Quantcast
Channel: Symantec Connect - ブログエントリ
Viewing all 5094 articles
Browse latest View live

allAfrica.com: Tech Mentors Meet South African Girls

0
0

Symantec is proud to participate in TechWomen, a program that empowers, connects, and supports the next generation of women leaders in STEM (see previous entries here and here). Participants live in Africa, Central Asia, and the Middle East, and companies like Symantec help provide mentors and support to advance their careers, pursue their dreams, and inspire even more women and girls in their communities. This article from allAfrica.com highlights the program.

Promising young girl coders from Khayelitsha met the Twitter vice-president for engineering, Nandini Ramani, to discuss how to pitch a business idea and how to use social media to grow their success.

Ramani was among a group of 40 of the top women in technology from around the world at the gathering, which took place on 29 January at the Bandwidth Barn. The women, from TechWomen, are in South Africa to meet the country's leaders in information and communications technology and discuss women's roles in the sector.

TechWomen is a mentorship programme that supports female leaders in science, technology, engineering and mathematics (Stem). "The idea is to bridge connections and encourage women and girls to pursue careers in Stem," said TechWomen representative Kelsi Ward.

About 60 girls and women joined the meeting, where the TechWomen shared their experiences of working in some of the biggest and most innovative companies in the world.

The young coders were from GirlHype, an organisation that aims to empower young women and girls with digital and media education skills. The Bandwidth Barn tests incubation models that work best in a community environment and that support the local community's needs.

The visitors included professionals from Symantec, Juniper Networks and Twitter.

Read more.


Don't Pay That Ransom: Fighting Ransomware In A New Threat Landscape

No More Sitting by the Phone Waiting for It To Ring

0
0
Speak immediately to a live support technician
Twitter カードのスタイル: 
summary

All Symantec security product entitlements now have a new support model: Live customer calls are routed directly to a Symantec technical support engineer who can help answer questions.

In the previous support model, customers waited for a technician to call back. Now, any severity-level issue will be answered in the new support model, designed from your feedback to improve customer experience. For more information, visit the here.

Proteggere la forza lavoro nell'era dei dispositivi mobili.

0
0
Twitter カードのスタイル: 
summary

cybersecurity2.jpg

La tua casa e il tuo ufficio hanno bisogno di chiavi. La tua carta di credito e il tuo cellulare hanno bisogno di un PIN. Il tuo computer e i tuoi account online hanno bisogno di password. Se parliamo di software, le funzionalità di sicurezza sono fondamentali. Queste funzioni sono pensate per proteggere le persone, le aziende che le assumono e i dati a loro affidati. Ma in tempi dove la mobilità regna sovrana, la sicurezza può spesso passare in secondo piano.

Quando la colpa è degli utenti

Le misure di sicurezza funzionano solo se vengono implementate. Sfortunatamente,  gli studi dimostrano che le persone non fanno sempre ciò che è meglio per loro. Comportamenti come lasciare i dispositivi sbloccati, scaricare applicazioni, navigare in siti non validati e aprire allegati provenienti da sconosciuti, mettono a rischio i dati personali degli utenti. Se questi utenti utilizzano gli stessi dispositivi in programmi BYOD sul posto di lavoro, il rischio cresce esponenzialmente. 

La cosa migliore per quegli utenti che non sono inclini a cambiare le loro abitudini è adottare un software di sicurezza. L'esperta di sicurezza per i dispositivi mobili Tamara Law suggerisce un software che scansioni le e-mail, identifichi i link sospetti sui siti dei social network ed esegua una scansione delle applicazioni prima che vengano scaricate. "Oltre il 50 per cento del malware viaggia su dispositivi mobili, e un terzo mira a raccogliere i nostri dati. È bene pensarci, perché certo non smetteremo di scaricare e-mail o applicazioni, e saremo sempre alla ricerca di nuovi siti web." Ripensa la tua presenza online. "È bene anche essere più attenti a cosa postiamo sui social network, in quanto sono tutte informazioni che possono aiutare i criminali ad attaccarci."

Alla ricerca di un equilibrio sicuro

La sfida per le aziende è molto più grande. Le informazioni che possono perdere potrebbero avere un impatto disastroso.  Sebbene le aziende conservino i loro dati in un unico posto, la mobilità genera dei rischi difficili da gestire Grazie in parte all'aumento delle applicazioni basate sul cloud e dei programmi BYOD, la forza lavoro mobile si sta espandendo. Secondo una ricerca IDC, nel 2015 ci si aspetta che arrivi a contare 1,3 miliardi di persone – il 37,2% della forza lavoro totale. Questa forza lavoro richiede accessi semplici e veloci, mentre le aziende e i responsabili IT chiedono sicurezza. Ci sono soluzioni che possono mettere tutti d'accordo. Forti di ricerche che dimostrano come le aziende abbiano molto da guadagnare utilizzando autenticazioni  più sicure e intelligenti, queste soluzioni possono davvero fare molto.

