Symantec安全解决方案.pptVIP

* Microsoft’s Windows team is actually better than other OS vendors at patching OS vulnerabilities. Other vendors are not as quick, so systems are exposed longer Time-to-patch includes neither the additional time enterprises require to test patches in their environment, nor the time required to distribute the patches Many of the network IPS signatures are released when patches are released SCSP provides protection using out-of-the-box policies Reduces the need to worry about vulnerabilities or patches – do it at your own pace It protects you before the OS/application vendor announces the problem and before the hackers attack it (which could be earlier) * Use this slide to show the failings of redundant protection at the network and server level. Larger networks generally have a network firewall and appliance that filters network packets. Servers exist behind this protection. Known threats will be deflected at the network level ISS’ Virtual Patch technology may be able to block unknown threats that exploit published vulnerabilities. Although this is not always the case as there is a period when the servers are not protected from these threats (time it takes for ISS to create generic signature, send updates to customers, and for the customers to apply the updates) ISS does not have any protection against unknown threats that exploit unpublished vulnerabilities * Symantec Critical System Protection protects endpoints by applying behavior constraints to each program running on the system individually. The behavior control descriptions (BCDs) list explicitly the resources and permissions allowed for each program. This means the controls for the RPC Daemon are unique to the RPC Daemon. They are more granular since they are not combined with other rules in a random sequence like with CSA. These behavior controls are applied to each of the core operating system functions (for example DFS, DNS, Print Spooler, RPC, etc. in windows) and common applications (e.g., Excha