Welcome to the second in our series of blog posts on malware evolution and its impact on Incident Response. In our first installment we focused on how modern malware has evolved and why it is essential for us as Incident Responders to be prepared for what our adversaries are operating with. We considered some examples and discussed attacker’s motivations behind malware payloads and the impact on victims.

Today’s topic is dedicated entirely to bot-related matters, where we will examine botnet infrastructure. Botnets are considered by some to be the Internet offender’s weapon of choice. Before we delve directly into the computer criminal’s cyber-arsenal, it is important to understand what bots and botnets are and how they work. The subject of bots opens up a whole new glossary of terms and abbreviations, which we will describe and demystify.

A bot is, in simple terms, an infected computer under the remote control of a malevolent computer user. When a computer is infected with bot malware it unwittingly and covertly joins a network of similarly infected machines, often hundreds or even thousands in number, forming what is called a botnet, a shortening of Robot Network. The bots remotely connect to and are controlled by a rendezvous point, commonly called the Command and Control server (sometimes abbreviated to C&C or C2). This connection may be persistent or intermittent and may use one or more Internet network protocols in order to communicate.

The cybercriminals, who control botnets, are referred to as Bot Herders or Bot Masters. When a so-called Bot Herder logs into the C&C infrastructure he or she is able to control all of the infected computers within the botnet and operate a distributed network army behind the relative safety of the C&C. The bots, also sometimes referred to as zombies, operate completely at the will of their Bot Herder. With the use of faster processors and more Random Access Memory (RAM) in modern computers, machines with malware infestations that are not properly configured with security software are able to exist undetected. Sometimes Bot Herders do not connect directly to the C&C; they use proxied connections in an attempt to distance themselves from further from their captive computers.

A simple botnet topography is a centralised client server/model where the bots report and connect to a single C&C server.  Imagine, if you like, a bicycle wheel, the C&C is the hub and at the end of each spoke is a bot. When the C&C server is disconnected from the Internet the botnet fails, as the bots have no rendezvous-point to connect to. If the command and control server reconnects to the Internet the bots will re-join the C&C and the botnet will establish itself again.

In cases where the bots are configured to connect to a hostname for the C&C connection, for example bad-host.com, the bots will attempt to connect to that command and control server as long as the server resolving to that hostname is connected to the Internet. If the rendezvous-point configuration contains an IP address the bot will attempt to connect to the computer assigned with that IP address only.

As Incident Responders the scenarios where a single C&C server is used creates an ideal disruption opportunity for us and represents a single point of failure for the cybercriminal. If the C&C can be taken offline the bots are no longer under the control of the Bot Herder and we can focus on containing and mitigating the incident; the head is cut off of the serpent. If only life were so simple, in what has now become a cyber-arms race, as one criminal ploy is foiled another technique, created to avoid disruption, bubbles to the surface.

As contingency planning modern botnet malware often utilises a number of domains or IP addresses to connect to. Others are configured to connect to a series of proxy servers, which afford the C&C a layer of protection. The redacted image below shows a computer infected with bot malware attempting to unsuccessfully connect to a number of IP addresses used as web proxy servers every ten seconds. Once established the bots transmit data to the C&C, which remains hidden behind the proxy layer.

The first botnets used Internet Relay Chat (IRC) protocol for communications, PrettyPark.Worm[1] being an early example. These connections were persistent and the nature of IRC made them highly scalable, configurable and controllable. Following on from IRC, hypertext transfer protocol (HTTP) was and still is used as a C&C communication protocol, Trojan.Zbot[2] being a notable illustration. Malicious connections between bot and C&Cs were able to exist within legitimate web traffic making illicit communications more difficult to detect, IRC traffic being more readily identified on a network. HTTP botnet infrastructure can be used as either a relay mechanism, as shown above, to serve updates and supplementary resources, or as a direct Command and Control server.

There are other more complex Botnet C&C models, Peer-to-Peer (P2P) infrastructure presents a decentralised meshed topography and as such is more far challenging to investigate and dismantle. Upon execution infected host computers will attempt to establish communication with their peers. The redacted image below shows a PC infected with Trojan.Peacomm[3] attempting to publicize its presence to a number of peers using the eDonkey/Overnet Protocol. In this instance the malware opens and listens on port UDP/4000 for connections.