"Le aziende hanno bisogno di diventare più cyber resilient," spiega la Law. "Devono aumentare le conoscenze dei loro dipendenti in tema di sicurezza, così che questi non mettano in atto comportamenti a rischio." La Law raccomanda che tutti i dipendenti eseguano l'autenticazione prima di accedere a dati confidenziali, e indica una serie di opzioni che le aziende devono fornire, sia per una protezione che per una user experience ottimizzata.

  • Accessi multilivello: I dipendenti devono fornire due autenticazioni per accedere al network. Un'altra autenticazione è richiesta per ottenere un accesso  ai dati più riservati. Symantec VIPè un servizio di autenticazione a due chiavi.  Fornisce le credenziali per accedere ai sistemi aziendali da remoto ai dipendenti che lo usano. VIP va oltre il semplice uso di password. Presto userà le impronte digitali degli utenti per permettere l'accesso ai sistemi aziendali.
  • Certificati digitali: Una volta scaricati, i certificati digitali non richiedono nessun'altra azione da parte dell'utente.
  • Policy di controllo dei dati: Non tutti i dipendenti devono avere accesso a tutte le applicazioni. Ci deve anche essere un punto centrale di controllo dal quale gli accessi possano essere monitorati.
  • Single sign on: L'utente medio dispone di 26 account diversi e di sole 5 password differenti, compresa quella utilizzata per accedere agli account aziendali. Il Single sign on riduce le possibilità che i dipendenti abbiano comportamenti rischiosi legati alle password.
  • Contenitori applicazioni client: I contenitori di app utilizzano la cifratura per raccogliere i dati di autenticazione dagli utenti mobili.

La parola d'ordine secondo la Law è: semplicità. "Più saranno semplici le cose, maggiore sarà la sicurezza. Si tratta di proteggere le persone, i processi e le tecnologie che devono lavorare insieme. Formate il personale, assicuratevi di impostare i processi in modo che le persone giuste accedano alle informazioni giuste, e che possiate agire prontamente se un dispositivo mobile viene perduto o rubato."

Sicherheit für mobile Mitarbeiter im Zeitalter von BYOD

0
0
Twitter カードのスタイル: 
summary

cybersecurity2.jpg

Für Ihr Zuhause und Büro benötigen Sie Schlüssel. Für Ihre Bankkarte und Ihr Mobiltelefon brauchen Sie PIN-Codes.  Ihr Computer und Ihre Online-Konten sind mit Passwörtern geschützt. Wenn es um Software geht, ist Sicherheit essentiell.  Die Sicherheitsfunktionen der Software müssen die Arbeitnehmer, die Unternehmen und die ihnen anvertrauten Daten schützen. In einer Zeit, in der Komfort König ist, kann Sicherheit schnell zur Nebensache werden – besonders wenn es um mobile Geräte geht.

Anwender verhalten sich nicht korrekt

Sicherheitsmaßnahmen funktionieren nur, wenn sie auch implementiert werden. Studien zu menschlichem Verhalten zeigen jedoch, dass Menschen nicht immer das tun, was am besten für sie wäre. Gewohnheiten, wie zum Beispiel Geräte nicht zu sperren, Apps herunterzuladen, auf unzulässigen Websites zu surfen und unbekannte E-Mail-Anhänge zu öffnen, setzt die persönlichen Daten einem hohen Risiko aus. Wenn diese Menschen das Gerät auch noch für die Arbeit nutzen, wächst das Risiko exponenziell.

Deshalb sollten Nutzer, die ihre Gewohnheiten nicht ändern wollen, auf Sicherheits-Software setzen. Tamara Law, eine Sicherheits-Expertin für mobile Geräte, rät zu einer Software, die E-Mails prüft, auffällige Links in sozialen Netzwerken erkennt und Apps vor dem Herunterladen überprüft: "Mehr als 50 Prozent der Malware ist mobil und ein Drittel davon zielt darauf ab, Informationen zu sammeln. Es ist eine gute Idee, weitere Schritte zu ergreifen, denn wir werden niemals gänzlich damit aufhören E-Mails und Apps herunterzuladen und wir werden immer auf neuen Webseiten surfen."  Behalten Sie auch Ihre Online-Präsenz im Auge:  "Es ist zudem eine gute Idee, vorsichtiger dabei zu sein, was wir auf Social Networking-Seiten posten – all die Informationen helfen Angreifern, uns noch besser ins Visier nehmen zu können."

