Hello all,

Raynet will be releasing a new major version of its packaging tool, RayPack 2.0, this summer, and one of its features will be its own scripting engine, called RayScripting. 

In order to make it easier for existing Wise Script customers, RayScripting will have the ability to import Wise Scripts and then convert them into RayPack project files so that they can then be turned into a MSI, SWV, etc package. 

As RayScripting is still in its alpha stage, we would be very interested in finding out from the existng Wise Script customer base how they would like to see their Wise Scripts converted, so if you have any ideas on this subject, please add your comment to this blog, or contact me directly. 

Kind regards,

SK. 

The Global Reporting Initiative (GRI) Sustainability Reporting Guidelines are the most widely used comprehensive sustainability standard in the world. This type of sustainability report conveys disclosures on an organization’s most critical impacts (positive and negative) on the environment, society, and the economy. The fourth generation of these Guidelines (G4) was launched in May 2013 with the goal to make robust and purposeful sustainability reporting standard practice.

Symantec was an early pioneer of the new G4 guidelines. In a recent publication, Symantec's Corporate Responsibility's Manager, Corporate Responsibility Debra McLaughlin discusses the company’s experience with implementing the G4 reporting criteria and its focus on materiality analysis. 

View the full publication here.

Configure a Code (Script) Component as such:

// Using namespace (one per line):

System
Symantec.SymQ
LogicBase.Core.Messaging
LogicBase.Core.Messaging.Implementations



// Source code:

string connectionString = "";

try {
        IMessageExchange exchange = MessageExchangeFactory.GetExchange(SymQConstants.Q_CONFIG);
        Message message = exchange.Get("SymQ_Local_Defaults");
        ExchangeConfiguration config = (ExchangeConfiguration)message.PayLoad;
        AbstractExchangeConfiguration localOrm = config.GetConfiguration("local.orm");
        RelationalMapperExchangeConfiguration mapper = (RelationalMapperExchangeConfiguration)localOrm;
        connectionString = mapper.ConnectionString;
}
catch (Exception e) {
        return e.Message;
}

return connectionString;

Once completed, you will be able to use the 'SqlConnectionString' variable in your project.

Backup Exec Product Management Team is currently doing research collecting information that could help the engineering team solve most common jobs or tasks that our customers do on a daily basis. You have an opportunity to make a difference and to share what matters most to you in your daily operations. 



Take few minutes to answer a set of 10 questions and while doing so, expand on those areas which you feel would help reduce the amount of time you spend on backups, the effort it takes to resolve an issue, or even an improvement that might save you money, if we could just solve for that problem.

Please click here to provide your feedback https://www.surveymonkey.com/s/R6QGJ56

An average car produces about 1.1 pounds of CO2 emissions per mile – a bike releases none. Biking five days a week for a full year could save between .7 – 1.9 Tons of CO2. Not only is biking a green way to travel, it is also great for your health. A San Francisco Bay Area study found that increasing biking and walking from 4 to 24 minutes a day on average would reduce cardiovascular disease and diabetes by 14%. 

Biking has increased 60% in the past decade, but it still remains on the fringe. Only 1% of commuters bike to work. Bike to Work Day is an annual event that encourages people to bike to work.

Each year, Symantec partners with Silicon Valley Bike Coalition to support this annual event. Symantec sets up an Energizer Station with snacks, drinks, free goodies, and cheerful support. This year, 215 bicyclists passed by and 141 stopped at the station. We also sponsored three classes for employees to prepare for Bike to Work Day in partnership with Silicon Valley Bike Coalition and Sports Basement. Employees learned about the rules of the road, bike maintenance, as well as practical experience on riding in the street.

While Bike to Work Day has come and gone, there is still more fun in store! Symantec has a Bike to Work Contest each summer that will run from May 1—September 30th, 2015. Each day that an employee bikes to work they log their miles and are eligible for prizes from Symantec’s Applause Program and Sports Basement. There will be prizes for most days ridden, most miles ridden, and plenty of other random winners. 

For any questions about Bike to Work Day, please contact Environmental Responsibility at Environmental_Responsibility@symantec.com.

Ashley Savageau is Symantec's Community Relations Program Manager.

