Interested in learning  more about Ghost Solution Suite 3?  Check out this article from Symantec employee Randall Newnham.

One of the features of Ghost Solution Suite 3 is that the console installation automatically configures a PXE (Preboot Execution Environment) server. This allows machines to boot into automation without physical boot media, just a network connection. CLICK HERE TO READ MORE

Backup Exec 15 Feature Pack 2 includes new Cloud Connector, platform support, enhanced user experience and more – Now Available!

We are excited to announce the availability of Feature Pack 2 for Backup Exec 15. Backup Exec 15 Feature Pack 2 builds on the core strengths of Backup Exec by bringing to market new platform support, enhanced capabilities that address top customer needs for hybrid cloud environments as well as new exciting features.

Infographic: What's New in Backup Exec 15 Feature Pack 2

New! Backup Exec Cloud Connector



• The Backup Exec Cloud Connector, free to Backup Exec customers, provides seamless and secure integration with public cloud providers including Amazon Simple Storage Service (S3) so customers can fully leverage the benefits of cloud. For more information on the Cloud Connector, please visit: http://www.symantec.com/connect/blogs/introducing-backup-exec-cloud-conn...
• The AWS Test Drive for Backup Exec Cloud Connector can be accessed here: https://veritas.orbitera.com/c2m/customer/testDrives/view/598

New! Platform Support

Feature Pack 2 provides support for the following platforms:

• Exchange 2016 – first to market support for virtual and physical servers!
• Exchange 2013 CU9 and CU10
• VMware vSphere 6.0 Update 1
• VMware vSphere 5.5 Update 3
• LTO-7 Tape Library Support including IBM TS3500
• Windows 10 Client w/o SDR

For a full list of supported hardware and software, please visit: https://download.veritas.com/resources/content/live/SFDC/25000/000024527/en_US/be_15_hcl.html

New! Automatic Priority Backups

Backup Exec customers can now tag business critical data within a single job to determine and prioritize the order in which those critical resources are protected.

New! Support for Exchange 2013 & 2016 IP-lessData Availability Groups (DAG’s)

Now with in product support for IP-Less DAG, Backup Exec enables customers to set one or more preferred nodes within the cluster that will perform a backup / restore operation.  Supporting IP-Less DAGs provides customers with the ability to adopt Exchange 2016 at their preferred pace and scale using Backup Exec to protect their data.

New! Enhanced Supportability

New enhanced supportability makes it easy and quick for administrators to self-remedy without the need for technical support when encountering network errors e.g. when pushing the RAWS agent to a remote machine.

Download Now

Backup Exec 15 Feature Pack 2 can be downloaded from: https://www.veritas.com/support/en_US/article.000080697

Learn More

If you’re interested in learning more about Backup Exec 15, here are a few useful links, including an opportunity to get your hands on a FREE 60-day trial version:

• Backup Exec website and trialware site: https://www.veritas.com/content/veritas/english/en/product/backup-and-recovery/backup-exec.html
• Backup Exec 15 FP2: http://www.veritas.com/docs/000080697
• Backup Exec 15 FP2: Release notes: http://www.veritas.com/docs/000081540

Backup Exec 15 Awards

• May 2015 - MS Exchange Reader’s Choice Award Winner for Exchange Backup
• July 2015 - ComputerWorld HK Awards 2015 Winner for Backup & Recovery

Sometimes I get a little bit obsessed by version information. Sometimes I get asked what build a particular version of Enterprise Vault is, so then I don't feel quite so obsessed. I used to track some of this stuff manually, but I was pointed in the direction of a really good knowledge base article by a colleague just a few days ago.

How to find Enterprise Vault version information

In that article you can see how to find the information, and what all the version information relates to. So if you want to know what the build is of Enterprise Vault 11.0.1 Cumulative Hotfix 3..  go into that document, and you'll see it is: 11.0.1.3598. 

It can be quite useful.

