Symantec12x产品及终端虚拟化下技术特性介绍.pptx

,Click to add title two-line title wraps upward,Click to add text,Second level,Third level,Fourth level,Fifth level,Presentation Identifier Goes Here,#,Click to add title two-line title wraps upward,Click to add text,Second level,Third level,Fourth level,Fifth level,#,Symantec,Endpoint,S,olution,1,Symantec 12.x,产品及终端虚拟化下技术特性介绍,Agenda,2,终端安全防护软件简介,1,终端虚拟化环境下技术特性,2,Presentation Identifier Goes Here,3,终端安全防护软件,简介,Symantec Endpoint Protection,12.1,无可匹敌的,安全,、,引人瞩目,的,性能,、,针对,虚拟环境而,构建,社交网络和社交骗局攻击,虚拟化已经成为规则,事件的损失越来越惨重,瞬息万变的目标性攻击,在主要 IT 安全趋势推动下，Symantec Endpoint Protection 应运而生,Symantec Endpoint Protection 12.1,Symantec Endpoint Protection,恶意软件防护,个性化防火墙,入侵防御,设备控制,应用程序控制,准入控制,Symantec Endpoint Protection 12.1,5,一个控制台,一个代理,Win、OS X、Linux,Insight 为后盾,无可匹敌的安全保障,Insight,SONAR,引人瞩目的性能,扫描速度更快,针对虚拟环境而构建,识别并管理虚拟客户端,减少扫描工作量,Single Agent,Single Console,Windows,Mac&Linux,病毒与恶意软件防护,Signature Lifecycle,#1 Pre-Analysis,创建,提交,ftp&http,servers,测试,发布,#2 Pre-Publish,检测,扫描,#3 Pre-Detection,正式的病毒签名的生命周期,可扩展的引擎,不断的持续改进,不依赖与新的版本更新,底层,rootkit,检测,灵活性,周期性的,用户互动的,访问控制,网络入侵保护,&,浏览器入侵防护,Features,通用入侵阻断,(GEB),深入包检测,创建用户自定义的特征,Format similar to SNORT,Regex,support,Mac,欺骗保护,网络应用程序监控,Ping/Port Scan,检测,SSH,IM,SMTP,FTP,HTTP,RCP,Custom Sig,Signature,GEB,SSH,IM,SMTP,FTP,HTTP,RCP,智能通信过滤引擎：自动防范,ARP,攻击,10,设备控制,通过类型阻断外设,(Windows Class ID,Vendor),支持所有常见的端口,USB,Infrared,Bluetooth,Serial,Parallel,FireWire,SCSI,PCMCIA,支持用户自定义的硬件,应用程序控制,Features,应用程序行为分析,程序执行控制,文件访问控制,注册表访问控制,Module and DLL,读取控制,系统锁定,WINDOWSsystem32,基于策略的锁定,允许,IT,管理员基于风险控制的要求执行终端锁定策略,Do not allow users access to registry editing tools or command shells.,Client Management Suite is the only tool allowed to install(run setup.exe)for new applications.,Do not allow users to write to USB Hard Drives,安全的,WEB,访问,SEARCH safely,Warns you of unsafe Web sites right in your search results,Works seamlessly with Google,Yahoo!&Bing search engines,SURF safely,Raises the alarm if a Web site has a potentially dangerous download on it,Helps you avoid accidentally downloading viruses,spyware,and other online threats,SHOP safely,Alerts you of suspicious online sellers,Helps you find reputable online merchants you can trust,提供一种安全搜索体验，通过对搜索后结果存在的危险,Web,站点报警提示，用户可以拥有安全的在线体验。,*Optional install from CD,15,终端虚拟化环境下技术特性,优化性能、适应于,VDI,环境,虚拟化特性,16,Virtual Client Tagging,虚拟客户端标示,Virtual Image Exception,虚拟镜像排除,Shared Insight Cache,缓存服务器,Offline Scanning,虚拟机离线扫描,Resource Leveling,资源分布,Together up to 90%reduction in disk IO,Virtual Client Tagging,虚拟客户端标识,SEP 12.1 Amber Virtualization Features,17,Virtual Image Exception,虚拟镜像排除,Step 1:,Tool scans the system,Step 2:,Tool collects the list of all files found,Step 3:,Tool locally whitelists,all the files found,on the client,Virtual Image Exception,虚拟镜像排除,Step 5:Optimized scanning,Skips any files that were identified with the VIE tool,Step 4:Administrator activates,Administrators can enable the exclusions or disable the exclusions from being used via the policy,Shared Insight Cache,缓存共享服务器,Shared,Insight Cache,流程,Scenario 1:Reputation known,If reputation is already known and good,skip the file,Shared Insight Cache,流程,101010101,101010101 def 2/11,Scenario 2:No reputation but exists in shared cache,If reputation is not known,then check shared cache for knowledge of file.,If file is also a binary executable,send hash to Symantec Insight for reputation score,Offline image scanner,虚机离线扫描,Resource,Leveling,资源分布，随机扫描,Allows administrator to select a window over time that a scheduled scan will kick off,Daily:up to 23 hours,Weekly:up to 167 hours,Monthly:up to 671 Hours,Improve support for virtual,environment,SEP,12.1,performance,Full Scan IO performance improvement,12.1 vs.11,60%reduction in total disk IO,12.1 shared insight cache vs.12.1 without,50-80%reduction in total disk IO*,12.1 with virtual image exception vs.12.1 without,50-80%reduction in total disk IO*,*Expected results,final numbers are still pending,The total benefit to a customer running SEP 12.1 with the virtualization features is an estimated 80%-90%reduction in disk IO for full scans as compared to 11.x.,Presentation Identifier Goes Here,26,