A few weeks ago at the RSA Conference 2015, the OpenID Foundation announced the launch of its OpenID Connect Certification, an important program that enables organizations to certify that their OpenID Connect implementations conform to specified profiles of the OpenID Connect standard.

We are pleased to announce that Symantec is hosting this self-certification process and providing the technical infrastructure and security to scale the new initiatives.

The OpenID Foundation’s Goals 

Along with other industry leaders, Symantec is a proud member of the OpenID Foundation, a non-profit standardization organization represented by an open community of developers, vendors and users committed to enabling and promoting OpenID technologies.

The goal of the OpenID Foundation is to create a widely available, secure, interoperable digital identity so users can take advantage of cloud-based services and applications on the device of their choice. Each user’s digital identity will be interoperable across different platforms and vendors. Instead of having users deal with different credentials issued for every site they visit, the desired model is to allow users to use trusted credentials they already have across different sites.

We feel it’s a big step in the right direction for both enterprises and users.

OpenID Connect Certification Overview

Let’s learn more about the new OpenID Connect Certification program.

OpenID Connect is an interoperable, secure and mobile-ready authentication protocol. Since its finalization at last year’s RSA 2014 conference, OpenID Connect has been widely adopted. OpendID Connect lets developers authenticate their users across various websites and apps without having to own and manage passwords.

The new OpenID certification program is a tool to ensure that implementations by different parties will successfully interoperate. Google, Microsoft, ForgeRock, Ping Identity, Nomura Research Institute, and PayPal are some of the other industry leaders who will participate in the new certification process.

Based on self-certification, the OpenID Connect Certification program is a formal declaration by an organization that a product or service meets the requirements of specified conformance profiles of the OpenID Connect standard.

The overall Self-Certification Process is outlined below:

• Vendors must pass a series of self-administered conformance tests for profiles.
• Once the tests are completed, the organization signs and submits a Certification of Conformance to the OpenID Foundation. The organization attests that it successfully completed the software tests and asserts that its deployment conforms to the designated OpenID Connect profile.
• After the required materials are submitted, the self-certifications are published. The certifications are then registered by the OpenID Foundation at the Open Identity Exchange’s publically accessible identity registry, known as OIXnet, which was also launched at RSA Conference 2015.

With the rapid adoption of OpenID Connect, this lightweight certification process allows participating vendors to come together to build a more secure and trusted Internet identity ecosystem.

And the benefits from a user’s standpoint?

From a user’s perspective, this process removes the often difficult burden of identity creation and authentication by facilitating an easy-to-use and secure method that is interoperable across multiple web sites. This program and certification process can potentially augment online transactions at higher volumes, velocity, and variety.

The OIXnet -- a Global Registry for Trust Frameworks

The news of the recently launched OIXnet is also another big win for our industry. It shows that industry leaders – from diverse verticals -- have come together to support both the new OpenID Connect and OIXnet Registry initiatives.  Symantec is a founding board member and executive committee member of the OIX.  Both the OIX Registry and the OpenID Connect test suite will be hosted by Symantec to ensure the security of the trust framework resources and certifications.

As a leader in global threat intelligence and cybersecurity, Symantec is uniquely positioned to share actionable intelligence for both enterprises and consumers. The selection of Symantec to host the OIX Registry and the OpenID Connect test suite further augments our commitment to advancing the industry.

Overall, at Symantec we’re excited to support these new initiatives and look forward to promoting the adoption of these global standards. 

DLPKeywordEPTest01

Today one of our software packagers had an issue. One of his packages was not having it's distribution point updated correctly. The error in the Altiris Logs was as follows,

Unexpected exception occurred when running Manage Distribution Points for package 26ff6c0c-88d5-4b15-a462-a25804bfaa4e
Access to path '\\mypackageserver\JobSource\Apps\DWG_Trueview_2014\19.1.18.0\Program Files\DWG TrueView 2014\Support\africa.map' has been denied.

At first, I thought it was a path issue. But, the path length was fine. We even tried moving the .map file around, and the error just followed it. 

At first, we thought it was a client issue -the packager's machine. The .map  file on his machine had the type ISWI.MAP (Install Shield Windows Installer MAP file) which was unusual for us, so I checked if anything was keeping the .map file open using Mark Russinovich's Handle, but nothing.

All very odd. Got him to close down his machines to pay him back for annoying me with this puzzle, and nothing.

