Hi Enpoint Management Community,
ITMS 7.5 SP1 HF4 is available via SIM!
Release Notes can be found here
Hi Enpoint Management Community,
ITMS 7.5 SP1 HF4 is available via SIM!
Release Notes can be found here
Some bad news for Android users, A security weakness in Android mobile operating system versions below 5.0 has been noticed. It puts potentially every Android device at risk for privilege escalation attacks. It has been patched in Android 5.0 Lollipop – the latest version of the mobile operating system.
This vulnerability has been discovered by a security researcher named Jann Horn.
This could allow any potential attacker to bypass the Address Space Layout Randomization (ASLR) defense and execute arbitrary code of their choice on a target device under certain circumstances. ASLR is a technique involved in protection from buffer overflow attacks.
The flaw resides in java.io.ObjectInputStream, which fails to check whether an Object that is being deserialized is actually a serializable object. The vulnerability was reported by the researcher to Google security team earlier this year.
Jann confirms ""When ObjectInputStream is used on untrusted inputs, an attacker can cause an instance of any class with a non-private parameterless constructor to be created," the security advisory from Horn says. "All fields of that instance can be set to arbitrary values." on his blog on Reditt.
Researcher has also developed a POC showing the creash of System_Service. As of now, in order to exploit this vulnerability, one need to get a malicious app installed onto the target device.
This vulerability has been patched with the release of recent Android release - 'Lolipop'.
As Americans gear up for another holiday shopping season, the threat posed by point-of-sale malware remains high. More than a year after the discovery of the first major attacks against POS networks, many US retailers are still vulnerable to this type of attack and are likely to remain so until the complete transition to more secure payment card technologies in 2015.
While some retailers have enhanced security by implementing encryption on their POS terminals, others have not and retailers will continue to be a low-hanging fruit for some time. While the introduction of new technologies will help stem the flow of attacks, it will not eliminate fraud completely and attackers have a track record of adapting their methods.
Point-of-sale malware is now one of the biggest sources of stolen payment cards for cybercriminals. Although it hit the headlines over the past year, the POS malware threat has been slowly germinating since 2005 and the retail industry missed several warning signals in the intervening period. This allowed attackers to hone their methods and paved the way for the mega-breaches of 2013 and 2014, which compromised approximately 100 million payment cards and potentially affected up to one-in-three people in the US.
Attacks have reached epidemic proportions in part because POS malware kits are now widely available, which means attackers can target retailers without having to develop their tools from scratch. For example, BlackPOS (detected by Symantec as Infostealer.Reedum), which was used in the some of the most high profile attacks, has been for sale since February 2013 with a price tag of US$2,000. This is a relatively small investment for attackers, who are likely to net millions from a successful operation.
Figure 1. Point-of-sale attacks exploded once malware kits became widely available on the cyberunderground
Hopelessly exposed
Attacks on point-of-sale terminals had their genesis as far back as 2005, when attackers began using networking-sniffing malware to intercept payment card data while in transit. A group of attackers led by Albert Gonzalez were the main perpetrators, stealing more than 90 million card records from retailers.
As payments processors and retailers tightened up their security, the attackers adapted and attention turned to the point-of-sale terminal. When a card is swiped, its details are briefly stored in the terminal’s memory while being transmitted to the payment processor. This provides a brief window for malware on the terminal to copy the card data, which it then transmits back to the attackers. The technique is known as “memory scraping”.
POS malware was first discovered October 2008, when Visa issued an alert on a new type of exploit. During a fraud investigation, it found that attackers had been installing debugging software on POS systems that was capable of extracting full magnetic stripe data from its memory. Little heed appears to have been taken of this warning, giving malware developers time to perfect their methods. In the intervening period, developers have worked to streamline the malware, integrating all functionality into a single piece of software.
This development process eventually led to fully featured POS malware kits emerging on underground markets from 2012 onwards. US retailers were hopelessly exposed and what followed was a flood of high profile breaches, with several major US retailers hit by POS malware attacks.
Spotlight: BlackPOS
One of the most widely used forms of POS malware is BlackPOS which is also known as KAPTOXA, Memory Monitor, Dump Memory Grabber, and Reedum. Variants of BlackPOS have been used to mount some of the biggest retail POS breaches.
