por Alejandro Raposo

Ao longo de 2015, trabalhamos no posicionamento e estruturação dos times e propusemos mudanças na dinâmica dos processos de venda na Symantec América Latina. Tudo isso rendeu transformações importantes, gerou aprendizado e promoveu solidez para chegarmos em 2016 preparados para um ambiente econômico repleto de desafios.

Tudo começou com a separação da companhia em duas operações distintas. Com base nessa nova estrutura, identificamos os líderes para atender às necessidades e desafios específicos da companhia para a região e estabelecemos uma comunicação mais direta com nossos colaboradores - em vez de três ou quatro níveis separando o vendedor do country manager, o relacionamento passou a ser quase que direto.

Além disso, com um portfólio focado e dedicado à segurança da informação, conseguimos direcionar nossos esforços comerciais e, como consequência, obter melhores resultados. Por fim, criamos um esquema de reuniões frequentes com clientes e prospects, de forma que o relacionamento com o gerente de vendas fosse destinado a entender os desafios e necessidades da outra ponta, e não baseado, somente, na oferta de produtos.

A mudança atingiu, como não poderia deixar de ser, o nosso ecossistema de canais. Com o lançamento do Secure One, agora no último trimestre do ano-calendário 2015, consideramos os distribuidores como meios essenciais no apoio ao crescimento dos canais e, consequentemente, deles mesmos. Acreditamos que como novo plano, seremos mais consistentes no nosso crescimento sustentado.

Por fim, em termos de mercado, entendo que as notícias sobre ciberataques em 2015, seja focando empresas, seja focando usuários finais, deixaram um aprendizado também ao cliente: ele não pode mais negligenciar o tema da segurança da informação. Se antes era questão de orçamento, hoje é de planejamento e estrutura.

Vamos seguir escrevendo nosso plano de crescimento e alavancando o mercado de segurança da informação em 2016. Estamos preparados.

*Alejandro Raposo é vice-presidente de Vendas da Symantec para América Latina

Cada vez mais profissional e estruturado, o cibercrime joga uma média de um milhão de malwares ao dia no mundo. Conheça os principais para o Brasil

por André Carraretto

Já comentei mais de uma vez sobre um intrigante dado da edição 2015 do Internet Security Threat Report (ISTR), estudo anual produzido pela Symantec: a cada novo dia, quase um milhão de malwares são criados no mundo. Esse universo tão grande e estruturado dificulta a tarefa à qual me proponho agora, a de fazer um balanço das principais ocorrências no cenário de segurança da informação ao longo deste ano no Brasil.

Produzi, então, uma lista não necessariamente com as maiores ocorrências, mas as mais diversas e complexas.

●        Malware do Boleto

Um dos modelos que mais me chamou a atenção foi um golpe nascido em 2014, mas que ganhou corpo nos últimos 12 meses: um malware que intercepta e frauda boletos bancários enviados por e-mail ou baixados da internet[1] . Ele não mexe em nenhuma informação do documento - valores e nome de beneficiário permaneciam, exceto, claro, a conta beneficiada pelo pagamento. Os ataques são perpetrados por meio de técnicas como Man-in-the-browser, Browser Helper Objects (BHOs) maliciosos, extensões maliciosas do Chrome e manipulações de Document Object Model (DOM) no Internet Explorer. O vírus se instala na máquina via phishing - o usuário é convidado a clicar em um link, seja para participar de uma promoção convidativa, seja para ter acesso a alguma informação que interesse a ele - e fica em estado de espera até que um boleto seja exibido na tela do computador.  Há alguns que varrem os arquivos do computador e alteram os que já estão na máquina. Vimos mais ocorrências do tipo porque, no Brasil, existe uma cultura muito forte de se utilizar antivírus gratuitos, que muitas vezes não possuem um banco de dados suficientemente completo para garantir a detecção e remoção de códigos maliciosos deste tipo.