Next I tried creating a new UNC package, just containing the one dummy file ian.map to see what would happen.. And the error appeared for this package too...

Unexpected exception occurred when running Manage Distribution Points for package 4af182ed-fab9-42a1-bcd0-6c4b29f8ee38
Access to path '\\mypackageservers\Jobsource\Apps\_Ian_test\ian.map' has been denied.

So, at the moment... we are puzzled. Something is certainly getting in the way of these files whilst the distribution point update is in progress. To resolve we'll likely zip up these map files to workaround this. Major pain... unless anyone has any clues?

Hello Everyone,

SEP 12.1 RU6 (12.1.6168.6000) is now available on Flexnet to download.

Full setup file is of size 675 MB.

Installation and Administration Guide:

http://www.symantec.com/docs/DOC8645

Note: Symantec Endpoint Protection 12.1 RU6 does not ship Small Business Edition which reached End of Life (EOL) in May'15. Small Business Edition 12.1 customers can use a tool to migrate to the cloud-based Symantec Endpoint Protection.

This does NOT mean the customer needs to immediately upgrade their product. Customers will be able to renew their on-premises license and continue to use their SBE SEPM’s until 2018.

For more details check this blog: https://www-secure.symantec.com/connect/blogs/end-life-small-business-edition-121x-edition

Gartner released the 2015 Magic Quadrant for eDiscovery Software this past Tuesday and you can download the report using this link. 

This year’s analysis marks the fifth anniversary of Gartner publishing the Magic Quadrant for eDiscovery Software and to celebrate this milestone, the authors highlight five disruptive forces impacting the industry this year. 

The first force mentioned is migration to Office 365.  Organizations are actively evaluating the decision to move to Microsoft’s cloud service and these conversations often lead to discussions around Office 365’s native eDiscovery functionality.   Gartner cites that as “Organizations are in the process of migrating email and documents into Office 365 [they] need to take a step back on what that means to their established eDiscovery process and technology application.” 

• Through direct collections from Office 365 and direct collections of Office 365 content archived in Enterprise Vault or Enterprise Vault.cloud, the eDiscovery Platform makes it easy for organizations to migrate to Office 365 and remain confident in their defensible approach to preservation and discovery.  Regarding this topic, Gartner highlights the following strength for Symantec:  “The propensity to integrate with different third-party data repositories (now with Office 365) makes Symantec's eDiscovery Platform a compelling option for corporations that desire to have full control of eDiscovery process and technology”

Second, Gartner highlights concerns around new data sources and data sovereignty.  The report notes that organizations have started the dialogue on how to preserve social and Web data and whether these new types of content should be subject to the same data preservation rules. 

• The eDiscovery Platform is capable of natively collecting from over 50 different data sources and version 8.0 introduced new connectors for SharePoint Online and Skype for Business.  Through integration with Enterprise Vault and Enterprise Vault.cloud, preservation of this data remains seamless.  The flexibility of Symantec’s solutions ensures that organizations are armed to manage the influx of new data sources. 

The third force Gartner identifies is that customers want agile and less expensive approaches to eDiscovery.  Overall, organizations have realized that the traditional project-based approach to eDiscovery is becoming unsustainable. 

• The eDiscovery Platform‘s flexible deployment (e.g., appliance, software, hosted) and modular delivery (e.g., legal hold, collections, analysis & review) ensures that customers can implement the right-sized solution for their needs.

Fourth, Gartner notes that pricing structures continue to be simplified as customers are seeking predictable pricing and transparency.  Overall, eDiscovery costs are becoming more comparable and cost-effective for customers.

• In the report, Gartner recognizes that Symantec recently, “revised pricing by lowering the manufacturer's suggested retail price (MSRP) for all perpetual license types and created a capacity-based subscription model.”  The updated pricing was designed to ensure that customers could easily determine the licensing model that worked best for them at the most competitive price. 

Finally, the fifth force that the report acknowledges is that vendors are increasingly expanding their offerings into the cloud.  Gartner notes the early adopters are starting with data sources that already reside in the cloud.

• With Enterprise Vault.cloud, Symantec already maintains a strong presence in the cloud archiving and eDiscovery market.  The product team is hard at work continuing the development and evolution of our existing product suite.      