Its development mirrors the evolution of the broader POS malware market. The earliest versions of BlackPOS date from 2010. Over time, it has evolved into a highly capable cybercrime tool which employs encryption to cover its tracks and can be customized to suit the target environment.
By February 2013, BlackPOS was ready for the mass market and the group behind one of its variants began selling it on underground forums, charging customers $2,000 for the package.
Thriving marketplace
While the malware used to mount POS attacks is usually sold on underground forums, these forums are also often where the bounty of those attacks returns to be sold. For example, stolen credit card details from some of the biggest US breaches were sold on a forum known as Rescator.
New research from Symantec found that prices can vary heavily depending on a number of factors, such as the type of card and its level, i.e. gold, platinum or business. Card data originating from the US tends to be cheaper because of the widespread availability stolen US cards. Card details along with extra information, known as “Fullz”, tend to attract higher prices because details such as someone’s date of birth or credit card security password make it easier to perform fraudulent transactions or other activities.
Single credit cards from the US tend to cost $1.50 to $5, with discounts often available for those who buy in bulk. Single cards from the EU tend to cost more, selling for $5 to $8. Fullz start at $5 and can range up to $20. A single embossed plastic card with custom number and name meanwhile will sell for approximately $70. The stolen cards uploaded to Rescator were initially selling at a cost of $45 to $130 per card before prices later settled down.
Will new technologies render POS malware obsolete?
New payment card technologies, many of which are already in use in Europe, have been promoted as effective countermeasures for POS malware but are not a silver bullet. Their arrival is likely to herald the end of the large-scale POS breaches seen in recent years, but they will not eradicate theft of credit card data completely.
The adoption of EMV, chip-and-pin cards to replace traditional magnetic stripe cards ought to render the current generation of memory-scraping POS malware ineffective. However, chip-and-pin cards are still susceptible to skimming attacks and stolen credit card numbers can still be used in “card-not-present” transactions, such as online purchases.
Additionally, stolen credit card information in Europe is often used in the US since it doesn’t have chip and pin as a verification method. Going by this precedent, the advent of chip and pin in the US may mean attackers will continue to attempt to steal card information but use it in other countries that don’t use the chip-and-pin standard.
The chip-and-pin standard itself may be superseded at some point by the adoption of NFC mobile payment solutions such as Apple Pay, Google Wallet or CurrentC. With these payment technologies, the credit card number isn’t transmitted during the transaction. NFC is still susceptible to exploitation by attackers, but most attacks require physical proximity, making large-scale thefts almost impossible.
Advice for consumers
Some retailers are rolling out encryption on their point-of-sale networks to prevent memory scanning, which is encouraging. However, attackers have a tendency to adapt and evolve, and will no doubt look to circumvent these additional countermeasures.
There are several steps you can take to remain vigilant against this type of fraud:
Advice for businesses
Symantec has a number of solutions for retailers who wish to guard their point-of-sale systems from attack. For more details, please read: Secure Your Point-of-Sale System
Symantec protection
Symantec products detect all of the currently known variants of point-of-sale malware, including:
BlackPOS
FrameworkPOS
Dexter
Chewbacca
JackPOS
RawPOS
Vskimmer
Backoff
Further information
For more information about attacks against POS systems, please read our whitepaper entitled: Attacks on point of sales systems
¿Conocéis SORT?, ¿no?.
Es una gran herramienta para ayudarnos a comprobar estados de compatibilidad, requisitos para instalaciones o migraciones de producto, lo podeis encontrar en:
https://sort.symantec.com/home
Y en concreto para la parte de NetBackup aqui:
https://sort.symantec.com/netbackup
Puede hacer cosas como ayudar a chequear el espacio de NBDB de cara a palicar migraciones de versiones o instalación de parches...
Puede enseñar parte de los planes futuros de NetBackup:
https://sort.symantec.com/nbufutureplans
Puede generar checklist de cara a instalaciones/migraciones, aqui un ejemplo para Netbackup en Unix:
https://sort.symantec.com/checklist/install/nbu_sample_unix
Es una herramienta muy potente que puede facilitar mucho las operaciones sobre NetBackup, os animamos a su uso!
Ignacio De Pedro
Announcing the availability of ITMS 7.5 SP1 HF4.