Starting a new job is news that many people can’t resist blasting to their friends and colleagues on social media sites. To underscore their excitement, many people are using their new employee ID badges to serve as the iconic image of their freshly-minted success—a trend we call “badge bragging.” While innocent in nature, posting employee credentials online can pose an unintended security risk for companies.

While technology has evolved from the PC-era to an explosion of connected devices, so too have attackers’ methods. Social media has become a fountain of knowledge for attackers, giving them unlimited access to victims’ personal information, photos and whereabouts. Often people post what they believe is benign information, but in the hands of a cybercriminal, information found on a badge can lead to unauthorized access to sensitive business and personal information or physical access to buildings.

Today’s sophisticated hackers use special digital tools to aid in reconnaissance operations before attempting to infiltrate physical and virtual spaces. These tools can quickly comb through large amounts of information casually posted by people on sites like Twitter, Facebook, or LinkedIn to help them construct attack plans. Despite security researchers’ advances in stopping new techniques and platforms, these attackers are able to exploit the weakest link in any system—human behavior. The same technology that companies trust to restrict access can ultimately be undone with a single posting to a social media site.

From Digital to Physical Risk

The Symantec Cyber Security Services team has observed a trend across a variety of social media platforms where employees have posted high-resolution badge photos, which unwittingly opened the doors to targeted attacks by cybercriminals.

One such example involved a new employee—we’ll call him “Richard”—who just started a job at a prestigious hospital. Richard was thrilled about his new job and posted a picture of his new employee badge on his favorite social media channel. Equally excited could be a skilled cyber attacker who has been trying to gain access to the hospital where Richard works, because the photo of Richard’s hospital badge could be the key piece of Open Source Intelligence (OSINT) the attacker needs to gain access.

An employee badge photo could end up being a treasure trove of information to an attacker. This hospital badge had Richard’s full name, his level of education (including his degree), the name of the hospital, the branch name, and the department Richard worked in. In Richard’s social media post, he proudly named his first day in the caption of the post and the hospital badge even included its expiration date. With that information, an attacker could learn that the hospital rotates badges every four years, giving an attacker physical access for years. Because Richard took the photo with a smartphone, the high-resolution camera made the bar code in the photo visible. The attacker likely also noticed from the photo that the badge was clipped to fabric, meaning that Richard likely scans his badge via hand-held scanners when he needs access within the hospital. And, because the image is a high-quality photo, the attacker could easily make a usable copy of the badge.

Using Stolen Information for Cybercrime

Aside from the unauthorized physical access the attacker could gain, an adversary would now have all the information required to conduct a targeted cyber attack against Richard, his department and the hospital. The attacker could create an effective spear-phishing email that looks authentic, since it includes Richard’s name, department and employee ID number. A simple subject like “Mandatory New Hire Training” could become the perfect bait for the trap. Using a high-resolution badge photo, an average hacker would only need about 15 minutes to dissect the badge and decode the barcode.

Taking Proactive Security Steps

While social media continues to provide attackers with a wealth of information, the positive side is that the “human element” can also be one of the easiest to correct. Symantec’s Cyber Security Simulation team constantly researches threats of all types that might impact their customers. Often, it’s the lack of training on the part of a company’s security staff and employees that opens the possibility for a risk. For example, if the hospital security staff had noticed how much information was printed on an ID badge, they could have taken appropriate action to prevent it from getting into the wrong hands. This kind of proactive stance mitigates the risk of a badge being replicated. Furthermore, if the hospital security staff knew how easily a badge could be replicated using only a photo, they could have suggested the hospital adopt a more secure badging system or institute a policy regarding posting sensitive information on social media.