●        Malvertising, a publicidade que não vende

Outro ataque que chamou a atenção foi o malvertising, um anúncio publicitário online fraudulento usado ​​para espalhar malware. Em um ataque criado especificamente para o Brasil, ao clicar no banner, que poderia ser encontrado em sites populares, como MSN, UOL e Globo, o usuário era redirecionado a um site que infectava seu computador. Uma investigação realizada pela Symantec identificou quase 150 mil ataques por dia de um mesmo invasor, localizado na Califórnia (Estados Unidos).

●        Vai um DDoS aí, chefe?

Também houve ocorrências significativas de ataques do tipo de negação de serviço (Distributed Denial of Service, ou DDoS), quando milhares de máquinas acessam um mesmo site com o objetivo de sobrecarregar o servidor e tornar o tráfego lento ou, até mesmo, tirar o endereço do ar. Esse tipo de ataque se torna cada vez mais recorrente graças a uma profissionalização de grupos cibercriminosos, que os vendem no modelo "como serviço". Notamos uma maior predileção, no Brasil, para ataques voltados ao sistema financeiro, causando lentidão no serviço de internet banking. Normalmente, os atacantes pedem um "resgate" para devolver o ambiente à normalidade, mecânica muito utilizada também no Ransomware...

●        ...Ransomware, cada dia mais popular

Impossível comentar o cenário de segurança da informação brasileiro em 2015 sem falar do Ramsonware, ou sequestro de dispositivos ou informações. O golpe consiste em invadir um dispositivo - principalmente computares - e dominá-lo: o usuário só recebe o controle de seu aparelho ou o acesso a seus dados se pagar um resgate. O documento "Evolução do Ransomware” publicado pela Symantec em agosto de 2015, revela que, entre 2013 e 2014, houve um aumento de 250% em novas famílias de crypto ransomware (aquele que utiliza criptografia para sequestrar os dados) no cenário de ameaças. Outubro de 2015 foi o mês mais movimentado em termos de ocorrências do tipo: 44 mil, cinco mil a mais do que em setembro. Vale reforçar que os Ransomwares são focados em empresas de pequeno e médio porte, que normalmente não possuem uma estratégia de segurança da informação formal, baseada em antivírus, firewalls e backup atualizado: mais de 60% dos ataques visam a esses alvos.

Esses são os temas que mais me chamaram a atenção no ano. E para você, quais foram?

link: http://www.symantec.com/connect/blogs/brazilian-consumers-under-attack-b...

In March of this year, Cylance kicked-off their “Unbelievable Tour” to provide a head-to-head comparison of their endpoint protection product against industry leaders, including Symantec.  Cylance scheduled demonstrations in 35 cities between March and April.  At RSA in late April, they announced the results of their tests claiming that their product outperformed Symantec.

Certainly, we were surprised and curious about the test results so our Labs conducted their own tests to compare Symantec Endpoint Management to CylancePROTECT. 

While different types of tests can result in different results, the Symantec Lab tests are structured to exhibit real operating environments where threats emerge from many different vectors.  Singular static tests comparing detection rates from isolated environments may produce interesting results but have little bearing in reality.  In Real World Tests, Cylance performed well but not as well as Symantec.  However, in Prevalence Tests and FP Testing, the gap was significantly wider. Cylance has a high number of false positive indications which can send administrators chasing red herrings.  This was to be expected given that Symantec uses more than one method (in fact up to 5 different techniques) to identify malware. High detection accuracy is something we take pride in.  More importantly the rate of false negatives also higher than Symantec. A false negative is a scenario when a known malicious file is not detected by an antimalware software. No actions were taken by CylancePROTECT in response to known exploits. False negatives are a serious matter.

Another interesting factoid was that Cylance only scans PEEXE (program executable)  file types.   Standard document files such Doc and PDF files are not scanned. In some cases malware detected by Cylance remains running and active in memory.  Quarantined malware files remain accessible to the end user.  Cylance malware remediation is limited in functionality requiring additional remediation-capable anti-malware software, like SEP.

Our tests were run using latest versions of both products along with the standard (default) configurations.  We would welcome independent testing by AV Test or similar 3rd party test organization.  To date, no Cylance test results have been made available to the public from any standard test organizations. 

