Cybersecurity is a dynamic industry where big problems are being solved every day and where innovation is not only the norm, it is a means of survival. As CSO of the world’s leading cybersecurity organization, I can tell you that my peers and I are under constant pressure to grow, adapt, and innovate to find new ways to protect our companies from a rapidly evolving threat landscape. And in order to deliver on that charge, we undertake our own brand of scrappy innovation that we believe typifies the industry.

What is innovation?

From my perspective, innovation is a mindset. It’s founded upon creative problem solving, trial and error, and the willingness to look at opportunities in new and different ways. But those factors alone are not enough to drive innovation. Innovation needs to be fueled by fast iteration, sweat equity, and a high degree of persistence. 

As part of our acknowledgement of Innovation Day, I’d like to share my thoughts on what drives innovation, ways to encourage innovation, and how our customers are relying on us to drive innovation every day.

What’s our approach to innovation?

Innovation can be a funny thing. As a leader, you can’t assign innovation as a task or demand innovation as an outcome. Nor is it an activity to be undertaken (as in “Let’s be innovative today at 1pm”). But as a leader, you can (and should) help establish the expectations and conditions that will encourage innovation as part of your everyday way of working.

Innovation needs to be organic, part of the mindset. With each opportunity, my team asks themselves:

• What’s the problem we’re dealing with (or better yet, what’s the opportunity)?
• Has someone else tried to solve this before? If yes, why didn’t that work?
• Can we approach the problem in a different way?
• What makes our approach different?

I’ve also challenged my team to think beyond their own experience. We have a tendency to frame problems within our own experiences when really the problems we are dealing with often have natural parallels to another industry or discipline. Let me give you an example.

One of the biggest challenges we face in security is how our employees behave when they’re at work. In fact, more than 60% of the security incidents we experience at Symantec are caused by human error or action. So there’s a significant opportunity for us to improve our security just through changing employee behavior. But traditional practices of annual security awareness training and email messaging have not proven to be effective. We needed another angle. 

In flexing our innovation discipline, my team approached this problem with a totally different mindset. What are we really trying to do here? At its core, we’re trying to change someone’s behavior. Who’s good at changing behavior? Well… it turns out marketers are really good at changing behaviors. They convince us to buy all kinds of stuff, whether it be gum at the checkout or a fancy car. And who’s really good at marketing? Well, there are a lot of good examples to draw from, but the one that made a lot of sense to us was Starbucks.

Starbucks uses an incredible amount of data to understand their customers and their behaviors in order to drive you to buy a cookie with your coffee. We too have a tremendous amount of data. By leveraging some of the things we learned when we explored this parallel with Starbucks, we are now creating a data-driven employee engagement program that attempts to influence behavior at or near the time of action—just like Starbucks tries to get you to buy that cookie. This is still a work in progress, but I believe this is a terrific example of reframing the problem and drawing from other disciplines to drive an innovative solution.

How to encourage others to innovate

In my experience, there are several best practices that help position an organization (no matter the industry) for successful innovation:

1. Reframe the problem: Approach the problem with a different mindset. Look to other industries and see if you can apply the same approach. Think of a certain outcome in mind. How are we going to solve this problem?
2. Trust: Instilling trust among your team and peers promotes agility and confidence. If there isn’t a penalty for being wrong, you are much more likely to try something new.
3. Iterate and measure, over and over: You’re going to make mistakes but continue to iterate. What works? What can we change? How do we adjust for next time?
4. Persist: Innovation is a result of persistence. Celebrate the progress no matter how small, but keep going. Remember—you have that certain outcome in mind (i.e. solving the problem).

Our customers need Symantec to innovate…. And we’re delivering!

Symantec has been getting leaner and is now solely focused on solving the big security challenges our customers face every day. From new offerings, to major advances in existing solutions, to the dramatic shift in how we will deliver our solutions to our customers, we are driving innovation at a pace that I haven’t seen at this company in my 6 years here.

And none of this happened by accident. It was the result of focused intent, a lot of hard work, and a mindset to solve big problems in new and different ways. In a word …innovation. As a security practitioner and a customer, who needs Symantec right by my side in order to win, I’m so thankful for it. Keep going and persist!

“I know that Symantec Endpoint Protection provides advanced malware protection, but does it protect against ransomware?” We often get these types of questions from our customers because they want to know whether they are protected from a particular type of threat, especially when it is prevalent in their industry. Ransomware and Zero-Day vulnerabilities are the two top concerns today’s threat landscape. Last year, Symantec discovered 10 Zero-Day vulnerabilities in one month alone. Unfortunately, according to researchers, it is unclear how many people have been hit by ransomware as the victims don’t report incidents and don’t know where to turn for help.

