This article describes how to configure active-passive high availability(HA) for a group of Redis instances. I avoid using cluster because Redis Cluster is the mechanism to distribute shards to multiple Redis instances . Active-passive means there is only one Redis instance, the master, serving requests at all time. Data is replicated from the master to the rest of the Redis instances, the slaves. One of the slaves would replace the master when the master is down. Therefore HA essentially needs to take care of two major issues, data availability and service availability. Redis replication provides data availability.  Redis Sentinel ensures service availability. Redis Sentinel monitors Redis instances. For example, consider a group of three Redis instances, A, B, and C, with A as the initial master. The following figure illustrate how Redis Sentinel monitors Redis instances.

When the master is down, Redis Sentinel automatically elects a new master and failover to the the new master as shown in the following figure. 

The following sections shows the steps of configuring Rdis HA. The example assumes:

• CentOS 6.5. 

• Redis instances are installed with rpm packages, version > 2.6.

• Host IP and ports.

  	IP	Redis Port	Redis Sentinel Port
  A	10.211.55.10	6379	26379
  B	10.211.55.11	6379	26379
  C	10.211.55.12	6379	26379

Data: Replication

Replication is asynchronous because of performance concerns. It means that Redis HA does not guarantee strong data consistency. Data loss might happen. You can find the detail design on redis.io. 

"However, because Redis uses asynchronous replication it is not possible to ensure the slave actually received a given write, so there is always a window for data loss."

To enable replication, add directive slaveof to the configuration files of instance B and C. Edit /etc/redis.conf.

# slaveof master.ip 6379   
slaveof 10.211.55.10 6379    

Then restart Redis.

  
/etc/init.d/redis restart

DO NOT enable replication in master node. Redis Sentinel would treat the master as failed node and keep trying failover to the slaves.

To verify that replication is working properly, login to the master and write some data.

[mymaster]# redis-cli 
10.211.55.10:6379> set hello world

Now login to one of the slave.  

[slave]# redis-cli 
10.211.55.11:6379> get hello
"world"

Service Availability: Sentinel

The next step is to configure Redis Sentinel to monitor Redis instances. In the following example Redis Sentinel runs on the same node as Redis instance although Redis Sentinel can run anywhere you want. 

# sentinel monitor <master-name> <ip> <redis-port> <quorum>  
sentinel monitor mymaster 10.211.55.10 6379 2
sentinel down-after-milliseconds mymaster 60000
sentinel failover-timeout mymaster 180000
sentinel parallel-syncs mymaster 1

Edit /etc/redis-sentinel.conf of each redis-sentiel and add the following configurations.

Line 2 is the most important configuration. It tells Redis Sentinel that the master is 10.211.55.10, the master's name is "mymaster", and  start failover if more than two Redis Sentinel has detected the master failed. You can find explanations on redis.io. 

Then start all Redis Sentinel on each node.

  
/etc/init.d/redis-sentinel start

Client

If you have existing applications use Redis, you will need to modify two parts . First make sure your client library support Redis Sentinel. Second instead of connecting to a single Redis instance, use Sentinel API to discover the master. Then operate on the master. The following code segments are modified from redis-py.

from redis.sentinel import Sentinel
sentinel = Sentinel([('10.211.55.10', 26379)], [('10.211.55.11', 26379)], [('10.211.55.12', 26379)], socket_timeout=0.1)
sentinel.discover_master('mymaster')
#('10.211.55.10', 6379)
sentinel.discover_slaves('mymaster')
#[('10.211.55.11', 6379), ('10.211.55.12', 6379)]
master = sentinel.master_for('mymaster', socket_timeout=0.1)
master.set('foo', 'bar')

References

• Redis replication, http://redis.io/topics/replication
• Redis sentinel, http://redis.io/topics/sentinel

Here is a tutorial on how to Backup up individual folders/files via NDMP on an Isilon Cluster

https://www-secure.symantec.com/connect/forums/ndm...

A running blog about the VMWorld 2014 conference.

Researchers show how a smartphone’s gyroscope can be used as a microphone.

Trust In Our Digital Cities
     During Dr. Snow’s time the general belief was that cities were unhealthy, and humanity was not destined to live there due to the prevalence of diseases. Epidemics were presented as evidence of the unnatural state of humans in cities and the resulting hardships encountered there. If you were to ask a mid-19th century Londoner what they thought of the future of cities, they would probably tell you that it was a passing phase and that disease will send people back to the country side. If you asked the average person today what they thought of their digital existence online, they would probably say they don't trust it, and that the rampant diseases online make it a place humanity will not be able to fully integrate into their lives. Some people have already retreated to the digital country side or avoided the digital as much as possible, rather than fully integrate into the network. This lack of trust in ecommerce and online banking is not that different from mid-19th century Londoners’ view of the viability of cities and whether people should really be there.  It is up to us to start treating the threats for what they really are: digital diseases. Once we understand digital diseases better, we can learn to adapt our hosts and environments to withstand them.
     To be successful, like Dr. Snow, we must know our digital community. We must know our network and know our digital citizens. By knowing our "normal" boundaries, we can detect the abnormal. We can no longer simply sit back and wait for antivirus logs. Looking only at antivirus logs is like only looking at death certificates. Look at other data: login internals, patching cycles, install instances, network traffic, etc.  The better we understand our community the better we can take care of it.

