 Good morning everybody. Welcome to Endpoint Level Security at your library or nonprofits. My name is Kyla Hunt. I'm the Webinar Program Manager here at TechSoup Global. Joining me today are Andy Singer who is our presenter and he's going to introduce himself in just one moment. Assisting with chat will be Kevin Lowe and Rachel Holman. If you have any questions, please just ask away and they will respond to you in the chat pane. So Andy, why don't you go ahead and introduce yourself? Thanks Kyla, and good morning and good afternoon to everyone, and thank you for joining. I am a Senior Product Marketing Manager with Semantic Corporation. I focus on our Endpoint security line of products. I've been in the IT security industry for about 15 years. I've worked with organizations of just about every single size all the way from libraries, nonprofits, law firms, all the way up into enterprises. And I'm excited today to talk to you about what some of the Endpoint Level Security things that you should be thinking about are and try to give you some useful information. Great. Thank you so much Andy. We are really happy to have you today. Just a few things about what we are going to cover. First I'm going to talk a little bit about who TechSoup is. Then Andy is going to go ahead and get into the security threats overview. So then we are going to go into a little bit about Endpoint products for libraries and nonprofits and then go into a little bit more about Semantic Endpoint product updates that have recently happened. Andy is then going to show us a little bit of a product demonstration and then we are going to handle questions from the participants. So just a little bit about TechSoup. TechSoup is a 501c3 nonprofit organization. And as of June 2010 TechSoup served more than 127,000 organizations, distributed more than 6.3 million technology donations, and enabled nonprofit recipients to save more than $1.8 billion in IT expenses in 33 countries around the world. We at TechSoup are part of TechSoup Global and are working towards a day when every nonprofit, library, and social benefit organization on the planet has the technology, knowledge, and resources they need to operate at their full potential. And so with that I really want to turn it over to Andy. And first of all, Andy, could you give a brief overview of the main types of security threat spacing systems at libraries and NGOs? Yeah, I definitely can, Kyla. So let me start off by just providing some context around the types of endpoint level security protection I'm going to be talking about and how that fits with some of the primary concerns facing libraries and nonprofits. So what you see here on the display is the Semantic Endpoint Protection Portfolio. Many of you might be familiar with our consumer brand which is the Norton brand of products, so Norton 360, Norton Internet Security, and Norton Internet Security Suite. This is a market leading consumer product which protects, I think, the number of something like 175 million endpoints around the world. This product is a fantastic product and it's really designed to secure an individual PC. Where the Norton line separates from our business line of products is when customers require some degree of centralized management. And that's where I think libraries and nonprofits fit in. Your environments have multiple machines. You require something that can secure PCs from the general public and public use, and also give you some degree of compliance and reporting so you can prove that you're complying with laws and doing your best to provide the right level of security for your users and customers. So as we break away from the consumer line of products, Semantic has a couple of different offerings. One is something called Semantic Endpoint Protection Dot Cloud. A lot of you have probably heard about the cloud. It might be even using cloud in your business or consumer products. Semantic Endpoint Protection Dot Cloud is a hosted management offering using our Semantic Endpoint Protection Agent. The Semantic Endpoint Protection Agent uses the same technologies that are in Norton. They're just aligned for business use. And the Dot Cloud platform allows us to offer a hosted management offering. We also have what we call on-premise managed solutions which are Semantic Endpoint Protection and Semantic Endpoint Protection Small Business Edition. Semantic Endpoint Protection Small Business Edition is really designed for smaller organizations with less than 100 users. It's a great fit for libraries and nonprofits. If you have a large organization and you're greater than 100 PCs potentially, then we have a product called Semantic Endpoint Protection which has a high level of features. And I'll go into the differences later on. We also have something called Security Suites. Security Suites combine Semantic Endpoint Protection and offerings with some of our backup and gateway security offerings to give you a low priced suite with a number of market leading products which allow you to broaden your level of protection. I got some chat here saying that some folks are having trouble reading the names of the products. And if you are, just ping me and let me know. I'll go ahead and read through all the names very quickly. Going from left to right we have Norton from Semantic. Then the second product is Semantic Endpoint Protection Dot Cloud. In the third, in the larger box at the top we have Semantic Endpoint Protection followed by Semantic Endpoint Protection Small Business Edition which is the product I'll be focusing on today. And then on the far right we have our two security suites which are called Semantic Protection Suite Enterprise Edition and Semantic Protection Suite Small Business Edition. So I'm going to move on to the next slide. Give me one second here. There we go, working with the ReadyTalk. So every year Semantic does a global survey trying to understand the concerns of our customers. We focus it on small, medium-sized organizations. And I wanted to share with you some information that we got from our 2010 survey which I think is relevant for libraries and nonprofits. So we surveyed about 2,000 organizations, 2100 actually is the right number. And here's what we got. Number one was that these organizations were definitely aware that they are vulnerable to data loss and cyber attacks. We know that in terms of their overall IT time they spend about two-thirds of that time focusing on information protection issues. We know that when they spend money on IT, their top projects focus on security, backup, recovery, and then disaster recovery. And the median spend on IT projects is about 51K. And on the right here you can get an understanding of the degree to which we surveyed results in the sample size. So here are some of the key takeaways that I think are helpful for you all to understand about what your peer organizations are facing and thinking about. 