Blog Feature Image: 

ISTR_Twitter_440x220.jpg

Oscar Wilde said, “With age comes wisdom, but sometimes age comes alone.”

Symantec just released the 2016 Internet Security Threat Report (ISTR), our annual look at the rapidly evolving threat landscape. And it never comes alone. The ISTR comes with the wisdom Symantec’s Global Intelligence Network, but also from the fact that Symantec has been tracking attack and threat trends for so long.

For instance, we’ve been tracking zero-day vulnerabilities since 2006. We had a record breaking year in 2015. But if you had been looking at what’s been happening, and what we’ve been reporting for the last few years, that probably is not a surprise. If you’ve been watching this trend with us since 2006 you’ve seen a dramatic change in the threat landscape. In fact, in 2015, the number of zero-day vulnerabilities discovered more than doubled to 54, a 125 percent increase from the year before.

We’ve been tracking spam volumes for years. You may think there is not much new happening in spam. But spam as a percentage of all email hit a low we have not seen since 2003. This is part of the threat landscape that is getting better. And we could all use a little good news when it comes to cybersecurity.

How about ransomware? It’s a top of mind issue for consumers and businesses these days. We’ve been covering it in the ISTR since 2013. Actually we first wrote about this type of threat in 2005. But it faded away then, only to come back with a vengeance starting in 2012 and will continue to make headlines in 2016. 

Want to know about the history of ransomware? Want the latest stat on infections? Want to know about its spread to platforms beyond Windows? It’s all in the ISTR Vol 21.

All this—and so much more—is covered in this year's report. As a leader in cybersecurity, Symantec is uniquely positioned to share actionable insights on the rapidly changing threat landscape. Don’t miss out on these insights!

Download the full 2016 Symantec Internet Security Threat Report. 

Webcast Alert: Don't miss "Key Findings from Symantec’s 2016 Internet Security Threat Report" upcoming webcast presented by Kevin Haley, May 3, 2016, 9:00 a.m. Pacific. Register for the free webinar here. 

Blog Feature Image: 

ThinkstockPhotos-467606343.jpg

シマンテックの最近の調査レポートにより、中国に拠点を置く高度な脅威グループ、通称 Suckflyがコードサイニング証明書の秘密鍵を奪い、2年前からマルウェアを拡散していたことが明らかになりました。この発見で、サイバー攻撃者が正規のファイルやアプリケーションのように偽装してマルウェア拡散を実行する増加傾向がセキュリティ面で注意すべきポイントとしてひとつ増えたことになります。

サイバー攻撃者が、コードサイニング証明書の秘密鍵を狙うのはなぜでしょうか。問題は、その目的として相反する二つの面に起因しており、従来からのコードサイニング利用の管理方法にあります。

コードサイニング証明書の主な目的は、a）内容の完全性を検証し、それが改変されていない事を証明することと、b）ファイルまたはアプリケーション作成者の帰属を明らかにして使用環境による警告を防止することです。コードサイニング証明書があると、ファイルやアプリケーションの内容が改変されていないこと、そして内容と作成者の存在の関連付けが第三者機関によって検証されているため信頼度が上がります。ソフトウェアメーカーや業界グループの多くが、この理由からコードサイニング証明書の使用を義務付けています。

実際の使われ方を見ると、ユーザーが署名のないアプリケーションをダウンロードしようとした場合に、一部のブラウザは警告を表示することによってユーザーを保護します。また、リスクを低減するために、署名のないファイルやアプリケーションをダウンロードあるいは実行するのを防いで、不明または不正な発行者から送られたコードの実行を最小限に抑えるセキュリティアプリケーションもあります。このように、セキュリティ意識が高く、社内でソフトウェアまたはアプリケーションを多数開発している企業であれば、発行に関する観点からも、リスク低減の観点からもコードサイニング証明書を導入しているのが普通です。