Unternehmen bieten Balance

Doch die Herausforderung für Unternehmen ist viel größer.  Die Informationen, die sie verlieren könnten, betrifft mehr als nur Einzelne.  Wenn sie auch gute Gründe haben, die Daten an einem zentralen Standort vorzuhalten, geht der Trend jedoch in eine andere Richtung. Da sich cloudbasierende Anwendungen sowie BYOD-Programme immer mehr durchsetzen, arbeiten immer mehr Mitarbeiter mobil. Bis 2015 werden es 1,3 Milliarden Menschen sein (37,2 Prozent aller Arbeitskräfte), sagt das Marktforschungsunternehmen IDC. Diese Mitarbeiter wünschen sich einen schnellen und einfachen Zugang, während Unternehmen und die IT-Leitung Sicherheit fordern. Es gibt jedoch Lösungen, die alle Beteiligten zufrieden stellen können. Und wie die Forschung zeigt, können Unternehmen durch eine starke und durchdachte Nutzer-Authentifizierung viel gewinnen. Darum sind solche Lösungen den Aufwand wert.

"Unternehmen müssen versuchen, unangreifbar zu bleiben", rät Law.  "Sie müssen ihre Mitarbeiter aufklären und ihr Sicherheitsbewusstsein schärfen, damit das Wissen über Sicherheit und das Bewusstsein ihrer Mitarbeiter verbessern, damit sie sich nicht zu risikoreichem Verhalten verleiten lassen." Sie empfiehlt, dass alle Mitarbeiter überprüft werden, bevor sie Zugang zu vertraulichen Daten erhalten. Sie weist auf mehrere Optionen hin, um Sicherheit zu gewährleisten und gleichzeitig eine benutzerfreundliche Lösung bereitzustellen.

  • Mehrstufige Autorisierung:  Mitarbeiter melden sich mit zwei Angaben am Netzwerk an.  Eine zweite Authentifizierung wird für den Zugriff auf sensiblere Informationen benötigt.  Symantec VIP ist ein Service für die zwei-Faktor-Authentifizierung und übernimmt die zweite Authentifizierungsstufe.  Die Lösung vergibt Zugriffsberechtigungen an Mitarbeiter, die remote auf Unternehmensressourcen zugreifen möchten.  Dabei wird Symantec VIP bald mehr sein als eine Texteingabe. In der nahen Zukunft werden Geräte-IDs und Fingerabdrücke von Nutzern eingesetzt, um auf die Unternehmenssysteme zuzugreifen.
  • Digitale Zertifikate: Einmal heruntergeladen, erfordern digitale Zertifikate keine weitere Texteingaben des Nutzers.
  • Richtlinien für die Datenüberwachung: Nicht alle Mitarbeiter sollten Zugriff auf alle Anwendungen haben. Es sollte auch eine zentrale Stelle geben, die die Zugriffe überwacht.
  • Single-Sign-On:  Ein durchschnittlicher Nutzer hat 26 verschiedene Accounts und nur fünf verschiedene Passwörter – einschließlich dem Passwort, das er nutzt um auf den Unternehmens-Account zuzugreifen. Ein Single-Sign-On reduziert die Wahrscheinlichkeit, dass Mitarbeiter fahrlässig mit ihrem Passwort umgehen.
  • App-Container:  App-Container verwenden Verschlüsselungen, um Authentifizierungsdaten von mobilen Nutzern zu sammeln.

Tamara Law zieht folgendes Fazit: "Umso einfacher Sie alles gestalten, desto besser wird Ihr Schutz sein.  Es geht um das zuverlässige Zusammenspiel von Personen, Prozessen und Technologien.  Schulen Sie Ihre Mitarbeiter und stellen Sie sicher, dass Ihr Unternehmen alle notwendigen Prozesse umsetzt, sodass die richtigen Leute die für sie relevanten Informationen erhalten und Sie umgehend darauf reagieren können, wenn ein mobiles Gerät verloren geht oder gestohlen wird."

Sécuriser vos employés mobiles à l’ère du BYOD

0
0
Twitter カードのスタイル: 
summary

cybersecurity2.jpg

Votre domicile et votre bureau s'ouvrent avec une clé. Votre carte bancaire et votre téléphone mobile ont leur code PIN.  Votre ordinateur et vos comptes en ligne ont leurs mots de passe. De même, pour les logiciels, des fonctions de sécurité intrinsèques sont primordiales. Ces fonctions de sécurité sont conçues pour protéger les personnes, les entreprises qui les emploient ainsi que les données qui leur sont confiées. Mais dans une époque ou la commodité règne, la sécurité peut partir aux oubliettes, en particulier en ce qui concerne les appareils mobiles. 

Les utilisateurs se comportent mal 

Des mesures de sécurité peuvent uniquement fonctionner lorsqu'elles sont mises en œuvre. Malheureusement, les études sur le comportement humain nous montrent que les personnes ne font jamais ce qui est le mieux pour eux. Des comportements comme le fait de laisser les appareils déverrouillés, de télécharger des applications, de naviguer sur des sites non validés et d'ouvrir des pièces jointes inconnues mettent en péril les données personnelles des utilisateurs.   Si ces mêmes utilisateurs utilisent ces mêmes appareils dans le cadre de programmes BYOD professionnels, les risques augmentent de manière exponentielle. 