Epidigitalogy Survey Study Types
     In the field of epidemiology there are two study types that I think would be beneficial to the epidigitalogist. The first type of study is a retrospective cohort study. A retrospective cohort study looks to the past for comparison of a known group “cohort” against other groups to identify differences. If we have a known diseased group of machines, we can look back in time to see which other systems are also exhibiting the same attributes. A sample retrospective cohort study may show that a group of computers with their hard drives at 95% capacity tend to not retrieve their content in a timely manner thereby exposing them to more frequent vulnerable states. The second study is a prospective cohort study. A prospective cohort study looks to the present state of hosts, selects a “cohort” of interest and follows them forward in a controlled experiment. An example of a prospective cohort study would look at a group of systems (a “cohort”) that all share a specific attribute dissimilar to the rest of the systems and determines the frequency of disease compared to the group. Over time a pattern may emerge to either confirm or contradict a hypothesis. In today’s highly competitive landscape with just-in-time everything, anything that interrupts business or can potentially interrupt business tends to be avoided. Security is not immune from this avoidance behavior. So how does an information security professional convince management that installing security feature or process X will help (and not hinder) the organization’s uptime? A retrospective or prospective cohort study may be just the information needed to advocate a new control. Both these types of studies may help answer questions such as:

1. Does exposure to USB executables increase likelihood of infection?
2. How much risk is involved in allowing users to use USB?
3. How much benefit is gained in allowing users to use a specific feature? i.e. USB
4. How many hosts have been infected in the last X number of days?
5. What technology is triggering indicators and where are they located?
6. What sources are the triggers associated with? (USB, Registry, Process, File system, Network?)
7. What is the infection frequency of hosts over time?
8. Where are the most infections or events occurring? (Which subnet? Which logical group? Which OS?)
9. Which operating systems are exhibiting more events? (Known malicious or suspected malicious)
10. Which applications are triggering the most events? Is this indicative of a false positive, or some early indicator of digital disease onset?
11. When are the events occurring? (By OS, application, IP, port, logical grouping)
12. Who is triggering the most events over time? (By OS, application, IP, port, logical grouping)

      I am advocating this proactive constant graphing and statistical analysis of relationships between different variables in the organization as a means to increase probability of capturing endemic pathogens in the environment. These statistics-based tasks may be perceived as “boring work” since most of the excitement is in the incident response and breach investigation process, but prevention is worth more in terms of cost and loss avoidance. In today’s digital disease landscape we can no longer afford the cost and excitement of incident response, the path forward is in the effective implementation of the methodical statistical analysis and human correlation that will curtail breaches.

Diversified Skills are Beneficial to the Investigation
     It is important to point out that Dr. Snow did not focus on just one area of expertise. He was a pathologist, a clinician and an epidemiologist. He did the “boring work” to get at the crux of cholera. He leveraged information from geospatial data, clinical results, pathology and chemistry. By his example, information security professionals must also leverage different disciplines for ideas of how to combat a digital disease. By combining information from many different disciplines Snow was able to formulate his hypothesis. It is surprising to think that Dr. Snow was able to combat cholera without ever seeing it. The insight we can derive from Snow’s way of thinking is thus; the mode of communication and the actions of the disease pathogen are more important than knowing the disease pathogen’s structure when information and time is limited. When discussing digital disease pathogens, knowing the pathogen’s mode of communicability is more important than reverse engineering it to ascertain its exact structure. This is not to say that reverse engineering a digital disease pathogen is a worthless endeavor. To the contrary, it can add tremendous insight into how the pathogen behaves, but when the pathogen has not yet been captured, understanding its mode of communication may help in recommending a mitigating control which may quarantine or contain the pathogen long enough to minimize or prevent damage, while at the same time, affording the time to capture it for analysis.
Epidigitalogy surveys will not reveal the internal structures of a digital disease pathogen. It will, however, narrow the scope on commonalities and outliers which will help in installing or removing technical or procedural controls to reduce or eliminate a digital disease. As Dr. Snow’s survey showed, full understanding of a pathogen is unnecessary to make a change to an environment which helps the public. When time permits, it is prudent to revisit the pathogen and learn its inner workings. This is the function of malware reverse engineering specialists.
Culture and its importance to security
The causes of a digital disease may not be completely evident in the host data survey results. In order to comprehensively understand the health state of a digital environment, the social and cultural habits of the users need to be taken into account as well. What is the use of spending time and resources implementing a digital control, only to have the users circumvent it? In Snow’s time, the equivalent would have been the Broad Street residents putting their own temporary handle back on the Broad Street pump in order to obtain convenient water clandestinely in violation of the law. In order for information security professionals to get a comprehensive understanding of the environment, they must interact with the user community and understand their wants and needs. By understanding the wants and needs of the community, an information security professional can more easily hypothesize how users would react to policy changes or other mitigating controls. One activity information security professionals can perform to increase their knowledge of the users and also inform the users of their role in security would be to provide security workshops. If users are better informed on the information security methodology, reasons for implementation, and the consequences of not adhering to policy, everyone stands to benefit.
At the CDC it wouldn’t be out of the ordinary to hear someone ask, “Where is the handle to this Broad Street pump?” I hope the day comes when a non-technical executive asks an information security director, “How close are we to getting a handle on this digital disease?  If executive management can more easily understand what is being communicated to them and they are able to make better informed decisions based on better understanding, then we may very well enter an improved public health phase against digital diseases.