Inspiring our young to be the next leaders in science, technology, engineering, and math (STEM) is a core focus area for Symantec’s philanthropic efforts. We want to encourage more students to pursue careers in cybersecurity and computer science, and in particular support women and minorities. We are committed to supporting great organizations that are dedicated to STEM education, encouraging employee volunteerism, and establishing long-term relationships to build on their mission focused work. We find that as we get involved, other opportunities open up. 

TeenTech, based in the United Kingdom, is one such organization that we’ve been involved with in the last few years and that participation has grown new opportunities for community involvement. TeenTech organizes lively, hands-on events and an Awards program to encourage young people to learn about the wide range of career possibilities in STEM. TeenTech events take place at venues across the UK and at each event 300-500 students from 30-50 different schools benefit from hands-on exhibits and challenges run by leading companies, universities, business organizations, and education business partnerships to create special experiences for young people.

TeenTech City

On December 1st, the fourth London TeenTech event, known as TeenTech City, took place in The Copper Box on the Olympic Park. Over 200 scientists, engineers, and technologist, including several Symantec employees, came together to share a day of challenges and experiments with students across London. Symantec set up a cybersecurity scenario to teach students about online security. The scenario demonstrated how hackers can extract information from seemingly harmless conversation from social media profiles and messages. It was a simple yet entertaining exercise that showed just how easily innocent conversation can unintentionally give out information to determine passwords and in effect other personal information. “It was amazing to see the realization for the need of online safety – both from the school children as well as the teachers. School children are aware of tech, but very unaware how easy it is to hack into accounts,” said Louine McKisack, one of the Symantec volunteers. Future Online Safety in Community opportunities emerged from the event. “We spoke with teachers about our Online Safety in the Community program and they invited us to visit their schools to speak with their students.”

The whole event was an immersive experience focused on fun while also providing real insight into the industries of the future and the skills need to take advantage of them. There were a variety of fascinating demos from diverse organizations displaying how technology is used in every aspect of our lives and in ways unknown to most. The water utility showed how technology could help save water while media companies demonstrated the technology used in making films and television. The impact of the day was incredible. It was Louine McKisack’s first time volunteering at the TeenTech event and she said, “It was so fascinating to see the children’s narrow ideas of what to do as a career melt away and learn that you don’t have to be a software engineer to work in the technology industry. At the beginning of the event, the organizers had all the students participate in an exercise where they were asked to draw a picture of typical scientist and at the end of day the students’ attitudes changed dramatically – it was very rewarding.” TeenTech aims to do just that – widen young people’s understanding of STEM careers.

World at Work Event at Symantec

TeenTech also organizes a technology competition called the TeenTech Awards that is designed for UK students from ages 11-16 and 17-18 to work in teams of up to three to develop technological solutions to a problem facing their community. At the TeenTech Awards in June, three girls from Alton Covent School won the People’s Choice Award for their “mShuttle”- an intelligent medical shuttle. At the event, Symantec’s Louise Hanlon, Corporate Responsibility & Sustainability Manager EMEA, met the Director of Alton Covent School and they decided to collaborate on an event. On December 4th, Symantec hosted thirty-five girls from the school to learn about the World at Work. The event was designed to engage the pupils in the world of work within the IT industry. The day was carefully designed so that the young women interacted with Symantec employees from various backgrounds and that were involved in different aspects of the business.

The day began with a key note from Executive Vice President EMEA, Kevin Isaac. Kevin shared his inspirational journey, and invaluable insights for career progression and advised the students that a career can take many forms and not to be concerned if they did not currently have clarity on their own aspirations. He also encouraged the pupils to identify what they really enjoy doing, and to look for roles that incorporate this – as those roles could take many forms. This message was further reiterated by Caroline Dennington, ‎Senior Director Global Analyst Relations, when she outlined her remarkable career story. Caroline challenged them to think broadly – working in IT does not mean it has to be technical. She encouraged them to think about their career path, what makes them tick, but also to understand that they do not need to make the decision instantly as it might not be a direct path.

