1 Secure & Manage The World’s Information Governance Policy Compliance Risk Management Incident Management Information Classification Data Loss Prevention eDiscovery Archiving / Retention Infrastructure Management Security Endpoints Copyright © 2009 Symantec Corporation. All rights reserved. Data Protection Data Center Storage Management Availability Cloud 22 Symantec Global Intelligence Network (GIN) identifies more threats - takes action faster - prevents impact Dublin Calgary Tokyo Springfield San Francisco Twyford Redwood City Santa Monica Munich Alexandria Pune Taipei Sydney Global Scope and Scale Largest Security Footprint Worldwide Instant Detection 3 24x7x365 Collection & Correlation Attack Activity • 240,000 sensors • 200+ countries Preemptive Security Alerts Malware Intelligence • 130M* client, server, gateways monitored • Global coverage Vulnerabilities Spam/Phishing • 32,000+ vulnerabilities • 11,000 vendors • 72,000 technologies • 2.5M decoy accounts • 8B+ email messages/day • 1B+ web requests/day Information Protection Network Threat Triggered Actions 3 Internet Security Threat Report http://www.symantec.com/enterprise/threatreport • A World-Wide Vender Neutral Comprehensive and Empirical Analysis  Internet Security Threat Activities and Trends Identified by Symantec  Based upon “Real” Data Collected by Global Intelligence Network  Only Available Report Offering Complete View of the Current Internet Security Threat Landscape • Identifies and Analyzes Attacker Methods, Techniques and Preferences • Details Latest Trends, Activities and Information      Internet Attacks Vulnerabilities Discovered and Exploited Malicious Code / Malware Additional Security Threats - Spyware, Phishing, and Spam Underground Economy Activity • This Report Is Not:     A Survey of Opinions Product Driven Marketing Scientific Certainty An Analysis of Vendor Capabilities Copyright © 2010 Symantec Corporation. All rights reserved. 4 Internet Security Threat Report http://www.symantec.com/enterprise/threatreport Copyright © 2010 Symantec Corporation. All rights reserved. 5 Threat Landscape History Old Motivation New Motivation Fortune Fame • Threats persist with a goal of notoriety • Threats are fleeting with a goal of profit • Threats are visible and indiscriminate • Threats are SILENT and laser targeted to steal data Computers People • Attackers are moving their operations to regions with emerging Internet infrastructures and, in some instances, developing and maintaining their own service provisioning • Attackers are increasingly targeting end users by compromising high-traffic, trusted websites Copyright © 2010 Symantec Corporation. All rights reserved. Copyright Symantec 2010 6 Threat Landscape Evolution Attackers have shifted…  Away from mass-distribution of few threats;  To micro distribution of millions of distinct threats. How? Their servers generate a new malware strain every few moments  Every set of victims gets attacked by a new strain! # of Applications How big is the problem?  We’re creating as many as 10-25K signatures for new threats daily! Further, our sensor data shows us that we’ve passed an inflection point…  A week-long internal study showed that more malicious programs were released than legitimate software.  65% of all new apps installed during the 1-week study were malicious, and found on <5% users’ PCs. And attackers could make things far worse… Time Copyright © 2010 Symantec Corporation. All rights reserved.  We could easily see millions/tens of millions of unique threats per year.  What chance will a security vendor have of discovering malware targeted at just 2-3 users? Copyright Symantec 2010 7 Anatomy of a Breach; the bottom line. 90% of breaches in 2009 involved organized crime targeting corporate/sensitive/protected/ information 81% of attacked organizations were non-compliant in PCI & assoc. 67% of breaches were due to insider negligence Copyright © 2010 Symantec Corporation. All rights reserved. 8 How do we Protect the Infrastructure? Prelude To A Breach An average of 300 million attempted malicious code attacks worldwide BLOCKED each month in 2009. Over 60% of Symantec’s malicious code signatures created in 2008 alone. Over 90% of threats in 2009 targeted confidential information Copyright © 2010 Symantec Corporation. All rights reserved. 9 How do we better Protect the Information? Copyright © 2010 Symantec Corporation. All rights reserved. 10 Vision: Transforming Security From Inhibitor to Mission/Business Enabler SECURITY 2.0 SECURITY 1.0 Balance Risk and Opportunity Lock down systems Keep the bad things out Keep the Good Things in Protect only infrastructure Decisions are fixed and static Disparate and disconnected Protect Information and Interactions Make Decisions Based on Reputation Standardize and Automate Processes Copyright © 2010 Symantec Corporation. All rights reserved. 