On February 20, 2013, Symantec completed another release of Symantec Operations Readiness Tool (SORT)! With SORT’s focus of improving the total customer experience for Storage Foundation and NetBackup customers, we’ve added the following Storage Foundation High Availability Solutions features and improvements to the website:
Visit SORT at http://sort.symantec.com to see why thousands of Symantec customers continue to gain value from the site.
We see it in the news almost every day. Businesses unable to serve their customers because their network is down or they have lost business-critical data. It’s not an enterprise problem. Small and medium-sized businesses (SMBs) are also waking up and realizing that they can protect themselves by implementing backup technologies that allow them to keep their operations running even in the event of an outage.
Backup has evolved from a luxury to a necessity, other technologies are progressing rapidly. Let’s consider virtualization. Virtualization improves IT flexibility by creating a central pool of resources, allowing for rapid provisioning of services on demand. It can reduce costs by avoiding the need to purchase and maintain storage and server hardware that are only needed for times of peak demand. In short, it improves almost every aspect of IT operations – except backup.
As SMBs increasingly embrace virtualization, they are forced to manage both a physical and a virtual environment. And most policies and IT tools have been designed to deal primarily with a physical infrastructure. With more business-critical applications becoming virtualized, IT will need to deliver the same reliability users are accustomed to in a physical environment. The best way to bypass this balancing act is by centralizing the control over their physical and virtual backups.
The ability for IT departments to embrace this approach is almost as important as the technology itself when it comes to the adoption of virtualization. As SMBs move information into virtualized applications, it needs to be as organized and protected as well as any other data controlled by the business. A failure to adequately plan will increase the risk of data loss.
In order to make backup effective in today’s increasingly complex IT environment, businesses should consider the following:
Virtualization can make information management more complex, particularly the area of backup. With the proper planning, SMBs can implement a backup solution that will keep things simple, minimize time and storage by eliminating duplicate data, and maintain the high availability that users expect.
Is your business ready to take advantage of virtualization?
I just wanted to give you an update on Enterprise Vault's Federal Information Processing Standard 140-2 (FIPS) compatibility. We've just updated the Enterprise Vault Compatibility Charts http://www.symantec.com/business/support/index?page=content&id=TECH38537 To indicate that EV 10.0.1 and above along with the existing EV 9.0.3 and above versions of the product are FIPS compatible.
What does this mean?
Any customer that requires a FIPS compatible version of EV can now upgrade to EV 10.0.1 or above (we'd always recommend the latest version available); if you're not aware of all the great EV 10 features, take a look at our why upgrade guide: http://www.symantec.com/business/support/index?page=content&id=DOC5617
Thanks Andy but what is FIPS?
Check-out EV's FIPS information here: http://www.symantec.com/docs/DOC4820
Over the last few years, many reports, white papers, and blogs have been released detailing targeted attacks. For example, some attacks employ sophisticated infection methods, such as watering hole attacks, and some rely on exploit code hidden in document files mixed with social engineering schemes. Some time ago, when the malware world was still dominated by mass-mailing worms that used fake emails as the infection method, one of the schemes was a fraudulent license renewal notification from well-known antivirus vendors.
Some may think that this scheme had become extinct but we saw evidence recently that it is still alive and kicking when an email was sent to an electric power company and a major industrial company in Japan.
Figure 1. Fake antivirus email with a Zip file attached
Inside the attached .zip file there is a file with a .doc.exe extension, which smells fishy. The file name is gibberish as well.
Figure 2. File name of the file found inside the Zip file
Although the file uses an MS Word icon, this file is an executable file and will therefore run regardless of whether MS Word is installed on the computer or not. This file is detected by Symantec as Trojan.Dropper. Once it is executed, it drops a simple back door onto the computer, detected as Backdoor.Trojan, which connects to a command-and-control (C&C) server and awaits commands from the remote attacker.
Interestingly the same “From” address was used to send different fraudulent emails to several airline companies targeting recipients that appear to be Japanese. As the targets are airline companies, the attacker was smart enough to use aviation related information in the email, but the use of the doc.exe tactic remained the same.
Figure 3. File name of the attachment sent to airline companies
This file is also detected as Trojan.Dropper that also drops Backdoor.Trojan, which connects to the same C&C server mentioned previously.
Once the back door is successfully opened, the attacker can take control of the computer and do whatever he or she wants, including stealing information that could be used in subsequent attacks.
While using defense systems against sophisticated attacks has become an absolute necessity, often a simple and old trick is enough to compromise a computer. Basic security practices can often be forgotten when security software is used and this sort of email rarely lands in your inbox. It is important to remember the expression “Disaster strikes when you least expect it.”