73% of these organizations saw cyber attacks in the past year. And 30% of respondents said that their attacks were either somewhat or were extremely effective. Now this means that when a piece of malware came in or whatever the attack was, it really disrupted their business. And some of you might have experienced this before. 100% experienced disruption. So their systems were down. They were definitely aware that some sort of private or confidential information was stolen. 100% experienced a financial impact. And this could mean that they lost productivity. They actually had to spend money trying to fix these problems. They were unable to offer a service which denied them some form of revenue. And I think in the case of libraries and nonprofits this would simply mean that if your say public access machines became infected you would have to spend money to fix them. But you would also have to close them off or deny access to the public until those machines are ready. And that's not something you want to do. If we take a look on the information side, when we ask people about their feelings around the information that they need to protect, 74% were somewhat or extremely concerned about the potential loss from information. 42% knew that they actually had information that was stolen or lost in the past. 100% experienced a loss of revenue or business disruption. The thing that actually stood out in the survey was the degree to which small mid-sized organizations recognized the potential problem when you lose a device. So 62% of respondents lost a device within the past 12 months. These include laptops, USB keys, anything that can store data on it. And 100% of those devices, 100% of respondents have devices that are not past or protected, meaning that when they are stolen that information can be recovered by anybody. And then of the stolen devices 100% of respondents says that they have devices that really couldn't be wiped remotely to make sure the data is kept safe. So this is some of what some of your organizational-sized peers are saying in terms of their key concerns around cyber attacks and the loss of business information. Now I know this font is small. I'm going to get a lot of people on the chat saying I can't read some of these things. We tried to fit a lot of information in the slide so I'm going to read through some of this. If you have questions about what's in these bullets feel free to let me know. But again this was intentionally small so I apologize if it's difficult to read. We also produced a report called The Internet Security Threat Report. This is a broader survey not of actual end-users but we look at something called the Semantic Global Intelligence Network which leverages data we get from those 175 million endpoints. We also have a huge database of about 2 billion files that we can assess to determine what kind of threats are within them. Within that sea of information here's what we've taken in terms of the overarching themes for threats in 2010. Number one is targeted attacks. We know that on the Internet landscape today attacks have transitioned from these big broad global efforts to things that are targeted on smaller organizations. We've all seen the news about companies who have had information stolen or even you've got groups like Anonymous who are out there trying to do some form of social justice through hacking. One example is an attack on the Bay Area Rapid Transit Organization because this group Anonymous was upset that BART shut off cell phone service in some of their stations. We know that organizations are actually specifically targeting people. They can do that because the tools available to them to create viruses and malware have become sophisticated. They're monetized. They're really easy to use so just about anybody can create a virus and they have been developed to the point where they can mutate themselves to confuse protection systems designed by companies like Symantec for example. We also see mobile threats. We also see social networking invading the threat landscape. So one example is that the company, I think it was Lockheed Martin but I can't be sure for example. It was an aerospace company was hacked when somebody used LinkedIn to find all the people who worked in the human resources department that were on LinkedIn in that company sent them an email with a PowerPoint file that simply read 2010 hiring plan. And anybody in HR would want to read that. They didn't pay attention to see where it came from. That word document contained a piece of malware and information was stolen. The last thing I want to talk about is attack kits. Attack kits are this idea that I mentioned before about how easy it is for anybody to create a piece of virus or a piece of malware. And that allows them to focus a targeted attack. Because it's so easy, these attack kits are things that we're tracking that we're trying to block from being downloaded around the Internet and we're also blocking anything that's created by those attack kits. So this gives you an assessment of really what's out there in terms of the overarching themes. Again, Symantec has a global network and this is our intelligence that we're providing to you. Now in terms of statistics, our global intelligence network told us the following. In 2007, we tracked about 250,000 viruses within our global intelligence network which covers the entire Internet. In December 2010, that number grew to 286 million viruses. This just illustrates the degree to which attack kits can have magnified the scale to which we, the security providers, need to block viruses. We simply need to have a better way. We need to have, you know, security providers need to have a better way of giving you, our customers, a way to block these hundreds of millions of viruses without reducing your performance, without reducing the level of effectiveness, and without reducing your confidence in our ability to block those threats and provide security. And to give you an idea of how the scale is achieved, we've talked before about how mass distribution of one worm in the past could hit millions of PCs. We know how to defend against those threats. We've done this for years. Most likely, many of the products