Enterprises today are locked in a heated battle with nimble, innovative, persistent cybercriminals and hackers. Attackers gain fast ground by constantly developing new methods. Sending your already over-worked IT teams to traditional cybersecurity training doesn’t give them the tested combat skills they need.

It’s time to go on the offensive against cyber attackers!

Prepare for battle with Symantec Security Simulation

Are your IT teams Cyber Ready? Register for the live webinar, “Think Like Your Attacker - How to Sharpen the Skills of Your Cyber Security Team," and learn how to put your team to the test.

James Griffin, Product Manager for Security Simulation, will present on July 29, 2015 how Symantec Security Simulation strengthens cyber-readiness by enabling teams to think like the adversary using a web-based, highly interactive training experience.

Attendees of this webcast will learn more about how Security Simulation:

• Allows participants to take on the identity of their adversaries to understand their motives, tools, techniques, and procedures (TTP)

• Transforms security education to create a more engaging, immersive real-world experience through gamification

• Delivers player assessment reports that gives insights and guidance for on-going skills development 

Change your battle plan

Let’s face it. Organizations are fighting an asymmetric battle against cybercriminals who are adapting tactically, not just technically. Think of it like guerilla warfare where these adversaries deploy seemingly limitless resources to launch increasingly sophisticated, multi-staged advanced targeted attacks.

Sending your IT and security teams to traditional classroom security instruction will not truly prepare them or help teams stay motivated day-to-day. Unfortunately, some of the “cybersecurity experts” who teach these courses have never faced a targeted attack, or they teach with out of date instructional content and focus too much on the tools.

The combination of scarce and largely untested security practitioners means you are never really sure if your IT teams are prepared to handle a real cyber attack. This could bring about some disastrous results when an attack hits your organization.

Assess and advance your team

Symantec’s Security Simulation gives IT professionals ongoing training to understand the latest attack methods—allowing participants to take on the identity of their adversaries to learn their motives, tactics, and tools. Security Simulation also helps managers identify both strong performers and skill gaps on their teams.

Principles of Security Simulation Training are based on the concept of learning through role playing (gamification) and surmounting progressive challenges.

Key benefits include:

• Realistic scenarios of today’s sophisticated attacks (based on Symantec’s intelligence of the current threat landscape)

• Complex gamification environment

• Immersive, interactive tasks with multiple levels

• Participant assessment – metrics to evaluate performance

• Skill building to boost your team’s effectiveness

• New and updated scenarios to keep your team up-to-date on the latest attacks and techniques

Going on the offense with Symantec Security Simulation

But until you’ve lived through an actual breach, your team is largely unproven. Would a pilot fly a plane without logging hours in a training simulator?  Would a police officer go out on duty without first participating in real-life training scenarios?  How can we expect security teams to be effective in detecting and responding to cyber threats if they’ve never practiced attack scenarios? 

Stay steps ahead of your adversary by learning to think like an attacker. Symantec’s Security Simulation provides security leaders with the insight necessary to assess skill gaps and training requirements in critical areas.

Don’t miss the upcoming live webinar!Details are below:

Title:"Think Like Your Attacker - How to Sharpen the Skills of Your Cyber Security Team"
Date: Wednesday, July 29, 2015
Time: 10:00 am Pacific/1pm Eastern
Presenter: James Griffin, Product Manager for Security Simulation

Register for the webinar here today! To learn more about Symantec Security Simulation, visit: http://www.symantec.com/security-simulation/

“As long as our digital infrastructure continues to evolve, there will always be those who try to exploit vulnerabilities to undermine Canada’s national security, public safety and economic prosperity.”

The Honourable Steven Blaney, Canada’s Minister of Public Safety and Emergency Preparedness

Last week the Government of Canada announced its intention to invest an additional $142.6M in Canada’s Cyber Security Strategy. This is an increase on funding allocated earlier this year and brings Canada’s total investment in cyber security to $237M over the next five years. Symantec’s data shows that cyber attackers around the world are more calculated and organized than ever before, so this increased focus – and funding – is good to see.  

Launched in 2010, Canada’s Cyber Security Strategy is built on three pillars: 1) securing government systems; 2) partnering to secure vital cyber systems outside the Federal Government; and 3) helping Canadians to be secure online. The recent announcement targets the 2nd pillar and will enhance the capability of organizations, which deliver essential services to Canadians, to protect and defend their systems. It will also provide new resources to significantly enhance the collaboration between the Government of Canada and the private sector by providing additional information on cyber threats, and faster dissemination. As the Minister noted, “Collaboration and information-sharing with critical infrastructure sectors and private sector partners is our best defence to protect our essential cyber systems”.

