1、1Symantec 12.x產(chǎn)品及終端虛擬化下技術特性介紹Agenda2終端安全防護軟件簡介1終端虛擬化環(huán)境下技術特性23終端安全防護軟件簡介Symantec Endpoint Protection 12.1無可匹敵的安全、引人矚目的性能、針對虛擬環(huán)境而構(gòu)建社交網(wǎng)絡和社交騙局攻擊虛擬化已經(jīng)成為規(guī)則事件的損失越來越慘重瞬息萬變的目標性攻擊在主要 IT 安全趨勢推動下，Symantec Endpoint Protection 應運而生Symantec Endpoint Protection 惡意軟件防護個性化防火墻入侵防御設備控制應用程序控制準入控制Symantec Endpoint Protec

2、tion 12.15一個控制臺一個代理Win、OS X、LinuxInsight 為后盾無可匹敵的安全保障 Insight SONAR引人矚目的性能掃描速度更快針對虛擬環(huán)境而構(gòu)建識別并管理虛擬客戶端減少掃描工作量Single Agent, Single ConsoleWindows, Mac & Linux病毒與惡意軟件防護Signature Lifecycle#1 Pre-Analysis創(chuàng)建提交ftp & httpservers測試發(fā)布#2 Pre-Publish檢測掃描#3 Pre-Detection正式的病毒簽名的生命周期可擴展的引擎 不斷的持續(xù)改進不依賴與新的版本更新底層rootki

3、t 檢測靈活性 周期性的 用戶互動的 訪問控制最佳病毒過濾引擎 連續(xù)44次獲得 VB100 Award7Pass: Detected all In the Wild viruses in comparative tests (with no false positives)Fail: Missed detection after three attempts: Chose not to submit for testingSymantec:Submitted all supported environments for analysis since Nov. 99ONLY vendor to

4、obtain 44 consecutive VB100 Awards高級防火墻功能 Features基于規(guī)則的防火墻引擎防火墻規(guī)則出發(fā)應用、主機、服務與時間TCP/IP 協(xié)議支持TCP, UDP, ICMP, Raw IP protocolEthernet 協(xié)議支持Allow or blockToken ring, IPX/SPX, AppleTalk, NetBEUIIPv6 協(xié)議支持NDIS5 and NDIS6 協(xié)議支持特定于網(wǎng)卡的規(guī)則可選的 Windows Firewall 集成Deep Packet Inspection Engine employs IDPRegular expre

5、ssion supportAllows custom signaturesDPI Firewall網(wǎng)絡入侵保護 & 瀏覽器入侵防護 Features通用入侵阻斷 (GEB)深入包檢測創(chuàng)建用戶自定義的特征Format similar to SNORT Regex supportMac 欺騙保護 網(wǎng)絡應用程序監(jiān)控Ping/Port Scan 檢測SSHIMSMTPFTPHTTPRCPCustom SigSignatureGEBSSHIMSMTPFTPHTTPRCP智能通信過濾引擎：自動防范ARP攻擊10設備控制通過類型阻斷外設 (Windows Class ID, Vendor)支持所有常見的端口

6、 USB, Infrared, Bluetooth, Serial, Parallel,FireWire, SCSI, PCMCIA支持用戶自定義的硬件應用程序控制 Features應用程序行為分析程序執(zhí)行控制文件訪問控制注冊表訪問控制Module and DLL 讀取控制系統(tǒng)鎖定WINDOWSsystem32基于策略的鎖定允許IT管理員基于風險控制的要求執(zhí)行終端鎖定策略Do not allow users access to registry editing tools or command shells.Client Management Suite is the only tool al

7、lowed to install (run setup.exe) for new applications.Do not allow users to write to USB Hard Drives安全的WEB訪問SEARCH safelyWarns you of unsafe Web sites right in your search resultsWorks seamlessly with Google, Yahoo! & Bing search enginesSURF safelyRaises the alarm if a Web site has a potentially dan

8、gerous download on itHelps you avoid accidentally downloading viruses, spyware, and other online threatsSHOP safelyAlerts you of suspicious online sellersHelps you find reputable online merchants you can trust提供一種安全搜索體驗，通過對搜索后結(jié)果存在的危險Web站點報警提示，用戶可以擁有安全的在線體驗。*Optional install from CD15終端虛擬化環(huán)境下技術特性優(yōu)化性能

9、、適應于VDI環(huán)境虛擬化特性16Virtual Client Tagging虛擬客戶端標示Virtual Image Exception虛擬鏡像排除Shared Insight Cache緩存服務器Offline Scanning虛擬機離線掃描Resource Leveling資源分布Together up to 90% reduction in disk IOVirtual Client Tagging虛擬客戶端標識17Virtual Image Exception 虛擬鏡像排除Step 1:Tool scans the systemStep 2:Tool collects the list

10、 of all files foundStep 3:Tool locally whitelistsall the files found on the clientVirtual Image Exception 虛擬鏡像排除Step 5: Optimized scanningSkips any files that were identified with the VIE toolStep 4: Administrator activatesAdministrators can enable the exclusions or disable the exclusions from being

11、 used via the policyShared Insight Cache 緩存共享服務器Shared Insight Cache 流程Scenario 1: Reputation knownIf reputation is already known and good, skip the fileShared Insight Cache 流程101010101 101010101 def 2/11 Scenario 2: No reputation but exists in shared cacheIf reputation is not known, then check shar

12、ed cache for knowledge of file.If also a binary executable, send hash to Symantec Insight for reputation scoreOffline image scanner 虛機離線掃描Resource Leveling 資源分布，隨機掃描Allows administrator to select a window over time that a scheduled scan will kick offDaily: up to 23 hoursWeekly: up to 167 hoursMonthly: up to 671 HoursImprove support for virtual environmentSEP 12.1 performance* Expected results, f