11 Strategy: Transforming Security Mission Drivers for Security • How does security enable the organization to complete its stated mission objectives? • How important are the following when making securityrelated decisions? – Achieving/maintaining regulatory compliance – Protecting operational reputation – Protecting against financial loss – Protecting intellectual process / confidential information – Protecting the accuracy and integrity of data and systems – Threat management agility – Time to deployment & enablement Copyright © 2010 Symantec Corporation. All rights reserved. 12 Strategy: Transforming Security Security 2010+ Taxonomy Global Security Intelligence, Support, and Response Security Advisory & Residency Services Governance •Security Information Manager •Control Compliance Suite Develop Enforce •Managedand Security ServicesIT •DeepSight Policies Threat Management > •Security Program Assessment •Information Assurance Analysis Control Compliance Suite •Penetration Testing •Altiris Asset Management Solution InformationProtection Protection Information •Data Loss Prevention •Cyber Threat Analysis Program (CTAP) •Enterprise Vault > Protect the Information •Symantec Mail Security •Symantec Workflow •Backup Exec System Recovery •Message Labs (SaaS) & Mail Protect Data•Web Loss Prevention Suite •Archiving Infrastructure Endpoint SecurityManagement & Management •Symantec Mobile Security Protect theEndpoint Infrastructure •Symantec Protection > •Symantec Network Access Control •Symantec Web Gateway Manage Systems Copyright © 2010 Symantec Corporation. All rights reserved. > •Symantec Critical System Protection Symantec ProtectionSuite Suite •Altiris Client Management •Symantec Endpoint Encryption •Endpoint Virtualization Altiris Total Management Suite 13 Symantec Security Strategy 1 Protect the Infrastructure Symantec Protection Suite Protect the Infrastructure Secure Endpoints Protect Email and Web Defend Critical Internal Servers Backup and Recover Data Symantec Protection Suite 15 AntiVirus alone is not enough… Standard Antivirus PC deployment Antispyware Antivirus Symantec AntiVirus Copyright © 2010 Symantec Corporation. All rights reserved. 1616 AntiVirus vs. SEP11… Comprehensive Endpoint Protection deployment Device and Application Control Firewall Standard Antivirus PC deployment Intrusion Prevention Antispyware Antispyware Antivirus Antivirus Symantec AntiVirus Copyright © 2010 Symantec Corporation. All rights reserved. Symantec Endpoint Protection 11.0 1717 The SEP Advantage… ● ◔ ○ ● ● ● ● ● ○ ◔ ◔ ● ● ○ ○ ◔ ● ● SEP 11.0 Client 75 MB+ Closest Endpoint Competitor 25 MB Symantec AntiVirus 10.x 24 MB Symantec Endpoint Protection 11.0 1818 Recent HydraQ Defenses via SEP • Symantec released updated THREAT AV signatures associated with attack: – – – – – – Trojan.Pidief.G Trojan Horse.H Bloodhound.Exploit.266 Trojan Horse.H1 Trojan.Hydraq Trojan.Hydraq!gen1 July 2, 2009 July 13, 2009 August 2, 2009 July 13, 2009 January 11, 2010 January14, 2010 • Symantec released updated VULNERABILITY IPS signatures associated with this attack: Blocks IE zero-day exploit: HTTP MSIE Memory Corruption Code Exec (23599) January 16, 2010 Blocks Adobe Acrobat, Reader and Flash vulnerability: HTTP Acrobat PDF Suspicious File Download 4 July 17, 2009 1 1919 AntiVirus vs. SEP11 vs. SEP/SNAC11 Comprehensive Endpoint Protection deployment Complete Endpoint Security Solution Network Access Control Device and Application Control Device and Application Control Firewall Firewall Intrusion Prevention Intrusion Prevention Antispyware Antispyware Antispyware Antivirus Antivirus Antivirus Standard Antivirus PC deployment Symantec AntiVirus Copyright © 2010 Symantec Corporation. All rights reserved. Symantec Endpoint Protection 11.0 Symantec Endpoint Protection 11.0 Symantec Network Access Control 11.0 2020 Enforce Security, Configuration & Compliance… Symantec Network Access Control • Checks adherence to endpoint security policies… …continuously!  Antivirus installed and current?  Firewall installed and running?  Required patches and service packs?  Required configuration? • Is NOT network dependent • Remediates configuration problems • Regulates guest access “An endpoint management anomaly is by definition an endpoint security vulnerability.” SNAC mitigates and remediates those anomalies. 