1

1
Secure & Manage The World’s Information
Governance
Policy
Compliance
Risk Management
Incident Management
Information
Classification
Data Loss Prevention
eDiscovery
Archiving / Retention
Infrastructure
Management
Security
Endpoints
Copyright © 2009 Symantec Corporation. All rights reserved.
Data
Protection
Data Center
Storage
Management
Availability
Cloud
22
Symantec Global Intelligence Network
(GIN)
identifies more threats - takes action faster - prevents impact
Dublin
Calgary
Tokyo
Springfield
San Francisco
Twyford
Redwood City
Santa Monica
Munich
Alexandria
Pune
Taipei
Sydney
Global Scope and Scale
Largest Security Footprint Worldwide
Instant Detection
3
24x7x365 Collection & Correlation
Attack Activity
• 240,000 sensors
• 200+ countries
Preemptive Security Alerts
Malware Intelligence
• 130M* client, server,
gateways monitored
• Global coverage
Vulnerabilities
Spam/Phishing
• 32,000+ vulnerabilities
• 11,000 vendors
• 72,000 technologies
• 2.5M decoy accounts
• 8B+ email messages/day
• 1B+ web requests/day
Information Protection Network
Threat Triggered Actions 3
Internet Security Threat Report
http://www.symantec.com/enterprise/threatreport
• A World-Wide Vender Neutral Comprehensive and Empirical Analysis
 Internet Security Threat Activities and Trends Identified by Symantec
 Based upon “Real” Data Collected by Global Intelligence Network
 Only Available Report Offering Complete View of the Current Internet
Security Threat Landscape
• Identifies and Analyzes Attacker Methods, Techniques and
Preferences
• Details Latest Trends, Activities and Information





Internet Attacks
Vulnerabilities Discovered and Exploited
Malicious Code / Malware
Additional Security Threats - Spyware, Phishing, and Spam
Underground Economy Activity
• This Report Is Not:




A Survey of Opinions
Product Driven Marketing
Scientific Certainty
An Analysis of Vendor Capabilities
Copyright © 2010 Symantec Corporation. All rights reserved.
4
Internet Security Threat Report
http://www.symantec.com/enterprise/threatreport
Copyright © 2010 Symantec Corporation. All rights reserved.
5
Threat Landscape History
Old Motivation
New Motivation
Fortune
Fame
• Threats persist with a goal of
notoriety
• Threats are fleeting with a goal of
profit
• Threats are visible and
indiscriminate
• Threats are SILENT and laser
targeted to steal data
Computers
People
• Attackers are moving their operations to regions with emerging
Internet infrastructures and, in some instances, developing and
maintaining their own service provisioning
• Attackers are increasingly targeting end users by
compromising high-traffic, trusted websites
Copyright © 2010 Symantec Corporation. All rights reserved.
Copyright Symantec 2010
6
Threat Landscape Evolution
Attackers have shifted…
 Away from mass-distribution of few threats;
 To micro distribution of millions of distinct threats.
How? Their servers generate a new malware
strain every few moments
 Every set of victims gets attacked by a new strain!
# of Applications
How big is the problem?
 We’re creating as many as 10-25K
signatures for new threats daily!
Further, our sensor data shows us that we’ve
passed an inflection point…
 A week-long internal study showed that more malicious
programs were released than legitimate software.
 65% of all new apps installed during the 1-week study were
malicious, and found on <5% users’ PCs.
And attackers could make things far worse…
Time
Copyright © 2010 Symantec Corporation. All rights reserved.
 We could easily see millions/tens of millions of unique threats
per year.
 What chance will a security vendor have of discovering
malware targeted at just 2-3 users?
Copyright Symantec 2010
7
Anatomy of a Breach; the bottom line.
90% of breaches in 2009 involved organized crime targeting
corporate/sensitive/protected/ information
81%
of attacked organizations were non-compliant in PCI & assoc.
67%
of breaches were due to insider negligence
Copyright © 2010 Symantec Corporation. All rights reserved.
8
How do we Protect the Infrastructure?
Prelude To A Breach
An average of 300 million
attempted malicious code
attacks worldwide
BLOCKED each month in
2009.