In P2P botnets there is no obvious C&C component to target in order to tackle the infrastructure. Network dialogue instructions contained within P2P botnet malware often include peer coordination as well as C&C communications. Other methodologies are now commonly incorporated into modern botnet configuration including Domain Name System (DNS) abuse and encryption methodologies.

So, here we are at the end of our whistle stop tour of botnet infrastructure. As you’ve most likely realised, the subject of bots and botnets is vast. The fundamental point to remember is that botnets require a network to exist.

We have now built a foundation of understanding on botnets and how we as Incident Responders can begin to investigate them. To continue our journey in our next instalment we will examine botnet payloads.

Los fabricantes de software solemos tener por costumbre deslumbrar  periódicamente a nuestros clientes con nuevas versiones de sus productos, con nuevas funcionalidades, mejoras, corrección de errores, etc …

Pero la actualización ó Upgrade suele ser un término temido  por los administradores de dichos sistemas. ¿Qué requerimientos hardware tiene esta nueva versión?¿Donde obtengo el software? ¿Cómo afectara este proceso genérico a mi infraestructura en particular?¿Que errores corregidos afectan a mi plataforma? ¿Cuánto tiempo se estima?

Demasiadas preguntas para minimizar impacto en producción y parada de servicio.

Symantec ha desarrollado una serie de herramientas diseñados para ayudar a los responsables de sistemas y administradores de backup a identificar los riesgos y minimizar el impacto de relativo a procesos de actualización ó análisis. El portal Symantec Operations Readiness Tools (SORT)

http://sort.symantec.com/

A través de SORT los administradores pueden, identicar los requerimientos basados en su instalación, realizar seguimiento de las licencias desplegadas, mostrar información relativa a errores.

Incremente el valor de su instalación de Storage Foundation, Cluster Server y NetBackup gestionando su plataforma con SORT.

SORT esta disponible sin coste adicional para todos los clientes.

Ahora también disponible para plataforma iPhone/iPad/Android en App Store y Google Play.

Today’s release of Symantec Data Insight adds data governance for Hitachi NAS Platform environments and enhances records management by offering a unique blend of information classification automation and data owner decision making.

The next change for SSL Certificates

Certificate Transparency (CT) is a Google initiative to log, audit, and monitor certificates that Certificate Authorities (CAs) have issued.  CT’s intent is to prevent CAs from issuing public key certificates for a domain without the domain owner’s knowledge.  Chrome support for CT requires that all CAs log all Extended Validation (EV) SSL certificates in publicly auditable, append-only logs for the green address bar to appear in Chrome.  Read more to understand this change within SSL and how Symantec plans on supporting their customers through this transition. 

Impeding Mis-Issuance

SSL certificates are a critical and an integral part of online security when it comes to e-commerce, online banking, or simply checking your email.  An SSL certificate performs two main functions.

1. It enables encryption between client browser and the website so that no one else can interpret the information exchanged between the two.
2. Equally important, it provides trusted identity information about the website to the end user.   

Certification Authorities (CAs) that issue SSL certificates, like Symantec, rigorously validate this trusted information. CAs invest heavily in validating an organization's information and ownership of the website before they issue Organization (OV) or Extended Validation (EV) certificates.  However, not all CAs are created equal and in the past some have issued certificates for prominent websites to unauthorized parties.

Detecting mis-issuance in a timely manner can be very important in mitigating further misuse of fraudulent certificates.  Certificate Transparency (CT) provides a viable mechanism to address this issue. 

How CT Works

There are four main participants in CT:

1. CAs,
2. Log servers that act as public repository of SSL certificates,
3. Auditors (web browsers or any client that accepts an SSL certificate), &
4. Monitors.

Before issuing an SSL certificate, a participating CA sends all information about that certificate to one or more log servers, which are trusted by the CA and auditors. The Log server accepts the certificate and issues a cryptographically tamperproof unique verification (Signed Certificate Timestamp – SCT) to the CA.  While issuing the certificate, the CA then includes such proof(s) inside the certificate. There are other ways to deliver these proofs but we will discuss them later in this blog.

