1

Intel and Symantec: Improving performance, security, manageability and data protection

Omid Meshkin Strategic Business Development

Terry Cutler Enterprise Solution Architect

SYMANTEC VISION 2012

Session Objectives

By the end of this session you will be:

• Educated on the value of Intel silicon combined with Symantec

• Promoting the improved performance, security, manageability, and data protection enable via Intel and Symantec collaboration

• Eager to see the Intel showcase demonstrations

2

SYMANTEC VISION 2012

Where were Intel and Symantec Collaborating 2-3 years ago?

3

Manageability

• Symantec Client Management

Suite + Intel vPro Technology

• Future

Security

• Future

• Future

• Future

• Future

• Future

• Future

• Future

Information Management

Consumer Other Programs

• Future

• Future

• Future

• Future

• Future

• Future

• Future

• Future

• Future

• Future

• Future

This presentation will summarize many of the “futures” that now exist

3

SYMANTEC VISION 2012

Who is currently using or considering Symantec appliances?

4

SYMANTEC VISION 2012

Symantec Appliances Powered by Intel

• A new and fast growing generation of industry leading appliances for backup and security

NetBackup

BackupExec

SSIM

• Strong collaboration for hardware & software differentiation

• Scalable architecture to meet customer needs

• Optimized for energy efficiency

• Business-critical Reliability, Availability, and Serviceability (RAS)

• Flexibility and scalability through Intel® Integrated RAID and Intel SSDs

SYMANTEC VISION 2012

Tape Out - SAS Port

Software - Backup Exec 2012, Critical System Protection, Windows 2008 R2

Ethernet - 3x 1GB Ports

USB - 4x USB 2.0 Ports

SSD Disk – 2 x 80 GB RAID 1 (Windows®)

CPU - Quad core Intel® Xeon 2.4 GHz, 8MB cache

Memory - 16 GB DDR3 1333, ECC

SAS Disk - 5.5 TB RAID 5 (Data Store)

6

BackupExec 3600 R2 Appliance

Backup Exec 3600 R2 Appliance

SYMANTEC VISION 2012

SMB

Intel® Hybrid Cloud Server Reference Design

Intel AppUpSM Small Business Service Catalog

Service Provider

Multiple Xeon® based hardware options with Intel® VT, TXT, AMT technologies

Break Fix Help Desk Cloud Backup

Intel® Hybrid Cloud Server Manager

Secure Usage Monitoring Remote Mgmt Web Portal

Intel AppUpSM Small Business Service Built on the Intel® Hybrid Cloud Platform

• SMB Benefits: • Pay-as-you-go Software • Cloud access to Software Catalog • Data onsite, no capex

• MSP/ISV Benefits: • Convert to subscription model • Immediate On-Line Software Catalog • Create your own offers • Pre-configured , remotely managed

• OEM Benefits: • Grow SMB sales with Hybrid Cloud appliance

SYMANTEC VISION 2012

How is Symantec integrating Intel Client Computing Technologies?

8

SYMANTEC VISION 2012

Business User Requirements

Responsiveness

Mobility

User Interface(s)

Form Factor

Device Like Experience

Reliability

Security

Stability

Manageability

Business-Level Performance

IT Decision Maker Requirements

Ultrabook™ for Business

Ultrabook™ for Business extends current content creation capabilities with optimized

mobile experiences without compromising security and manageability

Intel® vPro and Intel®

Small Business

Advantage

Ultra-Light. Ultra-Sleek. Ultra-Powerful.

Ultrabook is a trademark of Intel Corporation in the U.S. and/or other countries

Announcing Ultrabook™

Full PC Functionality and Enterprise-Class Security in an Ultra-mobile Package – only from Intel®

SYMANTEC VISION 2012

Security

Monitoring

Remediation

Reporting

Threat

Management

Data Protection Identity and

Access

Quickly

recover from

an attack

Defending you

against hidden

Trojans and

more

Access to your

systems and

services is

more secure

Protect your

valuable data

and assets from

theft or loss

2012 Intel® vPro™ Technology Platform Security Focus Points

Only Intel® Core™ vPro™ Processor offers these

Unique Security Capabilities

SYMANTEC VISION 2012

• Intel® Trusted Execution Technology (Intel® TXT)

• Intel® Virtualization Technology (Intel® VT)

• Intel® Operating System Guard (Intel® OS Guard)

• Intel® Identity Protection Technology (Intel® IPT) with Public Key Infrastructure (PKI)