One of the things that weigh on an IT director’s mind is how he/she can keep up with their company’s growth in the data center. These areas include server growth, application growth, bandwidth and network growth, and just as important, data growth. In addition, how do they keep all that up with limited budget, both from a CapEx and OpEx perspective?
In the real world, the amount of money spent dictates scalability, because as the items I mentioned grow within the data center and beyond, the cost grows at an accelerated rate. The reason is because every piece of hardware/infrastructure added affects the growth of the network, storage, server capacity, resource utilization, etc. It’s like the ripple effect of tossing a pebble into a still pond. This makes real-life scalability follow the red line in the graph below. What the green line represents is if the cost per added data center piece always stayed the same, and didn’t affect all the other parts in the environment. But if you buy more servers, resources need to increase like bandwidth, storage, power, etc…you get the picture. Unless you have infinite funding, infinite scalability is like unicorns, the pot of gold at the end of the rainbow and immortality! Good luck bagging any of those!
Now here at Symantec, we always strive to engineer our backup products to provide easy scalability without complexity as our customers grow, and since we’ve been doing this for quite some time, we certainly know a thing or two about large environments. Did you know these Symantec facts?
But what’s important to note is, it’s not about how much footprint we can put into a customer’s environment that always dictates scalability success, it’s also about reducing the amount of traditional client and server software installs, yet still being able to protect their entire environment, end to end. This means virtual, physical, cloud and DR protection. The old adage “less is more” never has rung more true than it has in today’s data center. IT departments have had to do much more with less resources and funding. NetBackup V-Ray technology protects thousands of VM’s without needing individual agents per VM or a physical backup proxy server for every 5 or so ESX hosts. We also don’t make customers pay the bloated storage tax when setting up DR for your backup and recovery environment.
Finally, when it comes to cost savings and scalability, we have the differentiating NetBackup appliances. It’s costly, time consuming and often downright painful to spec out and build your own backup server, and make sure it runs optimally and with a fully supported configuration. The ability to plug in an appliance for either a server refresh, or to add to scale your existing environment has never had our customers so excited and yes, relieved!
But even after providing all that information on how NetBackup eases the pain of scalability, and all the points made about lower cost, we still won’t promise “infinite scalability”. You see, promising such a thing would both deceive and insult our customers with a misconception that money is no object. We’re about working on real-life enhancements. We’re always working on providing the best backup and recovery solution on the market, and listening to our 36,000+ customers for feedback to make our product stronger, more flexible and more efficient every new release.
However, if you still quest for infinite scalability, and you have a limitless budget and still believe the Tooth Fairy is real, then there’s still a vendor out there for you.
For more information on better backups with NetBackup, please visit us at:
In addition to RMM integrations with companies like Kaseya, Level Platforms, LabTech and Continuum with on-premise security and backup solutions, we also have and easy to use yet powerful online management tool for SEP.cloud and BE.cloud. Here's a testimony for Techmedics discussing the Partner Management Console.
James Moon, President and CEO of Techmedics, discusses how his company leverages the Symantec Partner Management Console (PMC), listing ease of management, granular control, reporting, and speedy deployment among the PMC’s many benefits.
http://www.symantec.com/tv/products/details.jsp?vid=2142352220001
Symantec recently received information on a new Java zero-day, Oracle Java Runtime Environment CVE-2013-1493 Remote Code Execution Vulnerability (CVE-2013-1493). The final payload in the attack consisted of a DLL file, detected by Symantec as Trojan.Naid, which connects to a command-and-control (C&C) server at 110.173.55.187.
Interestingly, a Trojan.Naid sample was also signed by the compromised Bit9 certificate discussed in the Bit9 security incident update and used in an attack on another party. This sample also used the backchannel communication server IP address 110.173.55.187.
The Trojan.Naid attackers have been extremely persistent and have shown their sophistication in multiple attacks. Their primary motivation has been industrial espionage on a variety of industry sectors. The attackers have employed multiple zero-days. In one example from 2012, Symantec reported on the Trojan.Naid attackers conducting a watering hole attack with a different zero-day, Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875).
Figure 1. Anatomy of latest Java zero-day attack
As seen in figure 1, the initial stage of the attack involves a target visiting a compromised site that hosts a malicious JAR file, detected by Symantec as Trojan.Maljava.B. The JAR file contains the exploit CVE-2013-1493 which, if successful, downloads a file called svchost.jpg that is actually an MZ executable, detected by Symantec as Trojan.Dropper. This executable then acts as a loader for the dropped appmgmt.dll file, detected as Trojan.Naid. An intrusion prevention (IPS) update due to be released later today will contain the following detection for the malicious JAR file.
