White Paper: Endpoint Security

Simplif

Simplify Y

y Your Relationship

our Relationship

with Endpoint Securit

with Endpoint Securityy

White Paper: Endpoint Security

Simplif

Simplify Y

y Your Relationship with Endpoint Securit

our Relationship with Endpoint Securityy

Contents

Introduction . . . 1

The Biggest Pressure – the Evolving Threat Landscape . . . 1

The Changing Strategy of Protection . . . 2

Why is Managing Endpoint Security So Complicated?! . . . 2

It’s Not You, It’s Me . . . 3

Bloated Agents. . . 3

Heterogeneous Environments . . . 3

Hard to Manage . . . 3

Too Many Options . . . 3

The Symantec Endpoint Protection.cloud Solution Simplifies It All. . . 4

Conclusion. . . 6

Next Steps. . . 6

Conficker Virus

Criminals are more sophisticated than ever. As evidenced by the January 2010 attacks on Google1, even the largest companies can fall

prey to attack. Small businesses not only have a great deal of personal information – from both their employees and also their customers – but may find themselves increasingly falling prey to attacks due to their lack of spending on security.2

As their systems are generally not as well protected, the chances of an attack being discovered quickly are much lower.

On average, 1,919 new websites hosting malicious content are detected daily.3Compounded with the explosion of social media sites

and increased usage of shortened URLs, it is difficult for users to determine if a site might be malicious until it’s too late.

Introduction

Complicated is the word that best describes the modern world of the IT manager. IT managers in small or medium sized businesses (SMBs) face a particularly challenging environment where the demands of the organization are high and resources are limited. Security is becoming a major part of the IT manager’s job and delivering adequate security for any organization is more challenging than ever due to the changing threat landscape, increased mobility of end users and the costs required to implement in-depth security.

The endpoint is the last mile for the organization. In many cases it is the last line of defense against threats and the majority of companies have an endpoint solution in place. However, the challenges around effectively securing and managing the endpoint are significant and go far beyond simply picking a specific product from a vendor. Administrators have to ensure consistency, constant updates and protection for employees both inside and outside the corporate network.

This paper will address some of the key reasons why managing endpoint security is so complex. The current threat landscape, the sophistication of attacks and other pressures facing administrators today are some of the reasons that contribute to this complexity that in many cases can endanger the organization. It will then provide an introduction as to why a hosted endpoint solution is the answer to this complex relationship and finally, it will introduce Symantec Endpoint Protection.cloud, a solution that can help transform this relationship status from “it’s complicated” to “happily ever after”.

The Biggest Pressure – the Evolving Threat Landscape

The amount of malicious content coming in through an organization’s gateway is staggering. In 2009 there were 107 billion spam emails sent on a daily basis.4Those spam emails paired with a growing number of targeted Trojans

1-"Hack of Google, Adobe Conducted Through Zero-Day IE Flaw", http://www.wired.com/threatlevel/2010/01/hack-of-adob/ 2-Frost & Sullivan 2009 Small/Medium-sized Enterprises’ Risk Assessment of Network Security

3-MessageLabs Intelligence: 2010 March Security Report 4-MessageLabs Intelligence: 2009 Annual Security Report

significantly increase the risk to the endpoint. It only takes one employee visiting a site hosting malware or opening a single infected document to open up the entire organization to attackers.

Given the dynamic threat landscape, it is no wonder that endpoints including desktops, laptops and file servers are vulnerable to attacks from the web and email. But that is not where the threat ends.

Because of USB drives and other portable storage, organizations are still not safe from accidental or intentional internal infection. Common documents have become the vehicle of choice for malware and a single infected USB stick could infect an entire organization, stealing data, passwords and account information and sending it to a malicious attacker in another country.5

On top of all these technical challenges, SMBs also face the challenge of a growing mobile workforce with employees working not just from home, but from coffee shops and on other insecure public networks. Employees often forget or are frustrated by the overhead created by starting VPN clients and will run without a secure tunnel into the network.