Interestingly, there has been little response to the announcement.  How do we account for the muted reaction from the Canadian media and Canadians themselves?  There are a few possibilities:

Get Lost – it’s summer! We Canadians fiercely value our fleeting summer and tend to tune out as much serious stuff as we can during these weeks. “Time enough for all that later –now pass over the sun tan lotion and my beer”.

Pre-Election News isn’t “Real” news:  Canadians are facing a federal election this Fall and the three major parties are well into their campaigning. Can you really blame us for questioning the veracity of a statement made over a baby’s head or by someone brandishing a BBQ spatula??

Canada isn’t a cyber-target: Everyone knows that Canada is a nation of peace loving, hockey playing, igloo builders – Why would anyone target us? Go back to sleep!

The lack of interest in yesterday’s announcement could well be for one of these reasons, but the third supposition couldn’t be further from the truth. Canada is absolutely a target for cyber attackers motivated by financial gain, political ideology, and competitive advantage. What’s the proof?

• Last year Canada suffered a number of significant attacks on government departments including major hacks at the National Research Council and Canada’s Department of Revenue. 

• More recently CSIS, CSE and other government websites were knocked offline by a DDoS (distributed denial of service) attack with those responsible saying it was done in protest against the government’s anti-terror legislation, Bill C-51. This was followed by a similar disruption to RCMP sites involving a different protest.

• Last week the Canadian-owned Ashley Madison website was hacked, affecting over 37 million NERVOUS people worldwide, as the site reportedly caters to people interested in extra-marital affairs. Hackers claim to have stolen information and are threatening to publish it unless the site is permanently shut down. 

• A few days ago a story appeared involving a parent rocking a baby to sleep in a small town in Ontario. Apparently, the internet camera used to monitor the room was remotely activated at which point eerie music played and a voice told the parent and baby they were being watched. The OPP confirmed the home’s router had been hacked.

As Symantec's 2015 Internet Security Threat Report confirms, cyber threats are real and can have significant – even catastrophic – impacts on personal and economic security. Canada’s government seems to understand this and has been working for years on a host of initiatives to bolster our nation’s cyber posture. Last week’s funding announcement is only the latest example. I, for one, am pleased that these efforts are underway and considered a priority. The complete announcement can be viewed on the following link if you want to learn more:  http://news.gc.ca/web/article-en.do?nid=1005009

Cyber Security has become a headline-grabbing item, with constant attacks very much the order of the day. The risk any business now faces is that soon it may be the one making the news, not just reading about someone else’s misfortunes.

One of the biggest challenges for security solutions is getting budget from the business, often because of the way security is treated by the board. For too many years now security product and solutions have been viewed as 'insurance' and this is something that needs to change. Insurance is the necessary purchase that no-one wants to make. Just as many of us resent paying for our car or holiday cover, it’s something we are glad to have when that nasty prang happens, or a passport gets lost or stolen.

Equally, cyber insurance is highly valuable of itself. It is something organisations should embrace and use, as it could well be their ‘Get out of jail’ card when things go wrong. However, it isn’t about grabbing the cheapest option; it goes way beyond the sales process. It needs to be seen as a ‘cost of doing business’. It probably won’t mean the business shuts down, if an organisation doesn’t have that cover in place, but it will cause major headaches.

In the US, cyber insurance is sold very much at the sales level. If there was a 'CompareCyber.com' website, most organisations would probably use it and buy from the first vendor in the list. You can actually pick up $10 million worth of cover quite cheaply. And while that may sound like a lot, what exactly does it get you? $10 million could be nothing more than a drop in the ocean where a major breach happens, when you consider the knock-on effect in potential revenue loss, time to recovery (longer than most enterprises think!) and brand damage.

Organisations might want to consider another analogy – the way they provide water to the workforce. Switch off that source – have all the water coolers removed overnight – and the impact on the business will not simply be thirsty employees. There will be outright irritation and disaffection. Morale will be hit. The business will undoubtedly suffer consequences. Similarly, ignore or switch off cyber insurance and the negative outcomes won’t be far behind.

This is where security assessment is vital. With Symantec, for example, our approach is to work with a business to:

• Understand their posture
• Know where their investments are and make recommendations on how they might want to invest going forward
• Take them to a point where they are properly and comprehensively rated against their peers.

To get the cyber insurance equation right requires this level of investment. There can be no cutting corners; no reliance on 'CompareCyber.com’.

Let’s go back to an earlier point. Insurance is there to offer us protection, in case something goes wrong; organisations implement security, in case someone gets in. The problem is that security is no longer about 'in case' someone breaches an organisation’s defences, but rather 'when' that breach will take place. We have moved from the relative comfort of possibility to the harsh reality of certainty.

So the big question any organisation needs to ask itself now is: “How ready will I be when that happens?”