Web Attack: Malicious Java Download 4
Symantec is currently investigating further protections for this zero-day and will provide an update to this blog when possible. To protect against potential zero-day threats, Symantec recommends that you use the latest STAR Malware Protection Technologies to ensure the best possible protection is in place.
This new Java zero-day attack has also been highlighted in a blog by FireEye.
The Royal Liverpool and Broadgreen University Hospitals NHS Trust is one of North England’s busiest and largest hospitals. With the influx of mobile devices impacting healthcare, the Trust embarked on a mobile data management strategy, based on Symantec Mobile Management, to enable secure mobile working. As a result, it found clinical outcomes improved through real-time access to healthcare history, medical images, medical notes, and more. All of this comes on top of a highly successful Symantec data loss prevention (DLP) and endpoint security implementation that lowers the cost of managing security by 25 percent. To learn more about these highly successful mobile management and security strategies, follow this link: http://bit.ly/VqUeD2
I'm very pleased to announce that the next Release Update for NetBackup 52x0 Appliances is now available!
NetBackup 5200/5220 Appliances 2.5.2 Release Update is the equivalent Appliance patch release to NetBackup 7.5.0.5.
It is a cumulative release containing fixes and content from 7.5.0.1 through 7.5.0.4. In addition, this release contains an additional 400 fixes (bringing the total fixes in 7.5.0.5 to over 1100!) including the most commonly downloaded EEBs, several customer escalations, and internal engineering defects.
In addition to including all of the fixes in NetBackup 7.5.0.5, Appliance 2.5.2 contains:
Information about 2.5.2 and download links are available here:
The 2.5.1 Update can only be applied to an Appliance already running at version 2.5 or 2.5.1 (including 2.5B and 2.5.1B).
To check to see if your particular Etrack is resolved in 2.5.2 (NetBackup 7.5.0.5), please refer to both sets of Release Notes:
Hi, all.
We have released a set of articles that contain information about troubleshooting the "failed" disk status, as reported by vxdisk.
Here is the link:
"Failed" or "failed was" is reported by vxdisk
http://www.symantec.com/docs/TECH200618
Since this is a broad topic, the "technote" is actually a set of about a dozen article that have been organized into a logical tree structure, with TECH200618 at its "root."
Let us know what you think!
Regards,
Mike
Today's sophisticated threats require a security solution equipped with multiple layers of protection to keep your business secure. Symantec hosted a webcast on “Stop 64% More Malware Today” on Wednesday, February 06, 2013 that discussed the threat magnitude and how to stop more malware with resources you already have, as well as how to mitigate risk without sacrificing performance.
The following are answers to the additional questions raised in this webcast. To view a recording of the webcast, click here.
Q: What was featured in this webcast?
Antivirus only is NOT enough. Symantec Endpoint Protection 12.1 contains five layers of protection—Firewall and Intrusion Protection, Antivirus, Insight, SONAR, and Power Eraser for unrivaled security in both physical and virtual environments.
Q: What does MP stand for in the following? SEP 11 RU7 MP2?
RU stands for Release Update. This update is similar to a Windows Service Pack.
MP stands for Maintenance Pack. This is similar to a Microsoft Update Rollup.
Q: What is the upgrade path to 12.1 from 11.0.x?
Please check out the following article:
http://www.symantec.com/connect/articles/supported-upgrade-paths-symantec-endpoint-protection-121
Q: The version of Java that I am running is not supported by the version of SEPM I am using. What should I do?
There are a few options:
1. You can upgrade the version of Java you are running to the latest version.
2. You can upgrade the version of Symantec Endpoint Protection Manager you are using to the latest version.
3. You can use the local console on the Symantec Endpoint Protection Manager. The local console on the Symantec Endpoint Protection Manager uses the internal version of Java included in the Symantec Endpoint Protection Management server.
It is always recommended to upgrade to the latest version of Java. Running old versions of Java can make your system vulnerable. The latest version of SEPM 12.1 does work with the latest version of Java.
Q: Is it necessary to reboot the clients when migrating from SEP 12.1.1 to 12.1.2?
Yes. The SEP 12.1.2 install will not until you reboot. However, the client will continue to run SEP 12.1.1 and protect the system even if you do not reboot.
Q: So how does that upgrade to SEP 12 for free deal work?
If you currently own SEP 11 and your support/maintenance contract has not expired yet, then you can use the latest version of SEP 12.1 for no additional cost. Please contact your sales rep or reseller for more details.
For more details see:
http://www.symantec.com/docs/TECH103088
Q: Is Sonar available in 12.1?