In fact, there are simple ways for you to stay secure with Symantec Endpoint Protection, both 12.1 and the Small Business Edition when dealing with ransomware, Zero-Day threats, and other malicious malware. We created a short-video series where a security expert explains these common threats and guidelines on what you Must Do, Should Do, and Can Do to protect your business. Spend three minutes on each video and get the most out of your investment in Symantec Endpoint Protection.

How to Protect against Ransomware: Play Video (3:21)

How to Protect against Zero-Day Vulnerabilities: Play Video (2:56)

Resources

Watch Symantec Endpoint Protection 12.1 Demo (4:04)

Learn more about Insight and SONAR (Download solution overview)

Symantec Endpoint Protection Family

Blog Feature Image: 

train_certify_succeed.jpg

About SCS Exams

The Symantec Certified credentials are industry recognized exams and are available to customers, partners, and employees. The technical certification program (i.e., Symantec Certified Specialist – SCS) targets people who have hands-on experience with the product. They might be called technical sales engineers, partner integrators, product engineers, administrators, architects, designers, technical support engineers, or consultants, for example.

Although each technology varies in complexity and depth, SCS exams measure technical knowledge and skills needed to efficiently deploy, configure, utilize, troubleshoot, and optimize Symantec solutions. SCS exams are based on a combination of training material, commonly referenced product documentation, and real-world scenarios. Learn more by visiting http://go.symantec.com/certification.

How do you access this exam?

This exam is delivered only through Pearson VUE test centers.  To register for the exam, login to CertTracker or create a new account.  Please see our step-by-step registration instructions for more information.

What are the recommended preparation strategies for this exam?

• Candidates are strongly encouraged to review the corresponding course materials prior to attempting the exam.

• Review the exam study guide (attached). The study guide aligns to the recommended training course by summarizing the key lessons and topics and how they correspond to the SCS exam. The study guide also contains sample exam questions to help you prepare.

Exam Details

# of Questions: 70 - 80

Exam Duration: 90 minutes

Passing score: 65%   

Questions?

For more information about the Symantec Certification Program, contact Global_Exams@Symantec.com.

About SCS Exams

The Symantec Certified credentials are industry recognized exams and are available to customers, partners, and employees. The technical certification program (i.e., Symantec Certified Specialist – SCS) targets people who have hands-on experience with the product. They might be called technical sales engineers, partner integrators, product engineers, administrators, architects, designers, technical support engineers, or consultants, for example.

Although each technology varies in complexity and depth, SCS exams measure technical knowledge and skills needed to efficiently deploy, configure, utilize, troubleshoot, and optimize Symantec solutions. SCS exams are based on a combination of training material, commonly referenced product documentation, and real-world scenarios. Learn more by visiting http://go.symantec.com/certification.

How do you access this exam?

This exam is delivered only through Pearson VUE test centers.  To register for the exam, login to CertTracker or create a new account.  Please see our step-by-step registration instructions for more information.

What are the recommended preparation strategies for this exam?

• Candidates are strongly encouraged to review the corresponding course materials prior to attempting the exam.

• Review the exam study guide (attached). The study guide aligns to the recommended training course by summarizing the key lessons and topics and how they correspond to the SCS exam. The study guide also contains sample exam questions to help you prepare.

Exam Details

# of Questions: 70 - 80

Exam Duration: 90 minutes

Passing score: 65%   

Questions?

For more information about the Symantec Certification Program, contact Global_Exams@Symantec.com.

Symantec and its employees have a rich history of helping others in their local communities. Several groups from across the globe have stepped up to help and are meeting the Take 5 challenge to volunteer at least five hours during the year. Through the Dollars for Doers program, they have made their volunteering count even more – the qualifying organizations have received a $15 donation from Symantec for each hour of volunteer service employees recorded.

Earlier this month, SymInfo highlighted volunteer efforts related to Safer Internet Day. In addition to stories associated with volunteering for specific occasions, SymInfo will feature teams on a quarterly basis who are making a difference in their communities.

Volunteering with Camara Education Dublin

In January, nine Symantec employees participated in the Take 5 initiative at Camara Education. Camara is an international charity and social enterprise that uses technology to deliver 21st century skills and education in disadvantaged communities around the world.

