
– Host Integrity
– Adaptive Policies
Public
Kiosk
Traveling
Executives
Partner
Extranet
Copyright © Symantec Corporation 2007
14
Network Access Control +
On-Demand Protection
• Complete security compliance regardless of network
access method
– Managed Devices: laptops, mobile phones
– Unmanaged Devices: Guest, contractor, partners, kiosks
OWA
Kiosk
Windows
Smartphone
Partner
Symbian
Device
Temp
Laptop
PC
Desktop
PC
Copyright © Symantec Corporation 2007
15
Today’s Endpoint Problems Addressed by
Too Many Technologies…
Protection
Technology
Endpoint
Exposures
Always on,
always up-todate
Host integrity
& remediation
Zero-hour attacks, Malware,
Trojans, application injection
Applications
Anti
crimeware
Slurping, IP theft, malware
I/O Devices
Device
controls
Buffer Overflow, process
injection, key logging
Memory/
Processes
Buffer overflow &
exploit protection
Malware, Rootkits, day-zero
vulnerabilities
Operating
System
O/S Protection
Network
Connection
Network IPS
Worms, exploits & attacks
Viruses, Trojans, malware
& spyware
Client Firewall
Antivirus
Data & File
System
Antispyware
Copyright © Symantec Corporation 2007
16
…even from Symantec
Protection
Technology
Symantec
Solution
Endpoint
Exposures
Always on,
always up-todate
Host integrity
& remediation
Symantec
Network
Access Control
Zero-hour attacks, Malware,
Trojans, application injection
Applications
Anti
crimeware
Symantec
Confidence
Online
Slurping, IP theft, malware
I/O Devices
Device
controls
Buffer Overflow, process
injection, key logging
Memory/
Processes
Buffer overflow &
exploit protection
Malware, Rootkits, day-zero
vulnerabilities
Operating
System
O/S Protection
Network
Connection
Network IPS
Worms, exploits & attacks
Viruses, Trojans, malware
& spyware
Client Firewall
Antivirus
Data & File
System
Symantec
Sygate
Enterprise
Protection
Antispyware
Symantec
AntiVirus
Copyright © Symantec Corporation 2007
17
Ingredients for Endpoint Protection
AntiVirus
• Worlds leading AV solution
• Most (30) consecutive VB100 Awards
Virus Bulletin – Feb 2007
Antivirus
Copyright © Symantec Corporation 2007
18
Ingredients for Endpoint Protection
Antispyware
• Best rootkit detection and removal
• Raw Disk Scan (VxMS) = superior rootkit protection
Antispyware
Antivirus
Source: Thompson Cyber Security Labs, August 2006
Copyright © Symantec Corporation 2007
19
Ingredients for Endpoint Protection
Firewall
• Industry leading endpoint firewall technology
• Gartner MQ “Leader” – 4 consecutive years
• Rules based FW can dynamically adjust port
settings to block threats from spreading
Firewall
Antispyware
Antivirus
Copyright © Symantec Corporation 2007
20
Ingredients for Endpoint Protection
Intrusion Prevention
• Combines NIPS (network) and HIPS (host)
• Generic Exploit Blocking (GEB) – one signature
to proactively protect against all variants
• Granular application access control
Intrusion
Prevention
Firewall
• Proactive Threat Scans (SONAR) - Very low
(0.002%) false positive rate
No False
Alarm
16M Installations
Antispyware
False
Alarms
Antivirus
Only 20 False Positives
for every 1 Million PC’s
Copyright © Symantec Corporation 2007
21
Ingredients for Endpoint Protection
Device Control
• Prevents data leakage
Device Control
• Restrict Access to devices (USB keys, Backup drives)
• W32.SillyFDC (May 2007)
Intrusion
Prevention
Firewall
Antispyware
ives
ticks
r
s
d
y
r
e
C
l
o
D
ovab
mem
m
SillyF
.
e
l
e
2
r
b
3
W
mova
f onto
l
e
r
e
s
s
t
i
t
ge
pying y sticks
o
next
• tar
c
s
i
y
r
b
e
o
c
s
i
mem
read
e dev
h
t
• sp h as USB
n
s whe r
n
suc
u
r
tically a compute
a
m
o
t
• au nected to
con
Antivirus
Copyright © Symantec Corporation 2007
22
Ingredients for Endpoint Compliance
Network Access
Control
Network Access Control
• Network access control – ready
Device Control
• Agent is included, no extra agent deployment
• Simply license SNAC Server
Intrusion
Prevention
Firewall
Antispyware
Antivirus
Copyright © Symantec Corporation 2007
23
Unmatched Protection
Symantec Endpoint Protection
Secure
• Unmatched
combination of
technologies
• Much more than
antivirus
• Backed by the industry
standard Symantec
Global Intelligence
Network
Simple
•
•
•
•
Single agent
Single console
Single license
Single support
program
Seamless
• Fits into your network
• Easily configurable,
use only what you
need
• Combines essential
Protection and
compliance functions
24
Copyright © Symantec Corporation 2007
For More Information…
www.symantec.com/endpointsecurity
Copyright © Symantec Corporation 2007
25
Thank You!
www.symantec.com
Jim Jessup
[email protected]
Copyright © 2007 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its
affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or
implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Copyright © Symantec Corporation 2007
26