Yes. SONAR is available in SEP 12.1.
Q: I had heard that SEP 12.1.2 has increased its list of detectable "suspicious" behavior from 400 to 1400. I can't find any documentation on this. Can you shed some light on what has been enhanced?
In Symantec Endpoint Protection 12.1 RU2 we added over 1,000 new behavior. Applications will exhibit multiple behaviors. Some behaviors increase the application score and some behaviors decrease the application score. As the application runs, it may exhibit more behaviors that change the application score. Once the application score hits a certain threshold then we convict the application. Note: We do not document the list of behaviors we check for. These behaviors are updated on a regular basis.
Q: In the Endpoint Protection Manager, where can I see if Sonar is enabled?
You can see what technologies are installed from the Symantec Endpoint Protection Manager console on the Clients tab under the ‘Protection technology’ view.
Q: How does insight determine which files are "fine”.
Insight uses a database that has over 3 billion files and more than 2 trillion associations to determine what files are good or bad. Each file is rated based on the context of a file, such as how many copies of the file exist, where the file came from and who else is using the file. It uses a reputation system to give each file a reputation rating. As an analogy, you can think about the way Amazon gives ratings to a book. If the book has five stars and lots of ratings then the book is likely a good book. If the book has only one start and few ratings then the reputation of the book is questionable. Take a look at this site for more details:
http://www.symantec.com/reputation-based-security
Q: How do you configure Insight on a server?
Insight can be configured the same on a server as it is on a desktop. Insight will monitor programs downloaded from the Internet and block programs that have poor reputation.
Q: Is Insight only available in SEP 12?
Insight does require Symantec Endpoint Protection 12.1 or later. SEP 11 and SEP 12.0 SBE do not have Insight technology. However, other Symantec products such as Symantec Messaging Gateway and Symantec Web Gateway do have reputation (i.e. Insight).
Q: When looking in the NTP logs, what column will show the "system infected" message?
The “system infected” message can be seen in the Event Type (or Summary) field of the Attack (or System) log.
Q: System Lockdown and Application and Device Control are the bread and butter of SEP. The problem is trying to deploy in a huge environment, 10K+. Any whitepapers or recommendations for doing this?
There are some resources we have online to help with this:
http://www.symantec.com/security_response/securityupdates/list.jsp?fid=adc
https://www-secure.symantec.com/connect/articles/how-block-or-allow-devices-symantec-endpoint-protection
Q: Where can you download the newest version of power eraser?
Power Eraser is included in the SymHelp tool. The latest version of the SymHelp tool can be found here:
http://www.symantec.com/docs/TECH170752
The latest version of the Norton Power Erase standalone tool can be found here:
http://security.symantec.com/nbrt/
Q: Can you run Symantec Power Eraser on a remote PC?
The Power Eraser tool is included in the SEP Support tool. Here are some KB articles that tell you how to run the SEP Support tool remotely.
http://www.symantec.com/docs/HOWTO72599
The SymHelp tool replaces the SEP Support tool. Here are the command line options on how to run the SymHelp tool. These can be used to run the tool remotely.
http://www.symantec.com/docs/TECH170732
Q: Can Power Eraser be run by a non-administrative user on win7?
Power Eraser requires administrative access.
Q: Why do we see increase in Malware after Adobe Flash updates?
This is most likely happens when the new version of Adobe Flash is released with an announcement of vulnerabilities that have been fixed. Attackers then use these announced vulnerability to attempt to infect systems still running the old version of Adobe. Many attackers may not know about the vulnerabilities in the old version until the new version is released and these vulnerabilities are announced.
Q: Out of the box, default setup of SEP 12.1.2, how much will it really stop?
Symantec Endpoint Protection 12.1 default policies offer the best of class protection. By default, Symantec Endpoint Protection 12.1 has five layers of defense: Network, Reputation, File System (including heuristics), Behavior and Remediation. With these five layers working together, we can stop both known and unknown threats.
For an example, please check out the 3rd party review from Dennis Labs:
http://dennistechnologylabs.com/reports/s/a-m/2012/DTL_2012_Q4_Ent.1.pdf
Q: We have a developer computer in which has been developing code internally for our systems, and the SEP 12.1 is seeing it as a "Trojan.gen" however sits as a status "Pending", doesn't remove it, does delete, doesn't do anything really. We tried to run a full sweep, which it finds, but does not delete anything. Ran the "Norton Power Eraser" and it ran a low-level sweep and found nothing. Yet when the system reboots, within 1 hour SEP finds the item again. Please explain?