The girls then split into smaller groups for sessions covering the impact of languages on career development and internet security. The students also successfully cracked the code to highlight the vulnerability of personal data and gained an insider’s perspective on the security operations center.

Fiona Hopkinson, Development Director of Alton Covent School said, “The feedback from the participants was effusive: ‘I didn’t realize there were so many exciting possibilities in the IT industry’; ‘The opportunities opened by studying languages are so vast’; ‘Symantec is such a cool company, the staff are really friendly and fulfilled by their work’. Alton Convent School is delighted to be partnering with Symantec to deliver further progressive careers opportunities.” Symantec looks forward to future events with the Alton Covent School!

Engaging and organizing events that inspire young people is one way Symantec contributes to the community, but we also seek to engage our employees. We encourage our employees to give back by sharing their skills and experience and equally to enhance their lives at work.

For more information on Symantec’s community involvement, email community_relations@symantec.com

So you patched your Windows 10 install.wim with the latest updates, how about removing the built in "provisioned" applications that come with Windows 10 but that you don't want in an enterprise environment. So, after you mount the image as per this post:

https://www-secure.symantec.com/connect/blogs/scri...

but before you unmount it you can run the following:

REM Run on DS - dism Remove-Prov...Appx... from mounted copied Install WIM

set os=win10x64
set Winos=WinOS009
set wim=.\deploy\%winos%\sources\sources\install.wim 
set mount=d:\mount
set dism=.\Drivers\Win10x64\Microsoft\DISM

FOR %%A IN (Microsoft.3DBuilder_10.9.50.0_neutral_~_8wekyb3d8bbwe,
Microsoft.Appconnector_2015.707.550.0_neutral_~_8wekyb3d8bbwe,
Microsoft.BingFinance_4.6.169.0_neutral_~_8wekyb3d8bbwe,
Microsoft.BingNews_4.6.169.0_neutral_~_8wekyb3d8bbwe,
Microsoft.BingSports_4.6.169.0_neutral_~_8wekyb3d8bbwe,
Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe,
Microsoft.Messaging_1.10.22012.0_neutral_~_8wekyb3d8bbwe,
Microsoft.MicrosoftOfficeHub_2015.6306.23501.0_neutral_~_8wekyb3d8bbwe,
Microsoft.MicrosoftSolitaireCollection_3.3.9211.0_neutral_~_8wekyb3d8bbwe,
Microsoft.Office.OneNote_2015.6131.10051.0_neutral_~_8wekyb3d8bbwe,
Microsoft.Office.Sway_2015.6216.20251.0_neutral_~_8wekyb3d8bbwe,
Microsoft.People_2015.1012.106.0_neutral_~_8wekyb3d8bbwe,
Microsoft.SkypeApp_3.2.1.0_neutral_~_kzf8qxf38zg5c,
Microsoft.XboxApp_2015.930.526.0_neutral_~_8wekyb3d8bbwe,
Microsoft.ZuneMusic_2019.6.13251.0_neutral_~_8wekyb3d8bbwe,
Microsoft.ZuneVideo_2019.6.13251.0_neutral_~_8wekyb3d8bbwe) DO (%dism%\dism.exe /Image:%mount% /Remove-ProvisionedAppxPackage /PackageName:%%A)

You can get a list of provisioned apps by running 

Get-AppxProvisionedPackage -Online

in powershell. You can remove the provisioned Appx packages using powershell commands but they use DISM anyway so I prefer to remove that extra layer; here's the link translating DISM command into the equivalent powershell cmdlet command, you need the dism powershell cmdlet installed too; it's in the Windows Administrative Install Kit (AIK):

https://technet.microsoft.com/en-us/library/hh8250...

Note the extra 's' here: Dism.exe /Image:<...> /Get-ProvisionedAppxPackages Powershell: Get-AppxProvisionedPackage

You can also find scripts online to run the Get-AppxProvisionedPackage and pipe the output into the Remove-ProvisionedAppxPackage command but I prefer to keep control of the list removed.