Camara collects computers from organizations for refurbishment and reuse, then loads them with educational software before they are shipped in bulk to education hubs throughout Ireland and Africa. These machines are typically installed in eLearning centers in schools and community centers to provide educational tools to some of the most disadvantaged communities in the world.

The volunteers – made up of EMEA Sales employees – visited the Camara warehouse in Chapelizod, where they were tasked with loading an empty container with the donated computers.

Over the course of their visit, the team managed to load an impressive 1,000 computers into the container, which will arrive in Ethiopia in about six weeks. Soon after that, thousands of disadvantaged African children will put their hands on a computer for the first time.

Moving forward, Camara will start taking Symantec’s redundant equipment for reuse, and will be able to take further groups of volunteers in their warehouse. Additionally, the hours logged by volunteers on the day will mean that Camara will receive $675 through Symantec’s Dollars for Doers program.

Culver City employees teach seniors about technology

Every quarter, a group of Culver City employees provides hands-on technology education at the Culver City Senior Center. For nearly eight years, several employees have given their time to help senior citizens navigate their electronic devices. What started as a way for them to learn how to use cell phones and laptops has turned into lessons on how to use smart phones, laptops, tablets and every array of electronic device. Over the course of the years, usually 20-30 seniors attend each event to receive help. At their last visit to the senior center, Symantec volunteers helped nearly 50 seniors learn how to use their devices.

After the last activity in January, volunteers received notes from the seniors they helped, expressing their gratitude. One senior shared her feelings:

This program is amazing. I always look forward to their [Symantec’s] visits. They are all so kind and knowledgeable. I have learned so much. I only wish they could come more often. Thanks a million!

Culver City employees feed the downtrodden

Recently, the Beachhead team held a team event where they gave back to the community through a volunteering initiative. As a group they prepared food packages, consisting of sandwiches and water, and personally distributed them to the local residents of Skid Row in Los Angeles. Skid Row is an area of downtown Los Angeles known for homelessness and poverty. They were able to provide 250 sandwiches for approximately 200 people and show that people care about their well-being.

“What a rewarding experience personally for me and also for all the team that attended the event,” said Amit Sodhi, Manager, Development. “In this fast paced technology savvy time coupled with rising expenses, it’s very humbling to see that a bottle of water and a PBJ/turkey sandwich can put such a big smile on the receiving end. We were able to serve around 200 people at the skid row residence and it amounted to what you would probably spend on a meal while having dinner at a $$ yelp place.”

Chirayu Sapre, Principal Software Engineer, added, “The biggest surprise for me was the scarcity of clean drinking water. I didn’t think that would be the case in a major city in a developed country. It felt good to be able to help some folks out, but it was also clear that many more such initiatives are desperately needed.”

Empowering tribal communities around Pune

The IT Team in Pune conducted a donation drive for the benefit of Vanavasi Kalyan Ashram, a non-governmental organization (NGO) that focuses on the betterment of tribal communities in the state of Maharashtra. The NGO’s programs are aimed at educating tribal kids and empowering women. As part of the drive, team members contributed to purchase a sewing machine for “Mahila Shivan Class” (Women’s Sewing & Stitching Centre) situated at Kasurdi village, near Bhor, 50 kms from Pune. Along with the sewing machine, the team also bought the required raw material, and paid for the training sessions for women – all aimed at increasing living standards through skill development. Through the initiative, the team members also donated clothes for 100 people, books, stationery items, toys and food grains.

Symantechies walk for selfless service

A group of Symantec employees in Pune actively volunteered for ‘Walk for Seva,’ a three-kilometer walkathon by our NGO partner Seva Sahyog. A drive to create awareness about Seva Sahyog’s urban slum development project ‘Samutkarsha,’ the walkathon had more than 3,000 participants. Symantechies assisted the NGO with logistics, route planning, attendee registrations, managing the kids, flagging off the walk, traffic management, food distribution, etc.

Introducing cyber careers to South African girls

The Cape Town site recently hosted a group of 30 11th and 12th grade girls from the Ukhozi Girls Club (an extremely socially deprived group of girls). Five female Symantec employees taught the girls how to stay safe online and what security signs to look out for. The volunteers also shared stories of their career paths at Symantec with the aim to help them find a path in life and give them examples of what they can accomplish. The event concluded with tips on applying for jobs, creating a CV/résumé and interviewing skills.

The event was such a great experience for everyone who participated – both for the volunteers and the girls – that a couple girls asked three of the volunteers if they would be their mentors and they willingly accepted.

