|
Security Solutions
| | Symantec
Symantec is the global leader in information security
providing a broad range of software, appliances and services designed
to help individuals, small and mid-sized businesses, and large enterprises
secure and manage their IT infrastructure. Symantec's Norton brand of
products is the worldwide leader in consumer security and problem-solving
solutions. Headquartered in Cupertino, Calif., Symantec has operations
in more than 35 countries.
Integrated security and security Managemant
Symantec Integrated Security Solutions
Symantec Client Security
Key Features:
• Protects networked PCs, critical systems, and remote and
mobile users from unwanted network intrusions, as well as from viruses,
Trojans, and worms
• Symantec VPN Sentry gives network administrators assurance
that remote and mobile users are in full compliance with corporate
policies prior to accessing corporate network resources
• Location awareness ensures corporate security policy is
adhered to, regardless of location
• Client Profiling minimizes the number of pop-ups that the
end-user sees as the firewall application discovers which applications
are accessing the Internet or network
• Threat Tracer identifies the source of blended threat attacks
that spread via open file shares such as Nimda
• Outbound email worm heuristics prevent client systems from
spreading worms via email
• Expanded Threat Detection recognizes unwanted applications
such as spyware and adware
• Internet Email Attachment Scanning of incoming emails delivered
through POP3 mail clients such as Microsoft® Outlook®, Eudora®,
and Netscape Mail
• In-Memory Scanning detects threats and terminates suspect
processes in memory before they can cause damage
• Includes centralized configuration, deployment, installation,
reporting, alerting, logging, and policy management
Threat protection through integrated antivirus, firewall and
intrusion detection for remote, mobile, and networked client systems
Symantec Client Security provides integrated antivirus, firewall,
and intrusion detection capabilities managed through a central console
to provide better and proactive protection against today's evolving
blended threats, such as Blaster. The solution provides critical end-point
security to prevent intrusions from entering or spreading from connected
and non-connected remote and mobile users, as well as from critical
systems.
Enhanced functionality offers more protection than antivirus-only
solutions, protecting client systems from unwanted network intrusions
and hackers, as well as from viruses, Trojans, and worms. Multiple
security technologies interacting with one another ensure coordinated
response to maximize containment and recovery, and enable advanced
client security policy management. Location awareness enables the
client firewall to adjust policies based on the machine's location.
Expanded threat detection detects unauthorized programs such as spyware
and adware. Advanced behavior blocking prevents client systems from
being used for malicious outbound activities, such as sending worms
via email. Symantec VPN Sentry technology allows the administrator
to ensure that mobile and remote systems connecting to corporate resources
via VPN are compliant with security policies. The client profiling
capability also ensures that the client firewall is non-intrusive
to the end user, and ad blocking ensures maximum employee productivity.
Improved administration, including centralized event management
and response capabilities, eases the administrative burden and helps
lower the total cost of ownership. By providing a single update for
antivirus, firewall, and intrusion detection from a single vendor,
organizations can respond faster to complex security outbreaks to
prevent client machines from being infected.
Symantec Gateway Security Symantec Gateway Security 5400
Series
Key Features:
o Combines full inspection firewall with protocol anomaly and
signature-based intrusion prevention and intrusion detection, award-winning
virus protection, URL-based content filtering, anti-spam, and IPsec-compliant
VPN technologies
o Protects networks at the connection to the Internet or subnets
of WANs and LANs
o Simplifies the task of managing network security through centralized
logging, alerting, reporting, and policy configuration management
via a centralized management console
o Meets the performance requirements of any size organization with
optional integrated high availability and load balancing, plus clustering
capabilities that enable the appliances to protect tens of thousands
of nodes
o Three high-performance models deliver throughput scaling from
200 Mbps to more than 3.5 Gbps in a clustered configuration
o Delivers automatic security updates via LiveUpdate™ technology
from Symantec Security Response, the world's leading Internet security
research and support organization
Full-inspection firewall appliance with integrated security
technologies
Symantec Gateway Security Appliance 5400 Series is a next-generation
firewall appliance providing seven integrated security technologies
for maximum effectiveness, while reducing the complexity of security
management. The appliance provides strong security at the gateway
between the Internet and corporate network or between network segments.
As the industry's most comprehensive firewall appliance, it integrates
full inspection firewall technology, protocol anomaly based intrusion
prevention and intrusion detection engines, award-winning virus protection,
URL-based content filtering, anti-spam, and IPsec-compliant virtual
private networking technology with hardware-assisted high-speed encryption.
The 5400 Series provides standalone management capabilities via
a secure Web-based interface (SSL). Additionally, it integrates seamlessly
with the Symantec Management Console, enabling a range of advanced
management and reporting capabilities. The optional Event Manager
plug-in enables centralized logging, alerting, and reporting. The
Advanced Manager plug-in, which includes Event Manager, allows administrators
to define rule sets and manage security policies for hundreds or even
thousands of appliances through a centralized console.
To meet the needs of any size organization, the series offers three
models, all with optional integrated high availability and load balancing.
Its clustering capabilities can provide high-performance security
for environments ranging from small offices to distributed networks
with tens of thousands of nodes, while delivering throughput that
scales from 200 Mbps to more than 3.5 Gbps in a clustered configuration.