This could be happening for several reasons. For instance, it could be that the system in question is getting attacked or infected by another system on your network. When this system gets attacked it will delete the malware and keep the system protected. However, at a later point the remote system simply tries to infect the system again causing another event to be generated. For this type of case, I recommend working with our enterprise support team. They can help you isolate the issue.
Q: Can Symantec make registry changes to fix unauthorized changes to the registry?
The Symantec Endpoint Protection product can clean up registry keys left behind by malware. It can also revert unintended or unauthorized changes to the registry made by malware.
Q: Can Symantec generate a signature for block Ultrasuf traffic with IPS technology as it already does with Emule, Kazaa, or Ares?
Ultrasurf uses encrypted traffic. A network signature like the one we have for Emule or Kazaa may not be possible. However, you can use Application Control to block Ultrasurf. Please check out this link:
http://www.symantec.com/connect/articles/proxybusters-part-1-ultrasurf#comment-8325121
Q: We have SEP installed on our main DC. Is this server protected? In addition, what was the name of the protection you recommended for servers?
Symantec Endpoint Protection 12.1 offers good protection for servers. However, in addition to Symantec Endpoint Protection we offer another product called Symantec Critical System Protection. Critical System Protection offers additional protection specifically targeting servers. It also has system configuration monitoring and system hardening features. For more information, please check out this link:
https://www.symantec.com/critical-system-protection
Q: If you do get a drive by download infection and delete the exe files manually to prevent the software from running, have you fixed the problem? Or is there something else that you have to do?
Drive by downloads can download multiple files and can install rootkits or other malware. Removing only the exe files associated with the drive by download may not always resolve the issue. I would recommend running Symantec Power Eraser as well.
Q: There are a number of OS on the market. Are they all equally vulnerable?
All operating systems have vulnerabilities. Some operating systems have better protection to reduce the risk of exposure from the vulnerabilities. However the amount of attacks on a particular operating system is not only related to the vulnerabilities it has but can also be related to the prevalence of the operating system and the amount of money or information that can be gained by breaking into devices running that operating system. Many attacks happen using social engineering, which attempts to fool the user into installing malicious applications or doing a task on behalf of the attacker.
Q: What if Insight blocks a legit file?
Insight will block the download of an application if the application is still unknown. For example if only a very small number of people are using the application. These may be seen as false positives in some cases, but many of our customers do not want their users to be their first users on the Internet to run or install an application even if the application is good.
For resolving false positives, please check out this page:
http://www.symantec.com/connect/downloads/false-positive-prevention-and-correction-symantec-endpoint-protection-version-121
Q: I have an issue with false positives dealing with java files. What are my options with dealing with these false positives?
For resolving false positives, please check out this page:
http://www.symantec.com/connect/downloads/false-positive-prevention-and-correction-symantec-endpoint-protection-version-121
Q: What do I say to users who receive a pop-up notifying them of a risk but give them an option to proceed anyways?
The safest course of action would be to allow the risk to be quarantined. The pop-up should be primarily used as a notification so the user knows why the file was quarantined. However, you can turn the notifications off if this is a concern for your users.
Q: We're get "virus alerts" within SONAR for the svchost.exe, however when we're scanning them we see nothing. Are these false positive?
This is happening because svchost.exe is making changes to the hosts file. Turing off the hosts file detection will eliminate these logs. Please check out this KB for more details:
http://www.symantec.com/docs/TECH164391
Q: Is there a recommended tuning doc for the Sonar / Proactive Threat Protection to reduce "noise"?
The default setting is the recommended setting here. Sometimes SONAR is noisy because System Change events have been turned on (it is turned off by default). When this is turned on, you will get a log event for each application that modifies the hosts file or changes the DNS records. Please check out this KB for more details:
http://www.symantec.com/docs/TECH164391
Q: I have users who use password vaults and I try to remind them Quicken, and others like this are bingo points for malware - am I giving good council?
A password vault can be a good way for a user to store all their passwords. It is much better for a user to store their passwords in a password vault then for them to write it down in plain text somewhere else.
Q: The biggest reason we turn off some layers of protection is because they are too processor intense on the local machine. What is your suggestion for older XP machines with smaller processors and less memory?
Try running Symantec Endpoint Protection 12.1. It has many performance enhancements that did not exist in SEP 11.
Q: Network Threat Protection was causing performance issues when we had it enabled on our PCs running behind a corporate firewall and running Windows Firewall. Symantec tech support team recommended us not to enable NTP. Should we need to re-visit this?
Yes. We strongly recommend that you at least enable IPS on all workstations. We have worked hard to reduce the performance impact of IPS.