that you've used in your organizations today, whether they be consumer products or business products, can block these attacks. These are viruses. Everybody has some form of A.V., and A.V. is affected at blocking these mass distribution type attacks. But hackers have switched to a macro distribution model. So we know that some of these threats in fact are as little as maybe one or two users. And these targeted attacks are where we focused our development efforts on to create a new generation of technologies which allows us to block these sophisticated attacks. Let me move on to slide 15. Thank you. And to put this into additional context, in terms of blocking the threats and the number of threats that are out there, in 2009 our database, our data told us that we were able to block approximately 66% of A.V. detections using our A.V. technology and 33% of all other attacks using our IPS technology. So using just two types of technologies, A.V. and IPS, which again, most vendors have this functionality, we were able to block these threats. In 2010, so the number of threats is increasing, that ratio changed which was incredibly interesting. What it told us was that the number of threats blocked by just A.V. alone went down. And the number of threats blocked by a more sophisticated technology and intrusion prevention increased. And what this told us was that A.V. as a standalone defense technology is simply not enough. You need more than just antivirus. So as you're looking at how to provide some level of endpoint protection for your PCs, you really need to consider a product that has more than just antivirus. It needs to have the ability to do not just intrusion prevention or firewall. These are all terms you may or may not have heard. But you need another type of capability which I'm going to talk about more in when I get to be able to talk about our new product which is called Symantec Endpoint Protection 12. So Kyla, turn it back over to you for a minute. Kyla Great. Thanks, Andy. That was a great overview of the problems that are out there. Really quick, and our next section, I was wondering if you could go over the endpoint products that are most suitable to NPOs and libraries, and talk a little bit about that. Andy Yeah. So in our opinion, the products that are most suitable for libraries and nonprofits really need to have the following characteristics. Number one, they need to be centrally managed. And consumer products like Norden, for example, don't have a central management function with it. You need to be able to take a single policy, customize that policy to provide the right level of protections for your organization. It could be restrict these files, block these types of devices, report on these types of events. And you need to be able to push that policy out very easily in a very short amount of time to a broad number of machines. So if you wanted to ensure that, say for example, all of your public access machines had the same level of enforcement on it, you can do that with a business-level product. Number two is you need a product that has more than just antivirus in it. We all are accustomed to just looking for the best AV that's out there. And our research shows that we know threats today have gone beyond AV, and you really require something that's more mature and sophisticated. I think the third thing is you want to be able to look for a product that gives you the ability to potentially expand your protection. So can you choose a version of that product that has, say, a basic set, and if you require more advanced features, can you upgrade? And in the case of Symantec, you can. You can go between our small business edition product up to our more mature enterprise-level type functionality depending on your needs. So those are, I think, my three key considerations when looking at some sort of endpoint protection product. So Kyla, I'm going to go ahead and let's have another question and jump into kind of an overview of what is Symantec Endpoint Protection 12. Kyla That would be great. Thank you, Andy. Andy Yep, no problem. Okay, there we go. Okay, so what is Symantec Endpoint Protection 12? So we in July released the latest version of our flagship endpoint protection product which is version 12. And within version 12, we have a number of capabilities. So we have antivirus protection, antispyware capabilities, desktop firewall, intrusion prevention, device control, application control, and network access control. We offer all of these in a single agent with a single management console which comes and supports Windows, Macintosh, and Linux. I just got a question that said the SMB version doesn't seem to have support Mac Linux. Enterprise version does. So that's actually not true. Symantec Endpoint Protection, small business edition, does support Macintosh systems as well as Windows. It does not offer an agent for Linux. If you need the Linux agent, the enterprise product does support that. Like I said before, our product includes all of these technologies within a single agent and a single management console. So what's new? What did we change? So we spent about two and a half years developing this product. We conducted beta testing for approximately seven months. We rolled it out to thousands of users and got some great feedback both privately and in a public beta. What we've released, what we believe is a product that offers the fastest performance and highest level of security of any product on the market today. And we've got third-party product testing reports that can prove it. And here are some of the key things that are new. So we've got a new technology called Insight that I'm going to talk about more in a minute which is unique, which no other competitor has. We've also got a technology called Sonar in there which offers a higher level of defense, again, something that's higher than any competitor can provide. These two technologies are actually things that we've migrated or brought in from our consumer products. So Norden product users for years have been using these two technologies. They're now in their second and third generations of development. And we've taken those technologies and put them into our business products. So in terms of performance, we can offer up to 70% reduction in scan overhead. And what this really means is that when you're working on your PC and a scheduled antivirus scan or system scan goes off, or perhaps you trigger one on your own, the time it takes to actually conduct that scan will be 70% less than our previous version and faster than our