La meilleure option pour des utilisateurs incapables de changer leurs habitudes est le logiciel de sécurité. Tamara Law, experte en sécurité des appareils mobile suggère le recours à un logiciel scannant les e-mails, identifiant les liens douteux sur les sites de médias sociaux et scannant les applications avant qu'elles ne soient téléchargées. « Plus de 50 % des logiciels malveillants se trouvent sur des mobiles et un tiers d'entre eux recueillent nos informations. Il est vraiment nécessaire de faire quelque chose car nous n'allons pas simplement arrêter de télécharger nos e-mails ou des applications et nous irons toujours consulter de nouveaux sites internet. » Gardez également un œil sur votre présence en ligne. « Vous devriez également être plus prudent sur ce que vous publiez sur les sites de médias sociaux, toutes les informations sont autant d'aides qui permettent aux assaillants de mieux nous cibler. »

Le bon équilibre pour les entreprises

Le défi pour les entreprises est encore plus grand. Si elles venaient à perdre leurs informations, cela affecteraient bien plus que quelques personnes. Mais bien qu'elles aient des raisons de souhaiter conserver leurs données dans un même lieu, ce raisonnement va à l'encontre de la tendance. Du fait de la part grandissante des applications sur le cloud et des programmes de BYOD, les travailleurs mobiles sont de plus en plus nombreux. Leur nombre devrait atteindre 1,3 milliards de personnes, soit 37,2 % des travailleurs, d'ici 2015 selon la société d'études IDC. Les employés souhaitent un accès facile et rapide alors que dans le même temps, les entreprises et les responsables informatiques exigent la sécurité. Certaines solutions ne peuvent pas satisfaire tout le monde. Et alors que des études démontrent que les entreprises ont beaucoup à gagner d'une authentification plus forte et plus intelligente, ces solutions en valent largement la peine.

« Les entreprises doivent devenir plus cyber-résilientes » conseille Law. « Elles doivent développer le QI sécurité de leurs employés pour qu'ils abandonnent leurs comportements à risque. » Elle recommande que tous les employés s'authentifient avant d'accéder à des données confidentielles et propose une variété d'options à la disposition des entreprises offrant à la fois protection et ergonomie pour l'utilisateur.

  • Autorisations multi-niveaux : Les employés doivent fournir deux facteurs pour se connecter au réseau. Une autre autorisation est nécessaire avant de pouvoir accéder à des informations plus sensibles ou plus précises. Symantec VIP est un service d'authentification à deux facteurs fournissant le second facteur. Il fournit des identifiants aux employés pour leur permettre de se connecter aux systèmes de l'entreprise à distance. VIP va au-delà des mots de passe. Dans un futur proche, il utilisera l'identifiant de l'appareil et l'empreinte digitale de l'utilisateur pour accéder aux systèmes de l'entreprise.
  • Certificats numériques : Une fois téléchargés, les certificats numériques ne demandent plus aucune saisie de la part de l'utilisateur.
  • Politiques de contrôle des données : Tous les employés n'ont pas besoin d'avoir accès à toutes les applications. Un point de contrôle central devrait également être mis en place pour suivre les accès.
  • Single Sign On : Un utilisateur a en moyenne 26 comptes différents et seulement 5 mots de passe, dont un pour accéder aux comptes professionnels. L'authentification unique ou single sign on limite les risques de comportements à risque de la part de l'employé.
  • Conteneurs d'application client : Les conteneurs d'application reposent sur le chiffrement pour recueillir les données des utilisateurs mobiles.

Le maître mot selon Law : la simplicité. « Plus les choses sont simples, plus efficace en sera la sécurité. L'idée est de s'assurer que les personnes, les processus et la technologie s'accordent comme il faut. Formez vos collaborateurs, assurez-vous de proposer les bons processus pour que les bonnes personnes aient les bonnes informations et que vous soyez en mesure de faire ce qu'il faut dans le cas où un appareil mobile est perdu ou volé. »

Securing The Mobile Workforce In The Age Of BYOD

0
0
Twitter カードのスタイル: 
summary

cybersecurity2.jpg

Your house and office need keys. Your bankcard and mobile phone need PINs. Your computer and online accounts need passwords. When it comes to software, innate security features are crucial. Those safety features are designed to protect people, the companies that hire them and data entrusted to them. Yet in a time when convenience is king, safety can often slip by the wayside – especially when it comes to mobile devices.

Users behaving badly

Safety measures can only work when they’re implemented. Unfortunately, studies of human behavior show us people don’t always what’s best for them. Behaviors like leaving devices unlocked, downloading apps, browsing invalidated sites and opening unknown e-mail attachments puts users’ personal data at risk. If those same users use those same devices in workplace BYOD programs, that risk grows exponentially.