Click link to learn more about Symantec Endpoint Protection 12 positioned as the Leader in 2013 Gartner Magic Quadrant.
Contributor: Ruby Yang
Rumors of Venezuelan President Hugo Chavez’s death were rampant on the news and Internet over the past month, and last Tuesday, the Venezuelan Vice President confirmed that Chavez died after a two year battle with cancer. Chavez’s death has triggered reactions worldwide, from world leaders to ordinary citizens, and everyone is talking about his ideas and actions as Venezuelan President. At the same speed as the news is spreading, cybercriminals are using this opportunity to send malicious links related to his death as well as hypothetical theories about the cause of his sickness and death.
All the links that we have seen contain malware. Some domains have been registered recently and others seem to have been hijacked.
Here is an example email used in these attacks:
The following URLs are the malicious links that we have observed:
Symantec has observed that spammers typically use breaking news to send out emails leading to malicious threats usually less than a day after the news is released.
Be careful when searching for news and current events. Do not open suspicious links or attachments that you may receive in unsolicited emails and keep your security software up to date.
The Internet of Things (IoT) took another step forward, as standardisation body OASIS formed a committee to enable the adoption of Messaging Queue Telemetry Transport (MQTT) for machine to machine (M2M) communications.
MQTT is a small-footprint messaging protocol designed to enable low-power devices to exchange information. Such standards matter as they accelerate technology creation and adoption, by reducing development costs and increasing interoperability. In layperson's terms, the easier it is for devices to talk to each other, the more they will do it.
IoT is very interesting to us at Symantec, most importantly because it will have a dramatic impact on the way we all use technology. The EU's Neelie Kroes suggested that up to 50 billion devices could be connected to the Internet by 2020, from pallets to fridges. Indeed, the number of 'things' connected to the Internet is expected to surpass the number of people within a year from now.
As with any technology however, such a wealth of connected devices will open up a set of risks. Last month, Michael Lee wrote in ZDNet about a range of "significant" security challenges across data privacy and physical security that have the potential to disrupt business in new ways.
From our perspective, the most interesting phase of the development of the Internet of Things could also be the most challenging, as devices and software are created which ignore or de-proritise security features in the drive to get products to market. We've seen this lack of attention to security in the past, together with resulting weaknesses in the technological fabric which are open to exploitation by cybercriminals.
While standards are essential to help reduce these risks, our attitude continues to be simple: protect the endpoints (which is why we invested in device security firm Mocana over two years ago), protect the data wherever it is, and educate the market on how to maximise the benefits of technology while minimising the risks.
It isn't hard to find examples of how the Internet of Things will have a transforming effect on both corporate and everyday lives. While standards developments like MQTT are to be welcomed, we should also be working together to ensure that the risks of the Internet of Things are minimised, both in terms of technical measures and the best practices that go with them.
Please share your thoughts below and also take a look at what Symantec Security Response recently analysed as the earliest known version of the infamous Stuxnet malware.
Symantec Vision is approachng quickly--complete with all the hard-hitting content, valuable networking opportunities and fun activities you'd expect from a premier industry event. Register now to discover first-hand how Symantec can help you manage your bigges secirtuy management, information management and mobile changes.
By Mayank Sharma, Network Systems Engineer at Child Advocates and a Symantec Customer
At Child Advocates, our focus is helping abused or neglected children find hope through our volunteers who help them transition to a safe environment. As a non-profit organization, we have to make the most of our limited resources, without compromising all the confidential data we are storing. That makes endpoint protection a top priority for us.
With only two staff members to manage our IT infrastructure, including the management of our 13 servers, we are always pressed for time. And we found ourselves constantly dealing with server issues caused by our antivirus solution. It periodically caused CPU spikes in our servers, requiring us to shut them down and restart them as well as reinstalling the antivirus software often, a process that takes hours. This happened several times each month, and we had to manage the antivirus solution on each server individually, for every incident.
While we were experiencing this challenge with our AV solution, we were having an excellent experience with deploying our backup solution from Symantec. Their Backup Exec.cloud solution provided a single console through which we could manage the deployment across our endpoints, and we began to look into their endpoint protection solution as well, which could be managed from the same console.
We decided to deploy Symantec Endpoint Protection Small Business Edition 2013 and have found that, with our limited manpower, being able to manage the deployment on each server from one web-based console has been a tremendous time saver. I can manage the solution for every server over the Internet from anywhere, to keep our systems up and running. I can also create a set of policies and deploy different configurations to different servers, based on their function. The console gives me a summary of each server’s current status without a need to log into each endpoint. Its footprint is also much smaller than our previous solution, eliminating the CPU spikes that had been causing us problems.