This approach should prevent sysprep errors caused by user accounts that have logged in pre sysprep having apps provisioned to them and Apps being updated from the internet between imaging, provisioning to a user and sysprep running.

Originally posted for Huffington Post from author Amy Cappellanti-Wolf, Symantec’s Senior Vice President, Chief Human Resources Officer.

Earlier this month community members packed the auditorium at Symantec headquarters to watch a special screening of the documentary “CODEGIRL.” The film follows teams of girls from around the world as they compete to win the Technovation Challenge, an international mobile app competition that empowers young women to solve an issue in their community by creating an app, learning to code, and developing a business plan.

Programs like Technovation and documentaries like “CODEGIRL” are extremely important because they seek to expose and expunge a lingering problem in the tech industry: the lack of diversity in the workforce. The industry is flourishing. New startups are launching, Fortune 500 leaders are hiring, and innovation is off the charts. Yet despite this incredible growth, women and minorities are immensely underrepresented. Only 11 percent of the workforce is female; only four percent is black; and only five percent is Hispanic. This is clearly not acceptable nor is it sustainable as the competition for talent and the need for constant innovation continues to rise.

We are living and working in a global economy. To be well positioned for success, your workforce should resemble your customer base and your community as a whole. At Symantec, we believe that we can make the world a safer place through cybersecurity. We work hard to meet the needs of our customers and design the solutions that make their lives easier and more secure. And diversity is critical to our success.

Our global customer base includes many different viewpoints, and to truly represent them, we need a variety of thoughts and ideas as well. We are proud to field a workforce that is as diverse in gender, ethnicity, sexual orientation, and language, as they are skilled at coding, development, engineering, and customer service.

That’s why we embedded a commitment to diversity into our corporate values. We defined the business case, built a strategy with clear goals and targets around the programs that we wanted to implement, and set up transparent reporting guidelines to measure the impact we’re having on our organization and society as a whole. Our goals range from having females make up at least 30 percent of our leadership team (we’re currently at 26 percent), to increasing diversity across the company by 15 percent in the next five years, to building development programs to increase our leadership pipeline with our diverse employees.

But most importantly, we purposely designed programs that could be integrated into the fabric of our company, ensuring leaders, managers, and employees—regardless of job title—all have a stake in meeting our diversity goals.

We created groups to help employees connect based on their shared backgrounds. These include the Symantec Women’s Action Network (SWAN), Hispanic Outreach and Leadership Affinity (HOLA), Symantec Black Employees Network (SBEN), SymPride supporting the LGBT community, and the Symantec Armed Forces group. We also are an active participant and sponsor in programs such as the Grace Hopper Celebration of Women in Computing, the world's largest conference for women in tech, and the Human Rights Campaign’s Corporate Equality Index (CEI), a national benchmarking survey on corporate policies and practices related to LGBT workplace equality.

The emphasis on diversity has spread throughout our company. Employees are empowered to work directly with nonprofits, educators, and other organizations, introducing students to the technology and cybersecurity fields. In addition, our signature program, the Symantec Cyber Career Connection (SC3), is in its second year training under-represented young adults—including people of color, women, and veterans—for entry-level careers in cybersecurity. Today many SC3 graduates who had never considered careers in cybersecurity now have Network+ and Security+ certifications, and full time employment at major companies.

Symantec’s goal is to be just as diverse as the world we live in – and we want to empower every employee across the globe to own this goal and drive progress. As we wrap up 2015 and look ahead to the New Year, we look forward to hearing many more stories about how our employees are embracing diversity, and how with this diversity we are better serving our customer and finding new ways to introduce others into the technology industry.

You can learn more about Symantec’s Diversity and Inclusion efforts on our website.