These are great examples of the change employees can make in the lives of those who are less fortunate in our communities. For more information contact community_relations@symantec.com. 

In my last blog post, I shared that Symantec will have support for Certificate Transparency fully deployed across all of our products and customer-facing experiences in the next few weeks. 

Certificate Transparency (CT) can help organizations monitor what active SSL/TLS certificates exist for the domains they own – and for many customers and use cases, the current implementation of CT works well. However, in cases where certificates are deployed for internal-only applications, some customers prefer to keep the information for their certificates private (particularly sub-domain information). For example, while a customer may be fine with publishing certificate information publicly for “support.mycompany.com”, that same customer may understandably object to logging “top-secret-project.mycompany.com”. Today, the current Certificate Transparency specification RFC 6962 does not address these privacy concerns or use cases. 

To handle these practical customer use cases, Symantec’s current implementation of CT logs all certificates by default but provides an option for customers to “opt out” of logging certificates. This approach is clearly not optimal because it creates a gap where all certificates may not be logged – however this is presently the most effective way to address customers’ privacy concerns within the limitations of the current Certificate Transparency specification. 

Currently, the Internet Engineering Task Force is working on the next version of the Certificate Transparency specification — RFC 6962-bis. This new version will allow for sub-domain information to be redacted from CT logging. Using the case above, a customer will be able to have their certificate for “top-secret-project.mycompany.com” logged as “?.mycompany.com”. This approach will enable companies to address their privacy concerns while ensuring that all of their certificates are being logged and monitored. 

Symantec supports name redaction as the best way to address both transparency and privacy and we intend to implement the new specification as soon as it is finalized. 

Learn more about our support for Certificate Transparency here.

Today, AV-TEST, the well-regarded independent testing organization, announced that Symantec Endpoint Protection (SEP) won the Best Protection 2015 Award for corporate endpoint security. As the winner, SEP was recognized for its consistently superior protection ability throughout all of 2015.

The testing evaluated the efficacy of numerous endpoint security solutions against real-world scenarios and advanced threats. Each product is subjected to over 1,000 live zero-day attacks delivered via infected websites and e-mail in order to measure a product’s complete protection ability. In addition, AV-TEST measures each security solutions’ detection of more than 150,000 current and widespread threats. What makes the 2015 award so difficult to win is the need to withstand the attackers from month to month, as they switch techniques, always trying to evade detection. Scoring a perfect “6” in a given month isn’t too difficult. The challenge is maintaining a perfect “6” consistently – this is the mark of a truly strong, superior protection product. Symantec Endpoint Protection stopped 100% of live threats, consistently scoring a perfect “6” in the protection tests over the entire year.

Symantec’s leadership and strength in endpoint security was also demonstrated in the latest Gartner Magic Quadrant for Endpoint Protection Platform released on February 3rd. In the recent report, Symantec hit another milestone by being a Gartner Magic Quadrant Leader for the 14th year in a row. In addition, we’re once again positioned the highest in the Ability to Execute. It is our belief that Symantec’s Magic Quadrant leadership position is an indication of a strong product offering that performs well in detection, protection and performance.

Today’s cyber-attacks are increasingly sophisticated, tapping into the most attractive and soft targets to infiltrate an organization’s often most vulnerable infrastructure – its endpoints. Attackers are using advanced strategies, like digitally signing their malware, and injecting threats into legitimate processes to hide them. So how do you keep your business and data safe? 

At Symantec, we believe that customers need intelligent next generation threat protection, which must include the following four capabilities:

1. Block the maximum number of threats proactively, e.g. without reliance on signatures

2. Leverage the power of global visibility and big data to protect against cyber threats in real-time

3. Detect and remediate all advanced attack campaigns

4. Deploy the latest protection across all control points without compromising performance

Symantec delivers on all four of these criteria:

• Symantec Endpoint Protection stops attacks without ever having seen them before using advanced multi-dimensional machine learning algorithms that look at threat relationships, sample characteristics, web domain interactions, execution behaviors, and more; SEP also prevents unknown and zero day attacks with advanced exploit prevention and hardening.Symantec doesn’t stop at 99.99% protection – our goal is to give customers 100% protection with our layered approach that employs best of breed technologies throughout the attack path.  Machine learning -based, network-based, hardening-based, and policy-based protection all work together to provide customers the best endpoint protection. 