competitors' products. We offer technology that updates our products in a smarter, faster way. And we, especially in a small business product, offer what we call faster management. So the small business version product can actually be deployed and set up in just about 20 minutes. Lastly, we know the technology that we have, this is in the enterprise product, is built for virtual environments. I'm not sure if libraries and nonprofits are using virtualization, but if you are, we've got technologies and capabilities which can offer you a high level of performance and effectiveness within the virtual environment. So I'm just looking at some of the questions that have come on the Q&A. And Kyla, if you don't mind, let me just give you one second to just take a look at some of these questions. Kyla, problem we can also, as I said, address a lot of the questions at the end so you can continue if you want. A lot of these I think that have been coming in have been tech super related, and we have somebody on chat about that. Great. I'm happy. I just want to take a look. So I would very much like to talk to this group about this technology that we have called Insights. And I think it's important for you guys to understand why this is an important technology and why it really does change the way that you will look at endpoint protection products. So Insight is something that puts files in context. We look at about 40 different characteristics of every piece of software. And again, we have a database of about 2 billion files that's just about every executable file that's out there on the Internet today. We look at the age of that file, meaning how long it's been on the Internet, the frequency at which it's been downloaded, where it came from, what other files are downloaded with it. And that gives us the ability to create what's called a reputation score. So for example, files that have been in on the Internet for a long time that were uploaded by a known and trusted company, say this is uploaded by Microsoft for example, or if it came from the US. If it's been used by lots of different people, if we haven't seen any malware that's been born from that file, we give it a high score. If we see a file on the Internet that you're trying to download that's only been on the Internet for a short period of time that was uploaded from a less than reputable country where in addition to that one file being downloaded, it downloaded other types of known malware, we'll give that file a low reputation score. And then we'll probably block it depending on the policy setting. Using the reputation, we're able to actually create a system that delivers a higher level of performance and a higher level of efficacy. And this type of technology is actually what protected our enterprise customers from something called the Stuxnet virus, which I don't necessarily need to go into, but this was a very nasty piece of targeted malware that infected a lot of sensitive manufacturing machines, but nonetheless, this was an unknown threat. So no one had received it before and we blocked it. So our technology proved to work in this case. So why is Insight needed? Well, I've talked a lot about why we need to do more than just AV, but let's talk a little bit more about what that really means. So here on this graph, you can see a red and a green. So the green side, you see something called whitelisting. Whitelisting means that we can create a list of known good files. Good files are applications that are created by trusted vendors. So you can see we've got a lot of Microsoft icons there. We've got the Firefox icon, Adobe, QuickTime. These are vendors that we know and trust to produce software within a secure process. So when we see an application or a document for one of these applications, we tend to say, hey, this is a good file. Now there are lots of bad files that are out there. This is malware and viruses for which we have a signature or we understand its behavior. We know the name. We know the variance. We can actually block this using something called a blacklist. Now these are technologies that are in use today and they work reasonably well. But because we know that hackers today can create tens and thousands of new pieces of malware with relative ease, you need a technique that's going to work faster than just a white static whitelist or a static blacklist that really looks at things in a zero-day context that really can provide a level of protection for the future, not just for today. So I'm now showing you kind of the overview of how Insight works. So a lot of you understand what antiviruses. It's a technology that uses signatures you download a what's called a DAT file say from your vendor where they send you a bunch of signature updates. Your endpoint loads that into its system. When it sees a piece of software being downloaded, it matches that software, that name of that file against its database. And if a signature matches, it blocks. When new viruses are released and vendors create signatures, those signatures are downloaded and you have additional protection. We don't believe that's a technology that's good enough for what needs to be blocked on the Internet today. So we've developed Insight and here's how it works. We take the data from our 175 million PCs for our Global Intelligence Network. We leverage that against our 2.5 billion file database. We take the file that you're trying to download and look at, and we match it against our reputation database and determine the score. And we look for associations, prevalence, age, source, behavior. Chances are we've seen the file before, which gives us a really fast way to turn around a decision. So we scan it, we check it out, we get information from our database, and we download that to the client, and we allow the client based upon its policy to make an actionable security decision. This technology leverages the cloud. It leverages the common wisdom that we get by having such a large Global Intelligence Network. It saves time in having to scan and match and compare every single file on your PC and allows us to leverage the experience or experiences of other people on the Internet to provide an individual with a higher level of security. Now I do want to talk really quickly about what we call defense in depth. This might be more technical information than some of you are comfortable with, but again, this provides the whole picture of why antivirus is simply not enough, why you need a product that has a broad set of security technologies, and why you really need something that leverage has