最新的赛门铁克企业级终端安全软件SEP12介绍
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
– Enterprise Edition only. Not available in SBE. – Runs as a stand alone application and doesn’t require a traditional install – Must be run from within a virtual machine (VMware, Citrix, of Hyper-V) – Runs on Windows XP SP2, SP3, Vista, Windows 7, and Windows 2008 R2 – Command-line options for silent and automated operation – Detailed logging/reporting capabilities
• 升级默认策略来应对今天 的威胁环境
SEP 12.1: 介绍
12
Results: Unrivaled Security
Remediation Score
120 100 30 25 20 15 10 5 1 0
(higher is better)
80 60 40 20 0
SEP 12.1: 介绍
13
• SHOP Safely
– Alerts you of suspicious online sellers – Helps you find reputable online merchants you can trust
SEP 12.1: 介绍 14
Rating Results
• Norton Secured: This means that the site has been verified to be a legitimate business and that a valid SSL cert is used
SEP 12.1: 介绍
21
The Result: SEP 12.1 Performance Expectations
Full Scan IO performance improvement 12.1 vs. 11 12.1 Shared Insight Cache vs. 12.1 without 60% reduction in total disk IO 50-பைடு நூலகம்0% reduction in total disk IO*
Memory Usage
PassMark™ Software, Feb., 2011 - http://www.passmark.com/AVReport
Symantec Endpoint Protection uses: 66% less memory than McAfee 76% less memory than Microsoft
– Warns you of unsafe Web sites right in your search results – Works seamlessly with Google, Yahoo! & Bing search engines
• SURF Safely
– Raises the alarm if a Web site has a potentially dangerous download on it – Helps you avoid accidentally downloading viruses, spyware, and other online threats
SEP 12.1: 介绍
22
Virtual Image Exception
Virtual Image Exception(VIE) is a tool that gives administrators the ability to easily set exclusions for files in a virtual operating environment.
17 17
SEP 12.1: 介绍
Results:
Symantec Endpoint Protection Scans: 3.5X faster than McAfee 2X faster than Microsoft
Ranked 1st in overall Performance!
160 140 120 100 80 60 40 20 0 Symantec Kaspersky Trend Micro Microsoft Sophos McAfee Average
• Green OK: site is not a Norton Secured site and has no security or shopping risks
• Yellow ! + shopping cart: site has no security risks but has been reported to sell counterfeit/fake or recalled goods • Yellow !: site has some non-critical security risks (threat severity as defined by Response) • Red X: site has critical security risks or contains many non-critical security risks • Gray ?: site has not been rated
• 产品中使用的地方
• Download Insight • Insight Lookup • Sonar • 启发式(Heuristics) & 关联检测(Corroboration during detection)
4
SEP 12.1: 介绍
信誉度
我们的实现方式 我们建立大量的并行分析算法
Norton 安全社区监控 在程序中,连接匿名数据选项
PassMark™ Software, Feb., 2011 - http://www.passmark.com/AVReport
SEP 12.1: 介绍
18
Results:
180.0 160.0 140.0 120.0 100.0 80.0 60.0 40.0 20.0 0.0 Symantec Kaspersky Trend Micro McAfee Sophos Microsoft Average
SEP 12.1: 介绍 26
Step 1:
Tool Scans the System
25
SEP 12.1: 介绍
Process Overview
Step 4: Administrator Activates
Administrators can enable the exclusions or disable the exclusions from being used via the AV Policy for both On-Demand and Auto-Protect
Safe Web Lite (Optional Install via CD)
Safe Web Lite provides a safer search experience by warning you of dangerous Web sites right in your search results, so you can search, browse, and shop online without worry. • SEARCH Safely
SEP 12.1: 介绍
15
Insight
Unrivaled Security
Blazing Performance
为什么已知良好的文件扫描一遍又一遍?
使用信誉优化扫描性能
在一个典型的系统,80%的活动应 用程序可以跳过!
传统的扫描
要扫描每一个文件
信誉优化扫描
跳过每一个确定信誉好的文件 导致更快的扫描时间
(但是必须精确的识别出恶意软件)
黑名单处理的很好.
中间部分需要一个新的 技术.
白名单处理的很.