     If we do our part to continuously monitor and improve digital health, historians of tomorrow may look back at the 1990’s and early 21st century as a transitional phase to a healthier digital world. Will digital diseases disappear completely? The history of biological diseases tells us no, but with proper hygiene and community health survey methods, humanity’s days of major epidemics may become a very rare occurrence. By following the ideas of the epidemiology field, I believe we can obtain similar success and safety. If we do achieve a greater level of community health, humanity’s digital cities will flourish to greater heights.
I'd like to end by rephrasing a quote by Dr. John Snow, "You and I may not live to see the day, and our names may be forgotten when it comes; but the time will arrive when digital diseases will be things of the past; and it is the knowledge of the way in which the disease is propagated which will cause them to disappear."

Thank you for reading this blog. If we work together and share our analytical procedures and scripts we can all stand a better chance of detecting digital diseases before they seriously impact public health. Feel free to reach out to me via the discussion forum feature in this blog.  

Previous Post  Leveraging Waiting Room Time

Next Post Samples and References

Survey Study Tools
     The following tables, graphs and visualizations are examples of tools for performing continuous surveying of digital populations.

Cohort Study
      A cohort study takes a look at a random sampling of the population and compares it to a known group of infected systems. It than takes a specific variable or set of variables and compares the hosts’ health outcome. In table 1, we can see that users who used a resource from USB were 5.69 times more likely to become infected. This study would warrant further study to ascertain exactly what caused the infection from USB use, but at a minimum a USB protection layer can be considered to reduce the overall probability of an infection outcome. If all the USB borne disease pathogens were executable files, security administrators may consider applying a prevent execution, but allow read and write to/from USB devices policy on their endpoint security software on the host.

Case-Control Study
     If a specific resource is suspected as a determinant of a digital disease, a case control table may help shed some light. This case control table asks the question, “who accessed a resource” (for example the \\Nas1server\fileshare), and of those who did, how many were infected when compared to known infected and known uninfected.
 

Distribution of Hosts by Source of Symptom Alerting Technology (MultiVariable Table)
     This multivariable table highlights the different sources of logging that are identifying a known digital disease pathogen on hosts. This type of table can help inform which technology is best used for identifying a particular threat, and can be further leveraged as a mitigating control mechanism. It may be beneficial to sort by any of the columns to discover tell-tale signs of susceptibility. For example, if a sort by operating system is chosen and it is determined that more Windows XP systems are becoming infected, further investigation of what specifically in Windows XP makes it susceptible may help with formulating a mitigating control.
 

Frequency Distribution of files by reputation and file size
This scatter plot shows the reputation placement by reputation score and by file size. The files on the far right on the x-axis are known-good and can potentially be ignored. The files between -106 and -8 are of unknown reputation and are therefore suspect.
 

Epicurves
     The illustration 8 epicurve is an example of a set of logs specific to Autorun.inf activity logged to a central server and the frequency of Network Attached Storage (NAS) server access violations of autorun.inf. This epicurve shows that autorun.inf writes to the NAS has significantly increased in an upward steady curve. This may be indicative of a new digital disease pathogen introduced into the environment.

MxN Table Reports

The following table is a listing of the possible reports that can help an epidigitalogist surveying a digital community for symptoms of digital disease onset.