• Global intelligence and insights from the analysis of diverse threat data, and over 1,000 cyber security experts across the globe operating from 9 operations centers watching over the threat landscape 24x7x365, power all of our capabilities, leveraging hundreds of years of combined cyber security expertise and unmatched security insights for our customers.  

• Symantec Endpoint Protection is a single agent on the endpoint that can deliver not only protection, but also detection and response capabilities. Customers do not need new endpoint agents when they decide to use our endpoint detection and response (EDR) technology and can leverage existing Symantec deployments.

• All this while ensuring robust deploy-ability everywhere, whether in small enterprises or large, in distributed franchise operations or in centralized environments, on fast digital networks or on low bandwidth or dark networks, and spanning all industries, government, in private or public clouds, and beyond.

• Symantec endpoint security product portfolio supports a broad range of devices across PC, Mac, Linux, Android, iOS, and even virtual machines. Symantec secures all platforms with high-performance, unobtrusive protection, with little to no threat of disruption of productivity from false positives.

As the winner of the AV-TEST Best Protection Award 2015 and as a Leader in Gartner’s Endpoint Protection Platform Magic Quadrant for 14 years, Symantec has proven our leadership in true next generation security, protecting enterprises and their information worldwide. We’re committed to continuous innovation in security and to solving new needs so our customers can focus on growing their core businesses.

To learn more about Symantec Endpoint Protection, please visit Symantec.com. You can also read the full report from the AV-TEST Institute.

CryptoLocker is most often spread through booby-trapped email attachments, but the malware also can be deployed by hacked and malicious Web sites by exploiting outdated browser plugins.

These threats hijack a whole computer or its data and demand that a payment is made in order to unlock or decrypt them.  The authors of these malicious threats have a very strong financial motive for infecting as many computers as possible, and have put substantial resources into making these threats prevalent.  New variants are seen all the time.  

File-encrypting malware is hardly new. This sort of diabolical threat has been around in various incarnations for years, but it seems to have intensified in recent months. For years, security experts have emphasized the importance of backing up one’s files as a hedge against disaster in the wake of a malware infestation. Unfortunately, if your backup drives are connected physically or via the local network to the PC that gets infected with CryptoLocker, your backups may also be encrypted as well.

Here are some simple steps to help you to reduce the threat of ransomware:

1. Do not pay the ransom!

Paying the ransom may seem like a realistic response, but it is only encouraging and funding these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files. Do not negotiate with the same aggressors that were holding your files hostage in the first place.

Instead, Do:

• Remove the impacted system from the network and remove the threat.
• Restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.

2. Do install, configure and maintain an endpoint security solution

With the endpoint being the final line of defense from any threat, a multi-faceted security solution should be employed. This solution should have protections for not just file-based threats (traditional AV), but should also include download protection, browser protection, heuristic technologies, firewall and a community sourced file reputation scoring system.

3. Do educate employees

One of the primary ways that these threats get into your network is through “Spear Phishing” attempts, where an unsolicited e-mail will come from an unknown sender with an attachment that is then executed. Make sure employees are educated on what to do when they receive emails from unknown senders with suspicious attachments or links.

4. Do employ content scanning and filtering on your mail servers

Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.

5. Do make sure that all systems and software are up-to-date with relevant patches

Exploit kits hosted on compromised websites are commonly used to spread malware. Regular patching of vulnerable software is necessary to help prevent infection.

 6. Do limit end user access to mapped drives

The current ransomware threats are capable of browsing and encrypting data on any mapped drives that the end user has access to. Restricting the user permissions for the share or the underlying file system of a mapped drive will provide limits to what the threat has the ability to encrypt.

 7. Do deploy and maintain a comprehensive backup solution.

The fastest way to regain access to your critical files is to have a backup of your data.

Check this video: 

Protect against Ransomware with Symantec Endpoint Protection

https://www.youtube.com/watch?v=4QtFacd9NRM

Symantec Articles and Blogs: 

Additional information about Ransomware threats

https://support.symantec.com/en_US/article.TECH211589.html

Recovering Ransomlocked Files Using Built-In Windows Tools

https://www-secure.symantec.com/connect/articles/recovering-ransomlocked-files-using-built-windows-tools

Ransomware Do's and Dont's: Protecting Critical Data

https://www-secure.symantec.com/connect/blogs/ransomware-dos-and-donts-protecting-critical-data

• What is Insider Threat?
• Why we all should care about this threat
• Solutions to defend against Insider Threat

Register Today at:http://bit.ly/symantecblog0310