a technology like Insight where in reality, Symantec is the only vendor that has this reputation technology. So what you can see here is a diagram that shows four defense levels, Network, File, Reputation, Behavioral. These are all of the defensive layers. Imagine a battlefield where you had troops stationed at every point from the front line of the battle all the way to the back. Well that network area is the front line. That's where we use technologies like Browser Protection and Intrusive Prevention where when a piece of malware or virus comes in, it hits our defensive line and we block it or analyze it with these technologies. The next level of defense is called File, File-Based Protection. This is where we look for an eradicate malware that's already taken up residents on a system. So it's been downloaded, it's tried to inject itself into the system. We use technologies like antivirus, something called Autoprotect, something called Malheur, which is your heuristics technology. This is where we use our market leading AV capabilities to remediate and block something. The next layer of defense, this is Insight. This is Reputation-Based Protection. So we establish information about entities and to be able to use for security decisions. So this is where we use technologies like Insight, Domain Reputation, File Reputation technologies. These capabilities provide that higher level of security that other vendors cannot provide using the wisdom of the cloud. The last line of defense, this is Sonar. This is behavioral-based protection. So we actually take the piece of malware, we open it up in kind of a secure way to see what it's going to try and do, and we look at those behaviors that it wants to do and make a security decision. So if we open up a piece of malware and it simply says, I want to open Microsoft Word and allow someone to edit a document, we believe that's trustworthy and we don't see anything else. But if we open up a file in our secure area and it starts trying to grab a lot of system information and privileges it should not have, it's probably malware and we'll block it. So this is why we believe you need a layered approach. You need a more mature product that offers more than AV, and we say that you really need something that offers reputation-based and behavioral-based security. So if we look at what's available in terms of these technologies and capabilities in the Semantic Endpoint Protection Small Business Edition, version 12.1, we offer intrusion prevention, desktop firewall, antispyware, antivirus. All of these come with the Insight and Sonar capabilities that are in the product. And together we offer a higher level of performance and a higher level of protection than our competitors can offer you today. And for us, the most important thing is you want an endpoint protection technology that doesn't impact the experience that your users have on their PCs. The last thing you want is a piece of software that users feel is slow, that prevents them from browsing, or downloading, or opening the Internet and gives them a bad experience. They will reject that software and not want to be secure. So we've developed in this product this high-level performance and high-level performance and protection which we know gives our customers a great experience. So what do we deliver with this product? So we've done independent third-party testing which with common things like scan time, setup time, browsing speed when doing a scan, opening Word documents, opening common applications. These are all common actions that your users probably use. Imagine someone on a public use machine who's trying to create a Word document and browse the Internet. You want that person to have a great experience. You don't want them to be thinking, man, this machine is slow because it's running a scan. We've kept that in mind and our product delivers that great experience. We have something called Smarter Scans. I'm going to talk about that in a second, but that allows us to deliver that fast scan time. Your users really won't know the products there. It's effective. We've got unmatched accuracy. Meaning when we tested our product with third parties and they threw at our product and all our competitors a sample of known malware and viruses, we blocked a higher number of those viruses. We stopped new threats before they can reach your PC. We eliminate a ton of risk from your environments. And the Small Business Edition allows you to deploy it in 20 minutes. It's a single management console. It offers things like setup wizards and management wizards and policy wizards. And for those of you who are not really technical, this product is for you. It allows you to create an effective policy. It allows you to monitor and manage and simply deploy the agent to PCs. Now, one thing I do want to highlight is this faster scan. How can we deliver these faster scan times? Well, here's the secret sauce. Traditional scanning, and this is what our competitors use today. When you click scan, the security product is going to scan every single file on your computer. And there are thousands and thousands and tens of thousands of files on your computer. Scanning them takes a long time. It doesn't really matter how fast your processor is. It doesn't necessarily matter how much memory you allocate towards it. It's still going to take a considerable amount of time to scan all those files. With our inside technology, we can scan the endpoint. We take all the file names that are on there. We match all of them against our reputation database. We mark the ones that we know are good and trusted as being good and trusted. And then we focus our scans only on those files that we don't know anything about or are untrusted. By doing that, we can actually skip about 70% of active applications, giving you a faster scan time and a better experience. Now, you might ask, what happens if I change a file that's already marked as good? Does Symantec know that it's been changed? Yes, it does. We create something that's called hash. Hash is a mathematical way of creating a unique identifier for that file. If the data in that file changes, the hash will be different. We will know, and we'll simply check the file against our reputation database again, and it will mark it as good or trusted or not good or untrusted, and we'll either add it or subtract it to the scanning list. That's how we can deliver this great experience. And we think this is really important. We want our customers to trust and want to use the product. So in terms of what can Insight block and