A. Total number of events

B. Total number of AV events

C. Total number of Registry events

D. Total number of Process events

E. Total number of Host Integrity events

F. Total number of Network firewall events

G. Total number of IPS events

H. Total number of IPS events by signature type

I. Total count by subnet

J. Total count by Operating System Type

K. Total count by service pack

L. Total count by application

M. Count of application discovered

N. Executable name X.exe

O. Company label

P. Publisher

Q. Date of First Worse Infection

Epidigitalogy helps answer the following types of questions:
1. Does exposure to USB executables increase likelihood of infection?
2. Does limiting execution from certain resources reduce infection rate and simultaneously allow for continuance of acceptable level of functionality?
3. Does limiting access to specific resource improve security without disproportionately hurting the business?
4. What is the ratio of machines infected versus non-infected based on type of resource used?
5. Where is the best mitigation target: the host, the environment or the pathogen?
6. Is the best mitigating control:
     a. A patch on the host?
     b. A web filtering device block rule?
     c. An update to the endpoint protection software (Antivirus, Intrusion Prevention System, Behavior, Firewall, Application Control)

Epidigitalogy Investigative Questionnaire
1. When did the digital disease determinant first appear?
2. Where did the digital disease first appear?
3. Where did the digital disease pathogen first originate from?
4. Who is the probable index case (patient zero)?
5. Were the affected parts a specific group of assets or persons?
6. What is common about the affected hosts?
7. Are the digital disease determinants endemic?
8. Who was within the area when the infections began?
9. Would assigning different people to specific target areas improve discovery odds?
10. Is the corporation willing to change?
11. Is the organization prepared and willing to make OS changes quickly?
12. Is the organization prepared to make security product changes quickly?
13. Should alternate security software and or procedure controls be used as a second opinion?
14. Is information for all departments logged to a central authority?
15. What are the actual and potential health problems in the community?
16. Which populations are at increased risk to digital disease exposure?
17. Which problems have declined over time? Why?
18. Which ones are increasing or have the potential to increase? Why?
19. How does distribution of security services and controls relate to the level and distribution of digital diseases?

Epidemiology References

Vinten-Johansen, Peter et al. Cholera, Chloroform, and the Science of Medicine. Oxford University Press; (2003)

Who is Dr. John Snow? Site http://www.ph.ucla.edu/epi/snow.html

Johnson, Steven. The Ghost Map. Riverhead Trade; 1 Reprint edition (October 2, 2007)

Pendergrast, Mark. Inside the Outbreak. Mariner Books; Reprint edition (April 13, 2011)

Principles of Epidemiology in Public Health Practice” Retrieved from http://www.cdc.gov/osels/scientific_edu/ss1978/SS1978.pdf

Friis, Robert H. Epidemiology 101. John & Bartlett LLC 2010

"D3.JS” [Software] Retrieved from http://www.d3js.org/

"jQuery” [Software] Retrieved from http://www.jqplot.com/tests/bubble-plots.php

"Center for Disease Control and Prevention Epidemic Intelligence Service" web site http://www.cdc.gov/eis/

EpiInfo “(7)” [Software]. (2014). Center for Disease Control and Prevention Retrieved from, http://wwwn.cdc.gov/epiinfo/

Outbreak. Dir. Wolfgang Peterson. Perfs. Dustin Hoffman, Rene Russo. Warner Bros, 1995.

Contagion. Dir. Steven Soderbergh. Perfs. Matt Damon, Kate Winslet. Warner Bros, 2011.

Andromeda Strain. Dir. Robert Wise. Perfs. James Olson, Arthur Hill. Universal Pictures, 1971.

Previous post Trust in Our Digital Cities

“And… here, we, go.” – (Heath Ledger’s immortal performance as Joker)

The opening reception was actually as expected, it was bigger than ever; at least it seemed that way, looking more like GITEX than ever before. With the announced attendance of 22,000 people it would have to be bigger. The floor was packed with the usual suspects, up and comers going for bigger booths than before, and the usual plethora of new entries to the field. Where 5 or 6 years ago, there were a hundred or so smaller startups, now it looks like a VC swap meet, with vendors touting their niche solution, with seemingly half of them looking to get bought up by one of the bigger fish.

Cloud.

That’s it. If you were missing the cloud shift, it’s been seismic (no pun intended with Sunday’s earthquake). The evolution of how data is managed has either come full circle (if you’ve been around for 15 or so years in this field) or bridged the gap to what is the consumerization of IT and acceptance of not holding your own data anymore. We can thank iCloud and other similar services as it’s made us ‘ok’ with the fact that we aren’t holding our info, but have immediate access to it. We used to be (I say we, as the collective paranoid IT folks) so afraid of not holding our data we would keep copies upon copies of it, most of us still do, and rightly so. The acceptance of trusting another organization to hold our data has tipped the scales to where cost, flexibility, and simplification have outweighed the fear of loss. One word of caution though – make sure whatever target you choose for your organization’s data for cloud has encryption, data loss prevention, and data recovery mechanisms in place.

VMUnderground was not some secret, rave-like event; it was a fun gathering of attendees, and was actually above ground on the terrace and 4th floor of the Metreon. Beautiful cityscape views and great conversations highlighted the night. I was neither disappointed, nor wildly impressed, but perhaps I’d built it up in my mind to be something bigger than it was.