従来のコードサイニングでは、署名に使われる秘密鍵を安全に保管する全責任は、発行を依頼した組織にあります。その組織の中では一般的に、秘密鍵のセキュリティと管理は開発グループに一任されます。ファイルやアプリケーションを発行するのが、たいていはアプリケーションまたはソフトウェアの開発者だからです。そのグループが基本的なセキュリティ対策（ベストプラクティス）について訓練を受けていない場合、あるいは鍵の紛失や盗難、悪用について説明責任を果たせなかった場合、マルウェアが自分たちの秘密鍵で署名されてしまうというリスクに、企業全体が直面することになります。

企業が鍵の盗難や悪用を防ぐうえで、以下のような業界の基本的なセキュリティ対策（ベストプラクティス）があります。

• 秘密鍵の保護
  • HSM または専用のセキュリティ環境で保管する
• 秘密鍵と署名履歴の追跡
  • 誰が、何に、いつ署名したかをわかりやすくする
• 発行者の任命と失効の管理
  • 秘密鍵には権限のあるユーザーだけがアクセスできるようにする
• 監査の準備
  • コードサイニング署名について責任の明確化と証跡の保全を推進する

基本的なセキュリティ対策（ベストプラクティス）だけでなく、秘密鍵をオンサイトで分散保管させず、確実な鍵管理のガバナンスとセキュリティを備えた一元的な場所に保管することで、セキュリティを強化すべき企業もあるでしょう。全世界のコードサイニング証明書の 65% を提供している*プロバイダとして、シマンテックは、従来のコードサイニング手法に存在するガバナンスの欠如などの問題のギャップに対処できる次世代のサービスを提供し、秘密鍵の盗難というリスクに対応しています。それが Symantec Secure App Serviceです。クラウドベースの総合的なコードサイニング管理ソリューションであり、鍵の管理とコードサイニング履歴の追跡、さらにユーザーの管理までが一元化されます。

サイバー犯罪者は今後も、企業のセキュリティを破って重要なデータを盗み出す手法を次々と生み出すでしょう。業界のベストプラクティスを厳重に守り、Symantec Secure App Service などのソリューションを活用すれば、そうした企みを防ぎ、コードサイニング本来の信頼を保証できます。

*出典: rsEdge による国際的な調査（2014 年）

【参考訳】

From standing up for the rights of the LGBT community to providing the public with vital cybersecurity knowledge, following we provide a round up of recent media stories highlighting Symantec's efforts to support the industry, its employees and communities worldwide.

Symantec supports key LGBT legislation

Symantec was mentioned in The Huffington Post, among other publications, for its participation in the Human Rights Campaign's groundbreaking Business Coalition for The Equality Act. The Coalition supports the crucial legislation ensuring the protection of rights for the US LGBT community:

The Equality Act "establishes explicit, permanent protections against discrimination based on an individual’s sexual orientation or gender identity in matters of employment, housing, access to public places, federal funding, credit, education and jury service. In addition, it would prohibit discrimination on the basis of sex in federal funding and access to public places[1]."

Symantec joins a coalition that represents 19 industries, covering 22 states, with revenues of over 1.8 trillion dollars[2].

Furthermore, in Portland Symantec was highlighted by various media including the Portland Business Journal and Portland's NBC station KGW as the recipient of an award from The Basic Rights Education Fund for companies who "foster fair workplaces for the LGBTQ employees".

The Fund calls out Symantec's "firm commitment to inclusive workplaces" through various means including "improv[ing] its health care for transgender employees, promot[ing] out transgender employees, support[ing] other employees in their transition and receiv[ing] rave reviews from its transgender and gender non-conforming staff."

Promoting Female Diversity

Symantec's May Mitchell (VP, Worldwide Marketing) was quoted in a CRN article"Why Keeping Women In Tech is Crucial To The Industry's Success" calling out the unique logic and approach women bring to the table and the Irish Times featured Symantec's Anita Sands (Director) as part of an International Women's Day roundup of influential Irish women.

Partnering to Protect the Future 

Lastly, Network World published an article discussing highlights of President Obama¹s new Cybersecurity National Action Plan, mentioning Symantec as a member of the National Cyber Security Alliance, which, aims to educate consumers about cybersecurity.