CIOs today continue to struggle to understand the true health of their IT operations and the recoverability of the applications and services that are the lifeblood of their business.
続きを読む

Symantec strongly encourages employees to volunteer in their local communities, providing volunteer resources and opportunities. We believe that involved, engaged employees are happier and more satisfied, and that communities in which Symantec is located will be healthier and more vibrant because of our presence.

At Symantec, interns are not only encouraged to succeed and add value in their respective departments, but also share their knowledge and skills through volunteer programs that promote learning and education.

Today we hear from Samridh Saluja,Summer 2015 intern at Symantec - Trust Services.

I have spent a lot of time helping those around me by empowering them though education, vocational training, safety workshops and facilitating growth.

In India, I joined forces with the teens in my community and created an Interact Club, a subdivision of the world renowned Rotary Club where we raised awareness and funds for issues that matter. Together, we organized a walkathon that spread awareness about environmental conservation while also raising funds for heart surgeries for the underprivileged. We also conducted resource collection drives where we went door to door and collected donated items from people in the neighborhood, resulting in enough stationary and infrastructure to set up a school for the kids of migrant laborers. We volunteered our time in setting up this school and we also taught classes. This experience of founding and working for the Interact Club was in freshman and sophomore year of high school.

More recently, I took it upon myself to work towards the protection of teenagers in the online sphere seeing that the government was increasing internet penetration in the rural parts of India. I conducted research which culminated in a report stating the need for cybersecurity awareness among kids. I presented this paper at an international conference and received an award. I continued my research to define a curriculum that would address these very gaps in the system and also worked with an author to produce a book to support this mission of increasing awareness. Both the curriculum and the book were endorsed by the Indian government and I went to four states, fifteen schools and spoke to over 6000 students about their online practices and how to stay safe while making the most of the internet.

Both these experiences taught me about the state of the education system in India and also about the nature of relationships between students, parents and teachers. As a student, the students I taught could relate with me and as a teacher, they felt safe sharing issues that were on their mind, issues that they felt they couldn't share with others due to a lack of understanding. My greatest sense of fulfillment came when parents would thank me because their twelve year old children were learning about sharing and empathy while out at a campaign to end polio and when parents who work in manual labour sites would spend more than half their income to buy me flowers and chocolate for allowing their child to enter school and learn English for the first time. 

These are some of the experiences I have felt, shared and facilitated which I think would be a great source of ideas and inspiration to some people while also throwing light on a different part of the world for others.

A question which is often discussed is how to upgrade through multiple versions of Enterprise Vault. For example, can you upgrade from EV 9 straight to EV 11.  The short answer is No..  let's seee why.

Each version of Enterprise Vault is a 'full kit'. In other words you can obtain the media for Enterprise Vault 10.0.2, and install just that and it's the full installer. Compare this with things like Exchange, or Windows editions and service packs/full installs.  With those products and applications you need to install a base version, and then apply the service pack (though of course there are now some options allowing slipstreaming). I hope you can see the difference - full kit versus incremental service packs.

With each version of Enterprise Vault, there are always significant changes in many areas including the database schema, indexing and so on.

Testing of upgrading from one version of an application, or Operating System, to another is a major, major, major undertaking.

Given the above, it's just not something that is supportable in going from something like EV 9 to EV 11.  There are too many changes, there is too little options/capability relating to testing. In some ways it seems harsh, but it's the same system that other vendors, products and Operating Systems use.  For example you can't upgrade from Windows 7 to Windows 10.. nor can you upgrade from Exchange 2003 to Exchange 2010. These all have predefined, tested, and supported upgrade paths.  'Simple' upgrades are 'one version back'.

In the end so long as you make a good backup of the whole Enterprise Vault environment, going from Enterprise Vault 9 to Enterprise Vault 11 'in one hit' (actually going to 10, then whilst systems are down going to 11) is definitely a viable option for most organisations (unless you've got 60+ Enterprise Vault Servers! If that's the case it's a bit harder).

We're celebrating the heroes of ones and zeros, the guys and gals who keep our organizations running smoothly. Here's a big shout out to everyone who furiously toils away, responding to urgent alerts, working long hours and sorting through processes that mystify most of us.

Feel free to laugh openly at our PEBKAC errors, respond to our email requests with tl;dr, and spend your day answering your phone "Have you tried turning it off and on again?" Without you, we couldn't function and this day acknowledges that fact.

The Connect Community Managers would also like to thank the development team who keeps us running. We have a great group of scary smart developers working hard behind the scenes to make us look good, and keep the Connect site running.

Our Reward to You!

To celebrate SysAdmin Day this year we're going to reward you for sharing your workspace with us. Uploads a photo of your workspace in the Comments section and we’ll reward you with 50 Connect Points. It doesn’t matter if you have 6 monitors, a complete collection of Star Wars Lego action figures, or the cleanest desk known to man - we'd like to see it

If you don't want to share a photo you can tell us what lengths you've gone to in order to keep your space safe from being invaded by co-workers (we've all been there, right?)