See you at the Symantec booth if you’d like to pick up a wristband for vFlipCup:

• vFlipCup, 7pm, Folsom Street Foundry; you can register here as well

When trying to access Process Manager portal the browser states "Page Cannot Be Displayed"

You may see these kinds of errors in the Windows Event Logs:

computer | Error | 10/27/2008 2:56:05 PM | Microsoft-Windows-IIS-W3SVC-WP | 2297
The worker process for application pool 'application pool id' encountered an error 'Configuration file is not well-formed XML
' trying to read global module configuration data from file 'path to the file', line number 'line number'. Worker process startup aborted.

Computer | Error | 10/27/2008 2:55:41 PM | Microsoft-Windows-WAS | 5172
The Windows Process Activation Service encountered an error trying to read configuration data from file 'path to the file', line number 'line number'.
The error message is: 'Configuration file is not well-formed XML '. The data field contains the error number.

 MicroSoft has a fix that may resolve your issue. The article is listed below.

http://support.microsoft.com/kb/960412

US businesses are being warned about Trojan Backoff, a new point-of-sale malware capable of stealing credit and debit card information.

Surveys have proven that the majority of small businesses do not have a disaster recovery plan in place, yet something as simple as an IT manager spilling a cup of coffee on a system could destroy a virtual network. Here are some practical solutions to creating a successful disaster recovery plan.

New phishing campaigns mimic Facebook’s branding and display images of glamour models to lure victims.

One of my favorite things about VMWorld is the attendee mindset. People come here to have fun and socialize, and San Francisco is a great town, but they are here first and foremost to learn, explore, and grow from the event. The sessions are so numerous to choose from that many organizations send a few representatives, the labs are educational and practical. Where I see the best example of this mindset is at the vendor booth interactions. Yes, people like the free stuff, and love to win prizes, but there have been more meaningful and quality conversations I’ve had with dozens of attendees at the booth than in years past.

On to the technology – there are still so many, too many people still not virtualizing as much as they want to. My impressions and the industry analysis have both supported that this still revolves around the lack of virtualizing tier 1 applications. If there was a Family Feud style gameshow with admins playing, the top answer for “Things you might hear at VMWorld” would be “We’re not virtualizing Exchange yet”. Now I get it, you want to virtualize as much you can; but you can’t risk bringing the entire organization to a crawl for a poorly performing Exchange VM. So instead of solving for this, most just leave these systems as physical servers, but not for the right reasons. They do so out of fear and uncertainty, not out of the understandable necessity of keeping a system physical because it’s already taxing that physical systems resources to where virtualizing wouldn’t be practical.

In the category of “Things I say at VMWorld the most”, the top answer would be “We can take care of that for you” followed closely by “That’s in the product already”. For helping admins virtualize with confidence, we offer a native feature for P2V that we call Migration Accelerator – it protects your physical resource like it always does, but also automates conversions to VMs, so you can test and modify VM parameters as needed and ‘flip the switch’ when you know the VM is going to perform properly. It’s our deep application awareness (VSS awareness for AD, Exchange, SQL, SharePoint) that enables the migrations to be of higher quality and integrity. The worst case scenario isn’t a failed conversion – it’s finding out a week after you’ve decommissioned the physical Exchange server that your virtualized Exchange server is has some corruption.

As always, we offer you to try it for yourself, just visit www.backupexec.com and download the trialware to try it out for 60 days.

For the vExperts out there, we have an even better, special offer – FREE software, not just trialware.

Stop by the Symantec booth for your free copy of Backup Exec V-Ray Edition. It provides protection for your VMs, global dedupe, granular recovery of files and apps and much more!

Why this post?

Over the past few months we have seen a number of reports on breaches of healthcare organizations and medical device manufacturers where the suspected or documented target was intellectual property data related to medical devices.  Some of these recent cases have received wide press coverage.

As a result, the FBI has issued a warning to US healthcare companies that they may be the target of further cyberattacks (FBI warns healthcare firms they are targeted by hackers). The document indicated that several companies in the sector had been targeted and intellectual property, rather than personal data or PHI, may be the main target of the attacks.

"These actors have also been seen targeting multiple companies in the healthcare and medical device industry typically targeting valuable intellectual property, such as medical device and equipment development data" (FBI)

It is suspected that nation states and/or well-organized cybercrime organizations are behind these highly sophisticated and well-executed attacks. This is in line with a trend cybersecurity experts have been observing for a number of years – the trend towards politically and financially motivated attacks executed with unprecedented degree of stealth, determination, and precision.

In other words, cybersecurity is not what it used to be. Not by a long shot.

What it means for the Healthcare Industry

The healthcare industry has traditionally underinvested in security, yet at the same time we have seen breaches and attacks increase. Hackers focus on healthcare institutions because they are perceived as the easier target compared to other industries. We have seen focus on patient demographic information (i.e. identities), personal identifiers (social security, insurance, or medical record numbers), and medical data (PHI).

We have seen data being stolen for the purpose of financial or medical identity theft, insurance fraud, sale of information on the underground marketplace, blackmailing of patients, financial gain, and ransoming of healthcare providers. And now we can add to that list corporate espionage and intellectual property theft.