ソフトウェア定義のデータセンターが複雑になるにつれて、セキュリティは重要性を増し、しかも実装が難しくなっていきます。Symantec Data Center Security 6.6 は、VMWorld で発表され、2015 年秋には一般公開される予定です。動的な適応力とアジリティに優れたセキュリティをデータセンターに導入することによって、迅速なビジネスをサポートします。

常時稼働のマルウェア対策と脅威保護が、仮想データセンターには不可欠ですが、本番アプリケーションに悪影響が出ないよう適切に実装することはもっと重要です。仮想データ環境でエージェントベースのセキュリティを実装する際、よく問題になる点が 2 つあります。

• 仮想マシン（VM）ごとにエージェントをインストールすると、ネットワークリソースに対する負荷が高くなり、アプリケーションとネットワークの性能が損なわれます。また、エージェントベースのセキュリティは VM の数が増えたときの拡張性も高くありません。VM は IT 以外の従業員でも簡単にセルフプロビジョニングが可能なため、安全性が低下していることが多々あります。新しい VM をセキュリティソリューションによって迅速に保護できなければ、脅威に対して脆弱になります。

そんな問題を解決するのが、Symantec Data Center Security 6.6 です。エージェントレス脅威保護の機能を採用し、ネットワークとストレージ I/O に対する悪影響を回避しながら、リソース制約を排除して VM のパフォーマンスを最大化します。vShield/vCNS で VMware ESX を使用している組織や、NSX の実装を始めようとしている組織には、以下の機能をサポートする Data Center Security 6.6 をお勧めします。

• 1 つのソリューションで第 4 層から 7 層の総合的なマルウェア対策に対応。vShield/vCNS 環境と NSX 環境に対するエージェントレスのマルウェア対策を新たにサポート。 
• エージェントレスネットワーク IPS による完全な脅威保護と、ファイル評価サービス Symantec DeepSight Intelligence との統合。
• Operations Director により、アプリケーション中心のセキュリティおよびサーバーを動的に強化

Symantec Data Center Security 6.6 では、仮想データセンターに最適化したインサイト評価によるエージェントレス脅威保護もサポートされています。クラス最高を誇るシマンテックのウイルス対策とインサイト評価を利用する一方 VMware vShield Manager に完全に統合されます（NSX を必要としない）。  

Data Center Security は、ハイパーバイザベースのセキュリティ仮想アプライアンスを利用して、ホストされる 1 つのマシン上の全 VM を保護するので、AV ストーム（ウイルス対策によるシステムパフォーマンスの低下）の問題が起こりません。アプライアンスは VMware NSX と完全に統合されるため運用コストが抑えられ、いつでもどこでも保護が実現されます。

Data Center Security 6.6 のエージェントレス脅威保護には、以下の機能があります。

• VMware NSX と VMware vCNS/vShield の自動化とオーケストレーション。vShield のみを使って常時ウイルス対策をオンにするオプションもあります。
• VMware NSX によるエージェントレスネットワーク IPS。 
• Symantec Deepsight Intelligence のリアルタイムグローバル脅威情報および分析との統合。
• セキュリティ仮想アプライアンスの自動配備。常時稼働のセキュリティによって、安全性の低い悪質な IT からの脅威を低減します。

今日、脅威の世界は今までになく高度になっています。Symantec Data Center Security 6.6 のエージェントレス脅威保護で、パフォーマンスとリソースを損ねることなく VM を保護しましょう。

VMWorld では、ぜひ 713 番ブースにお越しください。実際に動作中の Data Center Security をご覧いただけます。

【参考訳】

New Symantec Certified Specialist (SCS) BETA exam – Administration of IT Symantec Management Suite 7.6

Do you or your teams work with IT Management Suite 7.6? Are you interested in becoming certified? Symantec Education is seeking candidates to take our new Symantec Certified Specialist (SCS) beta exam for the Administration of Symantec IT Management Suite 7.6.

What’s in it for me when I become a BETA candidate?

• You have the opportunity to see the entire pool of questions and to provide feedback.
• You have the opportunity to take the exam for FREE.  
• If you pass the exam, you will become certified and will receive a special certificate with the words “Beta Exam” in a gold embossed stamp.

How do I register?