There are a few best practices enterprises can follow to ensure their employees stay “security smart”:

1. Create a “living” policy: Develop a policy for employees that addresses posting images or details about work activities online. Provide clear examples of acceptable and unacceptable behavior, such as "don’t allow your badge to be photographed". Ensure all employees demonstrate an understanding and agree to follow the policy. Update the policy as needed to account for new social media tools and other technology changes.
2. Make security a part of new employee onboarding. Any training for new employees should include education on the policy to avoid any confusion from the outset. Provide some simple tips to employees:
   • Do not allow yourself to be photographed with your company badge visible.
   • Do not display your badge while not on corporate property.
   • Maintain positive control over your badge and report it lost or stolen immediately.
3. Regularly reinforce good hygiene. Use consistent communication with employees to reinforce behavior, making sure to highlight any recent attacker trends.

How Symantec Cyber Security Services Helps Organizations Improve Cyber Readiness

Increasing the level of cyber readiness within your organization is instrumental when it comes to strengthening employees’ ability to prevent and detect attacks. Incorporating engaging security training and simulation exercises for both IT professionals and non-technical employees will help them understand the latest cyber attack methods in a way that resonates with their specific role and access level.

Symantec Security Awareness Service educates all employees on best practices when it comes to concepts like creating and remembering a strong password, as well as how to be sure you’re being safe when working remotely. This is a cornerstone in pulling all users of your network into the security conversation and bridging the gap between the security teams and the rest of the organization.

Symantec Phishing Readiness and Security Simulation both give participants hands-on experience and allow them to step into their adversaries’ shoes to learn their methods, motives, and tactics. Through Symantec’s approach to cyber readiness, Richard’s employer could have learned of the potential risk, corrected the issue, and greatly reduced the likelihood of their systems being accessed by adversaries.

Findings like this social media post are pulled into all of Symantec’s cyber readiness offerings to keep the messaging and scenarios current. This gamification of skills development helps level the playing field, providing a more engaging, immersive real-world experience than traditional security skills training.

Learn more about Symantec Cyber Readiness and how it can help your team stay abreast of the latest tactics being used to exploit the human component of security.

The American Association of University Women (AAUW) runs hands-on science and math camps each summer called Tech Trek with the goal of encouraging, motivating, and inspiring girls in science, technology, engineering and math (STEM). Since its inception in 1998, over 9,000 girls have attended one of the camps! This year, AAUW added a core class in cybersecurity after Symantec issued a grant of $100,000  to expand the Tech Trek curriculum. In July, the class was piloted in three camp locations – Bowling Green State University in Ohio, Stanford University, and the University of California, Irvine. Today we hear from Gabrielle, a Tech Trekker who attended the Bowling Green summer camp this year! Gabrielle is a busy 8th-grade student that spends her time playing her saxophone and serving balls in volleyball.

I first found out about the Tech Trek camp through my science teacher. I was always really involved in class and she encouraged me to look into it. Science and math are my two favorite subjects, and so when she told me about it – that it was an all-girls science and math camp – I was really interested. It is a weeklong, sleepover camp at the Bowling Green State University that includes different science and math related activities. I spoke with my dad about it and decided to join. It was an amazing experience and I learned about so many different things that I never knew about or even thought of as science or math.  It was also all about sending a message that girls are strong and powerful. The days were filled with a lot of hands-on and group activities and it was a mixture of classroom learning and fun field trips.   

Before starting the camp, you have to pick your top three choices for a core class. The core class is part of your classroom learning that you do every day and I was really happy to get the cybersecurity one. In the core class, we mainly focused on coding and how it’s involved with cybersecurity. I never knew what coding was before, but it sounded really interesting and I was excited that I could go to a camp to learn about it. We also examined a few stories and news reports of cyber hacks to demonstrate how often and how fast identity theft can happen. I remember a specific exercise that showed how fast money can be stolen and we couldn’t believe it – over $1000 in 13 minutes! Everyone in the class was so surprised about it. We also got to watch a movie about the Enigma Machine and Alan Turing, the British computer scientist and cryptographer.

During the camp, I also had the chance to get involved with other STEM activities from dissecting animals to working with robotics. One of the activities was about microbiology and I examined a sample of rat’s blood in a microscope to look at cancer to see how it works in the blood. It was amazing to find out about all the different things scientists do, but yet how they all come from similar places. What I found most interesting about the whole experience was the similarities between the sciences and technology. I had the opportunity to dissect a shark as well as dissect a computer and I was most impressed by how living life can transfer into technology. Making that connection, about the similarities between science and technology, was the most interesting learning.