This release is available through SIM and contains a number of fixes for the following components:
Release notes are available at http://www.symantec.com/docs/DOC7940
Cheers,
-Hugo
When creating bootable USB or .ISO with Bootwiz.exe, Ghost32.exe is not included in the boot.wim file (WinPe4.0 file)
bootwix.exe is located here on the SMP:
\Program Files\Altiris\Deployment\BDC\bootwiz\BootWiz.exe
Please keep in mind that with a fresh install of DS 7.5 SP1 you need first to import the windows ADK for WinPE 4.0 by following wizard at:
settings(tab) ->deployment -> Create Preboot Configurations
1 - After importing and installing the WinPe 4.0 environment, please run bootwiz.exe and follow the wizard to create a bootable USB.
2 - Remember to select Stand-Alone boot:
3 - When the Pre-boot configuration creation process has completed, you will be able to access its folder structure from bootwiz as below:
Locate ghost32.exe here on the SMP:
\Program Files\Altiris\Deployment\Imaging\ghost\x86
4 - Now you can add ghost32.exe to the newly created pre-boot configuration by adding the file or folder to the file structure in bootwiz
(Right click to create a folder and to add the file)
5 - Please remember to re-create the preboot configuration(create boot disk)
6 - Save your .iso in a folder easily accessible or onto a USB or CD/DVD and remember to select "stand-alone boot" as on picture below:
Ghost32.exe is now included into the boot.wim file. After booting into WinPe4.0 you will be able to access Ghost32.exe by browsing the X:\ drive in automation
to check if the file has been included into the boot.wim file(without necessarily booting into automation), please follow the article at link below:
NOTE:
If you found the above information useful, please give this article a thumbs-up (top right of the post) or add a comment below. Your feedback would be really appreciated – Thank you, Mauro
Please see below how to access the WinPE pre-boot file "boot.wim" in few simple steps.
We take as example a WinPe 4.0 Pre-Boot .ISO configuration created by using Bootwix.exe following article below:
1 - Locate your newly created .ISO configuration:
2 - Mount the image using for example "magicISO"
4 - If not already present create anew folder in C:\ in our example we name it "test"
5 - Copy the boot.wim file from the mounted .iso image (E:\SOURCES) to the c:\test folder
6 - Create a folder under C:\ , and name it for example "mount"
7 - Open a command prompt (CMD) with admin rights
8 - Run the following command (DISM) as below: (in our example we have set folders C:\test and C:\mount - modify the command to suit your naming and locations)
DISM /Mount-Wim /WimFile:C:\test\boot.wim /Index:1 /MountDir:C:\Mount\
9 - Now you can access C:\Mount and browse it. - In the example below we verify Ghost32.exe has been included in the preboot configuration:
10 - Unmount boot.wim with the following command:
DISM /Unmount-Wim /MountDir:C:\Mount /Commit
If you need to inject NIC Drivers into boot.wim you may want to have a look at this other article:
NOTE:
If you found the above information useful, please give this article a thumbs-up (top right of the post) or add a comment below. Your feedback would be really appreciated – Thank you, Mauro
Following up from article at link below where we explained how to mount and un-mount boot.wim:
In this post, we will go through the process of manually injecting x86 drivers for the network card Intel i217 i218 into boot.wim
1 - First of all we need to prepare the Driver's Folder by cleaning up all the unecessary drivers/files
To see how to pick the correct driver for a specific NIC, and how to do the clean-up please have a look at this article:
(..Under construction...)
The final product will look something like this:
2 - The above folder is now stored as C:\NDIS63\
let's access the command prompt with admin rights and have the boot.wim mounted at folder c:\mount\
3 - to inject the Drivers we run the following command:
DISM /Image:C:\Mount /Add-Driver /Driver:C:\NDIS63 /recurse
4 - the driver e1d6332 has been succesfully injected in the mounted pre-boot environment
5 - It is possible now to un-mount the folder
The pre-boot configuration "boot.wim" is ready for WinPe 4.0 booting on machines with Intel i217 and i218 network cards
For info on how to un-mount the folder, see article below:
NOTE:
If you found the above information useful, please give this article a thumbs-up (top right of the post) or add a comment below. Your feedback would be really appreciated – Thank you, Mauro
For the seventh year in a row, Symantec has earned a perfect score of 100 on the Human Rights Campaign’s Corporate Equality Index (CEI). A score of 100 earns us a designation as a Best Place to Work for LGBT Equality.