The best bet for users who are not apt to change their ways is security software. Mobile device security expert Tamara Law suggests software that scans emails, identifies suspicious links on social networking sites and scans apps before they are downloaded. “Over 50 percent of malware is mobile and one-third is aimed at collecting our information. It’s a good idea to take further action – because we’re not going to completely stop downloading e-mails or apps, and we’re always going to be surfing new websites.” Keep track of your online presence as well. “It’s also a good idea to be more cautious about what we post on social networking sites – all the information only helps attackers target us better.”

Businesses offering balance

The challenge for companies is much greater. The information they stand to lose impacts more than a few individuals. But while they have reason to keep data in one centralized location, that idea goes against the trend. Thanks in part to an increase in both cloud-based applications as well as in BYOD programs, the mobile work force is expanding. It’s expected to reach 1.3 billion people (37.2 percent of the total workforce) by 2015, according to research firm IDC. That work force demands quick and easy access, while business and IT leaders demand safety. There are solutions that can please all parties. And with research showing organizations have a lot to gain from stronger, smarter user authentication, those solutions are well worth the effort.

“Enterprises need to become more cyber resilient,” Law advises. “They need to increase their employee security IQ so they don’t engage in risky behavior.” She recommends all employees be authenticated before accessing confidential data, and points out a variety of options companies have to provide both protection and a simple user experience.

  • Multilevel Authorizations: Employees provide two factors to log in to the network. Another authorization is needed before deeper or more sensitive information is accessed. Symantec VIP is a two-factor authentication service that provides the second factor. It gives credentials to employees who use them to remotely access corporate systems. VIP is evolving beyond typing. In the near future it will use device IDs and user fingerprints to access corporate systems.
  • Digital Certificates: Once downloaded, digital certificates don’t require any additional typing from the user.
  • Data Control Policies: Not all employees should have access to all applications. There should also be a central point of control from which access could be monitored.
  • Single Sign On: The average user has 26 different accounts and only five different passwords – including the one used to access corporate accounts. Single sign on reduces the likelihood of employees engaging in risky password behavior.
  • Application Client Containers: App containers use encryption to collect authentication data from mobile users.

The bottom line according to Law: simplicity. “The easier you make things, the stronger your security will be. It’s about making sure your people, processes, and technology are all working together. Educate your people, make sure you have the right processes to ensure the right people get to the right information – and that you can take action if a mobile device is lost or stolen.”

NYU Polytechnic's Hacker in Residence, Dan Guido, Visits Symantec Cyber Career Connections (SC3) Students in Brooklyn

0
0

As the Symantec Cyber Career Connection (SC3) students embark on their internships, which started in February, we visit with one of the guest lecturers that taught a session at the Brooklyn pilot site. Dan Guido, CEO of Trail of Bits and ‘Hacker in Residence’ at NYU Polytechnic School of Engineering, gave the students some advice and training on how to gain the skills necessary for entering the cybersecurity workforce.

Read SC3 student Diana Shafer's views on why millenials should care about Safer Internet Day on TechCrunch.

SC3 is Symantec’s signature program that aims to address the global workforce gap in cybersecurity by training and certifying young adults in cybersecurity and assisting them in landing meaningful internships and jobs. To conduct the SC3 initiative, Symantec has entered into partnerships with two nonprofit organizations—Year Up and NPower—to develop educational programs for underserved young adults (ages 18-29) in the field of cybersecurity information. The participants of the programs will receive industry-recognized certifications, such as CompTIA A+Network+, and Security+, which will greatly increase their earning potential.

The first class of 45 participants in three pilot locations (New York City, SF Bay Area, and Baltimore) will be qualified for permanent employment in entry-level cybersecurity positions by September of 2015.

The Brooklyn class was lucky to have Dan Guido share his experience and insights about cybersecurity and the importance of training in Capture the Flag (CTF) competitions to gain real world skills. We spoke with him to hear about his day at SC3 and his message to the students.

How did you get involved at SC3 in Brooklyn?

I was speaking on a panel at the 2014 NICE conference on cybersecurity education and I was talking about how to scale out security education and the value of CTFs, Capture the Flag competitions. Symantec approached me and asked if I would be interested in speaking with the students.

What are CTFs?

Capture the Flag (CTF) is a computer security competition that is usually set up as jeopardy-style to solve cybersecurity challenges. Teams race to complete the problems ranging from vulnerability discovery to forensics. CTFs serve as an effective educational tool and are associated with major security conferences. My company sponsors and helps design CTFs, such as Ghost in the Shellcode, CSAW CTF, and Build it Break it. The largest is DEF CON in Las Vegas.

What did you teach the students?

I talked about Trails Bits, Capture the Flag, and why I believe it is a great learning tool, how to approach it, and what skills are needed for success. We walked through a use case and did some defensive exercises and forensics. Then I had them play MicroCorruption, a free online tool that is always open, and helped guide them through questions that arose.