SEP 12.1: Introduction SEP 12.1: 介绍
Prevalence
2
Bad文件
Good 文件
Symantec Insight
• 一个革命性、具有建设性的技术,基于1.75亿个 Symantec客户端安全信誉度,提供未知恶意软件 防护。 • Insight 集成在sep上通过信誉度定罪和赦免恶意 威胁的一种技术
– Provides configurable options in SEPM for Administrators to turn on and off VIE exceptions for auto-protect and administrator defined scans.
SEP 12.1: 介绍
SEP 12.1: 介绍
19
Built for Virtualization
• Virtual Image Exception –让客户排除在基线镜像扫描过的所有 文件.
• Shared Insight Cache –一个独立的服务器,使客户端能够分享扫 描结果,这使客户能够跳过扫描该文件已经被其他客户端扫描.
23
Process Overview
Step 1:
Tool Scans the System
24
SEP 12.1: 介绍
Process Overview
Step 2:
Tool collects the list of all files found
Step 3:
Tool locally whitelists all the files found on the client
Symantec Endpoint Protection 12.1
介绍
SEP 12.1: Introduction
1
现今病毒查杀技术的缺陷
Today, both good and bad software obey a long-tail distribution.
不幸的是没有任何一个技术处理数 以亿计的流行度不高的文件.
• Virtual Client Tagging – 在报告中显示虚拟环境标识.
• Offline Image Scanner –一个独立的工具,可以扫描离线VMware 映像(VMDK的)的文件..
• Scan Randomization –允许客户选择一个窗口,随着时间的推移 排定的扫描将揭开序幕
Analogy: Google’s PageRank™
Symantec Reputation Engine 使用连接的数据判断安全信誉度
我们的系统虚拟的跟踪在世界上的每个应用程序
–
– –
25亿个应用程序(各种版本和各种语言). Symantec 文件安全信誉
– 每周300万个增长 – 监控包含: EXEs, drivers, DLLs, plug-ins 提供信誉度, 流行程度, 每个文件的发现时间 并且是高度准确的.
SEP 12.1: 介绍
5
Download Insight
• Download Insight 是一种技术检查下载中的二进制文化的信誉度 如果为bad 则阻断.
• Download Insight 扫描浏览器下载的文件
SEP 12.1: 介绍
7
应用程序和设备控制
• X64 支持 • 服务器操作系统支持 • 提升日志功能
12.1 with Virtual Image Exception vs.12.1 without
50-80% reduction in total disk IO*
* Expected results, final numbers are still pending
The total benefit to a customer running SEP 12.1 with the virtualization features is an estimated 80%-90% reduction in disk IO for full scans as compared to 11.x.
• 升级默认策略来应对今天 的威胁环境
SEP 12.1: 介绍
12
Results: Unrivaled Security
Remediation Score
120 100 30 25 20 15 10 5 1 0
(higher is better)
80 60 40 20 0
SEP 12.1: 介绍
13
• SHOP Safely
– Alerts you of suspicious online sellers – Helps you find reputable online merchants you can trust
SEP 12.1: 介绍 14
Rating Results
• Norton Secured: This means that the site has been verified to be a legitimate business and that a valid SSL cert is used
SEP 12.1: 介绍
21
The Result: SEP 12.1 Performance Expectations
Full Scan IO performance improvement 12.1 vs. 11 12.1 Shared Insight Cache vs. 12.1 without 60% reduction in total disk IO 50-பைடு நூலகம்0% reduction in total disk IO*
Memory Usage
PassMark™ Software, Feb., 2011 - http://www.passmark.com/AVReport
Symantec Endpoint Protection uses: 66% less memory than McAfee 76% less memory than Microsoft
– Warns you of unsafe Web sites right in your search results – Works seamlessly with Google, Yahoo! & Bing search engines
• SURF Safely
– Raises the alarm if a Web site has a potentially dangerous download on it – Helps you avoid accidentally downloading viruses, spyware, and other online threats
SEP 12.1: 介绍
22
Virtual Image Exception
Virtual Image Exception(VIE) is a tool that gives administrators the ability to easily set exclusions for files in a virtual operating environment.
17 17
SEP 12.1: 介绍
Results:
Symantec Endpoint Protection Scans: 3.5X faster than McAfee 2X faster than Microsoft
Ranked 1st in overall Performance!