Over 60% of Symantec’s
malicious code signatures
created in 2008 alone.
Over 90% of threats in
2009 targeted confidential
information
Copyright © 2010 Symantec Corporation. All rights reserved.
9
How do we better Protect the Information?
Copyright © 2010 Symantec Corporation. All rights reserved.
10
Vision: Transforming Security
From Inhibitor to Mission/Business Enabler
SECURITY 2.0
SECURITY 1.0
Balance Risk and Opportunity
Lock down systems
Keep the bad things out
Keep the Good Things in
Protect only infrastructure
Decisions are fixed and static
Disparate and disconnected
Protect Information and Interactions
Make Decisions Based on Reputation
Standardize and Automate Processes
Copyright © 2010 Symantec Corporation. All rights reserved.
11
Strategy: Transforming Security
Mission Drivers for Security
• How does security enable the organization to complete its
stated mission objectives?
• How important are the following when making securityrelated decisions?
– Achieving/maintaining regulatory compliance
– Protecting operational reputation
– Protecting against financial loss
– Protecting intellectual process / confidential information
– Protecting the accuracy and integrity of data and systems
– Threat management agility
– Time to deployment & enablement
Copyright © 2010 Symantec Corporation. All rights reserved.
12
Strategy: Transforming Security
Security 2010+ Taxonomy
Global Security Intelligence, Support, and Response
Security Advisory & Residency Services
Governance
•Security Information Manager
•Control Compliance Suite
Develop
Enforce
•Managedand
Security
ServicesIT
•DeepSight
Policies Threat Management
>
•Security Program Assessment
•Information Assurance Analysis
Control
Compliance
Suite
•Penetration
Testing
•Altiris Asset Management Solution
InformationProtection
Protection
Information
•Data Loss Prevention
•Cyber Threat Analysis Program (CTAP)
•Enterprise Vault
>
Protect
the Information
•Symantec Mail Security
•Symantec Workflow
•Backup Exec System Recovery
•Message Labs (SaaS)
& Mail
Protect
Data•Web
Loss
Prevention
Suite
•Archiving
Infrastructure
Endpoint
SecurityManagement
& Management
•Symantec Mobile Security
Protect
theEndpoint
Infrastructure
•Symantec
Protection >
•Symantec Network Access Control
•Symantec Web Gateway
Manage Systems
Copyright © 2010 Symantec Corporation. All rights reserved.
>
•Symantec Critical System Protection
Symantec
ProtectionSuite
Suite
•Altiris Client Management
•Symantec Endpoint Encryption
•Endpoint Virtualization
Altiris Total Management Suite
13
Symantec
Security
Strategy
1
Protect the
Infrastructure
Symantec
Protection Suite
Protect the Infrastructure
Secure
Endpoints
Protect
Email and
Web
Defend
Critical
Internal
Servers
Backup
and
Recover
Data
Symantec Protection Suite
15
AntiVirus alone is not enough…
Standard Antivirus
PC deployment
Antispyware
Antivirus
Symantec
AntiVirus
Copyright © 2010 Symantec Corporation. All rights reserved.
1616
AntiVirus vs. SEP11…
Comprehensive
Endpoint Protection
deployment
Device and Application
Control
Firewall
Standard Antivirus
PC deployment
Intrusion
Prevention
Antispyware
Antispyware
Antivirus
Antivirus
Symantec
AntiVirus
Copyright © 2010 Symantec Corporation. All rights reserved.