The CEI is the national benchmarking tool on corporate policies and practices pertaining to lesbian, gay, bisexual and transgender employees. Here at Symantec, we’re focused on building a winning and inclusive culture that allows our employees to bring their whole selves to work. This recognition is an important signal to all our employees – but specifically our LGBT employees – that we are taking tangible steps toward this goal.
Additionally, we view diversity as a critical component to fostering a culture of innovation, which ultimately leads to business success. As our CEO Mike Brown says, “Every individual brings a unique perspective that inspires innovation. We’re building a culture that celebrates diversity and inclusion because it drives our success as a business, our ability to serve our customers and partners, and our strength as a team.”
To learn more about our commitment to diversity and inclusion, visit the Our People section of Symantec’s Corporate Responsibility website.
Antoine Andrews is Symantec's Director, Global Diversity and Inclusion.
The security thread landscape is shifting.
Protecting infrastructure, information assets and customer experience is no longer enough. Security has become a more challenging issue as it now involves protecting mobile devices, cloud and machine-to-machine (M2M).
This is apparent in our findings from the latest issue of Internet Security Threat Report:
Source: Symantec Internet Security Threat Report 19, 2014
With this, enterprises, SMBs and consumers are expecting CSPs to tackle the challenges of information protection.
This challenge presents a huge opportunity for CSPs to offer new services to their customer base and target markets—focusing on services that CSPs can upsell, build and extend on while gaining benefits that are beyond revenue, like customer loyalty.
CSPs should exploit the market trends and profit from new revenue opportunities riding on their two main assets.
These valuable assets are:
Here are 5 ways how CSPs can address the changing security threat landscape.
Good planning is vital when offering new services. CSPs need to identify a trusted partner to work together in addressing any imminent changes in technology, for instance the SDN/NFV development. A partner with global reach and proven success with other CSPs globally is a good example of who CSPs could work with.
Focus on the core network competencies, leveraging all other differentiating assets, and also the rest of the service stack.To drive upsell opportunities, CSPs should create innovative business model riding on market changes, such as monetization opportunity with OTT players.
CSPs need to deliver superior cloud services that are more trusted and available. CSPs should explore these possible business models for the cloud service offerings, depending on the requirements.
Resilient existing network is imperative to expansion and in maintaining customer trust and loyalty. Proper traffic management can reduce malicious and unsolicited traffic.
By doing so, CSPs can utilise an IT foundation that is not hardware or software specific. This offers an increase agility and flexibility in designing the services and seamless migration from one system to another, which in turn save up on existing investment.
Through these steps, CSPs can profit from new revenue opportunities by addressing the changing landscape. Hence, CSPs must note that the key to success is to differentiate within the marketplace by:
Apart from adapting to a changing landscape, CSPs could also focus on addressing the SMB market, a market “that has been left somewhat untouched”, according to Frank Bunn, Senior Manager, Communication Service Provider Strategy, Symantec EMEA. Read “How can Communication Service Providers (CSPs) address the SMB market?” for more tips on tapping this market.
If you are looking for "Ghost Boot Wizard" in DS 7.5, keep in mind that this name is associated with Ghost Solution Suite.
Iin Deployment Solution 7.5 a very similar tool is "Boot Disk Creator" (bootwiz.exe) and on the SMP it is located here:
\Program Files\Altiris\Deployment\BDC\bootwiz
If you want to know how to include Ghost tools to the USB/DVD pre-boot configuration please see article:
If you are an expert Ghost user and you want to know the location of GHOST executables and tools in SMP 7.5, see below:
https://www-secure.symantec.com/connect/blogs/ds-75-location-ghost-executables-and-tools-smp-75
NOTE:
If you found the above information useful, please give this article a thumbs-up(top right of the post) or add a comment below. Your feedback will help our tech community – Thank you, Mauro
When running "boot to PXE" or "boot to automation" from the console, it is common to see this coming up on the client machine instead of WinPE:
This will result in a LOOP as the client will boot into Production and then the "boot to PXE" or "boot to automation" task will be picked up again until it times out.