In addition to being easier to manage, Symantec Endpoint Protection Small Business Edition 2013 has helped us save a lot of money. For the price of a single year of our previous on-premise solution, we have been able to purchase a three-year subscription to Symantec Endpoint Protection Small Business Edition 2013. And with the extra time I now have, I am free to pursue more important IT projects and look at new initiatives that will help our organization fulfill its mission.
I would recommend that all small businesses take the opportunity to re-evaluate their endpoint protection strategy. The advent of cloud-based services shouldn’t be overlooked; any company that still has to manage servers individually is making things harder than they need to be. Look for the right solution provider to help you keep your patches and updates happening automatically, and your solution should allow you to easily manage policies and deployments from a central location. Cloud-managed solutions can also save you money in today’s world of shrinking IT budgets. Why would anyone not want a less expensive, simpler, more effective endpoint protection solution?
Discover the power of complimentary certification!
If you’re attending the Symantec Vision conference to increase your knowledge, why not include a technical exam and increase your technical credibility? Symantec is giving a little extra incentive to invest in your career by offering FREE Symantec Certified Specialist (SCS) certification exams at the Vision 2013 Las Vegas conference for the first 100 candidates to register.
Customers who register for an SCS exam after the first 100 free exams are taken are eligible to receive 50% off the normal cost (a $75 savings). This is an incredible offer available only to Vision attendees!
You can only benefit from the Certification Exams discount if you have registered for Vision. Register here first.
Did you know?
76% of candidates and recruiters verified that Symantec Certification was discussed as part of the hiring process. Certified end users demonstrate the highest levels of technical competency and productivity, have the ability to help lower operating costs, and gain industry recognition. You can get one step ahead of the competition with a FREE technical exam.
Please visit the Vision 2013 Las Vegas website for more information or email global_exams@Symantec.com now to get registered to take advantage of this limited opportunity.
As a first-time attendee at HIMSS this year (#HIMSS13), I was pleasantly surprised by the breadth and depth of the experience—wall-to-wall innovation (everything from virtual hospitals, to physical bed technologies, to mobile phone security) in a space the size of eight football fields.
If I felt any disappointment, it was only at the relative lack of federal healthcare representation—a criticism I made at RSA last week as well. That said, there were enough federal executives, partners, and integrators at HIMSS to make the experience wholly worthwhile.
I was indoctrinated in the healthcare field about a year ago. The most difficult part was learning how to filter out the extraneous noise so that I could focus on the pressing issues for government.
Even now, I struggle to find clarity and consistency in the broader healthcare market. In practice, the infrastructure of "all things medical" is largely proprietary, which makes things more complicated than they need to be. (Open standards are in the works, but they're not here yet.)
Case in point: I recently saw the announcement of a new alliance called Commonwell—a group of primary EMR vendors aiming to build the synergies necessary to share information. After visiting their booth to learn more, I mentioned this to a "realist" colleague of mine, and noted that it all feels very much like Energy ten years ago, when SCADA systems were on propriety networks, and as those systems were introduced to TCP/IP-based networks, malware took center stage.
"What we learned," I insisted, "was to embrace the flexibility of open standards."
He looked at me incredulously, and said: "Really? Even Microsoft is proprietary."
Perhaps I'm being naïve, but I still believe that someday, all networks, technologies, and resources can share common data by using the same protocols, attributes and characteristics. How hard can it be?
In fact, considering President Obama's State of the Union message and NIST funding from the Executive Order to build more appropriate frameworks, this goal is more attainable than ever.
And it's a worthwhile mission: focusing our attention on the healthcare missions that matter most—like making sure your new doctor has access to data about your penicillin allergy.
Of course, all this openness and data sharing does unearth some new challenges for information security and privacy managers. In fact, while at HIMSS, I had the opportunity to talk about this issue with Health IT Security.
If you have the time, that article is worth a read, too.
These days, it seems you can’t toss your mortarboard into the air without hitting a story on cloud-based education. But if you still haven’t gotten your fill, there's a TED Talk for that.
Actually, there's a TED Prize—awarded this year to Newcastle University professor Sugata Mitra for his pioneering work on self-guided learning in the cloud.
In Mitra's vision, students congregate in Self-Organized Learning Environments (SOLEs) overseen by virtual teachers on Skype.
It’s an exciting future, to be sure. But before we start re-writing the education manuals, it’s time to think seriously about one aspect that’s missing from Mitra’s proposal: information security and management.
Just as Mitra labels learning systems of the past as "outdated," the same should be said for legacy education security tools like physical lockers and combination locks. Hence, it's essential that we evolve our security infrastructure at the same rate (if not faster) than we evolve our learning systems.