Symantec Security Management Systems
Symantec Incident Manager
Key Features:
Automated Correlation and Incident Identification
• Powerful, automated, real-time correlation engine transforms
security data into actionable intelligence, enabling rapid response
to complex security threats
• Accurately detects and identifies attacks while reducing
monitoring costs
• Reduces false positives through intelligent correlation
of incidents with actual system and vulnerability state
• Correlates incidents to vulnerabilities for faster threat
identification and proper containment and eradication strategies
• Frees security professionals to respond to genuine threats
and focus on high-value strategic initiatives
• Fosters quicker containment and reduces incident impact
• User-configurable Rules Editor helps correlate events and
filter out false positives
Prioritization, Tracking, and Guidance
• Sets incident priorities dynamically, improving decision
making and resource allocation
• Tracks incident-handling activities from identification
to closure, keeping the focus on corrective action
• Provides dynamic, expert guidance based on Symantec Security
Response and Symantec DeepSight incident response best practices
to promote complete, consistent, and auditable responses to every
incident
• Bi-directional communication with Remedy Help Desk speeds
response and ensures coordinated remediation between IT and security
teams
• Symantec Relay for HP OpenView Operations enables alerts
generated from incidents to be sent to an HP OpenView Operations
console, keeping IT personnel informed of security issues
• Role-based assignments and permissions can be defined according
to the user's responsibilities, ensuring confidentiality of security
posture
Expert Content
• Symantec Security Response - the world's leading Internet
security research and support organization - integrates the most
current security expertise into the incident-handling process
• Dynamically populated Knowledge Base provides information
on vulnerabilities and specific, actionable recommendations
• Provides easy access to LiveUpdate security content and
correlation rule updates
Reporting
• Reports on key metrics, enabling enterprises to visualize
and refine the effectiveness of key security processes
• Enables tracking and documentation of all incident management
actions to facilitate complete and consistent responses to every
incident
• NEW! Real-time dashboard views increase the visibility of
critical security issues and demonstrates the value of security
investments
Broad Technology Coverage
• Maximizes value of existing security investments by unifying
security processes across geographies, disparate security technologies,
and network tiers
• Collects event data from a variety of security products including
virus protection, firewall, and intrusion detection systems
Real-time security incident management for enterprise network
environments
Symantec Incident Manager, a key component of the Symantec Security
Management System, correlates security messages in real-time across
geographies, disparate security technologies, and network tiers, turning
security data into prioritized, actionable information. This enables
organizations to minimize the complexities associated with managing
vast amounts of security event data while maximizing control over
the security infrastructure. By transforming data into intelligence,
the solution enables organizations to determine the business impact
of security incidents and respond rapidly to potential security breaches,
thereby helping reduce risk, control costs, and ensure business continuity.
Two-way integration with the Remedy Help Desk system allows Symantec
Incident Manager's incident lifecycle tracking system to monitor the
remediation progress, further reducing the complexity involved with
security threat resolution. Symantec Incident Manager offers a unified
view of an organization's information security issues and response
activities, and provides expert policy-driven guidance and dynamic
prioritization, helping organizations proactively manage their security.
Comprehensive logging and graphical reporting provides a centralized,
enterprise-wide view of the organization's security posture, as well
as visibility into the efficiency and effectiveness of the incident
response process. With real-time dashboard views, executives, managers,
and security analysts have instant visibility into the security status
of the organization, as well as the effectiveness of security investments.
Symantec Security Response, the industry leading team of security
experts, backs Incident Manager with trusted security updates, including
correlation intelligence to detect known attacks and up-to-date vulnerability
and safeguard information. LiveUpdate™, a Web-based Symantec
service, provides automatic downloads of security and policy updates,
ensuring access to the most current security information.
Symantec Event Manager for Antivirus
Key Features:
• Provides a holistic view of Symantec antivirus and client
security solutions and select third-party antivirus deployments
across all network tiers, helping improve the security posture enterprise-wide
• NEW! Threat Tracer identifies the source of threats for
improved forensics
• NEW! Multiple instances of a single virus are entered once
into the database, to conserve space during outbreaks
• NEW! Administrators can exclude the forwarding of certain
events to the aggregation manager, for improved system performance
• NEW! New reports show which machines need virus definition
updates, and which have been infected over the last 60-90 days
• NEW! Symantec Client Security Expanded Threat Reports report
on unwanted spyware and adware
• Minimizes management costs and complexity with centralized,
cross-tier logging, alerting, and reporting
• Maximizes system uptime by helping accelerate response time
to virus incidents and blended security threats
• Enhances IT credibility and enables better decision-making
with centralized, consolidated information and insightful analyses
Centralized, cross-tier logging, alerting, and reporting for
Symantec antivirus and client security products enterprise-wide
Symantec™ Event Manager for Antivirus provides centralized,
cross-tier logging, alerting, and reporting for all Symantec virus
and client protection solutions enterprise-wide, plus optional support
for select third-party antivirus and network management products.
It consolidates cross-tier security event information and then standardizes
and aggregates the data. This allows organizations to capitalize on
their existing antivirus and client security investments, and provides
them with a holistic view of the enterprise's security posture.
The consolidation and transformation of security data reduces information
clutter and streamlines data analysis, thereby minimizing the costs
and complexities of managing cross-tier solutions. And by accelerating
the identification of and response to virus incidents and blended
security threats with automated alert notifications, the solution
maximizes system uptime. Plus, its role-based administration capabilities
and highly scalable and secure architecture make it ideal for both
enterprise and managed security services environments.
Enhanced capabilities include the display of Threat Tracer activity,
providing organizations with insight into threat origins. Multiple
occurrences of a virus in a specified time are combined as a single
database record, reducing database storage concerns during a virus
outbreak. Administrators can now exclude select events from being
forwarded to the Symantec™ Security Management System, to ensure
optimal system performance.
A new group of reports shows the most recent virus definition update
for every computer, allowing administrators to quickly identify systems
needing updates. Administrators can also view a graphical report that
shows which machines were infected per day over the past 60 and 90
days. Symantec™ Client Security Expanded Threat Reports are
also available to report on unwanted spyware and adware.
Symantec Event Manager for Security Gateways
Key Features:
• Provides a consistent, holistic view of Symantec's security
gateway protection solutions and select third-party security gateway
products
• Minimizes management costs and complexity with centralized
logging, alerting, and reporting
• Transforms data from security gateway deployments across
the enterprise into actionable security information, helping to
reduce information clutter
• Maximizes system uptime by helping to accelerate response
time to security incidents and blended security threats
• Enhances IT credibility and enables better decision-making
with centralized, consolidated information and insightful analyses
• Helps improve security posture enterprise-wide
Centralized logging, alerting, and reporting across Symantec's
security gateway protection solutions and select third-party security
gateway products
Symantec Event Manager for Security Gateways provides centralized
logging, alerting, and reporting for across Symantec's security gateway
protection solutions and select third-party security gateway products.
It consolidates event information from a variety of vendor-neutral
products, and then standardizes and aggregates the data to provide
a holistic, consistent view of the enterprise's security posture via
a central management console.
Through the consolidation and transformation of security information,
Symantec Event Manager for Security Gateways reduces clutter and streamlines
data analysis, helping to minimize the costs and complexities of managing
security gateway deployments. And by making impending threats more
readily identifiable and alerting administrators via automated notifications,
it accelerates response to security threats and maximizes system uptime.