• Intel ® Identity Protection Technology with protected transaction display

• Intel ® Identity Protection Technology with Onetime Password

• Remote Encryption Management

• Intel® Anti-Theft Technology (Intel® AT)

• Intel® Advanced Encryption Standard – New Instructions (Intel® AES-NI)

• Intel® Secure Key

Holistic Approach to Securing and Managing the Client

Security Monitoring / Remediation/ Reporting

Threat Management Identity & Access Data Protection

Intel® Active Management Technology (Intel® AMT) Enhanced KVM

Intel and Symantec product collaborations available today

SYMANTEC VISION 2012

Who is using drive encryption today?

12

SYMANTEC VISION 2012

Intel® AES-NI Technology Keep Data Safer and End-users More Productive

13

Intel® AES-NI… …Helps Speed Data Protection

Whole-disk Encryption

Internet Security

File Storage Encryption Accelerate Encryption Operations

0 1 2 3 4

i5-2400 (desktop) i5-2520M (laptop)

E6550 (desktop) T7250 (laptop)

Up to 4x faster encryption

Sample of Enabled Vendors

PGP Whole Disk Encryption Enabled with AES-NI Today

SYMANTEC VISION 2012

Introducing Intel® Secure Key in 2012 Platforms

High Quality

• With a high-quality, high-volume Entropy Source, resulting random numbers are at its highest quality (i.e. highly unpredictable).

• “Standards” compliant (NIST SP 800-90) and NIST FIPS 140-2 Level 2 certified.

High Performance

• Faster than any other entropy source today.

Easy Access

• RdRand instruction available to all applications and at any privilege level.

Secure

• HW module implementation isolates Entropy Source and DRBG from attacks.

Digital Random Number Generator for more robust encryption

14

To be included in future Symantec products High Performance, High Availability, and High Quality Cryptography

SYMANTEC VISION 2012

Using hardware tokens, smart cards, VeriSign VIP, or VeriSign MPKI?

15

SYMANTEC VISION 2012

Supported Platforms?

• Introduced in 2011 with 2nd generation Intel® Core™ processor-based PCs

• Intel® IPT is embedded in the Intel Management Engine (ME) isolated from the OS

• The one time code is validated by a third party security ISV used by the websites or enterprises

Who does this help?

• End users by adding security that is easy to use

• Web Sites, to protect their users accounts, and limit losses

• Enterprises who want more secure methods for employees to remotely log in, but don’t want the hassles of tracking physical tokens or lowered security due to software tokens

Intel® Identity Protection Technology One Time Password (OTP)

Traditional

hardware token

Now embedded into your PC

Intel® IPT provides a simple way

for Web-sites and enterprises to

validate that a user is logging in

from a trusted PC.

Embedded tokens work with all

Symantec VIP Protected websites

16

SYMANTEC VISION 2012

OTP Enterprise Deployment Use Case

Enterprise

17

OTP Generated by Intel® IPT

SYMANTEC VISION 2012

Introducing Intel® Identity Protection Technology with Public Key Infrastructure (PKI) in 2012

Validate legitimate user – Digital Signature 2012

Embedded Public Key Infrastructure (PKI)

Private key generated and secured locally

Used for authentication and encryption

Lower cost versus smart cards

Easier usability

More secure than software-only solution

Integrated with secure I/O

Available on the Intel® Core™ vPro™ processor family in 2012

SYMANTEC VISION 2012

Intel® Identity Protection Technology with PKI and Protected Transaction Display in 2012

Now embedded into your PC

IPT-PKI= Platform Embedded Asymmetrical Token.

Protected Transaction Display window, not visible to SW

In addition to the embedded private key, a secure PIN pad entry required for two-factor authentication.

Come See the Demonstration in the Intel Showcase Attend Session SS B03, Wednesday @ 1pm, Room 112

SYMANTEC VISION 2012

Intel® Identity Protection Technologies

One-Time Password token built in to chipset enabling frictionless 2-factor user authentication for website and secure VPN access.

Token

IPT with PKI* uses PKI certificates to authenticate User and Server to each other and to encrypt and sign documents.

Digital Certificate

Protects PC display from malware scraping and proves human presence at PC.