The recent attacks and breaches highlight the risk of companies in the medial device, biotech, and pharmaceutical industries, as well as their medical research and clinical trial partners – i.e. the hospitals and clinicians they are cooperating with. This does move the discussion to another, higher and very concerning level.

The security industry has, for the past years, developed the concept of “Defense in Depth” … meaning that security as a point solution is no longer good enough. Not only do we need security across all layers, those security layers need to be integrated to allow reliable detection, coordinated defense, and efficient response.

As cyber criminals are getting better, we need to up our game, too. Unfortunately, the bad guys need to be right only once, we need to be right every time. Hence, we have developed concepts of layered security, defense in depth, edge to endpoint, and lastly the importance of selecting the right security partner.

Symantec can help you to protect your infrastructure and information on all levels through:

• Endpoint Security: Symantec Endpoint Protection, Mobile Security Solutions, and specific solutions for mission critical systems (e.g. servers hosting clinical research and other intellectual property data) or difficult to protect and patch systems (e.g. COTS-based medical devices).
• Data Loss Prevention: to understand data location, data access and usage so to allow for the appropriate protection of such data.
• Encryption: to protect critical information on endpoints, fileshares, in email, or data being transmitted.
• Altiris IT Infrastructure Management: to discover IT assets, assess IT compliance, identify vulnerable systems, and manage configuration, patching, and upgrades.
• Validation and ID Protection Services: to enable strong (two factor) authentication and reduce the risk external access channels being exploited.
• Symantec Web Gateway: Backed by Symantec Global Intelligence Network, it provides multiple layers of malware protection and URL filtering, securing web access and detecting malware related traffic.
• Symantec Mail Gateway or Hosted Email Services: to block email-based malware or spam and reduce the risk of phishing attacks.
• Security advisory, implementation, assessment and consultancy services.
• Security Education: to make sure your employees understands today’s security threats and their obligation to prevent e.g. spear-phishing attacks.
• Managed Security Services: Defend against today’s sophisticated cyber threats, accelerate detection, and optimize response to relevant security events.

Large breaches can be costly and result in fines, remediation costs, class action lawsuits, loss of reputation and trust, and can affect your business and market opportunity if intellectual property is affected.

As a security professional, that makes me wonder if not paying attention to what is happening in cybersecurity today, not understanding the changing threat landscape, and not being prepared for modern threats could be considered 'willful neglect'?

Conclusion:

Traditionally, lost or stolen equipment (laptops, thumb drives, backup tapes) were the biggest breach risk in healthcare, and looking at some of the breach statistics, we are still struggling to prevent. Yet, in reality, the bad guys are stepping up their game rapidly and healthcare is now in the crosshair, leading to a growing gap between threats and the industry's security capabilities.

The paradigm is shifting and we need to be ready to deal with these new risks now, not at some point in the future. In a recent interview, John Halamka, CIO Beth Israel Deaconess Medical Center, stated that: “to guard against hackers, health care CIOs are investing in security like never before.”

We have to - the gap is getting bigger as I am writing this.

米国の企業に対して、店頭レジ端末（POS）を狙う新たなマルウェア Trojan.Backoff に関する勧告が発行されています。このマルウェアは、クレジットカードやデビットカードの情報を盗み出す機能を備えています。

ITMS 7.5 SP1 HF2 is available through SIM. It has fixes for the following components:

• Symantec Management Platform
• Deployment Solution
• Inventory Solution

You can access the ITMS 7.5 SP1 HF2 release notes from the following location:

Symantec™ IT Management Suite 7.5 SP1 HF2 powered by Altiris™ technology Release Notes

This blog contains all the versions of SEP and SEPM (Symantec Endpoint Protection Manager) which were released since the first version of SEP in Sep 2007.

It contains the Enterprise Editions (EE) and Small Business Editions (SBE)

RTM - Release To Manufacturing

MR - Maintenance Release (replaced by RU)

RU - Release Update

MP - Maintenance Pack

PP - Point Pack

                            SEP Enterprise Edition/Small Business Edtion 12.1.x

Note: SEP 12.1 Enterprise Edition & Small Business Edition have the same version code and product name.

                                                SEP Enterprise Edition  11.0.x

                                            SEP Small Business Edition 12.0.x 

Note: After RU1 release there are no updates for SBE 12.0, Customer need to upgrade SBE 12.1 

The availability of specific support services, such as telephone support, depends on the lifecycle and support stage of the particular release of your licensed software product

End of life, End of Limited Support & End of Support details are available here.

http://www.symantec.com/business/support/index?page=releasedetails&key=54619

It’s one of the highlights of the year, and this year not only didn’t disappoint, it was the best one yet. While the conference is officially ending tomorrow, the majority of the action has taken place, and the closing party is tonight as well. Did I mention The Black Keys are playing (woohoo!), a great band I look forward to seeing live.