My school has a technology class but this camp gave me a different look into the world of technology. In the technology class, we look at different machinery and engineering. We worked with robots last year, which we also used at Tech Trek. The teacher gives us different levels we can chose from, from easy to hard, and it can be very challenging if we take on the harder exercises. After Tech Trek I’m up for the harder challenges. I’m feeling more confident at taking those on!

One of my favorite evenings was Professional Women’s Night when lots of women from all sorts of backgrounds in STEM came to the campus to speak about what they do. I was inspired by the fact that there is a lot more out there than I had expected. Although STEM may seem like just a science class in school, there are many professions out there.

A customer had written a custom workflow that tracked and managed specific networked assets in their environment.  The specific details of each asset, such as name, location, IP Address, etc, had been properly rendering in a grid component , but after an Asset Management upgrade, any additional new assets of this type had incomplete records, missing one or more of the specific details.  The data missing was also not consistent. 

The custom workflow was using a generated SQL query component to capture the asset information, and then rendering it in a form to be able to manage it.  The actual SQL query used in the generated integration component was extracted and tested, returning all of the relevant data.  The problem was that the grid component in the form was somehow not rendering all of it.

Republishing the project did not seem to resolve it.  However, it was discovered that this customer uses Workflow’s Enterprise Management on the SMP and that all of his projects were maintained there. 

The solution ended up being very simply that the libraries in the Repository, once refreshed and the project was republished, the problem disappeared. 

To refresh the Libraries, open your SMP console, and Click on the Manage tab > Workflow Enterprise Management.  Click on the correct repository and click refresh.  You then can publish the workflow project.

There are occasions when you need to edit or change or remove a profile definition. In one case, an application property was chosen and the profile definition was edited, adding a new definition value, with the appropriate details and then saved.  Shortly, it was realized that this new definition was not correct, so the profile was re-opened, edited, such that it was decided to remove the definition, clicking the red cross and deleting the definition previously named and created

Attempting to go back in, to edit the profile definition again, and attempting to create a new definition, but named the same as the previous one just created and deleted, but changed a value that was missed in the first attempt.  You will see a Warning Sign against the application property now,  click Select to open it and you’ll see that there has been an error and it is blank.

This is a defect and has now been resolved.  The fix will be coming in the Park City release of Workflow.

SC3 partnered with NPower to train young adults with the skills to successfully pursue careers in cybersecurity. 



Today, cybersecurity is one of the most important fields in technology, and yet, despite its importance, many women and professionals of color are largely unaware that this career opportunity exists. Earlier this week, Raytheon and the National Cyber Security Alliance (NCSA) released Securing Our Future: Closing the Cyber Talent Gap, a survey of young adults in 12 countries about cybersecurity career interest and preparedness. The results show that many of these young adults, ages 18 to 26, aren’t receiving information about the cybersecurity profession—and the problem is even worse for females. Globally, 66 percent of women reported their career counselors and teachers had never mentioned cybersecurity careers as an option.

With that in mind, it’s not surprising that 86 percent of computer science degrees issued last year in the U.S. and Canada went to males. And when we look beyond gender, we learn that only 4.1 percent of these computer science degrees went to black students and 7.7 percent to Hispanic students, versus 58 percent to white students.

As we wrap up National Cyber Security Awareness Month, NCSA is turning the attention to the cybersecurity workforce crisis with a week focused on building the next generation of cyber professionals. The global shortage of cybersecurity professionals is expected to reach a staggering 1.5 million by 2020. Addressing this workforce gap is one of the reasons we created the Symantec Cyber Career Connection (SC3), a program focused on recruiting and training young adults, including people of color, women and veterans, to fill this growing gap.

READ MORE from Cecily Joseph's guest blog on StaySafeOnline.org.