OTP – Ultrabook™ or vPro Protected Transaction Display (PTD) Ultrabook™ or vPro

PKI - vPro only

927316250

Server Server

Password Entry

Username Password +

OTP: 927316250

Server

Ultrabook is a trademark of Intel Corporation in the U.S. and/or other countries

Symantec Enabled on IPT-OTP, IPT-PKI, and IPT-PTD

SYMANTEC VISION 2012

Using Symantec’s Altiris Client Management Suite (CMS) today?

21

SYMANTEC VISION 2012

Managing “In-Band” and “Out-of-Band”

A Well Managed Client is a Secure Client

22

In-Band Management

Operating System Deployment

Software Updates and Fixes

Inventory and Data Collection

Remote Desktop and Diagnostics

Out-of-Band Management

Control of system power state

Integrated IP-KVM

Control boot source

Hardware based alerts

SYMANTEC VISION 2012

How does Intel® AMT Work?

Intel® vPro™ Technology Client

Operating

System

Chipset

Management

Engine

Network

Interface

Intel® AMT

Network

• Resides between the network interface and the OS

• Out-of-band Management traffic is handled directly by Intel® AMT itself

• Intel® AMT communications below OS

* A component of Intel® vPro™ Technology, Intel® Active Management Technology (AMT) enables Out-of-Band Management

Come See the Demonstration in the Intel Showcase

SYMANTEC VISION 2012

Intel® Active Management Technology Recovery and Enhanced Patching

IT Help Desk

New Features since 2010

Enhanced KVM Remote Control

Host Based Configuration

Intel Setup and Config Software v8

vPro PowerShell Module

Intel Use Case Reference Designs Business Employees

Beyond the

operating

system event Beyond the operating system management

Intel® Core™ vPro™ Processor

Intel® Chipset

Intel® Network Adapter

Remote diagnose, isolate, and repair PCs – even if they are unresponsive

SYMANTEC VISION 2012

What Intel® Client platform has all of these features?

25

SYMANTEC VISION 2012

Entry-level computing

Smart performance

Built for Business,

Engineered for Security

Intel® IPT with OTP

Intel® AES-NI

Intel® Secure Key*

Intel® Anti-Theft Technology

Remote KVM

Intel® AMT

Intel® IPT with PKI*

Intel® IPT with protected transaction Display*

Only on Ultrabook™ or vPro

Ultrabook is a trademark of Intel Corporation in the U.S. and/or other countries

Intel Security Capabilities by Platform

*Requires 3rd Generation Intel® Core platform

Intel® vPro™ Technology platforms include all security and management technologies

SYMANTEC VISION 2012

Ready to learn more about Intel and Symantec collaborations?

27

SYMANTEC VISION 2012

Today: Symantec & Intel Collaboration

Security

• Intel IPT & UserAuth (VIP)

• Intel PKI & Managed PKI

• Intel Protected Transaction

Display & Managed PKI

• Intel AES-NI + Encryption

• Intel® Secure Key + Encryption

• SSIM Appliance

• Hybrid Cloud Appliance (SEP)

Manageability Information Management

Consumer Other Programs

• Symantec Client Management

Suite + Intel vPro Technology

• Intel® Small Business Advantage

and Norton Suite

• NetBackup Appliances

• BackupExec Appliance

• BackupExec Channel Program

• Hybrid Cloud Appliance (BE)

• Intel Anti-Theft + Norton

• Intel AppUp + Norton PC Tools

• Norton AV Channel Bundle

• Healthcare Initiative

• Medical Device (Altiris, CSP)

• Server Innovations

• Storage Innovations

Growing Portfolio for Enhance Solution Value

SYMANTEC VISION 2012

Have the Session Objectives been met?

By the end of this session you will be:

• Educated on the value of Intel silicon combined with Symantec

• Promoting the improved performance, security, manageability, and data protection enable via Intel and Symantec collaboration

• Eager to see the Intel showcase demonstrations

29

Thank you!

Copyright © 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

30

SYMANTEC VISION 2012

IT Help Desk

Intel® Core™ vPro™ Processors with Intel® Anti-Theft Technology¹ Protects PCs

1 Intel® Anti-Theft Technology requires the computer system to have an Intel® AT-enabled chipset, BIOS, firmware release, software, and an Intel AT-capable Service Provider/ISV application and service subscription.

PC shows customized message and remains disabled even if OS is re-installed

2

PC can be easily reactivated via a local password or server-generated code

3

Local intelligence on PC detects potential theft and triggers action or PC is disabled via poison pill sent over Internet

1

31

Hardware-based Security to Help Protect Your PC and Data When it is Lost of Stolen