stop, so it stops those stealth installs and drive-by downloads, how many of you have seen things like fake antivirus? Fake antivirus is an amazing phenomenon where you've got hackers who are creating AV products that look real, that look like they're coming safe from a Microsoft or that they're part of Windows. They actually have websites where you can buy them. They actually have tech support lines where you can call in to get support for them. But what they're doing when they show you, hey, we're scanning your PC, they're really installing malware and stealing information. We can provide an unmatched effectiveness against mutating malware, so we're not going to be fooled by tactics and attack kits that allow people to create mutations of the same piece of malware. We're going to block it every single time. And we're going to monitor applications in real time as they execute, basically giving you the ability to prevent malware from embedding itself in your PC. So before I get into the next section, Kyla, do you have any questions? Kyla Sure thing. We actually don't have very many from the audience, but I did want to ask, did updates to the Endpoint products make them easier for someone at an MPO or library to administer? And when would an organization want to make the jump from something like Norton to something like an Endpoint product? Kyla So let me ask, answer the second question first. When does an organization like a library or an MPO want to make the jump from a consumer product to a business product? I think typically when it becomes unruly to manage, and that could mean different things for everybody, one of the most common situations is the time it takes to go to every single machine that you have and install the consumer product. So if you've got three computers, you can install that pretty easily. And you can manage the settings and keep it going and just monitor them on an individual basis. But after three, when you get to five, or six, or ten, it becomes pretty difficult to monitor and manage each one of those machines. That's when you want to make the jump to a business level product. So something like Endpoint Protection's Small Business Edition that gives you a central console to be able to manage multiple machines from a single place. On the first question, and I think the first question Kyla, you asked was what? I can't remember, sorry. Kyla Do the updates to the Endpoint products make them easier for someone at an MPO or library to administer? Somebody who's not like a huge tech head, is it easier for them to administer this product now? Kyla Yeah, they definitely do. So the previous version of our Endpoint Protection product, the Small Business Version, was called 12.0. And 12.0 actually came to market with a simplified management interface, wizards, configuration tools that made it easier for someone who's not very technical to deploy the product. We've improved some of those wizards. We've enhanced some of those capabilities and made it a little bit easier. But in general, the product is very easy to manage and deploy. The enterprise level product will be a little bit more complicated, and that's pretty common across all vendors' products. It's catering to a different type of organization. So you might be working with an outside IT consultant. You might be working with a reseller who offers, say, a managed service. And in those situations, they're accustomed to dealing with a more complicated management tool. Now I did see a question. I saw a comment Kyla that I really wanted to address very quickly. Someone said that he sees more down computers because of fake virus wear. And I'm really glad he mentioned that because this is something that is a big problem for businesses of all sizes. But I'll give you a small business example. A company with 10 employees, a couple people fall victim to downloading and installing fake AV. That machine actually has to be taken offline and repaired by a professional to remove what the damage that's been done by that fake AV, and that costs time and money. So the more you can block your users from downloading this, the better. Now in the case of public access machines, you probably have some very unsavvy Internet users who will fall victim to using a fake antivirus product because they've gone to a website which downloads it. So what you don't want to have is a situation where you have to take your computer offline to be able to remediate the problem. You want an endpoint level protection product that can block it from the get-go. So Kyla, I'm just going to jump ahead real quick. I know we've got only a limited amount of time. So we talked before about small business edition, why it's better for smaller organizations. As I mentioned before, it's fast. It's a 20-minute deployment from start to finish for an entire network. It's automated so it gives you automated notifications and summary reports and helps you to be compliant. It's really easy to manage a single console for all your PCs in one place to go. Let me just go on to the next slide. In terms of making the jump from consumer to business, here's what we can outline with Norden Internet Security 2011. By the way, we actually released Norden Internet Security 2012. It's now available. So this slide is two days old, unfortunately. But as I said before, target number of users anywhere from 1 to maybe 10 depending on your ability to manage 10 machines. But Norden comes with AV, desktop firewall, intrusion detection, insight and sonar, and protection for Mac. These are all things that are really critical for, you know, these are all critical technologies that every single one of our products has. Our small business product allows you to essentially manage. And if we were to expand this chart for our kind of enterprise product it would come with things like device and application control, allowing you to lock down those USB ports and prevent people from taking things off the computer, all the way to our dock cloud product which offers a hosted management console. I do want to show you guys a little bit of the product. So let me take five minutes here. And Kyla, I'm going to switch from the ReadyTalk conference display to my demo. Let me get there. I think everyone can see it right now. Kyla, I can see your desktop. Awesome. So what you're seeing here is a demonstration of — and let me switch this to full screen which will make it easier for me. Great. So even better. So I'm going to go ahead and start this demo. So you see here and a user opening up our management console. This is actually