Please check the BIOS Boot Setup; very likely "Network Boot" is NOT set as FIRST:
So to correct this, please modify to:
and the client should now boot into WinPE 4.0 as sequence below:
NOTE:
If you found the above information useful, please give this article a thumbs-up(top right of the post) or add a comment below. Your feedback will help our tech community – Thank you, Mauro
Os anunciamos que el programa de beta para la siguiente versión de Backup Exec, Backup Exec 15, ya se encuentra abierto para que os registréis. Esta beta permite a los clientes nuevos y existentes de Backup Exec probar, validar y proporcionar feedback acerca de la nueva plataforma y las mejoras incluidas en la nueva versión
Esta edición beta puede ser instalada en entornos de laboratorio o entornos productivos en todos los lenguajes soportados por Backup Exec.
¿Qué hay de nuevo en Backup Exec 15?
Backup Exec 15 es una solución potente, flexible y sencilla de utilizar para sus backups y recuperaciones para entornos virtuales y físicos. Tú puedes estar entre los primeros en evaluar las nuevas plataformas soportadas y la fiabilidad de las nuevas mejoras introducidas en esta versión. Tu opinión acerca de la estabilidad, funcionalidades y rendimiento del producto nos ayudará a continuar desplegando una plataforma de alta calidad en la que puedas confiar. Backup Exec 15 incluye:
· Soporte para VMware vSphere 2015
· Soporte para Oracle 12c
· Resolución a bugs reportados por los clientes
Adicionalmente, Backup Exec 15 incluye actualizaciones para las siguientes plataformas:
· VMware VSphere 5.5 U2
· Exchange 2013 Cumulative Update 6
· SQL 2014 como repositorio para la base de datos de Backup Exec
· SCOM para 2007 y 2012
· ¡Y muchas más!
Elementos discontinuados
· Backup Exec 15 no soportará servidores de Backup Exec ejecutándose en sistemas operativos de 32 bits
Nota: Servidores remotos con sistemas operativos de 32 bits seguirán siendo soportados a través del Agente de Windows (AWS).
Forward-looking Statements: Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.
Disponibilidad del programa de Beta
Backup Exec 15 estará disponible para su descarga en el primer trimestre de 2015. Hemos abierto el registro en el programa de Beta con tanta antelación con el fin de que los participantes tengan más tiempo para registrarse. Proporcionaremos más información acerca del programa de Beta cuando se acerque la fecha de lanzamiento.
Si tiene cualquier pregunta acerca del programa de Beta puede ponerse en contacto con TSS Iberia:
Álvaro Monje - alvaro_monje@symantec.com
César Lafuente: cesar_lafuente@symantec.com
O en el email del programa: BnR_Beta@symantec.com
Os animamos a que os registréis en la siguiente página: Backup Exec 15 Beta Program
By connecting with your LinkedIn profile and completing a 3 question survey, we'll get to know more about your unique interests to ensure we provide the solutions, technical knowledge, and product ideas most important to you.
As our way of saying "thanks" for taking the time to give us your feedback, from now until the end of the year, we'll give you 100 points towards the Symantec Connect Rewards Program in return! Just click here: http://symantec-connect.apps.umbel.com/880/symantec-connect/ to get started.
If you don't have a LinkedIn Profile or would prefer not to connect via LinkedIn, you will be given the option to "Skip" and you'll be taken straight to the survey.
Thank you for helping us continue to improve your Connect experience.
1 - To Download the Windows ADK for WinPE 4.0 please access the following link:
https://www.microsoft.com/en-in/download/details.aspx?id=30652
2 - Save adksetup.exe locally
3 - Run adksetup.exe and follow the installation wizard
4 - Select the Features you want to install (de-select the ones that are not needed):
5 - Complete installation
NOTE:
If you found the above information useful, please give this article a thumbs-up(top right of the post) or add a comment below. Your feedback will help our tech community – Thank you, Mauro
On behalf of all of us in Product Management and Engineering I would like to thank you for your willingness to be part of the DCS 6.5 Beta. For all of you who also filled in our survey, your anonymous responses were very helpful so we can better understand your needs, environment and the use-cases you want to investigate with our new product.