The current TLS/SSL system vs. TLS/SSL with CT

When a browser visits an SSL enabled website, it first validates the SSL certificate against various industry defined checks.  CT proposes that browsers who perform an auditor's role in CT should also check for the SCT proofs included with the certificate.  CT provides a guideline on how many proofs a certificate should have based on validity period of the certificate.  A browser checks the SCT proofs based on the log servers it trusts.  For a SCT proof to be valid, a browser must have the issuing log server's public key in its CT trust store. It is important to note here that the browser does not make a real-time check with the log server. As of today only Google Chrome has planned to support CT. The browser’s role in CT is mainly to enforce that CAs publish certificates they are going to issue and include proof(s) of such publication.

CT monitors can be developed and deployed by anyone who wants to keep reviewing newly added certificates to log servers. The intention here is by monitoring log servers one can detect mis-issued certificates for specific websites.

Apart from embedding SCT proofs in SSL certificates they can be delivered as a TLS extension or via OCSP stapling. These methods require advance configurations on web servers.

CT is a good attempt to make available all issued SSL certificates in one or more public repositories. If a CA decides not to publish the issued SSL certificates to log servers then browsers can decide on how to treat that certificate. In its initial proposal, sometime early next year, Google's Chrome browser will not be showing the "green browser bar" for EV certificates that do not include the required CT proofs with them. One can argue that instead of creating public repositories one can look at all publicly accessible certificates to detect mis-issuance. However, this may be more time consuming than just checking the proofs of publication before accepting a certificate. Thus the intrinsic value of CT is created by the enforcement of the browser(s). In the absence of a vast and diversified pool of CT auditors, it will not provide the full value it promises. At this time, except for Google Chrome, there are no published plans from any other major browsers to support CT.  Additionally, desktop applications, mobile applications, and web services that are part of SSL ecosystem need to participate in CT for it to be truly effective.

CT monitors will be a good mechanism to detect mis-issuance relatively quicker than crawling the entire web. However, not every website owner will have resources to build and run such monitors. Only big companies are likely to build such monitors to detect any mis-issuance.

CAA, an Alternative?

One important thing to note is CT does not solve the problem of mis-issuance but makes it easier to detect errant issuance.  There are other solutions like CAA, which focuses on preventing mis-issuance but in a different way.  In CAA, a website owner specifies in the DNS records which CA can issue certificates to its website.  Every CA that supports CAA is supposed to check for such authorization before issuing a certificate.  One can argue that this is not mandatory but if auditor/browser enforcement is designed similar to what is present in CT, then CAA can be effective in preventing mis-issuance.

Data Privacy Challenges

From a privacy angle CT poses a challenge.  If an authorized website owner for some reason does not want to publish its certificate details publicly then EV certificates may not work properly with browsers that enforce CT. Just think about a certificate issued for an internal website for a new product to a company that fiercely guards its new product information from being leaked, or a classified government project.  CT must include a way to respect and handle such privacy.

How Symantec Helps

For customers with existing EV SSL certs, we will be reaching out to understand your privacy requirements on internal EV SSL certificates.  We want to make sure that internal data remains internal and not be listed on public CT logs.  External EV SSL certificates will be automatically published on the CT logs before February 2015 to help ensure that the corresponding external sites continue to be highlighted with the green address bar on Chrome.  Future EV SSL certificates will come with an option to be published on the logs.  To learn more please visit our knowledge base article.

Stay in Touch

Follow us on Twitter or Facebook to be kept apprise of the latest in security news and our latest blogs.  Visit our support forum as well to get user hints and solutions to common user issues. 

Google recently announced the https certificate update to its search algorithm, it will directly impact on your website ranking, if your website carry the SSL Certificate then you will get the “Google Ranking” boost up. But think why Google is giving the more important to websites which has an SSL Certificate let me explain you.

An SSL Certificate is create a secure layer between your web browser and visitors’ web browsers, and making important data like banking & personal details in encrypted format. As phishing attacks are increasing nowadays, online security is major concern for the world. Google believes that by penalized the websites which don’t have an SSL Certificate, owners of the websites create the benchmark that show users are more likely to visit a websites which are secure with “https” and by this way people become more aware about online web security and the companies are pushing their website with https certificate.