Cecily Joseph is Symantec's VP, Corporate Responsibility and Chief Diversity Officer

Some parts of a Process View Page are rendered without an associated configuration interface.
An example of this would be the 'Send Email' Process Action from within a ServiceDesk Ticket View.

For our purpose, let us say that we do not want to use this feature.
We can hide the 'Send Email' Process Action in the Ticket View with the following technique:

1) Modify the Portal Template that is used for the Process View Page (Workflow\ProcessManager\Portal\Template66_33.aspx).
    Insert after the line: <asp:Content...

   This line only for 7.5 environments:

<script type="text/javascript" src="<%= (Request.ApplicationPath + @"/Scripts/jquery-1.7.2.js").Replace(@"//", @"/") %>"></script>

   This line only for 7.6 environments:

<script type="text/javascript" src="<%= (Request.ApplicationPath + @"../Shared/scripts/scripts/jquery.min.js").Replace(@"//", @"/") %>"></script>

   These two lines for either environment:

<script type="text/javascript" src="<%= (Request.ApplicationPath + @"/JScript.js").Replace(@"//", @"/") %>"></script>
<script type="text/javascript">$(document).ready(function() { hideSmartTasks(); });</script>

   NOTE: Once completed, you will have inserted three additional lines of code after the line starting with: <asp:Content

2) Create the file: Workflow\ProcessManager\JScript.js
    Use the following code:

function hideSmartTasks() {
        $("a").filter(function() { return $(this).text() === "Send Email"; }).hide();
}

This example utilizes the jQuery source that ships with the Workflow product, you could use any JavaScript that suits your purpose.

NOTE: Be sure to mention that you have applied this technique when talking to a Symantec Support Representative.

I have recently posted an article which may help out with some deployments since Microsoft support is ending for older browsers.

https://www-secure.symantec.com/connect/articles/d...

Thanks,

Clay

Today Symantec introduces the new Policy Based Encryption Essentials functionality to the Email Safeguard and Email and Web Safeguard plans of Email Security.cloud.

This new functionality will give customers the ability to push encrypted messages to recipients with no dependencies on encryption technologies supported by the third party. Policy Based Encryption Essentials will be available to all new and existing Email Safeguard and Email and Web Safeguard customers, or any customer provisioned with the Email Data Protection service.

Additionally, Symantec is simplifying our encryption options for Email Security.cloud by reducing to a single encryption provider. The Policy Based Encryption (E) add-on service will be enhanced and renamed to Symantec™ Policy Based Encryption Advanced.

The Policy Based Encryption Advanced add-on will continue to be fully brandable and will support existing Push and Pull encryption methods along with new encryption technologies which will help ensure that enterprises can communicate securely with each other, no matter which encryption platforms they have. 

These new features will be available to existing PBE E customers and new customers who purchase the Policy Based Encryption Advanced add-on. Policy Based Encryption Advanced requires the Email Security.cloud Email Safeguard plan, Email and Web Safeguard plan, or Email Data Protection.

To learn more about the new features available in Policy Based Encryption Advanced, download the data sheet.

Most of the times we come across - leadership teams, auditors, customers, clients and other stakeholder stressing the need to mature your Data Loss Prevention (DLP) solution into more than 75% of blocking when it comes to the core communication vector of outgoing SMTP traffic in an Organization. This to us, it means that somehow the management is willing to restrict data even if it comes at the cost of blocking legitimate data in some instances. However the risk sign-off here to jeopardize valid emails comes with certain compensatory controls. There are many of those such as having minimum false positives, 27 x 7 policy life cycle & maintenance, grouping of senders/recipients and the most importantly the ability to hold --> then review --> then decide whether to release the email of simply drop & initiate retrospective action.

I'm sure we all agree the importance of an inline solution with the capability to quarantine emails which trigger certain policies in DLP email prevent. However not always we get a free hand to choose the best user friendly tool we need for this operation. I faced such an issue myself in the recent past. Thus, I decided to take an approach of exploring options within the gracious Linux community. Ofcouse I'm sure most of you know I'm talking about "postfix".