Updates since last Blog
Over late October and November, a lot of work has been going on with our Engineering teams who are busily preparing for the December Beta drop. We have had a number of pre-Beta trials running inside the company, defect reviews and have a high confidence you will be impressed with our new UI, product features and flexibility to better secure your workloads in your data center.
You may recall in the previous Beta announcement we said we were investigating doing Hands-On Labs to give customers an opportunity to test without having to setup your own environment. Unfortunately this is a work in progress so if you are interested in only testing via HoL please email us at DCS65_Beta@symantec.com to indicate your preference.
About the December DCS 6.5 Beta
For all customers who will be downloading and installing DCS 6.5 to your non-production environment, below is a bit of updated background on the Beta. Let me take a moment to explain a bit more of the why’s, what’s and wherefores of our December Beta so you have a good idea of our goals:
Exact use-cases and functionality
Functionality | Additional Information |
REST API - Automating Security | Customers wanting to test the REST API's should ask for a copy on the SymIQ Symantec Data Center Security Beta discussion forum and a copy will be supplied to you. |
AWS Windows and RHEL | Covered in our testing scripts to aid validation of new functionality |
Openstack – Monitoring | First customers will be able to monitor and provide application protection for an OpenStack/KVM virtual data center. We also provide robust detection/monitoring for Openstack modules: • Compute (Nova) • Identity Service (Keystone) • Networking (Neutron) • Image Service (Glance) • Object Storage (Swift) • Block Storage (Cinder) |
DCS: Server new UMC UI | Covered in our testing scripts to aid validation of new functionality |
DCS: Server Advanced – Protection Policy wizard improvements | Covered in our testing scripts to aid validation of new functionality Feedback on improved discovery/mapping of applications and performance |
Guest Network Threat Protection (IPS) | Covered in our testing scripts to aid validation of new functionality |
File Quarantine | Covered in our testing scripts to aid validation of new functionality |
Cloud Admin initiating security provisioning request | Covered in our testing scripts to aid validation of new functionality (Only works for vApp currently. Need to make sure customer creates a dummy vApp for this testing.) |
Cloud admin requesting exception for system recommended policies | Covered in our testing scripts to aid validation of new functionality (Security Profile Editing is currently not feature complete) |
Security admin reviewing new provisioning requests and approving them | Covered in our testing scripts to aid validation of new functionality (Only works for vApp currently. Need to make sure customer creates a dummy vApp for this testing.) |
Security admin validating that all security policies were applied for a vApp | Covered in our testing scripts to aid validation of new functionality (To be done by checking DCS:Server, DCS:Server Advanced, NSX consoles to validate provisioning activity) |
Security admin creating custom tags and mapping them to custom policies in DCS:Server and DCS:Server advanced | Covered in our testing scripts to aid validation of new functionality (Should be able to test mapping to mandates and control statements, and the level of customization required by customers.) |
Security admin creating custom application templates and mapping them to rules from PAN | Covered in our testing scripts to aid validation of new functionality |
Security admin adding new security assessment questions and publishng them into vCenter | Covered in our testing scripts to aid validation of new functionality |
Security admin viewing list of all policies imported from DCS:Server and DCS: server Advanced | Covered in our testing scripts to aid validation of new functionality (We would like to understand the type of policies that customers want to orchestrate security policies) |
For further information on the Beta, please see the SymIQ Symantec Data Center Security Beta forum. (Registration Required)
Novacoast is a Syamntec Platinum Partner and has partnered with MetriX Dashboards who have developed their our own unique real time dashboard solution. MetriX gives users the power to quickly and easily aggregate real-time data from any number of data sources into a single, consolidated view.
MetriX provides those within security with an unprecedented view into the organization’s security posture, while providing you with real-time notifications when thresholds or service levels are not being met. This ensures that IT can respond quickly to threats, thereby reducing risk associated with lack of timely visibility.
I thought this may be of intrest and wanted to share a screen shot of a few dashboards.
For additional information feel free to shoot me a note at rjschoenherr@novacoast.com or visit www.metrixdashboards.com
Join Symantec at the Gartner Data Center, Infrastructure & Operations Management Conference 2014 in Las Vegas and get the information you need to deliver crucial IT services and drive improved levels of productivity and innovation at the same time. With a renewed focus on people, processes, technology and culture, you will learn how to select and prioritize I&O initiatives, manage ongoing volatility, and elevate their own strategic leadership in the digital enterprise of the future.