Any authentic website without an SSL Certificate will see the impact of Google’s update immediately, as they decrease the organic traffic for their website and ranking. This could be disastrous for the online firms who do not upgrade their servers and website with SSL Certificate.

The decrease is to effectively bury potential ‘scam’ websites at the bottom of search results, as Google believe those without SSL certificates are likely to be run by people looking to mine personal data for spam or fraudulent purposes.

As we’ve already explained, a low ranking on Google could sound a death knell for online business, which are looking to attract new customers who search for online services or products. If you’re unsure if you have an SSL certificate or not, go to your webpage and look at the address bar.

If your web address starts with ‘https’ and you can see a padlock symbol in the address bar, like the one above image, then you have an SSL certificate. If you do not see either of these then speak to your web hosts ASAP about upgrading your server as soon as they can.

If you are new and don’t know anything about SSL Certificates, you no need to worry about it. You can easily buy an SSL Certificate by selecting 3 options through “SSL Wizard”.

In Enterprise Vault 11.0, along with the enhanced and intuitive search UI, a lot of changes have been made at the server side to effectively administer Enterprise Vault Search (EVS). One such feature is the introduction of a pre-defined Search Administrator role in the Enterprise Vault Role Based Administration Console (RBAC).  With this new role, an administrator can easily manage all the search related tasks within the vault admin console. To perform search related tasks 4 new Task Definitions have been created and added to the search administrator role. Below is a brief description of the task definitions which enables Search Administrator role to carry out all the search related tasks.

EVT Administer Client Access Provisioning Tasks: Client Access Provisioning Task (CAPT) is introduced in EV11 to provision users for the new Search and Internet Mail archive. This new task definition allows administrator to perform all the CAPT related operations like Create, Edit, Rename and Delete.

EVT Administer Search Policy: Through a search policy administrator can govern the search related features to be enabled for the end user. The EVT Administer Search policy task definition allows administrator to perform operations like Create, Delete and Edit search policy.

EVT Administer Search Provision Group: This task definition allows Search administrator to Create, Edit and Delete Search Provisioning Group.

EVT Administer Site Search Properties: With this task definition administrator can upgrade the search in case the EV environment has been upgrade from EV10.0.X to EV11.0       

User with Search Administrator Role will see only search related options in the Vault Admin Console. In the below image user with only Search Admin role has access to the Client Access node, Search Policy node and Enterprise Vault Server node where user can only create a Client Access Provisioning Task.

Note: The Search Administrator role has also been added to all the existing Content Source (Exchange, FSA etc.) Admin roles

We can all agree that children need to be taught best practices on how to use the Internet and technology. There are many common pitfalls, and we want children to learn how to steer clear of those problems. Just as important, we want them to be kind and respectful in their online interactions, to guard their privacy and their reputation, and learn to be good digital citizens. Too often, the responsibility for this education falls in the hands of parents, who may not have the background or information to handle this effort. Some schools have added lessons and assemblies about online safety and digital citizenship into their curriculum, but still many others have not.

Symantec employees believe that our school-age children deserve to be taught these lessons and that they should be designed in a way that is appropriate for their age and their maturity level. To assist in this effort, we’ve partnered with respected parental advisory and educational nonprofit, Common Sense Media, to create a program of easy-to-use materials that employees can use to help local schools and youth groups educate their students and members. Currently, Common Sense Media has 80,000 schools and 190,000 educators registered as members. This employee volunteer program, tailored by age and topic, is designed so that anyone, anywhere in the United States, can select lesson plans for classrooms or other community groups.

All the lesson materials are designed by educational experts but are broken down, step-by-step, so that anyone can deliver the plans with ease. Our employees can teach the materials alone, join together with a co-worker, or partner with local teachers to help them deliver the materials. Each lesson is designed to last about 45 minutes, but employees can choose to break them into shorter segments, making them easy to tailor to classroom and workplace schedules.  The lessons are also designed to adhere to Common Core educational standards, so they fit right into a school’s instructional time, instead of competing with it.