Of course there are some rules, as I mentioned, one photo/comment per person is eligible for the reward and it must be uploaded before Midnight August 3 PDT. If you need help uploading a photo to you comment, there is a How To post here: How to upload an image.

Members of our Connect team have graciously agreed to share their workspaces with you.

Cheryl Peterson - Endpoint Management, Managing Mobility Community Manager

Leslie Miller -  Inside Symantec Community & Trusted Advisor Program

Jami Cimbolo - User Group Program Manager

Nicole Hawkins - Customer Reference & Case Studies

Read our interview with Ted Kekatos, Founder of International SysAdmin Day.

Follow along on Twitter #sysadminday

We're celebrating SysAdmin Appreciation Day on Connect! See what's happening by visiting the official blog post:

Happy SysAdmin (System Administrator) Appreciation Day!

Thanks for all the hard work you do!

We're celebrating SysAdmin Appreciation Day on Connect! See what's happening by visiting the official blog post:

Happy SysAdmin (System Administrator) Appreciation Day!

Thanks for all the hard work you do!

We're celebrating SysAdmin Appreciation Day on Connect! See what's happening by visiting the official blog post:

Happy SysAdmin (System Administrator) Appreciation Day!

Thanks for all the hard work you do!

Today, Symantec signed on to support the Equality Act, a comprehensive federal LGBT non-discrimination legislation, that would provide the same basic protections to LGBT people as are provided to other protected groups under federal law. The landmark bill introduced in the U.S. House of Representatives last week helps protect against discrimination of LGBT people by expanding civil rights protections around hiring and firing. Although marriage equality recently became the law of the land, there are still more than 30 states where it’s legal to be fired for being LGBT. This bill is critical to ensuring everyone enjoys the same civil rights regardless of their sexual orientation or gender identity.

At Symantec, we are proud to support full and equal rights for the LGBT community. We believe having a diversity of perspectives ensures we make better business decisions and the products and services we offer meet the needs of the broad spectrum of people we serve worldwide, which is why we couldn’t be more proud to support the Equality Act.

Symantec's support of the Equality Act aligns with our company values and our past actions over the last several months on LGBT-related legislation. More broadly, it also supports our commitment to building a diverse and inclusive workforce to support our winning culture. We unequivocally support the Equality Act – for the future of our business and society.

Symantec Endpoint Protection (SEP) adds support for Windows 10 with 12.1.6 MP1.

For Symantec Endpoint Protection 12.1, a maintenance patch has been released on July 29, 2015. Customers will need to be current on maintenance to receive the maintenance patch update. For more information, visit our SEP 12.1 Windows 10 Knowledge Base.

You can upgrade to Windows 10 with Symantec Endpoint Protection 12.1.6 MP1 installed. You must uninstall earlier versions of Symantec Endpoint Protection. The operating system upgrade stops if it detects an earlier version of Symantec Endpoint Protection.

The following operating system upgrade paths are supported with 12.1.6 MP1 installed:

• Windows 8.1 to Windows 10
• Windows 8 to Windows 10
• Windows 7 to Windows 10

For more details check the following article:

http://www.symantec.com/docs/INFO2746

SEP Knowledgebase:

https://support.symantec.com/en_US/endpoint-protection.54619.html

We're celebrating the heroes of ones and zeros, the guys and gals who keep our organizations running smoothly. Here's a big shout out to everyone who furiously toils away, responding to urgent alerts, working long hours and sorting through processes that mystify most of us.

Feel free to laugh openly at our PEBKAC errors, respond to our email requests with tl;dr, and spend your day answering your phone "Have you tried turning it off and on again?" Without you, we couldn't function and this day acknowledges that fact.

The Connect Community Managers would also like to thank the development team who keeps us running. We have a great group of scary smart developers working hard behind the scenes to make us look good, and keep the Connect site running.

Our Reward to You!

To celebrate SysAdmin Day this year we're going to reward you for sharing your workspace with us. Uploads a photo of your workspace in the Comments section and we’ll reward you with 100 Connect Points. It doesn’t matter if you have 6 monitors, a complete collection of Star Wars Lego action figures, or the cleanest desk known to man - we'd like to see it

If you don't want to share a photo you can tell us what lengths you've gone to in order to keep your space safe from being invaded by co-workers (we've all been there, right?)

Of course there are some rules, as I mentioned, one photo/comment per person is eligible for the reward and it must be uploaded before Midnight August 3 PDT. If you need help uploading a photo to you comment, there is a How To post here: How to upload an image

Go here to share:  https://www-secure.symantec.com/connect/blogs/happy-sysadmin-system-administrator-appreciation-day

Thank you for ALL you do!