Plus, its role-based administration and highly scalable and secure
architecture make it ideal for both enterprise and managed security
services environments.
Symantec Event Manager for Security Gateways allows administrators
to more efficiently leverage the data generated by the variety of
security gateways distributed across the enterprise. This helps to
reduce the resource-consuming challenge of managing today's complex
security environments and allows organizations to capitalize on their
existing security investments. Symantec Event Manager for Security
Gateways enables organizations to benefit from an improved overall
security posture, a faster time-to-response for security incidents,
more informed and insightful decision-making, and a lower total cost
of ownership for their security gateway deployments.
Symantec Advanced Manager for Security Gateways
Key Features:
• Provides secure, centralized, Web-based management of
hundreds or thousands of Symantec security gateway products across
the enterprise
• Minimizes management costs and complexity with enterprise-wide,
scalable management and centralized logging, alerting, and reporting
• Transforms enterprise-wide security event data into useful
and actionable security information
• Increases organizational productivity and drives efficient
use of resources through consolidated management of protection technologies
• Provides a centralized, holistic view of an enterprise's
security posture while allowing administrators to set and enforce
security policies and respond effectively to secure their business
• Builds IT credibility and enables better decision making
with centralized, consolidated information and insightful analyses
• Delivers a complete view of an enterprise's security posture
and enables proactive identification of vulnerabilities
Enables a wide range of advanced management and reporting capabilities
via a centralized, Web-based management console
Symantec Advanced Manager for Security Gateways provides comprehensive,
scalable management of all security technologies via a single management
system. The easy-to-use, Web-based user interface provides policy
configuration management and centralized logging, alerting, and reporting
for the entire network security infrastructure, allowing administrators
to centrally manage hundreds or thousands of security gateway deployments
simultaneously.
Symantec Advanced Manager for Security Gateways provides centralized
logging, alerting, and reporting capabilities for all Symantec security
technologies, plus optional support for select third-party firewall
and management products. It consolidates security event information
from a variety of vendor-neutral products across the enterprise and
then aggregates and standardizes the data to provide a consistent,
holistic view of the enterprise's security posture.
Through the consolidation and transformation of security data, the
Symantec Advanced Manager for Security Gateways reduces policy configuration
management and information clutter and streamlines data analysis,
thereby minimizing the costs and complexities of managing multiple
security gateway deployments. This solution improves an organization's
overall security posture, enables a faster time-to-response for security
incidents, and lowers total cost of ownership for security gateway
deployments. Symantec Advanced Manager for Security Gateways is supported
by Symantec Security Response-the world's leading Internet research
and response organization.
Symantec Event Manager for Intrusion Protection
Key Features:
• Provides a holistic, centralized view of Symantec and
select third-party intrusion detection and intrusion prevention
deployments across all network tiers
• Minimizes management costs and complexity with centralized,
multi-layered monitoring, alerting, and reporting of intrusion events
• Delivers enterprise-level reporting for all supported intrusion
protection products
• Enhances IT credibility and enables better decision-making
with centralized, consolidated information and insightful analyses
• Helps improve security posture enterprise-wide
Centralized monitoring, alerting, and reporting for Symantec
and select third-party intrusion detection and intrusion prevention
solutions
Symantec Event Manager for Intrusion Protection provides centralized,
cross-tier monitoring, alerting, and reporting enterprise-wide for
Symantec intrusion protection solutions - Symantec ManHunt, Symantec
Host IDS, and Symantec Decoy Server. In addition, it provides optional
support for select third-party intrusion detection and intrusion prevention
products - such as RealSecure® and Cisco IDS. Through the Symantec
Security Management System, the solution consolidates event information
from vendor-neutral intrusion detection and intrusion prevention products,
and then standardizes and aggregates the data to provide a holistic
view of the enterprise's security posture.
Through the consolidation and transformation of security data, Symantec
Event Manager for Intrusion Protection reduces information clutter
and streamlines data analysis. This helps minimize the costs and complexities
of managing cross-tier solutions, and eases the identification of
impending threats. It maximizes system uptime by accelerating the
identification of, and response to intrusion threats through automated
alert notifications. Plus, its role-based administration features,
enterprise-level reporting capabilities, and highly scalable and secure
architecture make it ideal for both enterprise and managed security
services environments.
Symantec Event Manager for Intrusion Protection enables organizations
to leverage the data generated by the variety of security systems
and devices distributed across the enterprise and capitalize on their
existing investments in intrusion detection and intrusion prevention
products. The solution enables organizations to benefit from consolidation
and transformation of security data, centralized management of security
events, more informed decision making, and a lower total cost of ownership
for intrusion protection deployments.
Symantec AntiVirus for Handhelds-Corporate Edition with
Event and Configuration Manager
Key Features:
For all applications/versions
• Award-winning Symantec antivirus technologies protect
handheld-resident data against malicious code downloaded from the
Web, sent via email or a Wi-Fi connection, or beamed via Bluetooth
or infrared ports
• On-device alerting enables users to respond to potential
threats
• Provides automatic and up-to-date virus definitions via
LiveUpdate™
• Optimized to preserve handheld and network performance
For desktop-synchronized devices
• Single, transparent deployment of virus definitions to
desktops with Symantec AntiVirus Corporate Edition installed
• An optional version with Event and Configuration Manager
provides centralized control with configuration, implementation,
and enforcement of policies from a single console
• Event and configuration console can be used to view multiple
security products
For wireless devices
• Leveraging existing mobile device management system infrastructures,
administrators can deploy, manage, and update the device-resident
antivirus client on mobile devices without desktop synchronization
Comprehensive protection for Palm OS and Pocket PC handheld
devices
Symantec AntiVirus for Handhelds - Corporate Edition enables secure
mobile computing by providing comprehensive virus protection against
malicious code that targets Palm and Pocket PC operating systems.
Device-resident virus protection safeguards corporate assets and prevents
the spread of viruses to the enterprise network.
The solution is deployed and installed on the desktop and then automatically
transferred to the handheld device during synchronization. In addition
to providing support for mobile devices that synchronize with corporate
desktops, it is available as a fully device-resident solution that
can be deployed, configured, and updated without the need for desktop
synchronization.