For those more comfortable presenting to adult groups, options include organizing a teen panel for your PTA, where a selected group of local teens discuss their online lives, or organizing small discussion groups, perhaps of sixth grade parents, to share a guided conversation on a single topic.

It is so important to teach our children how to be good digital citizens. But who is going to teach our children unless we have the proper tools? The right training materials are crucial for passing knowledge down to our youth. Our employees are always eager to find ways to contribute to their communities, and we’re excited to offer them this chance to combine our expertise as a business with their personal passion to give back.

For more information about the program, please contact us at Online_Safety@symantec.com. 

Marian Merritt is Symantec's Director of Cyber Education and Online Safety Programs

Critical new Windows zero-day has reportedly been used in a limited number of targeted cyberespionage attacks to deliver a back door on to the victim’s computer.

Cross-industry collaboration results in major blow against Hikit malware used by Hidden Lynx APT group.

Una operación coordinada entre Symantec y otras compañías de seguridad dio un importante golpe a Backdoor.Hikit y a otras herramientas de malware utilizadas por el grupo de ciberespionaje llamado Hidden Lynx. La Operación SMN permitió que las compañías más importantes de la industria de la seguridad compartieran inteligencia y recursos, lo que ha posibilitado el desarrollo de una protección integral que podría incapacitar la efectividad de este malware.

A zero-day vulnerability affecting Microsoft Windows TrueType Font (TFF) parsing is reportedly being used to gain remote access into an international organization.

This month the vendor is releasing eight bulletins covering a total of 24 vulnerabilities. Thirteen of this month's issues are rated ’Critical’.

I want to share my perspective on the decision to separate Symantec into two companies: the Information Management business, and the Information Security business, which includes Norton. I was fortunate to be able to participate in many of the strategic discussions around these decisions and am convinced that there is a great market opportunity for both of these businesses. However, I also strongly believe that we can best capture the opportunity by operating as two companies, enabling each company to better focus on addressing customer needs to deliver more impactful customer experiences. Taking this decisive step forward now will enable each business to maximize its potential. Setting up the Information Management business will be complex and take many months, but there should be minimal impact on the operations of the Norton business.

The Norton business will remain an important and equal component of the Symantec Security company. Norton continues to be critical to our tens-of-millions of consumers in protecting their devices, identities, and digital lives. We will continue to invest and innovate on our core protection capabilities and how our customers and small businesses experience our products while enrolling and using Norton security services. This will allow Symantec even more focus on what we do best, providing the best customer experience with our Norton security products.  This news does not impact current Norton products, services or licenses.

I believe that this is an important and positive step forward for both the Security and Information Management businesses.

Go Boldly,
Fran Rosch

Over seven million Dropbox users could have had their credentials stolen by an anonymous hacker. Data breaches and online thefts like this one are happening at alarming rates. How can businesses keep data secure as online attackers get more aggressive?

限定的な標的型のサイバースパイ攻撃で、標的のコンピュータにバックドアを送り込むために Windows の新しい深刻なゼロデイ脆弱性が悪用されていると報告されています。

Welcome to the September edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.

The average number of spear-phishing attacks rose to 53 per day in September, after a 12-month low in August. Spear phishing activity has returned to levels seen earlier in the summer, but is still down from the 12-month average of 85 attacks per day.

The .doc file type was the most common attachment type used in spear-phishing attacks, making up more than 52.9 percent of all attachments in September. At 4.8 percent, last month’s top attachment, .exe file types, dropped to fourth.

There were only four publically disclosed data breaches that took place within the month of September, resulting in the exposure of 2.5 million identities. However, there were 14 additional data breaches reported in September that took place earlier in the year. The largest data breach reported in September actually took place in April, and resulted in the exposure of 56 million identities.

Ransomware continues to decline as 2014 progresses. However, crypto-style ransomware remains high, making up 38 percent of all ransomware detected in September.

There were 600 vulnerabilities disclosed in the month of September, the highest number so far in 2014 and second-highest in the last 12 months.

One in 2,041 emails was identified as a phishing attempt, compared with one in 1,587 for August. While at first glance this looks like a big drop, it results in only a 0.01 percentage point decrease in the overall phishing rate.