In fact, the very prospect of self-guided learning will place an enormous burden on the security and integrity of our online learning technologies. For parents and teachers to feel comfortable with children guiding themselves through an Internet-based curriculum, the trust in those online systems has to be ironclad.
In particular, there are concerns about violations of student privacy, student access to inappropriate content, and something known as the “catfish effect.” (For those unfamiliar, this term refers to students faking their identities online or finding surrogates to take online tests, participate in online classrooms, or contribute to online workgroups.) Naturally, a system for validating student identities is a significant part of the solution.
Furthermore, it's not just data security that we need to consider. Moving our whole learning system online means greater reliance on system availability and up time, which creates a significant need for data storage, disaster recover and continuity of operations.
Ultimately, we need to make these investments in information security and management today (particularly at the state and local levels) in order to realize the exciting education future of tomorrow.
At last week’s CeBIT 2013, Deutsche Telekom has announced a strategic partnership with Symantec to offer cloud services to their SMB customer base and target markets. This is another great example that shows how Symantec supports Communication Service Providers in delivering information protection services and generating new business.
See the Deutsche Telekom announcement from March 04, 2013 for more information: http://www.telekom.com/media/consumer-products/179842
Data growth remains one of the most common topics of conversation I have with organisations. Pick any research study, and it will show you that data growth is relentless—more than 40 percent per annum most argue—and that pace of growth shows no sign of stopping. The largest growth area is in unstructured data: the data that resides outside structured databases.
The rapid adoption of mobile and cloud service’s extends where information resides beyond the traditional data centre boundaries. This creates new challenges around the management and protection of an organisation’s information.
From my conversation organisations are no longer solely focused on how to tame this growth. Techniques like de-duplication, space-optimised snapshots, compression and archiving are all essential tools and commonly used to better manage this growth. Now, the conversation is turning to other related matters, such as how to get better control and leverage of information through information governance programmes.
Indeed, the 2012 Symantec State of the Data Centre Survey found that more than 90 percent of organisations are actively discussing information governance projects, or have trialled or implemented a governance program.
In this blog, I will discuss my thoughts based on conversations with organisations about their motivation for these information governance projects.
The first driver for organisations is to obtain a clear view on the value of their information. Creating an information governance policy kick-starts the journey of classifying data based on its importance and value to the organisation. Data classification policies can simply be based on the perceived value and importance an organisation puts on their information. Alternatively, it might be legislation that directs this categorisation. Either way, this initial classification is essential as it underpins how an organisation implements information governance policies. “Create once and harness many times” is a reliable mantra to keep in mind to avoid these programmes spiralling out of control.
Security of key information assets is the second key driver. By doing part one (data classification) the organisation now understands what its most valuable and sensitive information assets are. It can now focus on ensuring this information is secure and not vulnerable to compromise. Often this classification knowledge can stimulate data loss prevention projects or a re-review of existing projects to ensure they meet the now defined data classification policies.
The third driver for adopting an information governance programme is to derive increased competitive advantage. In the conversations I have with companies, this has commonly materialised as mobility projects. Prior to the arrival of mobile and tablet devices, sensitive information was generally only accessed within the traditional firewall perimeter. As demand for tablets increased, so has the demand for accessing important corporate information on the devices.
Many IT departments I have worked with have gone through a transition period. The initial response was to deny access to this information via mobile devices as it was considered too insecure to allow such as thing. What if the device is lost or compromised, for example, owing to immature protection methods? However, when it became clear advantage could be derived through smarter working, the question turned to, “how do we enable it but at the same time maintain control?”
Once this mind set was established conversations began around issues such as encryption, user authentication and remote device, application and data management. These tools allow an organisation to put in place stronger controls that ensure policies are maintained whilst meeting the changing demands of the business.
The fourth and final driver I see is around cost savings for e-discovery. Unstructured information often spans many different data repositories across a variety of applications. Courts and regulatory bodies, for instance, have strict requirements about how organisations should respond to a request for information. The cost of sorting, analysing, processing and producing reports for internal investigations, compliance audits and legal requests for information is significant. Organisations can face multi-million pound fines if they fail to provide the required evidence on time.
Techniques that reduce the amount of data to review, coupled with a robust engine that indexes information, are the basis for automated e-discovery.
Stopping information growth is like the aspiration to remove all risk from an organisation: it simply can’t be done. However, governing the information in your organisation and making it work for you—rather than against you—is the domain of information governance.
Symantec provides solutions to address the above and more challenges with in this area. If you would like to know more, please contact the author of this blog or your local Symantec representative.