Symantec Endpoint
Protection 11.0
1717
The SEP Advantage…
●
◔
○
●
●
●
●
●
○
◔
◔
●
●
○
○
◔
●
●
SEP 11.0 Client
75 MB+
Closest
Endpoint
Competitor
25 MB
Symantec
AntiVirus
10.x
24 MB
Symantec
Endpoint
Protection 11.0
1818
Recent HydraQ Defenses via SEP
• Symantec released updated THREAT AV signatures
associated with attack:
–
–
–
–
–
–
Trojan.Pidief.G
Trojan Horse.H
Bloodhound.Exploit.266
Trojan Horse.H1
Trojan.Hydraq
Trojan.Hydraq!gen1
July 2, 2009
July 13, 2009
August 2, 2009
July 13, 2009
January 11, 2010
January14, 2010
• Symantec released updated VULNERABILITY IPS signatures
associated with this attack:
Blocks IE zero-day exploit:
HTTP MSIE Memory Corruption Code Exec (23599) January 16, 2010
Blocks Adobe Acrobat, Reader and Flash vulnerability:
HTTP Acrobat PDF Suspicious File Download 4
July 17, 2009
1 1919
AntiVirus vs. SEP11 vs. SEP/SNAC11
Comprehensive
Endpoint Protection
deployment
Complete Endpoint
Security Solution
Network Access
Control
Device and Application
Control
Device and Application
Control
Firewall
Firewall
Intrusion
Prevention
Intrusion
Prevention
Antispyware
Antispyware
Antispyware
Antivirus
Antivirus
Antivirus
Standard Antivirus
PC deployment
Symantec
AntiVirus
Copyright © 2010 Symantec Corporation. All rights reserved.
Symantec Endpoint
Protection 11.0
Symantec Endpoint Protection 11.0
Symantec Network Access Control 11.0
2020
Enforce Security, Configuration &
Compliance…
Symantec Network Access Control
• Checks adherence to endpoint
security policies…
…continuously!
 Antivirus installed and current?
 Firewall installed and running?
 Required patches and service packs?
 Required configuration?
• Is NOT network dependent
• Remediates configuration
problems
• Regulates guest access
“An endpoint management anomaly is by definition an
endpoint security vulnerability.”
SNAC mitigates and remediates those anomalies.
2121
Symantec Protection Suite
Symantec Protection Suite Enterprise Edition
Endpoint Security
•
Symantec Endpoint Protection
•
Symantec Network Access Control Self
Enforcement
•
Symantec Mobile Security
Messaging & Web Security
•
Symantec Brightmail Gateway
•
Symantec Web Gateway
•
Symantec Mail Security for Microsoft Exchange
•
Symantec Mail Security for Domino
•
Symantec Premium AntiSpam
One
$ Price
All these
Solutions
Backup and Recovery
•
Symantec Backup Exec System Recovery
22
22
22
True High Caliber Server Protection…
Symantec Critical Systems Protection
• Close back doors
(block ports)
• Limit network
connectivity by
application
• Restrict traffic flow
inbound and outbound
Network
Protection
(Host IPS)
Exploit
Prevention
(Host IPS)
• Restrict apps & O/S
behaviors
• Protect systems from
buffer overflow
• Intrusion prevention for
day-zero attacks
Symantec Critical
Systems Protection 5.2
• Lock down
configuration & settings
• Enforce security policy
• De-escalate user
privileges
• Prevent removable
media use
System
Controls
(Host IPS)
Auditing &
Alerting
(Host IDS)
• Monitor logs and
security events
• Consolidate & forward
logs for archives and
reporting
• Smart event response
for quick action
simplify - streamline - protect
2323
True High Caliber Server Protection…
Symantec Critical Systems Protection
Platform
Client
Edition
Windows XP
Server Edition
Prevention
Detection
Windows
2000
Windows 2000, 2003 and 2008,
includes 32-bit & 64-bit support
Windows NT
Windows 2000, 2003 and 2008,
includes 32-bit & 64-bit support
Windows NT
Solaris™
n/a
Solaris 8, 9, 10*
Solaris 8, 9, 10*
Linux™
SuSE Linux
Professional
AIX™
n/a
Microsoft
Windows®
HP-UX™
n/a
*includes x86, x86 VM, 64-bit & Zones
*includes x86, x86 VM, 64-bit & Zones
SuSE Linux Enterprise Server 8, 9,10
SuSE Linux Enterprise Server 8, 9,10
RedHat Enterprise Linux 3**, 4**, 5
includes 32-bit & 64-bit support
RedHat Enterprise Linux 3**, 4**, 5
includes 32-bit & 64-bit support
*2010 mapped
AIX 5L (5.1, 5.2, and 5.3)
*2010 mapped
HP-UX 11i v1 (11.11)**, v2 (11.23)**
and v3 (11.31)**
HP Tru64 Unix V5.1B
2424
Enterprise Security Visibility…
Symantec Security Information Manager
Collection
• Broad and
customizable
• High volume
processing
• Meaningful
normalization
• Assured
reliability
Storage
Correlation
Presentation
• Flexible capacity
• Archive
segmentations
• Quick queries
and searches
• Retention Policy
Automation
• Integrity
verification
• Easy rule based
analysis
• Hierarchical
incident
associations
• Global Intelligence
Network integration
• Asset groupings
• Over 400 out of
box queries
• Customizable
consoles
• Web based portals
• Raw event data
viewer
• Standardized
query templates
2525
Enterprise Security Visibility & Mgmt…
Symantec Security Information Manager [ SSIM ]
1) Allows the CIC/members to “build & maintain their own GIN.”