the enterprise management console but a lot of the information here is similar to what we offer in the small business product. We offer you great insights like the total number of endpoints you have, whether or not they've received protection updates, whether or not they are online or offline. What really does require your attention? Are you in license? What's the semantic threat con level? So we tell you the global threat condition level which gives you the ability to actually add more or less protection to your policies. And we give you a summary of what's been happening. What I really want to show you is if we go into the policy level and here you can see that we've got out-of-the-box policies ready to go for you, you can click on any one of these and deploy agents to your desktops right away. But if we open up and edit one of these policies as I'm going to do right now, and I want to go to the Download Protection Settings. This is where you can see what this reputation score actually looks like when you have to manage it. This is something different. You won't see this in our competitors' products. This is where you can set your risk level. Now this allows you to leverage our Global Intelligence Network and our 2.5 billion file database and our reputation scores for each one of them to set a policy that says, here's where I'm comfortable. So the lower the score, the more risk you're willing to accept. So you can tell the system, hey, I don't want to trust anything that has a score lower than 8. And that's a pretty good risk protection setting because you're not going to get any bad files pretty much being downloaded. But if you set it lower, you're accepting a little bit more risk. And we've simplified this in a small business product to make it pretty easy for just anyone to work with. But this type of capability, this type of policy is unique to Symantec and allows you to really block those things like fake AV and any type of variant of fake AV and drive-by downloads and all these targeted attacks. This is the way in which you can do it. So I'm going to go ahead and cycle through the demo and you can see some of the settings that we've got in there in the file today. And I am now going to switch back to the ReadyTalk Perfect window. And I want to go ahead and move into the key takeaways. So here are the things that I think are important for libraries and nonprofits. And this is whether you use a Symantec product or not, just in general with endpoint level protection. The number one thing I would say is make sure you have something that allows you to monitor your products. You want to make sure that you're able to look for things like abuse of a system, someone doing a suspicious traffic. You want to be able to receive new alerts for new vulnerability of threats. So make sure you're always monitoring this product. Don't just kind of set it and forget it. Make sure you're constantly looking at it to the best of your ability. Number two, antivirus on endpoints is not enough. Make sure you deploy and use something that includes additional layers of protection like what Symantec offers with our insight and our behavioral-based technologies. Number three, try to deploy something whether it be on an endpoint protection product or in the gateway or from your internet service provider that can restrict email attachments. Blocking types of email attachments will really allow you to block a good portion of threats. It's a really simple and easy way to provide a greater level of protection for your computers. Number four is use an effective password policy. So one thing that hackers will always try to get is passwords. Passwords offer them the ability to do a large amount of damage in a relatively easy way. And one of the things that they look for is try to get that administrative password to a Windows system or a Mac system. So make sure that your passwords are complex, that they have a combination of numbers and letters, and make sure you do change them often. It's easy to set a password and walk away from it. Maybe try changing it every six months. This will give you a higher level of security. And lastly, make sure you have an infection and incident response procedures in place. So try to document steps on what you would do if you had a large degree of infected machines or you find something that's remediated or you need to remediate. Who do you call? What's your vendor's phone number? What's your policy about disconnecting that machine? How quickly can you do it? What happens if someone violates your policy? Make sure you have that documented. That will allow you to absorb attacks much faster. Again, no security product out there today is going to be 100% effective in blocking all attacks. You will have to deal with something, but having that response plan documented will give you additional level of comfort. So a couple of things that you guys can do now, if you're interested in taking a look at these products, and I see a lot of things coming up on the Q&A about how you can work with TechSoup. So two things that you can do, one is you can go to the Semantic website and get a trial version, a 60-day trial of our Small Business Edition product. You can download it and install it today. The other thing you can do is if you want to take a look at the SeeHow Semantic compares to some of our competitors, we've got a great website called Security Challenge. It's available at go.semantic.com.slashchallenge. You can put head-to-head Semantic versus McAfee and Trend Micro and Kaspersky and see how we compare in terms of performance and effectiveness based upon third-party reports. So, Kyla, that's the end of my presentation. I'll turn it back over to you. Kyla, thank you so much, Andy. That was really great and informative. One thing before I get to any questions that we have, and if you do have questions, we do have a couple of minutes to answer them, so put that in the chat pane. But for anybody who's interested in the Semantic donation program, you can find out more information about it at bit.ly.com forward slash semantic donation program. And if you're curious, if you're eligible to participate in the program, make sure to check out our eligibility quiz and you can find that at bit.ly forward slash eligibility quiz. And if you are registered with TechSoup, make sure you log in before you fill out that quiz because it will automatically load any of the information about your organization that you've already put in. So with that, a lot of the questions that have come and have really been TechSoup