Overall, Symantec welcomes these disruptive market forces and we are excited to empower our customers to succeed in the face of today and tomorrow’s eDiscovery challenges.  Visit our product page to learn more about the eDiscovery Platform

Download the 2015 Gartner eDiscovery Magic Quadrant

We know what to do when the fire alarm sounds, but what if the sparks are on our desktop? Developing an active Phishing Campaign for the enterprise is akin to a fire drill practice and should become second nature.

Cyber-crime organisations, nation states and hactivism all use similar toolsets to get what they want. The scatter gun approach is no longer as pervasive as it once was. Intellectual property (aka data) is the new currency and information, as always, is power.

Spear phishing is an example of a laser-like surgical precision attack on one or two individuals within an organisation, on a department level such as Finance or R&D. The truth is that we do not really practice good information security hygiene and are gullible, prone to attack over the very medium we use for our working day.

Credentials

Recent reports show around half the data breach examples were attributed to stolen credentials. The trusted time-honoured username and password combination is, we know, and has been for some time, easily obtained and opens the door to the Pandora’s box of your company’s assets.

Malware

From the same reports, we see a further trend, in that the other half of data breaches were attributed to malware. It is not a huge leap of faith to envisage the combination of malware, stolen credentials and the agenda of an adversarial organisation will open up access to assets considered safe within the now degraded secure perimeters of our organisations infrastructures.

Phish or Duck?

Social engineering does exactly what is says on the tin! It’s is a non-technical way of getting a trusting party to release information, or access to that information (assets), with little or no resistance. After all, we are naturally trusting creatures and trust our work environment. What could possibly go wrong?

Simplicity is most effective

There is an old adage of KISS (keep it simple, stupid). Our adversaries can do this with ease and the measure of their success is tangibly visible in the plethora of Internet Security and Data Breach Reports that dot the Cyber-Horizon every year or quarter.

Would it be foolhardy to assume you would not get deceived in the workplace? Maybe it’s because our ethics and work practices have conditioned us to avoid deception, and operate in a transparent and trusted manner with our peers. Is our traditional approach to security involving People, Process & Technology jaded? Perhaps the corporate infrastructure perimeter has long ago been eroded with our striving to embrace mobility and always-on access to our data assets.

So who are the losers? It starts with us the users, then the board, then the shareholders.

Who is the benefactor? Well we know who it is not – see above. I would suggest that the benefactors of any data breach of theft of intellectual property assets are competitors ultimately. Now the word competitor is a catch-all for anyone not mentioned under ‘losers’.

Collecting results

Depending on the chosen mechanism this can be the most critical part of the exercise.

Measuring results

Demographics can be useful when providing a breakdown of devices used, operating system, regions and departments. A recent exercise we undertook has given visibility to risks we had not previously contemplated. Once the message of non-punitive results on failure is communicated, in my experience the exercises are accepted by the user population. Most results can be actioned on a user-by-user basis, with failed exercises giving the user the opportunity to take a brief two- or three-minute Phishing Training Session.

How often do we do this?

Initially, it may be bi-annually. However, recent events and our subsequent learning from the exercises as iterations proceed may dictate increasing the frequency.

What’s next?

• Step 1: Iterate
• Step 2: Go to Step 1
• Feed into Onboarding Training – New Starters
• Make it second nature, just like the fire drill
• Mandatory – maintenance training every year or every quarter?

The fine detail on all of the above is up to each organisation, according to its structure and processes. The principles are non- negotiable!

Our Global Service Provider team will be a platinum sponsor at this year's Big Telecom Event (sponsored by Light Reading) in Chicago, June 9-10, 2015 where we'll be focusing on our Information Protection story at our Booth #520.  In addition, Symantec will be participating on two panel session:

• Tuesday, June 9 – 3:00-4:00 pm - Dealing with DDOS and Advanced Persistent Threats - Padmanabh Dabke, Sr. Director of Development, participating

• Wednesday, June 10 - 4:10-5:00 pm - NFV at the Network’s Edge -  Doward Wilkinson, Distinguished Technical Architect, participating

You can invite your qualifying customers to attend as your VIP, free of charge (complimentary VIP admission to verified employees of service providers, operators, financial & educational institutions, utilities, and government agencies).  Any other consultant or vendor partners or customers will receive 30% off admission using our code.  Customers should register here and enter promo code VIPSYMANTEC.