The Changing Strategy of Protection

The strategies around protecting organizations have changed as the threats have become more sophisticated. Part of this changing strategy is what has transformed endpoint security into the complex solution it is today. A history of the changes in IT security strategy might be thought of in the following way with each new generation adding a new layer of security to the previous one:

• First Generation – protection occurred at the endpoint directly.

• Second Generation – hardware devices such as firewalls and Intrusion Detection Systems (IDS) along with content filtering devices were placed at the gateway.

• Third Generation – cloud based solutions moved the burden of protection away from the organization completely and placed it in the hands of a company focused on security.

With each layer of protection added to the organization, the endpoint became more secure. Unfortunately, today’s mobile workforce nullifies many of the gains from the second and third generations of security. Once the endpoint moves outside the walls of the corporate network, the additional layers of security provided by the organization are lost. This leaves the single endpoint agent doing the same job as a wide variety of devices on the corporate network.

Why is Managing Endpoint Security So Complicated?!

Securing the endpoint, while complex, is a necessary evil. Many administrators wonder why it’s so difficult. Both the modern organization and the vendors are to blame. The modern organization has let its workforce go mobile. The vendors have continued to add layer upon layer of protection to the endpoint. Business has driven these changes, but these changes are what brought endpoint security to the challenging state it is in today.

5-Radcliff, Deb “Slurping the USB Port” SC Magazine September 1, 2008

Simplify Your Relationship with Endpoint Security

For most organizations, the mobile workforce is a common trend. Unfortunately, a mobile workforce causes huge headaches for administrators. The following questions should be the absolute responsibility of IT managers:

• Do you know where your laptops are when not connected to the corporate network? • Do you know what threats they could pick up and introduce to the corporate environment? • Do you know what devices are being plugged into work laptops and desktops? Are they risk free?

In addition to these challenges, wi-fi connections and peer-to-peer applications are another clear path for viruses to get into the corporate network, slowing it down or compromising it.

It’s Not You, It’s Me

As if the inherent complexity of endpoint security wasn’t enough, current solutions often bring a great deal of complexity with them. For example, agents can be bloated, and policy management and reporting vary greatly.

Bloated Agents

Current endpoint agents can be bloated. As the threat landscape has expanded, vendors have diligently addressed this new landscape by adding layer-upon-layer of protection. And since the modern agent is designed to do all the protection from the desktop itself, all the features and functionality have to be loaded at the endpoint, often resulting in heavily bloated and large agents that take up valuable system resources and can diminish performance.

Heterogeneous Environments

The modern organization is full of different devices. Like many businesses, SMBs have an assortment of different computers and laptops. Even if an organization runs Microsoft Windows as its primary operating system, it is likely that many flavors of Windows exist in that environment. Whether it is Windows 2000, Windows 2003, Windows 2008 or any of the desktop versions of Windows, patching and updating must be handled separately for each different operating system causing management challenges for understaffed administrators.

Hard to Manage

Along with the variety of devices, managing updates on the wide variety of devices in the enterprise is a challenge. IT managers want something that’s easy to manage and deploy. Unfortunately, the modern solution can prove to be hard to manage and complex to deploy. Updates require connection to a central server and in smaller organizations employees are often outside of the office the majority of the time. Policies change, updates occur, and while machines in the office may be protected, the mobile workforce is left out in the cold.

Too Many Options

Part of the reason why endpoint security is so involved is due to the wide variety of options that are offered to

administrators. The wide array of options leads to dangers. Well-meaning administrators may try to tweak settings, trying to improve performance, and end up leaving their users more insecure. In addition, most endpoint security suites include

more options than organizations really need and as a result, organizations end up paying much more than they need to for the solutions they are using. Finally, the modern endpoint security suite is very complete and includes a wide variety of solutions ranging from anti-virus and email security to backup protection and network access control.

Most organizations want the ability to run what they need and phase in the other solutions over time. Some organizations have solutions in place and don’t need the extra tools provided by a suite. In the end, IT managers can suffer in both price and performance for the vast amount of extras.