Why do you think CTFs are important as a learning tool?

CTFs provide immediate real world experience. Every challenge is one that a security professional would encounter in their daily lives: identify vulnerabilities in the code you must protect, evaluate how exploitable they would be to an attacker, find out if someone else already exploited the system and if so, develop a tool to root them out. CTFs exercise every step in this workflow.

Beyond teaching the right skills, CTFs are fantastic additions to any resume and are always a conversation starter in an interview. You can discuss your problem solving approach and the challenges you have previously solved. Most, if not all, security professionals recognize and understand the value of participation in CTFs.

Most important, CTFs are fun and addicting to play. You will join a great community of peers and want to keep coming back to learn more in each additional game.

Any last thoughts you would like to share?

The students were very enthusiastic and they were there because they wanted to learn. I gave them some pretty challenging scenarios but they weren’t dissuaded.

On our Trail of Bits website we have a free CTF Field Guide resource. I provided them with that information and gave them the schedule for upcoming CTFs.

Adding a CTF component to the program would give it the ability to scale. As mentioned, it’s one-to-one overlap to the real world and is an excellent learning tool. In the end it is absolutely necessary to provide hands on experience that CTFs can provide.

Thank you, Dan, for sharing your valuable advice with the SC3 students! For more information on SC3 visit http://www.symantec.com/corporate_responsibility/topic.jsp?id=cyber_career_connection.

Dan Guido received a BS in Computer Science with a focus in security from NYU-Poly. He is the CEO of Trail of Bits, a cybersecurity research and development firm in NYC, and the Hacker in Residence at NYU-Poly, where he teaches a graduate course in penetration testing and vulnerability analysis. In his free time, Dan is a moderator of Reddit Netsec, the largest security forum on the internet.


Backup Exec Upgrade 2012 to 2014 - Deduplication option error

0
0
BE 2014 Install - Deduplication option error

It was mentioned that I should repost this as a Blog since it seemed to be helpful to a few of you out there, so here goes:

==============================================================

Just an FYI for anyone running into this issue during an upgrade to BE-2014:

I saw this exact same problem when upgrading our previous edition of Backup Exec to BE-2012 and now again when upgrading 2012 to 2014 and the fix is the same.  When running the installation for BE-2014 the wizard came to the point of selecting installation type (Full / Tial) - (the screens after entering Licensing) and a message window appeared stating the following:
 "Deduplication Option is no longer licensed in this upgrade. You may not remove the license during the upgrade. To continue, either add a serial number for Deduplication Option, upgrade as trial, or remove the option in the previous version, then continue the upgrade."
 (Also outlined in this kb article: http://www.symantec.com/business/support/index?page=content&id=TECH185257 )

The fix was also the same - Open regedit, navigate to:  HKLM\SOFTWARE\Symantec\...
Delete the \Puredisk\ registry key and it's child \Puredisk\Agent\.
 (In our case, since we never installed, trialed, used or licensed dedupe at all these keys were completely empty of values.)

Quit and re-run the Installation.  The wizard should continue past this point and straight to the options screen.  This should allow you to install/upgrade BE-2014 with licenses the first time, without having to go through the trial install first.

         Happy Upgrading

Four Reasons Why Millennials Should Care About Safer Internet Day

0
0

millennials_0.jpg

Editor’s note: Diana Shafer joined the Year Up program following her passion for computers and technology and is currently an intern at Symantec as part of the Symantec Cyber Career Connection (SC3) program. 

Growing up, I was always close to technology. I explored the vast world of the Internet from a young age. I created my first email account when I was 10 years old, but had no concept of acting safe online and signed up for numerous websites that promised free TVs and other cool prizes. It wasn’t long before I fell victim to phishing attacks and almost sent money to someone in Florida for a puppy.

As I got older, I started to see the repercussions of downloading dubious files and trusting everything I saw online. My computer speed came to a screeching halt as spyware and malware swarmed in and bogged down my system. I quickly learned to avoid bogus websites and installed various anti-virus protections for my family’s computers. My computer got fast again, my parents were impressed with my tech savviness, and I found myself a new passion for computers.

Fast-forward to 2014, the year the hack went viral. From Staples to eBay to Sony Pictures, last year taught us that companies, governments or consumers are safe from data breaches. And cyber threats will only continue to increase, especially as connected devices are expected to outnumber connected people six to one by 2020.

So what are millennials doing to prepare our society for a safe and secure future?

The issue of cybersecurity goes beyond governments and corporations to my generation, as well. In celebration of Safer Internet Day — an international education and awareness-raising effort spanning more than 100 countries around the globe — I offer reasons I believe Internet safety matters to millennials:

Read the entire story here!

Microsoft Patch Tuesday – February 2015

0
0
This month the vendor is releasing nine bulletins covering a total of 56 vulnerabilities. Thirty-seven of this month's issues are rated "Critical."