1. Visit http://www.symantec.com/certtracker
2. Click on “Schedule Proctored Exams”
3. Select "Schedule an Exam"
4. Click “View Exams”
5. Select the Administration of Symantec IT Management Suite 7.6 (250-413) beta exam
6. Select the location of the nearest test center and schedule the exam
7. Proceed to checkout

If you need further assistance, please view the step by step registration instructions on our website. When you check out, the price will be reduced to $0!

How much knowledge and skill do I need to take the beta exam?

Knowledge, skill, and experience vary from individual to individual.  During the beta exam, Symantec seeks all candidates who are interested.  This includes candidates who are considered above qualified, below qualified, and minimally qualified.

How long will the beta exam take to complete?

The beta exam has a total of 240 minutes (4 hours) allotted. However, depending on your knowledge, skill, and experience, you may not need the entire time to complete the exam.

How long will the beta exam be available?

The beta exam opens for registration on November 23rd and will close on January 8th.  You must register for and complete the exam by the end of business on January 8th.

What can I do to prepare for the exam?

For more information about how to prepare for this exam, review the attached Study Guide.

Thank you for your support of the Symantec Certification Program!

Having travelled throughout the world in my professional capacity and personally experienced a diverse range of reactions to cyber defence – from highly engaged to relative indifference – I am acutely conscious of how the threat environment is posing such dangers to today’s organisations, particularly as those threats grow increasingly complex and widespread.

So, what have my observations demonstrated to me? That too often security is still viewed as a cost, rather than a protection, centre. In what is becoming an ever more unstable cyber world - that has to change.

The more aware and reactive organisations are looking to create powerful cyber defence systems – or Security Operations Centres (SOCs) – that will protect their operations. And that means building in resilience with cyber intelligence. In other words, these foremost enterprises recognise that treating security as a mixture of disparate technologies, expected to interact and keep you safe, is not the way forward. Instead, a SOC approach ensures the integration of an organisation’s technology and intelligence as a unified and highly effective whole.

There are several elements that must drive such a strategy in order to get it right:

GLOBAL THREAT INTELLIGENCE– with GTI, enterprises not only have recourse to a global database that is a repository of all of the threats that are taking place, anywhere and at anytime, but also to the analytics behind that to determine when a threat is viable, as opposed to when it is not (false positive or true positive).

DETECT– this is about empowering an enterprise to gain visibility of their environments by taking that global data and running it through a far-reaching process of collection and analysis, as well as vulnerability management. That way, they can make sense of all the global data received from external parties and, within their own environment (i.e., locally), combine these into a holistic view of their security posture. That delivers a ‘single pane of glass’ to see through, so organisations have the right levels of security knowledge in place at all times.

PROTECT– with real-time monitoring and detection in place, organisations need a solution that can make changes on the fly. So, if they are under attack, they must have the capability in place, in the form of technology and/or people and process that will apply specific security controls on their devices to block a threat immediately. Advanced Threat Protection (ATP) will, for example, do this proactively.

RESPOND– a key part of the protection mechanism is integration with Incident Response. This means having the appropriate levels of control to allow, or prevent, access to an organisation’s information; or to information that has been received. Is the technology in place sufficient to support that process? Essential to this is having the right people who can put those parts of the jigsaw together to give the business the full picture. At Symantec, for instance, we have an incident response team with exactly those skills that can be deployed within 24 hours to just about anywhere in the world.

IMPROVE– with all of the above elements wholly active, this is the final factor. One key area of ‘Improve’ is focusing on the organisation in general and its employees through a security awareness or simulation programme as the essential component that delivers continuity and development. The other area is governance. In other words, organisations must identify what kind of compliance they have within their environments, in order to ensure they are abiding by whatever standards the business has established, in terms of cyber security.

Ultimately, all of this feeds back into a Global Threat Intelligence fusion capability. And what that comes down to is a highly skilled team controlling an organisation’s cyber defences, empowering it to implement new projects within a safe, secure setting. And that comes back, full circle, to having that global view: the right level of intelligence that lifts you beyond simply local knowledge and awareness into an elevated position of real advantage.