The Symantec Endpoint Protection.cloud Solution Simplifies It All

To compete effectively, IT managers in SMBs require sophisticated IT without the complexity. Symantec Endpoint Protection.cloud is a simple and effective way for IT managers of SMBs to manage endpoint security.

What is Symantec Endpoint Protection.cloud?

Symantec Endpoint Protection.cloud offers comprehensive endpoint security as a hosted service, helping organizations to protect their business without installing additional hardware or management software. It is designed to safeguard your systems with one easy to use solution that includes advanced technologies for antivirus, antispyware, firewall, host intrusion prevention, and email security, all managed from a single Web-based management console.

Why Symantec Endpoint Protection.cloud?

Simple to set up and easy to use, Symantec Endpoint Protection.cloud eases endpoint security manageability and helps businesses stay ahead of today’s threat environment. Delivered through a hosted subscription-based model, Symantec Endpoint Protection.cloud can be deployed without additional hardware or management software, thereby helping businesses lower maintenance costs and keep subscription fees predictable. Automatic security updates occur

transparently over an Internet connection directly, without needing to log in to the corporate VPN. These features ensure that Symantec Endpoint Protection.cloud keeps employee systems current as long as they are connected to the Internet.

How does Symantec Endpoint Protection.cloud Leverage the Cloud to Provide End-to-End Protection?

By maintaining constant contact with policies and updates through the cloud, the endpoint security levels stay current. Regardless of where the employee is, their machine is on the defensive, always prepared for the latest threat.

Symantec Endpoint Protection.cloud also simplifies management by providing IT managers with a web-based

management console and always-on protection which quickly alleviates many of the key pain points that administrators have with endpoint solutions today.

Flexibility provided through a hosted model allows the solution to scale without the headache of additional hardware procurement and deployment. And multiple deployment options simplify setting up new employees and new machines and allow employees outside the office to work safely.

Figure 1 outlines the key feature set of Symantec Endpoint Protection.cloud.

Simplify Your Relationship with Endpoint Security

FFeatureeature DescripDescriptiontion

Comprehensive protection for customer systems Symantec Endpoint Protection.cloud provides advanced

technologies for antivirus, antispyware, firewall, and host intrusion prevention. This suite provides solid protection against threats from the Internet, through email, or from the desktop itself.

Always-on protection for endpoints With Symantec Endpoint Protection.cloud, systems are

always protected no matter where they are. Automated updates occur transparently over any Internet connection to help keep employee systems current and consistent with your policies when employees are in the office or on the road – even when they’re not logged into the VPN.

Web-Based Management Console Symantec Endpoint Protection.cloud allows

administrators to access the administration portal over a supported Web-browser without having to be logged in to the network through VPN. Administrators receive real-time alerts via SMS or email and can easily perform functions such as Live updates, view history on systems, and change local policy settings.

Ease of Management Symantec Endpoint Protection.cloud addresses the

headaches of management by allowing administrators to add and manage new computers without requiring on-site management servers. Upgrades occur automatically and new features are introduced frequently – all of this is included as part of a subscription service fee.

Quick Deployment Deployment has long been a challenge to traditional

endpoint security solutions. Figure 1: Symantec Endpoint Protection.cloud Product Features

Conclusion

The modern IT manager is faced with a seemingly impossible mandate. Manage and secure a mobile workforce, configure and maintain complex endpoint solutions, and do so on a shrinking budget. In light of all these, it is no wonder that the modern relationship between endpoint security solutions and IT managers is on the rocks.

“Symantec Endpoint Protection.cloud is simple to deploy and easy to use. You just check a couple of boxes on the website, and that’s it.”

Vice President, IT, Apprise Software, Inc. Symantec Endpoint Protection.cloud provides a comprehensive approach to hosted

security. By protecting systems from threats on the Internet coming through the corporate gateway and on the machine itself, administrators can breathe easier, knowing that their users are protected. By leveraging advanced threat detection technologies from the leading provider of endpoint security technology, organizations can be confident that they are receiving best-in-class protection and continued support against future threats.