Stop by Symantec booth # 345 to learn how Symantec can help you transform and enable the Agile Data Center. Don’t miss the following sessions:
Click here for more information: http://www.gartner.com/technology/summits/na/data-center/
As the holiday shopping season descends upon retailers and shoppers, storm clouds of apprehension from recent data breaches continue to darken the perception of safety among some consumers. A recent study conducted by CreditCards.com and reported on by Huffington Post found that 45% of gift-grabbing respondents would “definitely not” or “probably not” shop at major retailers that suffered data breaches this year. The study also noted that, 48% of shoppers said they would use cash instead of debit or credit cards due to the high number of recent data breaches.
Given that retailers depend on holiday sales to meet their annual goals, losing nearly half of its holiday customer base either online or at a brick-and-mortar store could have devastating financial implications for these outlets. Make no mistake: Trust drives sales. And as the data above shows, once that trust is shaken, it can be difficult to rebuild.
Double Check the Security of Transactions
Organizations need to focus on both continuing to shore up their defenses and their customers’ trust, as today’s vulnerability could be tomorrow’s casualty. During the holiday season, the temptation for hackers is at its highest. Below are a few steps your organization’s IT department should consider putting in place to ensure security this holiday season:
Respond Promptly to Any Issues
Because of this loss of trust, IT security staff of breached retailers should be especially vigilant during the holiday season; becoming deeply involved in helping the organization repair besmirched trust with customers to reinforce the assurance of safe shopping will be critical to this process. If your organization happens to experience a breach during the holidays, or even during the rest of the year, here are a few steps IT can take to help to restore trust:
The holidays are by far the most critical time for retailers to be thinking about security, but it shouldn’t be the only time. Breaches can happen out of the blue; use your position in IT to help keep grinches at bay and keep your customer’s information—and their trust in your business—secure. Breached organizations should follow these guidelines year-round, disclosing breaches quickly and transparently, and keeping the communication focus on protecting users in the future.
We are pleased to announce that the beta program for the next release of Backup Exec, Backup Exec 15, is open for registration. This beta allows new and existing Backup Exec customers the opportunity to test, validate, and provide feedback on this upcoming release.
This beta release can be installed in both lab and production environments in all languages supported by Backup Exec.
What’s new in Backup Exec 15?
Backup Exec 15 delivers powerful, flexible and easy-to-use backup and recovery for virtual and physical environments. By participating in the beta, you can be among the first to evaluate newly-supported platforms and reliability enhancements. Your feedback on product stability, features, and performance will help us to continue delivering a high quality product that you can trust. Backup Exec 15 includes:
· Support for VMware vSphere 2015
· Support for Oracle 12c
· Fixes for customer-reported issues and bugs
Additionally, Backup Exec 15 includes the following platform updates:
· SDR (Simplified Disaster Recovery) support for Windows Server 2012 R2 and Windows 8.1 client
· VMware vSphere 5.5 U2
· Exchange 2013 Cumulative Update 6
· SQL 2014 as a repository for the Backup Exec database
· SCOM for 2007 and 2012
· And more!
End of life items
· Backup Exec 15 will not support Backup Exec servers running on 32-bit operating systems; however, remote servers with 32-bit operating systems will be supported using the Agent for Windows (AWS).
Forward-looking Statements: Any information regarding pre-release Symantec offerings, future updates or other planned modifications is subject to ongoing evaluation by Symantec and therefore subject to change. This information is provided without warranty of any kind, express or implied. Customers who purchase Symantec offerings should make their purchase decision based upon features that are currently available.
Beta Availability
Backup Exec 15 will be available for download in the first quarter of CY 2015. We are opening beta registration early so that participants have ample time to register. We will provide more updates about the beta program closer to the launch.
If you are interested in participating in this Beta program, please click the link below and click “Join this Beta Program”.
Registration link: https://symbeta.symantec.com/callout/?callid=B5C9F823420C44A49A7596453FEDCE72
If you have questions about this beta program, please email: BnR_Beta@symantec.com.
We look forward to your interest and participation in the upcoming beta release of Backup Exec 15.
Best regards,
Backup Exec team