This year VMware set up a ‘pub crawl’ style reception for the vendor floor last night. I can say from experience (mostly good, but occasionally bad) that a conference host that looks for creative ways to continue to get the attendees in front of the sponsors is very much appreciated. Kudos to the entire VMWorld team for a great event! This week has continually, and at times overwhelmingly, had great booth traffic. I love the conversations and interaction with attendees that ask questions about how they can do more with virtual. We’ve solved problems together, built strategies together, and we’ll see success together from this.

Here are some closing thoughts on the week:

• Virtualization is still an opportunity – meaning that a lot of organizations are still looking for ways to virtualize more, virtualize more efficiently, and manage their environments more completely and simply. I would love to see the industry stats show more than just 52% of servers being virtualized next year –especially when anywhere from 70-80+% of organizations are running virtual today.
• Cloud is the answer and the future, but don’t go there without maintaining the same protocols for security, manageability, and control of your data. The same principles of keeping data secure, applications running, and information recoverable apply whether you’re housing it, or whether (perhaps even more so) you’ve outsourced part of it to a cloud provider.
• The Agile Data Center, the one that enables business instead of reacting in a legacy-hardware-procurement-centric mindset is the natural progression of the future of IT. It’s not about virtual, or cloud, or SDDC, or even deep reporting mechanisms – it’s all of these as pieces of the strategy that converge to transform IT into the Agile Data Center.
• Data is the lifeblood of technology, we create, share, and store more of it than ever before (and we’re not stopping anytime soon). With that premise in mind, it’s the people, the IT leaders and visionaries at all levels, that make the difference. The decisions they make, the teams they build, and the human interactions at the center of it are what make all of this work.

Thanks for reading my blog posts from this week, keep in touch on twitter!

- Michael (@Digital_Kru)

The healthcare industry has for years been the number one industry in reported data breaches.  But this dubious honor has been driven in some part because healthcare has the most stringent reporting requirements of any industry.  In other words, unlike other industries, they have to report a data loss.  If every industry had the same reporting requirements, things might look quite different. 

Additionally, while healthcare has had the largest number of reported breaches, it has one of the lowest percentages of actual records lost.   Healthcare has more breaches than other industries, but each loss on average is quite small.

In 2013, according to Symantec’s Internet Security Threat Report (ISTR), 78% of all breaches in healthcare were because of theft or loss of a devices or because the data was accidently made public.  These are preventable breaches when encryption and data loss prevention are used.   So the industry can easily reduce the number of data breaches with tools that already exist.

According to the ISTR in 2013 only 12% of data breaches in Healthcare were caused by hackers.  It might be tempting for the healthcare industry to be less concerned about losing data to hackers.  That would be wrong.

Recent events have highlighted the fact that hackers have discovered very valuable personal information contained within healthcare records.  The three most prevalent pieces of data lost in breaches are real names, birth dates and government ID numbers.  These are the trifecta of identity theft.  Every provider keeps this data as part of their patient healthcare records and attackers have figured out that the healthcare industry is behind in their ability to protect this information.

Of current concern is a threat called Miras.  A new variant of this threat has been targeting the healthcare industry.  Once on a machine, it allows attackers easy access to a compromised system with the ability to steal information and execute commands.  Symantec detects this threat as Backdoor.Miras.

Part of Symantec’s job is to respond to new threats.  The threat landscape changes quickly and the ability to react is critical. We depend on the Symantec’s Global Intelligence Network to discover the latest threats.   But we also depend information from law enforcement and most especially from our customers.  Recently, information from one of our healthcare customers, working with their Symantec Business Critical Account Team, allowed us to update detections for a new Miras variant.  We were able to quickly change an existing generic detection to protect against a specific new variant of the threat they had information about.

The threat landscape today is to complex and too fast for security to be a passive undertaking.  We don’t have time to wait.  Security vendors need to respond quickly to intelligence and this will come from advanced systems and networks  we have in place.  But it also comes from customers.  This partnership is more important now than ever.

From climate change to cyber security to employee diversity, corporate responsibility (CR) and sustainability touches every aspect of Symantec’s business. We’ve defined our strategy and are continually working towards our goals to operate as a responsible global citizen. In addition to our dedicated global corporate responsibility team, every day Symantec employees across the world are helping us deliver on this, creating value for both our business and our stakeholders.

We are happy to bring you an ongoing feature of the CR in Action blog – the Sustainability Spotlight - that will profile employees and their contribution to Symantec’s CR and sustainability efforts. Some are members of our CR team, others contribute through our Green Teams or volunteering, some have seen an opportunity and developed programs in their function or region -- all are making a difference.

Today we hear from Louise Hanlon, Corporate Responsibility & Sustainability Manager for the EMEA region. Louise has recently joined Symantec to develop and move forward Symantec’s Corporate Responsibility strategy and program in the EMEA region.

Three months ago I was honored to join Symantec as the Corporate Responsibility and Sustainability Manager for the EMEA region based in the Reading, UK office. This is Symantec’s first CR manager outside the US, signaling our commitment to developing our global strategy.