Administrators know they need endpoint security, but the challenge has been the large amount of time and complexity that these solutions entailed. By choosing

Symantec Endpoint Protection.cloud, administrators can finally improve their strained relationship with their endpoint solution. Instead of ending up in a divorce court, administrators may find themselves going on a second honeymoon.

Next Steps

For more information on Symantec Endpoint Protection.cloud, visit us online at

http://www.messagelabs.com

To arrange for a demonstration of Symantec Endpoint Protection.cloud, contact us today at (866) 460 0000.

Simplify Your Relationship with Endpoint Security

AMERICAS UNITED STATES 512 Seventh Avenue 6th Floor New York, NY 10018 USA Toll-free +1 866 460 0000 CANADA 170 University Avenue Toronto, ON M5H 3B3 Canada Toll-free :1 866 460 0000 EUROPE HEADQUARTERS 1270 Lansdowne Court Gloucester Business Park Gloucester, GL3 4AB United Kingdom Tel +44 (0) 1452 627 627 Fax +44 (0) 1452 627 628 Freephone 0800 917 7733 LONDON 3rd Floor 40 Whitfield Street London, W1T 2RH United Kingdom Tel +44 (0) 203 009 6500 Fax +44 (0) 203 009 6552 Support +44 (0) 1452 627 766 NETHERLANDS WTC Amsterdam Zuidplein 36/H-Tower NL-1077 XV Amsterdam Netherlands Tel +31 (0) 20 799 7929 Fax +31 (0) 20 799 7801 BELGIUM/LUXEMBOURG Symantec Belgium Astrid Business Center Is. Meyskensstraat 224 1780 Wemmel, Belgium Tel: +32 2 531 11 40 Fax: +32 531 11 41 DACH Humboldtstrasse 6 Gewerbegebiet Dornach 85609 Aschheim Deutschland Tel +49 (0) 89 94320 120 Support :+44 (0)870 850 3014 NORDICS St. Kongensgade 128 1264 Copenhagen K Danmark Tel +45 33 32 37 18 Fax +45 33 32 37 06 Support +44 (0)870 850 3014 ASIA PACIFIC HONG KONG

Room 3006, Central Plaza 18 Harbour Road Tower II Wanchai Hong Kong Main: +852 2528 6206 Fax: +852 2526 2646 Support: + 852 6902 1130 AUSTRALIA Level 13 207 Kent Street, Sydney NSW 2000 Main: +61 2 8220 7000 Fax: +61 2 8220 7075 Support: 1 800 088 099 SINGAPORE 6 Temasek Boulevard #11-01 Suntec Tower 4 Singapore 038986 Main: +65 6333 6366 Fax: +65 6235 8885 Support: 800 120 4415 JAPAN Akasaka Intercity 1-11-44 Akasaka Minato-ku, Tokyo 107-0052 Main: + 81 3 5114 4540 Fax: + 81 3 5114 4020 Support: + 852 6902 1130

More Information

endpoints and delivered via email, Web, and instant

messaging. Building on the foundation of

MessageLabs market leading software-as-a-service

(SaaS) offerings and proven Symantec technologies,

Symantec.cloud provides essential protection while

virtually eliminating the need to manage hardware

and software on site.

More than ten million end users at more than

31,000 organizations ranging from small

businesses to the Fortune 500 use Symantec.cloud

to secure and manage information stored on

endpoints and delivered via email, Web, and instant

messaging.

Symantec.cloud helps IT executives to protect

information more completely, manage technology

more effectively, and rapidly respond to the needs

of their business.

For specific country offices

and contact numbers, please

visit our website.

Symantec.cloud North America

512 7th Ave.

6th Floor

New York, NY 10018 USA

1 (646) 519 8100

1 (866) 460 0000

www.MessageLabs.com

Symantec helps organizations secure and manage their information-driven world with security management, endpoint security, messaging security, and application security solutions.

Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.