2) Leverages Symantec GIN & Workflow…
…for Proactive Threat Visibility, Agility, and Reactivity.
• SEP
OS
• SNAC
Endpoint
Database
Enterprise
Network
Mail and
Groupware
• SCSP
• SEE
Firewalls
• Altiris
• Cisco
Syslog
Other
sources…
• ArcSight
IDS/IPS
Vulnerability
Scanners
• Microsoft
• McAfee
• CheckPoint
• ~200 more…
2626
Symantec
Security
Strategy
2
Develop and Enforce
IT Policies
Control
Compliance
Suite
27
Develop and Enforce IT Policies
Define
Risk and
Develop
IT Policies
Assess
Infrastructure
and Processes
Report,
Monitor and
Demonstrate
Due Care
Remediate
Problems
Control Compliance Suite
28
Control Compliance Suite
Define
Determine Risk
and Develop
Policies
POLICIES and CONTROLS
RISK ASSESSMENTS
Assess
Assess
Infrastructure
and Processes
TECHNICAL
CONTROLS
PROCEDURAL
CONTROLS
Report
Monitor and
Demonstrate
Due Care
DASHBOARDS
Remediate
Assess Risk and
Remediate
Problems
RISK WEIGHTED
REMEDIATION
AUDIT
REPORTS
* Gideon Technologies acquisition to grow SCAP Compliance Suite
2929
Symantec
Security
Strategy
3
Protect the
Information
Data Loss
Prevention Suite
30
Protect the Information
Discover
Where Sensitive
Information
Resides
Monitor
How Data
is Being Used
Protect
Sensitive
Information
From Loss
Data Loss Prevention Suite
31
Data Loss Prevention
Direct integrations:
-Symantec Enterprise Vault
-Symantec Backup Exec
Recovery
-Symantec Network Access
Control
Process automations:
Removable
Media
Mail
Security
Web
Security
Content
Control
DLP
Platform
Data
Discovery
Monitoring & Prevention
Discovery & Protection
Instant
Message
Security
Automated eDiscovery
Automated Lost Hardware
Risk Mitigation
Archive /
Backup
Data
Governance
E-Discovery /
Classification
3232
Symantec Endpoint Encryption
Full Disk and/or Partition Encryption:
-Encrypts boot disk
-Encrypts up to 20+ partitions on system boot disk
-FIPS 140-2 validated AES cryptography
-256-bit key (default) or 128-bit key for disk encryption
-Self-service recovery for lost or forgotten passwords
Authenti-Check™ challenge/response questions and
answers
-
-Pre-boot hardened authentication
-Single Sign-on integration
Removable Media Encryption:
-Transparent end user operation
-Comprehensive encryption support
Policy based encryption for removable media
FIPS certified AES 256 bit or 128 bit, CC EAL4 pending
Encrypt plain text data on devices
-Best-in-class storage media support
Flash drives, Hard drives, SD cards, CF cards, CDs/DVDs, iPods, etc.
-Portability
Access utility – Install by policy, read / write encrypted data
Self-extracting archives
3333
Symantec
Security
Strategy
4
Manage the Enterprise
Altiris Total
Management
Suite
34
Manage the Enterprise
Increase
IT Effectiveness
Control
Hardware and
Software Expenses
Improve
Availability and
Service Levels
Altiris Total Management Suite
35
Integration Capabilities via Altiris LCM
Integration of the Industry Leading Solutions;
period.