続きを読む

Are You Getting Symantec's Security Expertise?

0
0
Maintenance- Continuous Protection, Support and Education
Twitter カードのスタイル: 
summary

Your protection is really only as good as your most recent security update.

Each day, Symantec’s Security Technology & Response publishes more than 1,050 signature files. These definitions protect against the latest mass malware, while Insight queries and SONAR work to detect zero-day threats that fall outside the scope of signatures. Are you getting the full benefit of Symantec’s security expertise?

sep-security.jpg

As people who are passionate about Symantec Endpoint Protection, we’re always looking for ways that organizations can get the full protection they need, and are entitled to. Considering the world’s complex IT environments, always-on technology and the cybercriminal’s ever-mutating tactics, we need to be more vigilant than ever to maximize protection, performance and operational efficiency.

Organizations running expired, outdated or under-deployed Endpoint Protection are left exposed to undue security risk. To ensure continuous protection, remember to:

  1. Renew maintenance contracts on time - always
  2. Keep up to date - install the most current SEP version and avail of the latest product updates
  3. Ensure adequate SEP license coverage for all endpoints
  4. Configure SEP carefully to gain maximum benefit from all product features
  5. Inform and educate on how to avoid security risks

Our next point is simple – Customers with current SEP Maintenance are entitled to MORE than just Technical Support. A valid* maintenance contract ensures daily protection from the latest security threats with the most recent antivirus definitions; protection against new and advanced threats via Insight queries and SONAR enablement; as well as break fixes, patches and product enhancements available through new releases.

Beyond the full protection stack on the endpoint, customers also have access to self-paced training to hone their security skills and improve SEP deployment configurations to maximize protection and performance.

Keep Maintenance current and avail of: (See HOWTO109566)

  • Continuous Protection: Automatic delivery of critical security content updates (e.g. virus definitions that provide new algorithms to deal with new virus strains and updated URL lists for anti-phishing). Without a valid maintenance contract, you are no longer entitled to content and your system becomes vulnerable.
  • Cutting-edge product features & unrivalled product reliability: Symantec’s Security Technology & Response (STAR) team consistently develops advanced technology capabilities and state-of-the-art features to stay ahead of threats and maximize SEP’s performance.
  • Rapid response and resolution from Technical Support when you need it most: Access specialized SEP engineers, 24X7 in multiple languages, every day of the year.
  • Security Compliance Protocols: Continuous detection and minimization of vulnerability windows that allow you to meet industry and government protocols and support your security compliance requirements.
  • Prioritized handling of suspicious files: Jump the queue and receive detailed reports from Symantec’s Security Technology & Response team.
  • Cost Savings: Upgrade to the latest version at no extra cost and benefit from long-term savings by never having to buy new versions.
  • Education: Become security savvy - access Symantec’s eLibrary with over 1500 on-demand, online training modules and keep current with Symantec’s Security Response Blog.
  • Tools: Avail of SEP diagnostic utilities such as SymHelp, SEP Analyzer and SERT to get the most from your product and assist with common deployment issues, data analysis and reporting.
  • Self-help options:
    • Log your case online using MySymantec
    • Access our Technical Support Knowledge Base for technical notes, how-tos, tips and more
    • Engage online with your peers and Symantec technicians in our Connect Forum

A valid SEP maintenance contract guarantees continued access to security content, the latest product innovations and Symantec expertise. Once Maintenance expires, organizations are leaving themselves vulnerable and are complicating the path to remediation by forgoing access to Technical Support. The long-term implication of such risk can be devastating to most businesses, especially in terms of reputation and productivity. The risk also includes financial exposure, as it costs more to buy new versions than it does to pay maintenance; not to mention the high costs associated with a security breach.

In closing, some advice: Stay protected with SEP Maintenance and let Symantec actively look after your cybersecurity.

* A maintenance contract is considered “valid” when both term (start and end dates of the maintenance term) and quantity (maintenance contract quantity should match software license entitlement quantity of the product being supported) criteria are met. Maintenance cover will be denied to expired maintenance contracts or to maintenance contracts with insufficient entitlement cover.

その他の投稿者: 

The phishing economy: How phishing kits make scams easier to operate

0
0
Symantec looked into how attackers use phishing kits to conduct professional-looking, data-stealing campaigns against unsuspecting users.

続きを読む

New Windows JASBUG vulnerability requires immediate attention from systems administrators

0
0
Mitigation requires reconfiguration of affected computers in addition to patching.

続きを読む

Nova vulnerabilidade JASBUG do Windows requer atenção imediata dos administradores de sistemas

0
0
A mitigação exige reconfiguração dos computadores afetados, além de patching

続きを読む

Introducing NetBackup 5330 Integrated Appliance

0
0

Joining the NetBackup appliance family is the newest member; NetBackup 5300 series. The 5300 series are media servers with storage and are optimized to deliver a new level of performance, scalability, and resiliency in the industry. The NetBackup 5330 was announced in October and will be GA (General Availability) in early March. Only a few short weeks away!