160 140 120 100 80 60 40 20 0 Symantec Kaspersky Trend Micro Microsoft Sophos McAfee Average
• Green OK: site is not a Norton Secured site and has no security or shopping risks
• Yellow ! + shopping cart: site has no security risks but has been reported to sell counterfeit/fake or recalled goods • Yellow !: site has some non-critical security risks (threat severity as defined by Response) • Red X: site has critical security risks or contains many non-critical security risks • Gray ?: site has not been rated
• 产品中使用的地方
• Download Insight • Insight Lookup • Sonar • 启发式(Heuristics) & 关联检测(Corroboration during detection)
4
SEP 12.1: 介绍
信誉度
我们的实现方式 我们建立大量的并行分析算法
Norton 安全社区监控 在程序中,连接匿名数据选项
PassMark™ Software, Feb., 2011 - http://www.passmark.com/AVReport
SEP 12.1: 介绍
18
Results:
180.0 160.0 140.0 120.0 100.0 80.0 60.0 40.0 20.0 0.0 Symantec Kaspersky Trend Micro McAfee Sophos Microsoft Average
SEP 12.1: 介绍 26
Step 1:
Tool Scans the System
25
SEP 12.1: 介绍
Process Overview
Step 4: Administrator Activates
Administrators can enable the exclusions or disable the exclusions from being used via the AV Policy for both On-Demand and Auto-Protect
Safe Web Lite (Optional Install via CD)
Safe Web Lite provides a safer search experience by warning you of dangerous Web sites right in your search results, so you can search, browse, and shop online without worry. • SEARCH Safely
SEP 12.1: 介绍
15
Insight
Unrivaled Security
Blazing Performance
为什么已知良好的文件扫描一遍又一遍?
使用信誉优化扫描性能
在一个典型的系统,80%的活动应 用程序可以跳过!
传统的扫描
要扫描每一个文件
信誉优化扫描
跳过每一个确定信誉好的文件 导致更快的扫描时间
(但是必须精确的识别出恶意软件)
黑名单处理的很好.
中间部分需要一个新的 技术.
白名单处理的很.
SEP 12.1: Introduction SEP 12.1: 介绍
Prevalence
2
Bad文件
Good 文件
Symantec Insight
• 一个革命性、具有建设性的技术,基于1.75亿个 Symantec客户端安全信誉度,提供未知恶意软件 防护。 • Insight 集成在sep上通过信誉度定罪和赦免恶意 威胁的一种技术
– Provides configurable options in SEPM for Administrators to turn on and off VIE exceptions for auto-protect and administrator defined scans.
SEP 12.1: 介绍
SEP 12.1: 介绍
19
Built for Virtualization
• Virtual Image Exception –让客户排除在基线镜像扫描过的所有 文件.
• Shared Insight Cache –一个独立的服务器,使客户端能够分享扫 描结果,这使客户能够跳过扫描该文件已经被其他客户端扫描.
23
Process Overview
Step 1:
Tool Scans the System
24
SEP 12.1: 介绍
Process Overview
Step 2:
Tool collects the list of all files found
Step 3:
Tool locally whitelists all the files found on the client
Symantec Endpoint Protection 12.1
介绍
SEP 12.1: Introduction
1
现今病毒查杀技术的缺陷
Today, both good and bad software obey a long-tail distribution.
不幸的是没有任何一个技术处理数 以亿计的流行度不高的文件.
• Virtual Client Tagging – 在报告中显示虚拟环境标识.
• Offline Image Scanner –一个独立的工具,可以扫描离线VMware 映像(VMDK的)的文件..
• Scan Randomization –允许客户选择一个窗口,随着时间的推移 排定的扫描将揭开序幕
Analogy: Google’s PageRank™
Symantec Reputation Engine 使用连接的数据判断安全信誉度
我们的系统虚拟的跟踪在世界上的每个应用程序
–
– –
25亿个应用程序(各种版本和各种语言). Symantec 文件安全信誉
– 每周300万个增长 – 监控包含: EXEs, drivers, DLLs, plug-ins 提供信誉度, 流行程度, 每个文件的发现时间 并且是高度准确的.
SEP 12.1: 介绍
5
Download Insight
• Download Insight 是一种技术检查下载中的二进制文化的信誉度 如果为bad 则阻断.
• Download Insight 扫描浏览器下载的文件
SEP 12.1: 介绍
7
应用程序和设备控制
• X64 支持 • 服务器操作系统支持 • 提升日志功能
12.1 with Virtual Image Exception vs.12.1 without
50-80% reduction in total disk IO*
* Expected results, final numbers are still pending
The total benefit to a customer running SEP 12.1 with the virtualization features is an estimated 80%-90% reduction in disk IO for full scans as compared to 11.x.