We hope you enjoy the September Symantec Intelligence Report. You can download your copy here.

In Enterprise Vault 11.0, there are many PowerShell commands introduced.

This is an introduction to how to get started.

1. Start  “Enterprise Vault Management Shell”
2. By default, new commands introduced in EV 11 will result in an error.
3. You have to manually load these 5 modules .
   

   Symantec.EnterpriseVault.PowerShell.AdminAPI.dll
   Symantec.EnterpriseVault.PowerShell.Core.dll
   Symantec.EnterpriseVault.PowerShell.IMAP.dll
   Symantec.EnterpriseVault.PowerShell.Monitoring.dll
   Symantec.EnterpriseVault.PowerShell.Snapin.dll    
   

   This is an easy to import them and confirm they are loaded by Get-module command.

   PS> Get-ChildItem -Filter *PowerShell*dll | %{ Import-Module $_.FullName} 
   PS> (Get-Module).Name
   

4. Next, you want to know what kind of commands are available.
   You can go to the document here   or you can list them by Get-Command.

   PS> get-command -Module Symantec.EnterpriseVault.PowerShell* |Sort-Object ModuleName |ft -AutoSize
   

5. To understand the usage of each commands, you can reference the document or do get-help.
6. Since this is PowerShell , little formatting like the following makes the output nice.
   

   PS> Get-EVTask |%{ [pscustomobject]@{State=(Get-EVTaskState $_.EntryID);Name=$_.name;}}|ft -auto
   

A bug has been found in the Secure Sockets Layer (SSL) 3.0 cryptography protocol (SSLv3) which could be exploited to intercept data that’s supposed to be encrypted between computers and servers. Three Google security researchers discovered the flaw and detailed how it could be exploited through what they called a Padding Oracle On Downgraded Legacy Encryption (POODLE) attack (CVE-2014-3566).

From climate change to cyber security to employee diversity, corporate responsibility (CR) and sustainability touches every aspect of Symantec’s business. We’ve defined our strategy and are continually working towards our goals to operate as a responsible global citizen. In addition to our dedicated global corporate responsibility team, every day Symantec employees across the world are helping us deliver on this, creating value for both our business and our stakeholders.

We are happy to bring you an ongoing feature – the Sustainability Spotlight - that will profile employees and their contribution to Symantec’s CR and sustainability efforts. Some are members of our CR team, others contribute through our Green Teams or volunteering, some have seen an opportunity and developed programs in their function or region -- all are making a difference.

Today we hear from Claudia van 't Hullenaar, Principal Marketing Specialist, Global Events, EMEA who spearheaded the integration of sustainability into Symantec’s corporate events.

According to 2012 KPMG report, Expect the Unexpected: Building Business Value in a Changing World, ten ‘megaforces’ will reshape the planet and will significantly affect corporate growth over the next 20 years. After taking a deep look at how the three pillars of sustainability – the economic, social and environmental aspects – relate to business and the social challenges we face, I realized the potential for addressing both simultaneously. So what can I do as an individual? In order to make a difference, I developed and promoted solutions to social and environmental challenges into my job. I realized how deep CR runs within the business and reflects the importance of environmental and social issues to Symantec’s short and long-term success. My personal passion in global citizenship and sustainability initiated my desire to incorporate a sustainable and holistic approach into events, while also tying it into Symantec’s business strategy and corporate responsibility program.

With this in mind, I did research around event sustainability and how that would work for Symantec. There are many guidelines on how to plan and run a sustainable event, such as technical actions like printing less paper or eliminating plastic bottled water. However, by taking a more holistic and process-based approach, I initiated the development of a systematic strategic program to sustainable events taking the ‘triple bottom line’ concept and balancing the event’s environmental, social and economic impacts against our business needs.

This structured sustainable event program integrates repeatable and standardized business practices into Symantec's corporate events and aligns Symantec’s CR goals with our event planning strategy. We designed Symantec’s guidelines from three international core standards recognized in the meetings industry and adapted them to Symantec’s needs: ISO202121, APEX /ASTM, and the GRI EOSS.

