product roadmap symantec endpoint protection · 2016. 7. 4. · symantec vision 2014 symantec is...

Product Roadmap Symantec Endpoint Protection

Suzanne Konvicka & Paul Murgatroyd

Symantec Endpoint Protection Product Roadmap 1

SYMANTEC VISION 2014

Safe Harbor Disclaimer

Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.

2 Symantec Endpoint Protection Product Roadmap 2


Sample Agenda


Changing Threat Landscape 1

Protecting Endpoints Today 2

Roadmap – Futures and Near Term 3


Increase in Targeted Attacks

4

Increase in targeted attack campaigns

+91% 2012

2013

Symantec Endpoint Protection Product Roadmap


Targeted Attack Campaigns

5

2011 2012 2013

Email per Campaign

Recipient/Campaign

78

122

29

61

111

23

Duration of Campaign 4 days 3 days 8.3 days

Campaigns 165

408

779



Targeted Industries

6

Public Administration (Gov.)

Services – Professional

Services – Non-Traditional

Manufacturing

Finance, Insurance & Real Estate

Transportation, Gas, Communications, Electric

Wholesale

Retail

Mining

Construction

16% 15

14 13 13

6 5

2 1 1

Top 10 Industries Targeted in Spear-Phishing Attacks, 2013 Source: Symantec



Zero-Day Vulnerabilities

7 Symantec Endpoint Protection Product Roadmap

13 15

9 12

14

8

14

23

0

5

10

15

20

25

30

2006 2007 2008 2009 2010 2011 2012 2013

Zero-Day Vulnerabilities, Annual Total, 2006 - 2013 Source: Symantec

23 zero-day vulnerabilities discovered in 2013 Increase from 14 in 2012

More zero-day vulnerabilities discovered in 2013 than in any year since we started tracking

More zero-days in 2013 than in past two years combined

SYMANTEC VISION 2014 Symantec Endpoint Protection Product Roadmap 8

Protecting Endpoints Today


Symantec IS Security Intelligence


Monitors Threats in

157+ countries 550 Threat

Researchers

14 Data Centers

World Wide

7 Billion

1 Billion+

2.5 Trillion

File, URL & IP Classifications

Devices Protected

Rows of Security Telemetry

Capturing previously unseen threats and attack methods

Putting “big data” analytics to work for every end user

More visibility across devices creates better context and deeper insight

2B+ events logged daily Over 100,000 security alerts

generated annually 200,000 daily code

submissions


Intelligence Feeds

Big Data Analytics

DeepSight

Analytics

Warehouse

Analysts

10

Attack Quarantine

System

Endpoints

Gateways

3rd Party Affiliates

Global Sensor Network

Global Intelligence Network

Global Data Collection

Honeypots

INSIGHT: Reputation Monitoring for SEP Contextual intelligence for dynamic analysis


Bad Safety Rating

File is blocked

Good Safety Rating

File is whitelisted

No Safety Rating Yet Can be blocked

Hosted Intelligence


Faster, Fewer, Smarter Scans

11

Insight - Optimized Scanning Skips any program we are sure is good,

leading to much faster scan times

Traditional Scanning Has to scan every file

On a typical system, 70% of programs can be skipped!

INSIGHT: Reduces SEP Scan Overhead by up to 70%



Monitors 1390 file behaviors to answer:

SONAR: Behavior Monitoring in SEP

Human-authored Behavioral Signatures

Artificial Intelligence Based Classification Engine

Behavioral Policy Lockdown

Who is it related to?

What did it contain?

Where did it come from?

What has it done?

Provides Zero-Day Protection Against Unknown Threats



Intelligent Endpoint Protection

13

Layered protection to stop mass, targeted and advanced threats

Network Threat

Protection

Blocks malware before it spreads to

your machine and controls traffic

Advanced Scanning

Blocks suspicious files – even those

with no fingerprint – before they

can run and steal your data

Insight Reputation

Safety ratings for every single

software file on the planet, and

uses this to block targeted attacks

SONAR Behavior Blocking

Blocks software with suspicious

behaviors to stop advanced threats

Symantec Power Eraser

Aggressive SMR technology roots out entrenched

infections and kills them in seconds



Roadmap – Futures and Near Term


Today’s Endpoint Protection

• Focused on protection

– Automatically block malware and targeted attacks

• No differentiation between attack types

• Minimize noise and false positives

– Only highlight events based on confidence

– Block all suspicious apps

• Symantec security intelligence baked in

– Customers do not see data decisions are based upon



Moving Beyond Protection to Detection and Response

“Help me block more attacks without false

positives”

Customers Demanding a New Approach

16 Symantec Endpoint Protection Product Roadmap 16

“Help me discover new

targeted attacks”

“Minimize my time to respond

and protect”

“Help me distinguish

targeted attacks from other

security events”


Attend our Opening Keynote Tuesday 9-10.30am Brian Dye, Senior VP, Information Security

Curious to Learn More?