Yes - I'm talking about the "hold" queue feature.

The administrator can define "smtpd" access policies, or cleanup header/body checks that cause messages to be automatically diverted from normal processing and placed indefinitely in the "hold" queue. Messages placed in the "hold" queue stay there until the administrator intervenes. No periodic delivery attempts are made for messages in the "hold" queue. The postsuper command can be used to manually release messages into the "deferred" queue.

Messages can potentially stay in the "hold" queue longer than $maximal_queue_lifetime. If such "old" messages need to be released from the "hold" queue, they should typically be moved into the "maildrop" queue using "postsuper -r", so that the message gets a new timestamp and is given more than one opportunity to be delivered. Messages that are "young" can be moved directly into the "deferred" queue using "postsuper -H".

The "hold" queue plays little role in Postfix performance, and monitoring of the "hold" queue is typically more closely motivated by tracking spam and malware, than by performance issues.

Ref: http://www.postfix.org/QSHAPE_README.html#hold_queue

This allows your reviewer team then, to easily release emails post analysis as applicable, else drop:

http://wiki.mailscanner.info/doku.php?id=documenta...

In today’s evolving cyber threat landscape, security intelligence is extremely critical in establishing an effective security program. Having threat intelligence allows organizations to "know the enemy”, to assess their risks, and implement effective countermeasures. On paper the concept is simple, but organizations continue to work to put the theory into practice. In some cases, they struggle to deploy the resources needed to collect and analyze the massive amounts of data required to generate threat insights. Others bypass that issue by leveraging a commercial intelligence service; however, they ponder how to extract insights from a source that may contain useful sector insight, but lack information specific to the organization’s unique environment.

Symantec can help. Our DeepSight Intelligence services provide the context you need by combining our telemetry from Symantec’s Global Intelligence Network with a rigorous analysis by our DeepSight Intelligence team. We show the full picture of the threat—from the adversary, to their tactics, to the victimology.

DeepSight Intelligence gives broad visibility to global and industry specific threats; however, sometimes urgency and the amorphic nature of threats leave security operations without any results from intelligence sources. For those cases, Directed Threat Research provides an on-demand service to answer companies’ specific intelligence questions.

Directed Threat Research – DeepSight’s latest evolution and expansion

Directed Threat Research is part of Symantec’s DeepSight Intelligence and Managed Adversary and Threat Intelligence (MATI), our cyber threat intelligence subscription.

Directed Threat Research delivers:

• Tailored reports to address an enterprise’s specific questions and needs
• Access to a highly experienced Symantec team of intelligence analysts
• Insights gathered from the Symantec Global Intelligence Network
• Ability to predict the lifecycle of threats (early warnings) based on monitoring
• Strategic and tactical intelligence to support executives, threat analysts, and network defenders

How Directed Threat Research works for DeepSight customers

Organizations may have a question on a specific adversary or a campaign. Requests are submitted, and customized reports are returned in a trackable, scalable manner through the Directed Threat Research tab on the DeepSight customer portal.

Armed with a tailored Directed Threat Research report, organizations can patch the holes left by other intelligence sources and provide detailed answers to executive teams, such as “by whom and why” the organization was attacked.

Organizations have unique threat intelligence needs

Not all threat intelligence is equal. Context is critical in allowing organizations to apply threat intelligence towards risks in their network. More important, however, is that your intelligence vendor is able to provide context on the threats you care about to help answer specific questions. For example: Was your organization the only target? Who is behind the attacks? What are the attackers’ motivations and intent? Is this part of a larger campaign?

Organizations who know their adversaries, while being aware of their own strengths and vulnerabilities, stand a better chance in the ongoing cybersecurity war. As the threat landscape evolves, Symantec DeepSight Intelligence also evolves and adapts to give customers the edge over their adversaries.

Download: DeepSight Intelligence Overview Datasheet