2121 Symantec Protection Suite Symantec Protection Suite Enterprise Edition Endpoint Security • Symantec Endpoint Protection • Symantec Network Access Control Self Enforcement • Symantec Mobile Security Messaging & Web Security • Symantec Brightmail Gateway • Symantec Web Gateway • Symantec Mail Security for Microsoft Exchange • Symantec Mail Security for Domino • Symantec Premium AntiSpam One $ Price All these Solutions Backup and Recovery • Symantec Backup Exec System Recovery 22 22 22 True High Caliber Server Protection… Symantec Critical Systems Protection • Close back doors (block ports) • Limit network connectivity by application • Restrict traffic flow inbound and outbound Network Protection (Host IPS) Exploit Prevention (Host IPS) • Restrict apps & O/S behaviors • Protect systems from buffer overflow • Intrusion prevention for day-zero attacks Symantec Critical Systems Protection 5.2 • Lock down configuration & settings • Enforce security policy • De-escalate user privileges • Prevent removable media use System Controls (Host IPS) Auditing & Alerting (Host IDS) • Monitor logs and security events • Consolidate & forward logs for archives and reporting • Smart event response for quick action simplify - streamline - protect 2323 True High Caliber Server Protection… Symantec Critical Systems Protection Platform Client Edition Windows XP Server Edition Prevention Detection Windows 2000 Windows 2000, 2003 and 2008, includes 32-bit & 64-bit support Windows NT Windows 2000, 2003 and 2008, includes 32-bit & 64-bit support Windows NT Solaris™ n/a Solaris 8, 9, 10* Solaris 8, 9, 10* Linux™ SuSE Linux Professional AIX™ n/a Microsoft Windows® HP-UX™ n/a *includes x86, x86 VM, 64-bit & Zones *includes x86, x86 VM, 64-bit & Zones SuSE Linux Enterprise Server 8, 9,10 SuSE Linux Enterprise Server 8, 9,10 RedHat Enterprise Linux 3**, 4**, 5 includes 32-bit & 64-bit support RedHat Enterprise Linux 3**, 4**, 5 includes 32-bit & 64-bit support *2010 mapped AIX 5L (5.1, 5.2, and 5.3) *2010 mapped HP-UX 11i v1 (11.11)**, v2 (11.23)** and v3 (11.31)** HP Tru64 Unix V5.1B 2424 Enterprise Security Visibility… Symantec Security Information Manager Collection • Broad and customizable • High volume processing • Meaningful normalization • Assured reliability Storage Correlation Presentation • Flexible capacity • Archive segmentations • Quick queries and searches • Retention Policy Automation • Integrity verification • Easy rule based analysis • Hierarchical incident associations • Global Intelligence Network integration • Asset groupings • Over 400 out of box queries • Customizable consoles • Web based portals • Raw event data viewer • Standardized query templates 2525 Enterprise Security Visibility & Mgmt… Symantec Security Information Manager [ SSIM ] 1) Allows the CIC/members to “build & maintain their own GIN.” 2) Leverages Symantec GIN & Workflow… …for Proactive Threat Visibility, Agility, and Reactivity. • SEP OS • SNAC Endpoint Database Enterprise Network Mail and Groupware • SCSP • SEE Firewalls • Altiris • Cisco Syslog Other sources… • ArcSight IDS/IPS Vulnerability Scanners • Microsoft • McAfee • CheckPoint • ~200 more… 2626 Symantec Security Strategy 2 Develop and Enforce IT Policies Control Compliance Suite 27 Develop and Enforce IT Policies Define Risk and Develop IT Policies Assess Infrastructure and Processes Report, Monitor and Demonstrate Due Care Remediate Problems Control Compliance Suite 28 Control Compliance Suite Define Determine Risk and Develop Policies POLICIES and CONTROLS RISK ASSESSMENTS Assess Assess Infrastructure and Processes TECHNICAL CONTROLS PROCEDURAL CONTROLS Report Monitor and Demonstrate Due Care DASHBOARDS Remediate Assess Risk and Remediate Problems RISK WEIGHTED REMEDIATION AUDIT REPORTS * Gideon Technologies acquisition to grow SCAP Compliance Suite 2929 Symantec Security Strategy 3 Protect the Information Data Loss Prevention Suite 30 Protect the Information Discover Where Sensitive Information Resides Monitor How Data is Being Used Protect Sensitive Information From Loss Data Loss Prevention Suite 31 Data Loss Prevention Direct integrations: -Symantec Enterprise Vault -Symantec Backup Exec Recovery -Symantec Network Access Control Process automations: Removable Media Mail Security Web Security Content Control DLP Platform Data Discovery Monitoring & Prevention Discovery & Protection Instant Message Security Automated eDiscovery Automated Lost Hardware Risk Mitigation Archive / Backup Data Governance E-Discovery / Classification 3232 Symantec Endpoint Encryption Full Disk and/or Partition Encryption: -Encrypts boot disk -Encrypts up to 20+ partitions on system boot disk -FIPS 140-2 validated AES cryptography -256-bit key (default) or 128-bit key for disk encryption -Self-service recovery for lost or forgotten passwords Authenti-Check™ challenge/response questions and answers - -Pre-boot hardened authentication -Single Sign-on