Wireless and synchronized LiveUpdate™ support ensures up-to-date
virus definitions. Synchronized LiveUpdate™ also enables simultaneous
enterprise-wide deployment of virus definitions to desktops using
Symantec AntiVirus Corporate Edition.
On-device, real-time scanning protects against threats downloaded
from the Web, sent via email or a Wi-Fi connection, or beamed via
Bluetooth or infrared ports. Auto-Protect provides real-time defense
against viruses when Pocket PC users download files or receive email
attachments, or when a malicious program tries to execute on a Palm-based
PDA. Virus repair and delete options enable easy virus removal. An
activity log shows all recently logged events to ensure users are
aware of potential risks.
An optional version-Symantec AntiVirus for Handhelds - Corporate
Edition with Event and Configuration Manager-provides event and configuration
management capabilities that enable logging, alerting, and reporting
through a centralized management console. Through this console, administrators
can manage local and remote devices and configure and enforce security
policies. They can also view the status of multiple security products.
Symantec Enterprise Security Manager™ Demonstrate
compliance with security policies and government regulations
Key Features:
• Provides more than 2,500 specific security checks to help
ensure that mission-critical information systems comply with an
organization’s security policies
• NEW! Includes new policy assessment templates for regulations
such as Sarbanes-Oxley and VISA CISP, as well as updates for HIPAA,
NERC and FISMA regulations and ISO 17799 industry standards
• NEW! Delivers flexible and powerful enterprise-class compliance
reporting, including 75 predefined reports, as well as ad-hoc reports
using the advanced report-authoring tool
• NEW! Reports for business management include overall compliance
levels, resolution, and enterprise-wide trends
• Reports for technical managers detail compliance at the
system, operating system or line-of business level
• Enables organizations to bring new systems into production
with confidence, knowing that they meet policy compliance requirements
• Facilitates easy retrieval and deployment of timely security
updates with LiveUpdate integration
• Integrates with other Symantec Security Management System
products to ensure a more holistic understanding of security risks
and priorities
• Provides scalability and performance, with wide platform
and application coverage
• Addresses specific business needs with flexible and customizable
security policy support
• Proactive security helps ensure the maintenance of business
operations and continued customer confidence
Symantec Enterprise Security Manager™ 6.1 enables organizations
to define, measure, and report on the compliance of information systems
with pre-set corporate security policies, industry-standard security
policies, or government regulations—all from a single console.
Plus, integration with LiveUpdate allows administrators to easily
retrieve the latest security updates.
Through its extensive reporting capability, Symantec™ Enterprise
Security Manager enables organizations to understand their level of
security. Organizations can analyze compliance for the entire organization,
down to the region or office level, or for a critical system. The
solution also helps organizations identify trends, and improve planning
and prioritization.
Its seamless integration with the Symantec™ Security Management
System allows organizations to correlate policy compliance data with
security event data from a multitude of security sources, including
firewalls, intrusion detection and antivirus systems, and vulnerability
assessment products. This helps organizations maximize their investments
in existing security products and gain an improved overall security
posture. And, the central logging, alerting, and reporting functions
of the Symantec™ Security Management System can be combined
with the correlation, risk prioritization, and management capabilities
of Symantec™ Incident Manager to build a holistic, proactive
security system. This enables organizations to respond rapidly to
incidents, contain and eradicate threats faster, and utilize the full
potential of their security investments.
A number of services are available from Symantec to assist companies
with policy compliance management; these include development of customized
security policies and business processes, ongoing compliance management,
and policy and patch maintenance and security reporting.
Find out more about current regulations and how Symantec helps meet
regulatory guidelines while securing an organization’s assets
by visiting our Regulatory Developments site.
Vulnerability management
Symantec NetRecon
Key Features:
• Tests the entire network infrastructure for security vulnerabilities
and provides recommendations on how to fix them
• Displays scan progress with a real-time graphic view, revealing
the root cause of vulnerabilities
• Provides customizable management reports for a range of
audiences
• Scans multiple operating systems, including UNIX®, Linux®,
Windows® 2000, and NetWare®
Network Vulnerability Assessment with Progressive Scanning Technology
Symantec NetRecon helps secure an organization¹s networks by
exposing vulnerabilities before intruders can exploit them and attack.
By automatically scanning systems and services on the network and
safely simulating common intrusion or attack scenarios, NetRecon answers
the question: "What can a hacker see, use, and exploit on the
network?"
NetRecon goes beyond just discovering security vulnerabilities to
provide a systematic understanding of their causes. It utilizes a
unique root-cause and path-analysis engine to illustrate the exact
sequence of steps taken to uncover vulnerabilities, enabling administrators
to identify exactly where to correct vulnerabilities in order to enforce
corporate security policies.
NetRecon also learns about the network as it scans, adapting the
penetration strategy based on previous results. Its patent-pending,
progressive scanning technology gathers information and shares it
between components. So, for instance, if NetRecon cracks a password
on one system, the password is then tried on others, resulting in
a more thorough assessment and a deeper discovery of weaknesses. Frequent
security updates via Symantec LiveUpdate provide even more protection
with the latest vulnerability signatures and alerts.
Administrators can schedule a scan from within NetRecon's easy-to-use
interface. NetRecon displays vulnerability data graphically and in
real time as it scans, and then provides the appropriate reports so
administrators do not have to search through volumes of data. Management
reports can be tailored for a range of audiences both technical and
executive‹and can be exported to a variety of formats including
Microsoft ® Word, Excel, and HTML.
Symantec Vulnerability Assessment
Key Features:
• Provides fast and thorough discovery of security vulnerabilities
to quickly identify systems and applications at risk
• Delivers prioritized and up-to-the-minute vulnerability
signatures and complete remediation information, allowing administrators
to take proactive measures to effectively repair vulnerabilities
most at risk
• Cost-effectively protects operating systems and applications
- from a host-perspective - eliminating false positives
• Utilizes the industry-leading vulnerability database from
Symantec and employs trusted, fast and automated response capabilities
of LiveUpdate and Symantec Security Response to identify threats
recognized by CVE, and Bugtraq
• Tightly integrated with Symantec Security Management System
offering customers a common user interface, data repository, directory
service and agent.