Near-term Roadmap

Ease of Use Enhanced Protection

Improved Performance

Extended Platform Support



Enhanced Protection

Against advanced threats

Integrated Power Eraser

-Aggressively scan an infected endpoint to

locate APTs

-Reduce time to clean infected systems

-Mitigate false positive

Improved System Lockdown & Whitelisting

-Easier to enable, update, and manage

Enhanced Device Control



Enhanced Protection

Against advanced threats

Enhanced Insight

-Reduce attack surfaces of system

Better SONAR

-More complete remediation

-Clean up the infected system from APTs




Physical and virtual environments

Better control of bandwidth to SEPM

Reduce network load

-Flexible control to the number of connections and

bandwidth

Improve scan throttling for virtualization

-Reduce disk load

-Reduce scan time for normal laptops/desktops




Client performance and content deltas

Reduce disk space on SEPM by 85-95%

Allow customers to cache more revisions

-Reduces the number of full

definitions delivered

Improve boot time by more than 10%




Improved management of endpoints

Linux client management

-Single client package fully managed by SEPM

-Auto update

-Auto-compile kernels during install

Mac client management

-Client remote deployment

-Device control

-Firewall




Embedded and VDI enhancements

Embedded support

-Support all flavors of embedded Windows

-Reduce the size of the client

Virtualization and VDI

-Reduce size definition set



Ease of Use

User friendly and time saving

New web-based console

-Support mobile devices

-Support current browsers

Updated competitive uninstaller

-Remove over 300 products from more than

60 vendors



Customer Participation Opportunities


SEP 12.1.5 Beta Program – Summer 2014

• Linux & Mac Client Management • Client Performance Enhancements • Better Control of Bandwidth to SEPM • Scan Throttling for Virtualization

SEP 12.1.6 Customer Previews – Second Half, 2014

• New enhanced reporting (mobile support) • Embedded client updates • System Lockdown enhancements


Other SEP Related Sessions & Labs


Topic Type Day Time

1440 - Are You Harnessing the Full Protection Power of SEP 12? Lab Monday Wednesday

1:00 P.M. 9:00 A.M.

1438 - Best Practices For Migrating From SEP 11 to SEP 12 Lab Tuesday

11.00 A.M.

1544 - Best Practices for Deploying SEP 12 on Embedded Devices Lab Tuesday 2:45 P.M. 4:00 P.M.

1484 - The Evolving Threat Landscape 2014: Postmortem and Lessons Learned from Simple and Advanced Threats Discovered in 2013

Session Tuesday 4:00 P.M.

1724 - Best Practices for Deploying SEP 12 for VDI Lab Wednesday Thursday

10:15 A.M. 9:00 A.M.

1760 - Protecting Solusell: An Interactive Case Study in Policy-based Endpoint Protection

Lab Wednesday 2:00 P.M.

1761 - Endpoint Protection Break/Fix Lab Lab Wednesday Thursday

3:15 P.M. 11:30 A.M.

1459 - How Integration between MSS, SEP, and Next-generation Firewalls Catch Targeted and Advanced Persistent Threats

Session Thursday 9:00 A.M.

Thank you!

28

YOUR FEEDBACK IS VALUABLE TO US!

Please take a few minutes to fill out the short session survey available on the mobile app—the survey will be available shortly after the session ends. Watch for and complete the more extensive post-event survey that will arrive via email a few days after the conference.

To download the app, go to https://vision2014.quickmobile.com or search for Vision 2014 in the iTunes or Android stores.


https://vision2014.quickmobile.com/

https://vision2014.quickmobile.com/

Thank you!

Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Suzanne Konvicka Paul Murgatroyd [email protected] [email protected]

Tel: +1 650 527 2331 +44 (0) 7786 807480


mailto:[email protected]

mailto:[email protected]

product roadmap symantec endpoint protection · 2016. 7. 4. · symantec vision 2014 symantec is...

Documents