2. Jan, 2007 - 250,000 viruses
Dec, 2009 – over 240 million
2
3. Malware authors have switched tactics
75% of malware infect less than
50 machines
From: To:
A mass distribution of a A micro distribution model e.g.
relatively few threats e.g.
The average Vundo variant is
Storm made its way onto millions distributed to 18 Symantec users!
of machines across the globe The average Harakit variant is
distributed to 1.6 Symantec users!
3
4. A Security Catastrophe… the growth in AV signatures
10,000,000
8,000,000
6,000,000
Signature based scanning
4,000,000
won’t keep up
2,000,000
0
4
5. What is SEP 12? Single Agent, Single Console
On-Premise Infrastructure
Antivirus Windows & Mac
Network
Access
Antispyware
Control
(add-on)
Application
Control
Firewall
Device Intrusion
Control Prevention
5
6. What’s New in SEP 12
Unrivaled Blazing Built for Virtual
Security Performance Environments
• Powered by Insight • Up to 70% reduction • Tested and optimized
• Real Time Behavior in scan overhead for virtual
Monitoring with • Smarter Updates environments
SONAR • Faster Management • Higher VM densities
6
7. Powered by
Insight
Proactive protection against new, mutating threats
• puts files in context, using their age, frequency, location and
more to expose threats otherwise missed
• using community-based security ratings
• derived from Symantec's more than 175 million endpoints
7
8. How Insight Works Check the DB
4
during scans
2 Rate nearly
2.5 billion
every file on
the files
internet
1 Build a
175
collection
million
network
PCs
Is it new?
Bad reputation?
Prevalence
Age
Source
Provide 3 Look for
5 associations Behavior
actionable data Associations
8
9. Unrivaled Security
Hackers mutate threats to evade fingerprints
Mutated threats stick out like a sore thumb
It’s a catch-22 for the virus writers
– Mutate too much =Insight finds it
– Mutate too little = Easy to discover & fingerprint
9
10. Symantec Protection Model
Defense in Depth
File
17b053e6352ad233
85c59efcbac2490b
Website/ Network
Domain/
IP address
Network File Reputation Behavioral
Network-based
Protection File-based
Protection Reputation-based
Protection Behavioral-based
Protection
Stops malware as it Looks for and Establishes information Looks at processes as
travels over the network eradicates malware about entities e.g. they execute and uses
and tries to take up that has already taken websites, files, IP malicious behaviors to
residence on a system up residence on a addresses to be used in indicate the presence
system effective security of malware
Protocol aware IPS Antivirus Engine Domain Reputation SONAR
Browser Protection Auto Protect File Reputation Behavioral Signatures
Malheur Insight
10
11. Proven Most Effective in Real World Test
100% 100%
3.8%
13.5%
90% 90%
26.9%
3.8% 32.7%
80% 40.4% 80%
44.2%
70% 70%
% of samples
3.8% 15.4%
% False Positives
60% 60%
5.8%
3.8%
50% 50%
96.2%
40% 82.7% 40%
30%
63.5% 30%
57.7%
53.8% 51.9%
20% 20%
Infected
10% 10% Partial
Blocked
4% FP
0% 0%
Symantec Sophos Kaspersky Trend Micro Microsoft McAfee
11
12. Most Effective Remediation
120 30
110
100 104 25
Number of False Positives
94 93
Remediation Score
80 20
75
(higher is better)
(lower is better)
69
60 15
40 10
20 24 5
1
0 0
Symantec Kaspersky Microsoft Sophos Malwarebytes McAfee Trend Micro
12
13. Insight: Faster than Traditional Scanning
Insight - Optimized Scanning
Traditional Scanning Skips any file we are sure is good,
Has to scan every file leading to much faster scan times
On a typical system, 70% of active
applications can be skipped!
13
14. Tests Prove SEP 12 Outperforms Competition
Symantec Endpoint Protection 12 Scans:
3.5X faster than McAfee
2X faster than Microsoft
Ranked 1st in overall Performance!
160
140
120
100
80
60
40
20
0
Symantec Kaspersky Trend Micro Microsoft Sophos McAfee Average
14
15. Lowest Memory Use
180.0
160.0
140.0
120.0
100.0
80.0
60.0
40.0
20.0
0.0
Symantec Kaspersky Trend McAfee Sophos Microsoft Average
Memory Usage Micro
Symantec Endpoint Protection 12 uses:
66% less memory than McAfee
76% less memory than Microsoft
15
16. Built for Virtual Environments
Virtual Client Virtual Image Shared Insight Resource
Tagging Exception Cache Leveling
Together – up to 90% reduction in disk IO
16
17. Virtualization Features
Virtual Client Virtual Image Shared Insight
Tagging Exception Cache
Offline Image Resource
Scanning Leveling
Together – up to 90% reduction in disk IO
17
18. Symantec Endpoint Protection
Small Business Edition 12.1
Fastest •Powered by Symantec
Insight and SONAR
•Support for Macintosh
Most Effective
•Faster Installs and
Upgrades
Simple
•Smart Scanning
18
20. What’s Right For Your Business?
Endpoint
Endpoint
Feature Protection Small
Protection
Business Edition
Seats 5-99 seats 100+ seats
Antivirus/Antispyware • •
Desktop Firewall • •
Intrusion Detection/Prevention • •
Generic Exploit Blocking • •
Protection for Mac OS X and Windows • •
Protection for Linux •
Device and Application Control •
Network Access Control Self-Enforcement •
Flexible, granular policy management •
Enhanced Virtualization Features •
20