Gaining greater control over network infrastructure through
the discovery, prioritization, and safeguarding of vulnerabilities
Symantec Vulnerability Assessment delivers automated, fast, and
thorough vulnerability assessments, plus prioritized remediation recommendations,
enabling administrators to quickly identify those systems and applications
most at risk and take rapid countermeasures to proactively secure
them before costly incidents occur. Symantec Vulnerability Assessment
cost effectively provides a comprehensive view of security and helps
protect critical systems on the network and perimeter as well as systems
and network devices that cannot be reached by host agents alone.
Symantec Vulnerability Assessment leverages the extensive, industry-leading
Symantec Vulnerability Database, which is indexed to identify threats
recognized by CVE and Bugtraq in order to allow administrators to
focus their resources on the most relevant, high-impact vulnerabilities
and attacks. Up-to-the-minute vulnerability signatures are created
as soon as new vulnerabilities are identified by Symantec Security
Response, delivering detailed descriptions and remediation information.
By providing complete remediation information and the rapid deployment
of new security updates and modules via Symantec's LiveUpdate technology,
Symantec Vulnerability Assessment helps security professionals understand
vulnerabilities and their potential impacts and apply appropriate
safeguards and patches to effectively repair the vulnerabilities in
their IT environments.
With the number of documented system vulnerabilities skyrocketing
each year, organizations need to take proactive measures that prevent
the loss of valuable information and protect business productivity.
Symantec Vulnerability Assessment allows organizations to proactively
prevent the exploitation of potential breaches that threaten the confidentiality,
integrity, and availability of business systems.
Policy compliance
Symantec Enterprise Security Manager
Key Features:
• Provides more than 2,500 specific security checks to help
ensure that mission-critical information systems comply with an
organization’s security policies
• NEW! Includes new policy assessment templates for regulations
such as Sarbanes-Oxley and VISA CISP, as well as updates for HIPAA,
NERC and FISMA regulations and ISO 17799 industry standards
• NEW! Delivers flexible and powerful enterprise-class compliance
reporting, including 75 predefined reports, as well as ad-hoc reports
using the advanced report-authoring tool
• NEW! Reports for business management include overall compliance
levels, resolution, and enterprise-wide trends
• Reports for technical managers detail compliance at the
system, operating system or line-of business level
• Enables organizations to bring new systems into production
with confidence, knowing that they meet policy compliance requirements
• Facilitates easy retrieval and deployment of timely security
updates with LiveUpdate integration
• Integrates with other Symantec Security Management System
products to ensure a more holistic understanding of security risks
and priorities
• Provides scalability and performance, with wide platform
and application coverage
• Addresses specific business needs with flexible and customizable
security policy support
• Proactive security helps ensure the maintenance of business
operations and continued customer confidence
Symantec Enterprise Security Manager™ 6.1 enables organizations
to define, measure, and report on the compliance of information systems
with pre-set corporate security policies, industry-standard security
policies, or government regulations—all from a single console.
Plus, integration with LiveUpdate allows administrators to easily
retrieve the latest security updates.
Through its extensive reporting capability, Symantec™ Enterprise
Security Manager enables organizations to understand their level of
security. Organizations can analyze compliance for the entire organization,
down to the region or office level, or for a critical system. The
solution also helps organizations identify trends, and improve planning
and prioritization.
Its seamless integration with the Symantec™ Security Management
System allows organizations to correlate policy compliance data with
security event data from a multitude of security sources, including
firewalls, intrusion detection and antivirus systems, and vulnerability
assessment products. This helps organizations maximize their investments
in existing security products and gain an improved overall security
posture. And, the central logging, alerting, and reporting functions
of the Symantec™ Security Management System can be combined
with the correlation, risk prioritization, and management capabilities
of Symantec™ Incident Manager to build a holistic, proactive
security system. This enables organizations to respond rapidly to
incidents, contain and eradicate threats faster, and utilize the full
potential of their security investments.
A number of services are available from Symantec to assist companies
with policy compliance management; these include development of customized
security policies and business processes, ongoing compliance management,
and policy and patch maintenance and security reporting.
Find out more about current regulations and how Symantec helps meet
regulatory guidelines while securing an organization’s assets
by visiting our Regulatory Developments site.
Intrusion protection
iForce IDS Appliance, Powerec by the Sun and Symantec
Key Features:
• An intrusion protection solution that simplifies the product
selection and purchase process by combining the hardware, NIC cards,
hardened Solaris x86 operating system, and Symantec ManHunt software.
• A 1U ultra high speed solution that monitors networks at
speeds of up to 2 Gigabits per second, dependent on the model.
• New! The Symantec ManHunt 3.0 software protects users from
known and unknown (or "zero-day") attacks using its unique
hybrid detection architecture.
• New! Offers seven models with varying bandwidth protection
with multiple monitoring interfaces, even on the 100 Mbps model.
• New! The new uncompromising Sun Fire V60x server offers
faster performance.
• Easy to deploy locally and remotely: the appliance can be
shipped to a remote site and securely administrated through a centralized
management console.
The iForce IDS Appliance, powered by Sun and Symantec delivers
a secure, out-of-the-box, tested and integrated, ready-to-deploy intrusion
protection solution.
Combining the Sun Fire V60x server, a hardened Solaris OS x86 and
the Symantec ManHunt software, it protects vital information infrastructures
with enterprise-wide high-speed gigabit detection, real-time threat
analysis, and policy-based responses, guarding against intrusions
and attacks that can cripple even the most sophisticated networks.
Symantec ManHunt gathers intelligence from across the enterprise to
quickly identify and respond to both known and unknown or (or zero-day)
attacks.
Symantec Decoy Server
Key Features:
• Detects unauthorized access and system misuse to provide
enterprises with cost-effective prioritization of threats
• New! Includes the improved ability to automatically create
simulated email traffic between users to enhance the decoy environment
• New! Improved response mechanisms include frequency-based
policies and the ability to shut down systems based on attacker activity
• New! Improved reporting and logging eases report creation
and enhances prioritization efforts and incident resolution
• Provides early detection of threats, supplying information
crucial to maintaining a secure network infrastructure
• Enables stealth monitoring and containment, plus live attack
analysis
• Detects both host- and network-based intrusions while eliminating
the inefficiencies and time penalties of false positives
• Offers centralized management, policy-based response, and
comprehensive reporting and trend analysis for enterprise environments
Early detection for cost-effective threat prioritization
Symantec Decoy Server provides early detection of internal, external,
and unknown attacks, unauthorized use of passwords and server access
to help prioritize threats, and increased network protection against
intrusions. By creating a realistic mock network environment, the
solution serves as an attack target in order to protect critical areas
of the network. As a supplement to security solutions such as firewalls,
it employs advanced decoy technology to enable early warning and detection
to divert and confine attacks.