INFORMATION PROTECTION
ENDPOINT SECURITY
• Symantec Data Loss
Prevention
• Symantec Endpoint
Protection
• Symantec Endpoint
Encryption
• Symantec Network Access
Control
• Backup Exec System
Recovery
• Symantec Critical Systems
Protection
• Backup Exec Infrastructure
Manager
SYSTEMS MANAGEMENT
• *Client Management Suite
• *Server Management Suite
• Service & Asset
Management Suite
• Endpoint Virtualization
• Veritas Configuration
Manager
Unified Deployment and Management via Altiris
Copyright © 2010 Symantec Corporation. All rights reserved.
3636
IT Tool Collaboration &
Process Automation via Symantec Workflow
3737
Virtualization Capabilities via Altiris
Symantec Virtualization Solutions
Virtual Distribution
Virtual Execution
Symantec Workspace
Virtualization
Symantec Workspace
Streaming
Virtual Workspace
Symantec Workspace
Corporate and Symantec
Workspace Remote
• On-demand application
streaming
• Eliminate application conflicts
• Single sign-on
• Accelerate application rollouts
• User-based provisioning
• Application auto launch
• Low overhead
• Simplified packaging and
scripting
• Roaming with state persistence
• Virtualized apps interact
normally
• Kiosk for workstation sharing
• Direct MSI conversion
• User/system/management
agents interact normally with
virtualized apps
• Dynamic License Management
• Single click application upgrades
• Industry standard distributed
architecture
• License tracking and
management
• Location awareness
• Proximity printing
• Consistent local / remote access
• Keeps base OS image clean
• Rapidly resolve application
problems
•
Integration with multiple
Symantec products
3838
Protect the
Infrastructure
Develop and Enforce
IT Policies
Protect the
Information
Manage the
Enterprise
Copyright © 2010 Symantec Corporation. All rights reserved.
> Symantec Protection Suite
> Control Compliance Suite
> Data Loss Prevention Suite
> Altiris Total Management Suite
39
Endpoint Security Roadmap
Reputation-Based Protection
#1
#2
prevalence
hygiene
provenance
reputation
How many other
people in the
world have this
file?
User behavior
can drive
infection rates
Publishers and
distributors
Malware histories
help prioritize
publishers
#3
#4
DeepClean
Collectively, this becomes the system for building and
maintaining the world’s most precise and most comprehensive
whitelist and file provide reputation infrastructure
Copyright © 2010 Symantec Corporation. All rights reserved.
Copyright Symantec 2010
40
Start with a mature endpoint stack…
Intrusion
Prevention
Antispyware
Antivirus
D L P
Firewall
A L T I R I S / L C M
Device and Application
Control
E N C R Y P T I O N
Network Access
Control
41
Security Focused Advisory / Consulting Services
Our Experts making a Difference for Your Organization
Symantec Advisory Services
Secure Application Services
Compliance
Application Development
Services Lifecycle
Review
Secure
Regulatory
& Standards Services
Assessments
Infrastructure
 Application
Penetration Tests
PCI
Services
Security
Architecture
Assessment
Operations
Services &
 Network
Application
Design
Assessment
– PCI Security
Audit
Service
Review
 Design
Secure
Development
– PCILifecycle
Security
Application
CodeScanning
ReviewService
 Network
Penetration
Assessment
– PCI Compliance
Readiness
Review
Risk/Blueprint
Assessment
Application
Security
Principles
Course
–
PCI
Payment
Application
Best
 Network
Vulnerability
Assessment
SOC Design
and Staffing
Practices
Assessment
 Wireless
Security
Assessment
Security Awareness
Program
 ISO 17799 Gap Assessment
 Cyber Threat Analysis Program (CTAP)
 Federal/Gov’t Standards Compliance
 Breach
& Outbreak Response Action
Assessments
Team (‘BORAT’)
Copyright © 2010 Symantec Corporation. All rights reserved.
42
Magic Quadrant Strategic Leadership
Network Access Control
Endpoint Protection Platforms
Security Info & Event Mgmt
Content-Aware DLP
E-Mail Security Boundaries
PC Lifecycle Config Mgmt
-
Thank You!
44
45