I am passionate about helping businesses operate responsibly and forging relationships between the variety of stakeholders that make this possible, including employees, non-profits, media, government, peers/competitors and industry organizations. I am extremely happy to have this opportunity to join a company with a strong CR program and strategy in place that is clearly linked to the core business. A lot has been accomplished across Symantec’s global operations and I look forward to driving forward this momentum in the EMEA region.

Over the past few months, I have had the chance to learn about the various programs in place, and develop a strategy to support and expand our CR efforts in EMEA. While I will begin with a focus on the UK and Ireland in my first year, I am also reaching out to a variety of regions across EMEA to learn more about local activities and ensure that we continue to support the great work being done across this region. The strategy includes:

1. Increasing employee engagement: There are numerous employees across EMEA who are passionate about CR and sustainability, and have been contributing in a variety of ways through volunteering, their personal passions and integrating sustainability into their day jobs. I want to connect with these employees, and provide alignment, support and direction for the great work already happening while also expanding and refining our efforts to ensure they align with our core business.

I also want to ensure that employees who are interested, but not currently active, understand the variety of ways they can become involved and have clear, easy access to the options we offer from supporting our environmental strategy and Green Teams, to volunteering for social causes, to participating in one of our employee resource groups. Most importantly, I hope to translate how our employees can leverage and transform their unique skills into vital pro bono support for our CR partners.

1. Ramping up communications: At Symantec, our CR team leverages a variety of channels to communicate our progress both internally and externally including SymInfo/the intranet, the CR in Action Blog, our Corporate Responsibility website and report, our Green Teams, road shows to select offices and more. I look forward to closely measuring our progress in EMEA, and using this to tell our story both internally and externally.
2. Utilizing our products: A clear opportunity I see for the CR program in EMEA is to continue leveraging the vast array of products and tools that Symantec has to offer. We have a fantastic opportunity to utilize what we have in house as is being done in various programs across the world.

For example, we are currently working on a “train the trainer” program to bring cyber security training to schools in EMEA. Through this program we will train our employees to provide our online training to schools. They in turn will be able to train other employees to do the same. We will work closely with school leaders to implement, and work with them to define a system for tracking our impacts. By putting ourselves in schools, this will also enable us to understand other needs they may have and how our employees can apply their individual skills to support these. For example, they may be interested in guest lectures, or expertise on facility management, IT, or human resources.  

As mentioned earlier, I look forward to implementing all of this and to be a part of developing and executing the company’s global approach to corporate responsibility. 

Louise Hanlon is Symantec's Corporate Responsibility Manager - EMEA

At least five U.S. banks have been targeted in a sophisticated cyberattack this month. New York Times reported that hackers breached the network and stole gigabytes of sensitive information, including checking and savings account information. The F.B.I. is involved in the investigation and is conducting forensics, but it isn’t yet clear who originated the attacks.

The attack is not unexpected. Financial institutions have been fighting malware targeting online banking for over ten years. Attackers who are motivated by financial reward, however, quickly adapt to countermeasures and many security implementations are ineffective at protecting against advanced attacks. According to the 2014 Symantec Internet Security Threat Report, the financial services industry ranks 5th among the top 10 industries for targeted attacks.

How can banks strengthen online security?

Be proactive. Here are several recommendations to help organizations secure their online business:

1. Protect your customer's entire website visit by deploying SSL on all your web pages.
2. Implement security precautions on all mobile devices including strong authentication.
3. Use encryption for data in transit and at rest (SSL does not encrypt stored data).
4. Protect physical and virtual data centers with host-based intrusion detection and prevention solutions.
5. Be sure to get your digital certificates from an established, trustworthy Certification Authority who demonstrates excellent security practices.
6. Deploy endpoint protection software and gateway antivirus and regularly scan for vulnerabilities.
7. Monitor the threat landscape and your infrastructure for network intrusions, propagation attempts and other suspicious traffic patterns.
8. Educate users about security policies and information use.

Unfortunately, 45 percent of global CIOs admit to underinvesting in cybersecurity according to a recent Accenture study. While CIOs are generally aware that endpoint protection alone is not enough to protect their business against advanced cyber threats, many are reluctant to upgrade security technologies because of the perceived cost involved.

Companies often avoid sufficiently investing in cybersecurity because they perceive that existing threats don’t warrant high levels of investment. Unfortunately, the cost of data breaches is high– as many organizations have discovered in the wake of recent mega breaches. 

For more information about how to protect your organization from advanced attacks, read our AV is Not Enough for the Enterprise blog, or download our white paper: The Cyber-Resilient Enterprise: Harnessing Your Security Intelligence. #GoKnow and #DoItAll

Additional Resources

Blog: State of Financial Trojans 2013

Whitepaper: State of Financial Trojans 2013

Storify: Underinvesting in Cybersecurity