Improved response mechanisms include frequency-based policies and
the ability to shut down systems based on attacker activity. By eliminating
false positives and monitoring unauthorized access and system misuse
without any need for security signature updates or dynamic policy
configurations, Symantec Decoy Server complements other intrusion
protection solutions. In addition, it reduces administrative overhead,
allowing administrators to concentrate on legitimate threats, for
a more responsive and effective security posture.
Symantec Decoy Server detects both host- and network-based attacks,
providing unique hybrid detection in a single solution. No matter
how an internal or external attacker tries to compromise the system,
Symantec Decoy Server sensors deliver holistic detection and response
and provide detailed information through its system of data collection
modules. Every action is recorded for analysis, allowing administrators
to understand the threat and implement an appropriate, policy-based
response. Advanced filters enable the solution to automatically discard
insignificant events, leaving only the data required to respond effectively
to any incident.
With a unique "set-and-forget" deployment scheme, automated
installation of an early detection network, and centralized management,
Symantec Decoy Server simplifies enterprise-wide deployments. Administrators
can easily set response policies, monitor activity, and analyze threats—all
from a single management console. Plus, reporting tools enable the
creation of comprehensive incident and attack trend analyses to enhance
prioritization efforts and incident resolution.
Symantec Gateway Secuirty - Integrated Security
Symantec Host IDS
Key Features:
• Monitors systems in real time to detect and respond to
security breaches and other unauthorized activities
• New! Process Reporter provides access to granular process
data so administrators can make informed decisions regarding server
security
• New! Process Monitor allows administrators to define a wide
variety of security configurations to provide a fault-tolerant,
secure environment tailored to the organization's security policy
• New! Process Blocker restricts server abilities and protects
against malicious processes through administrator defined responses
• Enables the creation of customizable host-based intrusion
protection policies and responses
• Centralized management tools simplify the monitoring and
enforcement of host intrusion protection security policies
• Integrates with the Symantec Security Management System
to deliver enhanced prioritization, identification, containment,
and removal of security threats
• Provides audit data for incident and forensic analyses and
generates graphical reports of host intrusion activity
• New! Intuitive, Java-based policy editor simplifies the
development and deployment of policies for the Symantec Host IDS
sensors/agents
• Platform support for Windows 2000, Windows NT 4.0, Windows
XP, and Sun Solaris 8 and 9
• Backed by Symantec Security Response, the world's leading
Internet security research and support organization
Intrusion detection and prevention technology with advanced
management capabilities
Symantec Host IDS provides real-time monitoring, detection, and
prevention of security breaches, delivering automated policy enforcement
and incident response for servers, applications, and data. As a complement
to firewalls and other access controls, it enables administrators
to develop proactive policies to stop hackers or authorized users
with malicious intent from misusing systems.
New process management capabilities combine multiple intrusion prevention
technology functions, including process reporting, monitoring, and
blocking. Process Reporter provides access to granular process data
so administrators can make rapid, informed decisions regarding server
security. Process Monitor allows administrators to define a wide variety
of security configurations to provide a fault-tolerant, secure environment.
Process Blocker allows administrators to restrict server capabilities
through defined policies to prevent malicious activity. These technologies
provide an efficient and non-intrusive intrusion protection solution
to stop threats such as buffer overflow attacks.
Symantec Host IDS is highly scalable and easily managed from a single
administrative console. Administrators can create and deploy monitoring
and response policies, collect and archive audit logs for incident
analysis and reporting, and automatically receive the latest intrusion
signatures through a centralized management console. And the solution
includes specialized software agents that support a variety of server
platforms.
To lower the cost of ownership, Symantec Host IDS integrates with
the Symantec Security Management System, a management framework that
provides consolidated data collection, logging, and reporting for
Symantec and select third-party products. With Symantec Security Management
System, administrators can view security alerts and manage incident
response for a range of security products across the enterprise.
Symantec Intruder Alert
Key Features:
• Monitors systems and networks in real time to detect and
prevent unauthorized activity
• Enables the creation of powerful, customizable intrusion
detection policies and responses
• Enables policy enforcement with the automatic deployment
of new policies and updated detection signatures
• Delivers network-wide responses to security breaches from
a central management console
• Provides audit data for incident analyses and generates
graphical reports for both host and network intrusion detection
activity
• Complements firewalls and other access control systems with
no impact on network performance
Host-Based Intrusion Detection and Security Policy Management
Symantec Intruder Alert version 3.6 is a host-based, real-time intrusion
monitoring system that detects unauthorized activity and security
breaches and responds automatically. If Intruder Alert detects a threat,
it sounds an alarm or takes other countermeasures according to pre-established
security policies in order to prevent information loss or theft. From
a central console, administrators can create, update, and deploy policies
and securely collect and archive audit logs for incident analysis,
all while maintaining the availability and integrity of systems. As
a complement to firewalls and other access controls, Intruder Alert
enables the development of precautionary security policies that prevent
expert hackers or authorized users with malicious intent from misusing
systems, applications, and data.
Intruder Alert provides complete control over systems with policy-based
management that determines which systems and activities to monitor
and what actions to take, as well as with real-time intrusion detection
reports for both host and network components. Administrative wizards
perform many routine tasks and silent installation and remote tune-up
capabilities make it easy to deploy and maintain the system.
Intruder Alert includes specialized software agents that support
server platforms running Windows 2000, Windows NT, Windows Server
2003 Enterprise Edition, and most commerical versions of Unix and
Novell NetWare. Plus, it can be configured to monitor Web or database
applications running on servers. And with its integration modules,
it can also support the continuous, central monitoring of servers
and applications on popular management systems, including Tivoli Enterprise™,
BMC Patrol™, and HP OpenView ®.