We’re really excited about the addition of this new appliance to our NetBackup integrated appliance family. Keep reading for more details on how it fits.

Integrated Appliances 

The NetBackup 5330 is an integrated purpose-built backup appliance (PBBA). Integrated, as defined by IDC, means it has the master or media servers built into the system to orchestrate the backup and movement of data to other systems or removable media such as tape. This is different than target appliances, which are dependent on third-party backup software and designed to integrate in heterogeneous environments. Often target appliances are deduplication storage systems or devices. 

Both the NetBackup 5200 and 5300 series are integrated appliances. 

NetBackup Appliance Family

The introduction of the NetBackup 5330 further extends NetBackup appliances into large enterprises. It is the perfect complement to the NetBackup 5200 series, allowing you to leverage both series to address specific backup and recovery challenges within your environment. 
  • NetBackup 5200 series– a versatile integrated backup appliance that can be deployed as a master server, media server, or both, for a NetBackup domain. It simplifies and offers OpEx savings over traditional build-your-own media servers. 
  • NetBackup 5300 series– an integrated backup media server with storage to support greater performance, capacity, and resiliency requirements. Product Family graphic w scale.png

NetBackup Appliance Product Comparison

One difference between the NetBackup 5230 and 5330 models is their capacity scale, as highlighted in the Figure 1 above. 

Related to capacity, another difference is the capacity density of the products, see Table 1. The NetBackup 5330 delivers 22.80 TB per Rack Space Unit (RSU). Having greater capacity density saves valuable rack space, which is often at a premium given the cost of data center floor space and limited ability to expand the data center. The appliance also delivers environmental benefits such as power and cooling, which will be covered in greater detail in a subsequent blog. 

Table 1 - Usable Capacity and Density Chart
 NetBackup 5230NetBackup 5330
Usable Capacity (TB max.)148 TB229 TB
Rackspace (RSU)1410
Density (TB per RSU)10.5722.80 

The NetBackup 5200 and 5300 series already co-exist in many customer environments. Two common scenarios for the  NetBackup 5200 are:

  • Replacement for build-your-own media servers. Allows organizations to make an initial investment in NetBackup appliances and gain the Operating Expenditure (OpEx) savings and the option to later consolidate point products (i.e. VTLs or target dedupe storage) into the NetBackup 5230 appliance by adding additional expansion shelves. 
  • Remote offices. As a media server with either 4TB or 14TB of capacity, it is perfect for remote offices to consolidate a media server, disk and/or tape storage into a single appliance. This allows for local backups with the added protection of replication to a centralized site or datacenter, all under the control of IT. 

The NetBackup 5330 is ideal for organizations requiring performance, scale, or reliability. Common use cases are:

  • Media server requiring greater performance and capacity scale for data storage, either deduplicated and/or non-deduplicated. 
  • Centralized storage; either in a datacenter or in a disaster recovery (DR) target.  For example, using the NetBackup 5230 in the remote offices, and replicating back to a NetBackup 5330 for centralized storage. 

In subsequent blogs, I will cover several few key attributes of the NetBackup 5330 appliance; its performance, scale, and resiliency. 

Summary

The NetBackup 5330 is the newest family member to the integrated appliance family and delivers a new level of performance, scalability, and resiliency in the industry. 

To learn more, visit the NetBackup 5330 product page

Important Information re: SEP 11 EOSL and Discontinuation of SEP 11 Virus Definitions

ランサムウェアから身を守る方法

0
0
2 月はサイバーセキュリティ月間です。ランサムウェアの被害を防止する方法を確認してください。

続きを読む

Symantec Intelligence Report: January 2015

0
0
Twitter カードのスタイル: 
summary

Welcome to the January edition of the Symantec Intelligence report. Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks.

The average number of spear-phishing attacks rose to 42 per day in January, up from 33 in December. Finance, Insurance, & Real Estate overtook Manufacturing in the Top-Ten Industries targeted for the month of January. The overall phishing rate also rose slightly in January, to one in 1,004 emails.

There were ten data breaches reported in January that took place during the same month. This number is likely to rise as more data breaches that occurred during the month are reported. In comparison, there were 14 new data breaches reported during January that took place between February and December of 2014.

Vulnerabilities are also up during the month of January, with 494 disclosed overall and two zero-days discovered.

We hope you enjoy the January Symantec Intelligence Report. You can download your copy here.

New SORT Release on Feb 11, 2015

0
0

On Feb 11, 2015, SORT delivered another release and added the following features and enhancements

General:

  • Changed to vertical menu from horizontal menu for better user experience

Storage Foundation and Availability Solutions:


続きを読む
Viewing all 5094 articles
Browse latest View live




Latest Images