related, one thing that came in that I wanted to make sure you addressed, and just going back to the central theme of the presentation is could you just define what an endpoint is? That is a great question. And as a marketer, it is a constant source of frustration. We try to think of better ways to describe what we call an endpoint. And the reality is an endpoint is a desktop or laptop computer. We put mobile devices in a different category because they're unique. So when we say endpoint, we're really talking about desktops, servers, and laptops. And when we come up with a better term than endpoint, I'll let you know. Great. We did have a question that came in wanting you to confirm or deny if this is working with Linux. So the Enterprise product does work with Linux. It does come with an agent that works on Linux systems, non-Macintosh Linux systems. The small business product only includes agents for Windows and Macintosh operating systems. So if you have a need for Linux, we do have an Enterprise product. It is something that is priced for smaller organizations. It's a little more expensive than a small business product, but it is available. I did see one question come in that was, what are the specs for running 12.1 from a server? Thanks. I was just about to ask that. No, it's fine. So actually on our website, and actually maybe I can just put this link into the chat right here. Let's see if I can do this. So I just send a message to all participants with a URL that takes you to the Small Business Edition System Requirements page, which lists the requirements for running our management application on a server. They're pretty basic. We support a lot of different types of Windows operating systems. We support 32 and 64-bit platforms. We require about 1 gig of RAM for a 32-bit OS or 2 gigs of RAM for a 64-bit OS. We require a 4-gig hard drive. A lot of these are standard. You're going to have them already today. And we also list some of our browser requirements as well. Awesome. And for anybody who wants that URL, I'll add that into the follow-up email that goes out later today so you should be able to have that. And we do have some time for just one or two more questions. I had a question that came in from Kirk asking, let me go back to it. Is this the pros, cons of Windows Firewall? Yeah, I actually wanted to address that question. Thanks for asking. So Kirk, this is a great question. So the pros and cons of Windows Firewall versus the Symantec Firewall. So the Windows Firewall is free. The Symantec Firewall is not free. It's one way you can take a look at it. But the reality is that the Windows Firewall is pretty basic. It's a standard staple packet inspection firewall as most firewalls are. It has the ability to block certain ports and whatnot. You can manage it from a policy within your Windows Active Directory domain. So there is a good level of control. But unfortunately, the Windows Firewall is just one level, one layer of protection. And I really tried to stress that your endpoint security strategy needs to comprise multiple layers. So given that most vendors include a firewall in their product today, and they are equal if not better than what Microsoft offers, that combined with the ability to manage that firewall in the context of a larger policy makes it make solutions, say, from Symantec in my mind a better offering. If you only have the ability to go with what's included in Windows, that's something. And that will get you some degree of protection, but you won't be able to block those really targeted attacks or even things like fake AV. Great. Thanks. And I think we have time to address maybe just one more question. And if there are any questions we didn't get to, I am going to put Andy's email address in the chat pane in just one second. But just to close this out, Andy, could you address if there is any current integration with Rackspace? Yeah. So Rackspace is a managed hosting product. Today I think, so we do offer the ability to integrate our products with Rackspace, but it has to be done manually. What we don't have to say is a joint product offering with Rackspace. We are actually looking to provide a integration with other hosted providers, so stay tuned for that. But I will say that if you are looking for the benefits of having a hosted product, and really the benefits are that you don't need to deploy a management server on your site so you don't have to worry about it being up or down. You can, Hostive Model allows you to buy things on a subscription or monthly basis. Our product called semantic endpointprotection.cloud is a hosted endpoint security product. So it is managed in the cloud. You just use a browser and you can log in to your console. You can deploy policies and agents and do monitoring and get reporting all from that one hosted server offering, and you can buy it on a monthly basis. And I see someone replying back to Kirk saying, hey, you would use BackupExec for that. That's right. If you want to use a hosted backup offering, Rackspace and BackupExec are great options. If you are looking from a security perspective, also take a look at semanticinpointprotection.cloud. Great. Thanks, Andy. And again, thank you so much for a great presentation. This is really, really informative, and I am sure that that will be reflected in the survey results. I wanted to take just a moment to thank our webinar sponsor, ReadyTalk. ReadyTalk does offer dedicated product demos for TechSoup organizations four times per week, and you can find more information about that at pages.readytalk.com forward slash TechSoup.html. When you are ready to exit, please take just a few moments to complete our post-event survey. This does help us in creating better and more webinar offerings. And if for some reason when you close out your webinar window and you do not see that survey automatically pop up, leave your browser open just for a couple of minutes because sometimes it takes just a little bit of time to pop up. And if you still don't get it, just feel free to email me at khunt at techsoupglobal.org and I can get your response there. And with that I'm going to go ahead and stop recording but I do want to thank you, Andy, again for this great presentation. And I also want to thank Kevin and Rachel for offering chat support today. Yeah, I think I have one request. If you guys do need to reach out to me via email, do me a favor and just put TechSoup in the subject line just so I know the context of who's asking me the question. Definitely will do. Thank you, Andy. Thank you. Please stand by.