Symantec ManHunt
Key Features:
• Protects enterprise networks with multi-gigabit detection
at speeds up to 2 gigabits per second
• Identifies known and unknown or zero-day attacks and protects
against denial of service attacks and stealth scans
• Analysis engine dramatically reduces the effort required
by security personnel to identify threats
• Scalable and flexible deployment options help reduce total
cost of ownership
• New! Rapid and scheduled security updates provide top-tier
protection
• New! Red Hat Linux operating system support
• New! Role-based administration options enable hierarchical
levels of user access
• Backed by Symantec Security Response, the world's leading
Internet security research and support organization
High-speed, advanced network intrusion protection
Symantec ManHunt provides high-speed, network intrusion detection,
real-time analysis and correlation, and proactive prevention and response
to protect enterprise networks against internal and external intrusions
and denial-of-service attacks. The ability to detect unknown threats,
using protocol anomaly detection, helps eliminates network exposure
and the vulnerability inherent in signature-based intrusion detection
products. Symantec ManHunt traffic rate monitoring capability allows
for detection of stealth scans and denial-of-service attacks that
can cripple even the most sophisticated networks.
The state-of-the-art analysis engine found in Symantec ManHunt dramatically
reduces the effort required by security personnel to identify threats
by refining only relevant information, saving them from wasting hours
examining uncorrelated event logs. Rapid and scheduled security updates
including signatures, and exploit and vulnerability information from
Symantec Security Response help to protect against ever-increasing,
real-time threats.
Through proactive prevention features, Symantec ManHunt contains
and controls attacks in real-time and initiates actions required to
defend an organization's network assets. Customized policies provide
immediate response to intrusions or denial-of-service attacks based
on the type and location of the event within the network. Session
termination, traffic recording and playback, can be combined with
email and SNMP notifications to protect an enterprise's most critical
assets.
For scalable and flexible deployment, Symantec ManHunt helps reduce
the total cost of ownership for an enterprise. It can be configured
to monitor multiple network segments and can be configured to support
high-availability in order to maintain uninterrupted attack detection
without data loss.
Symantec Network Security 7100 Series
Key Features:
• Augments existing gateway and server security deployments
to stop threats from propagating throughout networks
• Combines multiple detection technologies, including protocol
anomaly detection and vulnerability attack interception, in the
IMUNE™ architecture to accurately identify and block both
known and unknown (or “zero day”) attacks and worms
• Helps organizations establish, measure, and report on organizational
best practice and regulatory compliance initiatives
• Integrated expertise from Symantec™ Security Response
and Symantec DeepSight™ Early Warning services provides early
knowledge of threats to enable proactive security
• Invisible to the network, it requires no network reconfiguration
for ease of deployment
• Appliances can support up to eight interfaces*, allowing
organizations to monitor more network segments
• Three models support aggregate network bandwidth from 50Mbps
to 2Gbps to meet deployment needs at branch offices, distribution
sites, and the network core
• AutoProtect automatically updates protection policies using
LiveUpdate technology to help organizations stay ahead of continuously
evolving threats
• One click to prevention transitions the appliance from a
detection device to a prevention tool with a single mouse click
*Available only with Symantec Network Security 7160 and 7161 models
Proactive intrusion prevention device protects against known
and unknown attacks to secure critical networks
Symantec™ Network Security 7100 Series appliances provide
real-time, proactive network intrusion prevention to protect critical
enterprise assets. An innovative Intrusion Mitigation Unified Network
Engine (IMUNE) combines protocol anomaly, signature, statistical and
vulnerability attack interception techniques to accurately identify
and block known, unknown (or zero-day) attacks and worms from spreading
throughout networks.
LiveUpdate™ technology automatically updates protection policy
technology to help organizations stay ahead of continuously evolving
threats. Integrated expertise from Symantec™ Security Response
and Symantec DeepSight™ Early Warning services, and easy-to-understand
security guidelines enable even faster response to security incidents.
Comprehensive policy management features help organizations easily
establish, measure, and report on organizational best practices.
The appliance can transition from a detection device to a prevention
tool with a single mouse click, allowing organizations to easily switch
between deployment modes. Flexible intrusion prevention deployment
options, including support for multiple inline pairs or monitoring
both passive and inline segments on the same appliance, accommodate
growing networks with varying security policies.
The Symantec™ Network Security 7100 Series is centrally managed
via the Symantec™ Network Security Management Console, a scalable
security management system that supports large, distributed enterprise
deployments and provides comprehensive configuration and policy management,
real-time threat analysis, enterprise reporting and flexible visualization.
The series offers three models to best suit organizations’
deployment needs, whether network security is required at the edge
or branch office, distributed sites, or network core or backbone.
The highly scalable, best-of-breed appliances support aggregate network
bandwidth from 50Mbps to 2Gbps across as many as eight network segments.
Firewall/VPN
Symantec Clientless VPN Gateway (Firewall/VPN (Appliance))
Symantec Clientless VPN Gateway 4400 Series
Key Features:
• Standalone, secure, remote access appliance (Clientless
VPN) that enables remote users to access corporate resources without
requiring the installation and maintenance of any client software
• Delivers robust data protection (SSL encryption)
• Extends secure remote access to wireless handheld devices
such as smartphones and PocketPC devices
• Provides portal-based access for all Web-enabled applications
via Web VPN and also enables access to nearly all non-Web-based
applications
• Enables centralized management at the gateway for strong
and consistent security processes, role-based access, and global
security and monitoring
• Offered on Symantec standard hardware and scales up to 5,000
concurrent connections in load-balanced clusters (equivalent to
approximately 25,000 users), or up to 1,000 concurrent connections
or 5,000 users with a single system (using a 1:10 concurrent/remote
user ratio on our 4460 Symantec Clientless VPN Gateway)
• Uses a hardened and secure operating system, eliminating
the most common network and operating system vulnerabilities such
as worms, viruses, and Trojan horses
• Designed for easy maintenance to reduce the total cost of
ownership, minimize the delay and risks of secure extranets, and
maximize uptime
• Enables administrators to configure granular, policy-based
user and group extranet access via a powerful, flexible configuration
process
Complete secure remote access to corporate networks
Symantec Clientless VPN Gateway is a standalone security appliance
that answers the need for a complete, simple, secure and cost-effective
method of connecting remote users to the corporate network, a need
that IPSec VPNs have failed to meet. Built using Symantec's field-tested
security technology, the appliance runs in conjunction with a company's
firewall and removes the need for complex IPsec VPN client software.
