Product Roadmap Symantec Endpoint Protection
Suzanne Konvicka & Paul Murgatroyd
Symantec Endpoint Protection Product Roadmap 1
SYMANTEC VISION 2014
Safe Harbor Disclaimer
Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.
2 Symantec Endpoint Protection Product Roadmap 2
SYMANTEC VISION 2014
Sample Agenda
Symantec Endpoint Protection Product Roadmap 3
Changing Threat Landscape 1
Protecting Endpoints Today 2
Roadmap – Futures and Near Term 3
SYMANTEC VISION 2014
Increase in Targeted Attacks
4
Increase in targeted attack campaigns
+91% 2012
2013
Symantec Endpoint Protection Product Roadmap
SYMANTEC VISION 2014
Targeted Attack Campaigns
5
2011 2012 2013
Email per Campaign
Recipient/Campaign
78
122
29
61
111
23
Duration of Campaign 4 days 3 days 8.3 days
Campaigns 165
408
779
Symantec Endpoint Protection Product Roadmap
SYMANTEC VISION 2014
Targeted Industries
6
Public Administration (Gov.)
Services – Professional
Services – Non-Traditional
Manufacturing
Finance, Insurance & Real Estate
Transportation, Gas, Communications, Electric
Wholesale
Retail
Mining
Construction
16% 15
14 13 13
6 5
2 1 1
Top 10 Industries Targeted in Spear-Phishing Attacks, 2013 Source: Symantec
Symantec Endpoint Protection Product Roadmap
SYMANTEC VISION 2014
Zero-Day Vulnerabilities
7 Symantec Endpoint Protection Product Roadmap
13 15
9 12
14
8
14
23
0
5
10
15
20
25
30
2006 2007 2008 2009 2010 2011 2012 2013
Zero-Day Vulnerabilities, Annual Total, 2006 - 2013 Source: Symantec
23 zero-day vulnerabilities discovered in 2013 Increase from 14 in 2012
More zero-day vulnerabilities discovered in 2013 than in any year since we started tracking
More zero-days in 2013 than in past two years combined
SYMANTEC VISION 2014 Symantec Endpoint Protection Product Roadmap 8
Protecting Endpoints Today
SYMANTEC VISION 2014
Symantec IS Security Intelligence
Symantec Endpoint Protection Product Roadmap 9
Monitors Threats in
157+ countries 550 Threat
Researchers
14 Data Centers
World Wide
7 Billion
1 Billion+
2.5 Trillion
File, URL & IP Classifications
Devices Protected
Rows of Security Telemetry
Capturing previously unseen threats and attack methods
Putting “big data” analytics to work for every end user
More visibility across devices creates better context and deeper insight
2B+ events logged daily Over 100,000 security alerts
generated annually 200,000 daily code
submissions
SYMANTEC VISION 2014
Intelligence Feeds
Big Data Analytics
DeepSight
Analytics
Warehouse
Analysts
10
Attack Quarantine
System
Endpoints
Gateways
3rd Party Affiliates
Global Sensor Network
Global Intelligence Network
Global Data Collection
Honeypots
INSIGHT: Reputation Monitoring for SEP Contextual intelligence for dynamic analysis
Symantec Endpoint Protection Product Roadmap
Bad Safety Rating
File is blocked
Good Safety Rating
File is whitelisted
No Safety Rating Yet Can be blocked
Hosted Intelligence
SYMANTEC VISION 2014
Faster, Fewer, Smarter Scans
11
Insight - Optimized Scanning Skips any program we are sure is good,
leading to much faster scan times
Traditional Scanning Has to scan every file
On a typical system, 70% of programs can be skipped!
INSIGHT: Reduces SEP Scan Overhead by up to 70%
Symantec Endpoint Protection Product Roadmap
SYMANTEC VISION 2014
Monitors 1390 file behaviors to answer:
SONAR: Behavior Monitoring in SEP
Human-authored Behavioral Signatures
Artificial Intelligence Based Classification Engine
Behavioral Policy Lockdown
Who is it related to?
What did it contain?
Where did it come from?
What has it done?
Provides Zero-Day Protection Against Unknown Threats
Symantec Endpoint Protection Product Roadmap 12
SYMANTEC VISION 2014
Intelligent Endpoint Protection
13
Layered protection to stop mass, targeted and advanced threats
Network Threat
Protection
Blocks malware before it spreads to
your machine and controls traffic
Advanced Scanning
Blocks suspicious files – even those
with no fingerprint – before they
can run and steal your data
Insight Reputation
Safety ratings for every single
software file on the planet, and
uses this to block targeted attacks
SONAR Behavior Blocking
Blocks software with suspicious
behaviors to stop advanced threats
Symantec Power Eraser
Aggressive SMR technology roots out entrenched
infections and kills them in seconds
Symantec Endpoint Protection Product Roadmap
SYMANTEC VISION 2014 Symantec Endpoint Protection Product Roadmap 14
Roadmap – Futures and Near Term
SYMANTEC VISION 2014
Today’s Endpoint Protection
• Focused on protection
– Automatically block malware and targeted attacks
• No differentiation between attack types
• Minimize noise and false positives
– Only highlight events based on confidence
– Block all suspicious apps
• Symantec security intelligence baked in
– Customers do not see data decisions are based upon
Symantec Endpoint Protection Product Roadmap 15
SYMANTEC VISION 2014
Moving Beyond Protection to Detection and Response
“Help me block more attacks without false
positives”
Customers Demanding a New Approach
16 Symantec Endpoint Protection Product Roadmap 16
“Help me discover new
targeted attacks”
“Minimize my time to respond
and protect”
“Help me distinguish
targeted attacks from other
security events”
SYMANTEC VISION 2014 Symantec Endpoint Protection Product Roadmap 17
Attend our Opening Keynote Tuesday 9-10.30am Brian Dye, Senior VP, Information Security
Curious to Learn More?