Our pioneering project for event sustainability with a comprehensive sustainability strategy was Symantec’s flagship conference Vision 2012 in Barcelona. Our approach and impacts are documented in our event sustainability report. This model has become a core component at our Vision conferences and has progressed steadily since then.  We’ve applied the approach for event sustainability to the 2013 Vision in North America, and an evolved version in 2014 to Vision Las Vegas and four EMEA Vision conferences.

Incorporating sustainability enhances the quality of our events by creating value for our customers, employees and to visibly put into practice Symantec’s commitment to environmental and social sustainability, demonstrating the consistency of our vision across the company. It demonstrates how Symantec embraces the sustainability challenges as a business advantage. By hosting responsible events, Symantec has the opportunity to minimize the environmental impact, conserve resources, generate cost efficiencies, increase social responsibility, and improve the quality and customer experience of our events.

What steps do you take to make sustainability integration a success?

As part of the global corporate events team, I know that ironing out every detail of an event is crucial. It consists from strategic planning including setting objectives and KPIs in order to design the event, elaborating the customer experience, and developing event branding and signage concepts. All these are only some key elements which need to be thoughtfully implemented to design an impactful brand experience that educates, inspires and delights attendees and influences their behavior. Using sustainability as a filter to innovate, it runs into every action we undertake. In order to be able to influence performance and drive change it needs to be integrated early on in each planning cycle. Some key points for integrating sustainability into events successfully include:

• Measuring Impact: It is important to use a methodology for tracking and measuring the impact of integrating sustainability to ensure it has value, and make sure that there is consistency and alignment in our efforts to drive positive returns. We ensure that these actions are implemented through systemic processes, which is a fundamental component so that a continuous improvement can be achieved.

• Training and Mentoring Team Members: An integral part of the program is the training of team members to help develop skills and build capacity. By helping understand context and actions of event sustainability, we can inspire event managers to expand the effort to other events by considering sustainability at every step of the way. Tangible tools make it easier for them to integrate sustainable practices into their regular event plans. As we evolve we plan on providing teams with additional educational trainings and a global resource site, a tool kit with an event sustainability manual, checklists and other material.

• Sustainable Suppliers: Incorporating sustainability into our procurement practices and supply chain is the foundation to maximize sustainability benefits and results. Working hand-in-hand with procurement we recently achieved an important milestone by formalizing our commitment to Symantec’s CR leadership, and launched our Symantec Sustainable Events Policy Statement. Integrating sustainability into the initial project phase and by expressing upfront expectations to our suppliers, will give us more negotiation power. By working collaboratively with our suppliers, engaging and educating them, we will achieve long-term improvements and benefits.

Our journey is characterized by incremental progresses and cycles of continuous improvement. We will continue to evolve and moving forward our goal is taking our sustainable events initiative to the next level evolving from a single event sustainability project to a companywide approach to event sustainability.  

What would you tell others who would like to take action?

We can each bring CR actions into our departments by looking closely at our roles. Sustainability is about commitment, collaboration, sharing of best practices, catalyzing action and creating long-term impact. Looking through the sustainability lense can potentially lead to new ideas and drive innovation in your area.

For departments that are just beginning the sustainability journey, our corporate commitments can provide solid support for a business case. The reasoning for sustainability varies by business unit. For example, the issues, impact and processes involved in product development or manufacturing are different than in event marketing. Seeking best practice examples can help to understand the kinds of systems that play a role in specific departments. Additionally, by expressing interest to your CR team, you can contribute on a grander level.  

It gives me great satisfaction to work for a company strongly committed to CR and that encourages its employees to get involved in CR efforts.  Models of recognition, incentive and reward structures encouraging action related to sustainability projects that are relevant to the company’s products, operations or processes, could catalyze further innovation.

I will continue to passionately champion and lead the charge of the sustainable events program with all its challenges in order to mainstream and drive sustainability thinking. Each small step forward brings us that much closer to a larger goal and continues building a company that creates value both for our business and for society. It is rewarding to see the success of our actions when we do what is possible to make a difference. I hope that our case study inspires other stakeholders to take the lead on CR behaviors in their organizations to drive future innovation and change.