integration Removable Media Encryption: -Transparent end user operation -Comprehensive encryption support Policy based encryption for removable media FIPS certified AES 256 bit or 128 bit, CC EAL4 pending Encrypt plain text data on devices -Best-in-class storage media support Flash drives, Hard drives, SD cards, CF cards, CDs/DVDs, iPods, etc. -Portability Access utility – Install by policy, read / write encrypted data Self-extracting archives 3333 Symantec Security Strategy 4 Manage the Enterprise Altiris Total Management Suite 34 Manage the Enterprise Increase IT Effectiveness Control Hardware and Software Expenses Improve Availability and Service Levels Altiris Total Management Suite 35 Integration Capabilities via Altiris LCM Integration of the Industry Leading Solutions; period. INFORMATION PROTECTION ENDPOINT SECURITY • Symantec Data Loss Prevention • Symantec Endpoint Protection • Symantec Endpoint Encryption • Symantec Network Access Control • Backup Exec System Recovery • Symantec Critical Systems Protection • Backup Exec Infrastructure Manager SYSTEMS MANAGEMENT • *Client Management Suite • *Server Management Suite • Service & Asset Management Suite • Endpoint Virtualization • Veritas Configuration Manager Unified Deployment and Management via Altiris Copyright © 2010 Symantec Corporation. All rights reserved. 3636 IT Tool Collaboration & Process Automation via Symantec Workflow 3737 Virtualization Capabilities via Altiris Symantec Virtualization Solutions Virtual Distribution Virtual Execution Symantec Workspace Virtualization Symantec Workspace Streaming Virtual Workspace Symantec Workspace Corporate and Symantec Workspace Remote • On-demand application streaming • Eliminate application conflicts • Single sign-on • Accelerate application rollouts • User-based provisioning • Application auto launch • Low overhead • Simplified packaging and scripting • Roaming with state persistence • Virtualized apps interact normally • Kiosk for workstation sharing • Direct MSI conversion • User/system/management agents interact normally with virtualized apps • Dynamic License Management • Single click application upgrades • Industry standard distributed architecture • License tracking and management • Location awareness • Proximity printing • Consistent local / remote access • Keeps base OS image clean • Rapidly resolve application problems • Integration with multiple Symantec products 3838 Protect the Infrastructure Develop and Enforce IT Policies Protect the Information Manage the Enterprise Copyright © 2010 Symantec Corporation. All rights reserved. > Symantec Protection Suite > Control Compliance Suite > Data Loss Prevention Suite > Altiris Total Management Suite 39 Endpoint Security Roadmap Reputation-Based Protection #1 #2 prevalence hygiene provenance reputation How many other people in the world have this file? User behavior can drive infection rates Publishers and distributors Malware histories help prioritize publishers #3 #4 DeepClean Collectively, this becomes the system for building and maintaining the world’s most precise and most comprehensive whitelist and file provide reputation infrastructure Copyright © 2010 Symantec Corporation. All rights reserved. Copyright Symantec 2010 40 Start with a mature endpoint stack… Intrusion Prevention Antispyware Antivirus D L P Firewall A L T I R I S / L C M Device and Application Control E N C R Y P T I O N Network Access Control 41 Security Focused Advisory / Consulting Services Our Experts making a Difference for Your Organization Symantec Advisory Services Secure Application Services Compliance Application Development Services Lifecycle Review Secure Regulatory & Standards Services Assessments Infrastructure  Application Penetration Tests PCI Services Security Architecture Assessment Operations Services &  Network Application Design Assessment – PCI Security Audit Service Review  Design Secure Development – PCILifecycle Security Application CodeScanning ReviewService  Network Penetration Assessment – PCI Compliance Readiness Review Risk/Blueprint Assessment Application Security Principles Course – PCI Payment Application Best  Network Vulnerability Assessment SOC Design and Staffing Practices Assessment  Wireless Security Assessment Security Awareness Program  ISO 17799 Gap Assessment  Cyber Threat Analysis Program (CTAP)  Federal/Gov’t Standards Compliance  Breach & Outbreak Response Action Assessments Team (‘BORAT’) Copyright © 2010 Symantec Corporation. All rights reserved. 42 Magic Quadrant Strategic Leadership Network Access Control Endpoint Protection Platforms Security Info & Event Mgmt Content-Aware DLP E-Mail Security Boundaries PC Lifecycle Config Mgmt - Thank You! 44 45