SYMANTEC VISION 2014
Near-term Roadmap
Ease of Use Enhanced Protection
Improved Performance
Extended Platform Support
Symantec Endpoint Protection Product Roadmap 18
SYMANTEC VISION 2014
Enhanced Protection
Against advanced threats
Integrated Power Eraser
-Aggressively scan an infected endpoint to
locate APTs
-Reduce time to clean infected systems
-Mitigate false positive
Improved System Lockdown & Whitelisting
-Easier to enable, update, and manage
Enhanced Device Control
Symantec Endpoint Protection Product Roadmap 19
SYMANTEC VISION 2014
Enhanced Protection
Against advanced threats
Enhanced Insight
-Reduce attack surfaces of system
Better SONAR
-More complete remediation
-Clean up the infected system from APTs
Symantec Endpoint Protection Product Roadmap 20
SYMANTEC VISION 2014
Improved Performance
Physical and virtual environments
Better control of bandwidth to SEPM
Reduce network load
-Flexible control to the number of connections and
bandwidth
Improve scan throttling for virtualization
-Reduce disk load
-Reduce scan time for normal laptops/desktops
Symantec Endpoint Protection Product Roadmap 21
SYMANTEC VISION 2014
Improved Performance
Client performance and content deltas
Reduce disk space on SEPM by 85-95%
Allow customers to cache more revisions
-Reduces the number of full
definitions delivered
Improve boot time by more than 10%
Symantec Endpoint Protection Product Roadmap 22
SYMANTEC VISION 2014
Extended Platform Support
Improved management of endpoints
Linux client management
-Single client package fully managed by SEPM
-Auto update
-Auto-compile kernels during install
Mac client management
-Client remote deployment
-Device control
-Firewall
Symantec Endpoint Protection Product Roadmap 23
SYMANTEC VISION 2014
Extended Platform Support
Embedded and VDI enhancements
Embedded support
-Support all flavors of embedded Windows
-Reduce the size of the client
Virtualization and VDI
-Reduce size definition set
Symantec Endpoint Protection Product Roadmap 24
SYMANTEC VISION 2014
Ease of Use
User friendly and time saving
New web-based console
-Support mobile devices
-Support current browsers
Updated competitive uninstaller
-Remove over 300 products from more than
60 vendors
Symantec Endpoint Protection Product Roadmap 25
SYMANTEC VISION 2014
Customer Participation Opportunities
Symantec Endpoint Protection Product Roadmap 26
SEP 12.1.5 Beta Program – Summer 2014
• Linux & Mac Client Management • Client Performance Enhancements • Better Control of Bandwidth to SEPM • Scan Throttling for Virtualization
SEP 12.1.6 Customer Previews – Second Half, 2014
• New enhanced reporting (mobile support) • Embedded client updates • System Lockdown enhancements
SYMANTEC VISION 2014
Other SEP Related Sessions & Labs
Symantec Endpoint Protection Product Roadmap 27
Topic Type Day Time
1440 - Are You Harnessing the Full Protection Power of SEP 12? Lab Monday Wednesday
1:00 P.M. 9:00 A.M.
1438 - Best Practices For Migrating From SEP 11 to SEP 12 Lab Tuesday
11.00 A.M.
1544 - Best Practices for Deploying SEP 12 on Embedded Devices Lab Tuesday 2:45 P.M. 4:00 P.M.
1484 - The Evolving Threat Landscape 2014: Postmortem and Lessons Learned from Simple and Advanced Threats Discovered in 2013
Session Tuesday 4:00 P.M.
1724 - Best Practices for Deploying SEP 12 for VDI Lab Wednesday Thursday
10:15 A.M. 9:00 A.M.
1760 - Protecting Solusell: An Interactive Case Study in Policy-based Endpoint Protection
Lab Wednesday 2:00 P.M.
1761 - Endpoint Protection Break/Fix Lab Lab Wednesday Thursday
3:15 P.M. 11:30 A.M.
1459 - How Integration between MSS, SEP, and Next-generation Firewalls Catch Targeted and Advanced Persistent Threats
Session Thursday 9:00 A.M.
Thank you!
28
YOUR FEEDBACK IS VALUABLE TO US!
Please take a few minutes to fill out the short session survey available on the mobile app—the survey will be available shortly after the session ends. Watch for and complete the more extensive post-event survey that will arrive via email a few days after the conference.
To download the app, go to https://vision2014.quickmobile.com or search for Vision 2014 in the iTunes or Android stores.
Symantec Endpoint Protection Product Roadmap
Thank you!
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Suzanne Konvicka Paul Murgatroyd [email protected] [email protected]
Tel: +1 650 527 2331 +44 (0) 7786 807480
Symantec Endpoint Protection Product Roadmap 29