Designed to scale up to 5,000 concurrent connections in load balanced
clusters (equivalent to approximately 25,000 users), Symantec Clientless
VPN Gateway can address the needs of any sized organization.
This solution enables complete secure, authenticated, auditable,
and controlled remote access to email, shared network files and resources,
corporate applications, corporate intranets, and corporate Web-based
applications from any location. Remote users at any dial-up, broadband,
or wireless access point can gain access to specific applications
by logging in to a secure extranet. The appliance protects all network
communications with strong, banking-grade encryption, thereby securing
all network communications.
An easy-to-use administrator's Web interface enables centralized,
secure management of all remote users via Web, SSH or the serial interface.
A powerful and flexible configuration process provides the ability
to configure granular, policy-based user and group extranet access,
a feature unique to Symantec Clientless VPN Gateway. Easy maintenance,
implementation, and operation reduce the cost, delay, and risks associated
with secure extranets to maximize uptime and minimize the cost of
ownership.
Symantec Enterprise Firewall (Firewall/VPN (Software))
Key Features:
• Provides proactive security and protects the network against
blended threats, by default.
• Full Application Inspection technology enables the inspection
of data deep inside packets passing through the security gateway,
providing enterprise-class protection for both application- and
network-level attacks
• NEW! Web-based Security Gateway Management Interface (SGMI)
enables administrators to easily deploy and configure local and
remote security gateways from any Web-enabled system (using Microsoft®
Internet Explorer 6.0 or higher or Netscape® Navigator 7.0 or
higher)
• NEW! Advanced Management capabilities enable a wide range
of advanced management and reporting capabilities via a centralized
management console, simplifying the task of managing network security
for hundreds of security gateways
• NEW! State sharing between High Availability/Load Balancing
cluster nodes maintain Firewall and VPN sessions that extend the
software's scalability and eliminate network downtime
• NEW! Extensive platform support, now including Windows Server
2003
• NEW! Symantec Client VPN provides enhanced wireless support,
UDP Encapsulation support, and securely extends networks with ProxySecured,
IPSec-compliant integrated Virtual Private Networking (VPN)
Fast and secure application level protection against unwanted
network intrusion
Symantec Enterprise Firewall, designed to provide proactive, enterprise-class
network and application-level protection, enables fast and secure
connectivity with the Internet. It protects the enterprise from both
known and unknown attacks, due to its stringent standards-based approach.
The solution integrates full application inspection, application-layer
proxies, stateful inspection, and packet filtering into a unique hybrid
architecture to protect against complex blended threats and denial
of service attacks, by default. This unique hybrid architecture ensures
complete control of information entering and leaving the enterprise
while providing partners and customers with secure, uninterrupted
access to corporate resources. Through its integrated, standards-based
VPN, the solution also provides low-cost, high-speed connectivity
between offices, as well as between mobile workers and the office.
Symantec Enterprise Firewall provides an advanced "best-fit"
algorithm for matching access rules to connection attempts, ensuring
administrators do not inadvertently create security holes. To extend
the software's scalability and eliminate network downtime, the solution
offers integrated software-based High Availability/Load Balancing.
A Web content filtering option is also available to filter URLs.
Developed for Windows® and Solaris®, Symantec Enterprise
Firewall can be managed by the standalone, secure, Web-based, Security
Gateway Management Interface (SGMI) - included, at no additional cost,
with Symantec Enterprise Firewall for initial setup and local management.
For advanced management capabilities, the Symantec Advanced Manager
and Symantec Event Manager for Security Gateways options are plug-ins
to the Symantec management console and provide centralized policy
configuration management, logging, alerting, and reporting for all
security functions. The Symantec Advanced Manager and Symantec Event
Manager provide secure, centralized, Web-based management of hundreds
or thousands of security gateway deployments.
Symantec Firewall / VPN Appliance
Symantec Firewall/VPN Appliance (Models 100, 200, 200R)
Key Features:
• Delivers comprehensive security and networking in a single,
multi-function device for remote locations and small business offices
with up to 40 employees
• Provides secure Internet connectivity and protects networks
with integrated firewall functionality
• Ensures secure, cost-effective access to networks for remote
offices and business partners through an integrated IPSec VPN
• Provides high-speed access, reliable connectivity, ample
bandwidth, and easy remote management and monitoring
All-in-One Security and Networking
Symantec Firewall/VPN Appliance (Models 100, 200, 200R) is an integrated
security and networking device that provides easy secure, and cost-effective
Internet connectivity between locations. With its all-in-one functionality,
small businesses and remote offices can create a high-speed local
network that enables secure access and interaction via the Internet
with remote locations, business partners, and corporate networks.
The appliance can be installed quickly, offering offices with up to
40 employees a turnkey solution for securing outbound and inbound
web, email, FTP traffic and more. And for larger, dispersed organizations,
Symantec Firewall/VPN offers an affordable and easy-to-manage solution
for extending firewall protection and IPSec gateway-to-gateway VPN
access to satellite offices and branch locations and a remote client-to-gateway
IPSec VPN for traveling users.
As a multi-function device, the Symantec Firewall/VPN security appliance
fulfills many requirements, all through an easy-to-use, web-based
management interface that enables both remote and local administration.
A built-in 10/100Mbps Auto-Sense switch simplifies system set up,
providing a high-performance, plug-and-play LAN for office PCs and
printers with no additional devices required to connect networking
enabled systems. To ensure continuous connectivity, the security appliance
features an automatic backup that enables dial-up connections using
an external modem in the event of broadband ISP service disruption.
Plus, a host of advanced features such as IP address sharing, IPSec
passthrough, and VPN tunneling make it a flexible and cost-saving
solution that can be easily adapted to changing requirements.
Symantec Firewall/VPN appliance allows organizations to bypass many
capital outlays such as the need to lease expensive dedicated lines
and the necessity of maintaining remote access servers and large modem
pools. The appliance is available in three models, 100, 200, and 200R,
with the advanced series offering high availability and load balancing
technologies. Regardless of the model, there are no restrictions on
the number of users and no per-user licensing requirements.
|