Blog Feature Image: 

Screen Shot 2016-04-14 at 4.01.36 PM.png

FAQ: All you need to know about the new changes to your online partner experience on Symantec PartnerNet and symantec.com

Why are you changing PartnerNet?

In an ongoing effort to provide a great online experience from our partners, we've collected feedback from partners around the globe and are working to redesign PartnerNet to better meet your business needs as you work with Symantec via our partner portal.

When will I see changes to PartnerNet and symantec.com?

• In mid-April, look for programs overview information on Symantec.com.
• In late May, look for key assets in the Products section of Symantec.com, including upcoming events, training links, sales presentations, demo scripts, guides, FAQs etc.

What’s next?
Phase one is the first step of larger project; we’ll deliver incremental improvements on an ongoing basis over the next months. PartnerNet content will continue to be transitioned into the Symantec.com web site, providing our partners with a single point of information for content.
 
Additional benefits will include:

• Single website for up-to-date content
• Easy access to authenticated partner content
• Mobile-friendly
• Quick navigation to key partner assets from product pages
• See relevant updated news and events at a glance

 
What are the impacts to my navigation?
In the first project phase, partners will transition between the two sites, with programs overview content and all products information located on Symantec.com. For all remaining information and tasks, please continue to leverage the existing PartnerNet site. 

• US English Only
  Non US-English users will not be impacted. Additional English support will be included shortly, and localization will be provided in future months.
• Scope of content
• You can search for general program overview content and partner-only product assets on Symantec.com. For other materials such as your specific program details, training, licensing and renewals, please visit PartnerNet.
  Additional Secure One programs content, such as competency and tier information, will be migrated to Symantec.com at a later date.
• My Products, My Sites and customized Home page will no longer be available
  As part of an analytics review, it was identified that these features were not highly used; in future releases this will be replaced by new functionality.
• Distributors ordering and reporting will remain on the existing PartnerNet site
  Additional content will be migrated to Symantec.com at a later date. 

Where can I find additional information?
Read the blog post.
 
Who can I contact for additional information?
Please feel free to send questions or feedback to A L Johnson or Kimberley via the Connect contact form.

Blog Feature Image: 

Screen Shot 2016-04-14 at 4.01.36 PM.png

We're excited to share with you news about how Symantec is delivering new ways to make it easier for our partners to access information online. In a multi-phase project showing benefits at each stage, PartnerNet content will be incorporated into the Symantec.com web site, providing our partners with a single point of information for content, a modern look and feel, and a mobile-friendly environment.  

This project will be rolled out incrementally in phases, so look for ongoing improvements.

A few of the benefits that you’ll see include:

• Easy access to authenticated content
• Quick access to key partner assets from product pages
• See relevant updated news and events at a glance
• Mobile-friendly

In the first phase, which is focused on US, you’ll see the following changes on Symantec.com. 

In mid-April, look for programs overview information.

In late May, look for key assets in the Products section of Symantec.com, including upcoming events, training links, sales presentations, demo scripts, guides, FAQs etc. You’ll have one-stop access to product-related information, in a mobile-friendly format.

For information on your company’s Secure One program benefits, please continue to go directly to PartnerNet.

For additional information about navigation changes, timelines, and what’s coming next, check out the FAQ .  Note that additional regional support will follow shortly.

Starting mid-April, check out www.symantec.com/partners to see the improvements.

What Is a DDoS Attack and Why Worry?

Distributed Denial-of-Service (DDoS) attacks overwhelm a target with activity so that websites can’t be accessed by legitimate traffic. In other words, your bank, entertainment company, newspaper, e-commerce portal—even your Internet connection where you’re killing it on Xbox Live—slows to a crawl or crashes.

DDoS attacks have been widely reported since 2000, and increase year-over-year in size, number, and intensity. They are time-tested, nearly impossible to prevent, very cheap to rent, and can have devastating, lasting consequences.

In Wrist Grabs and DDoS Attacks, Gino Grieco gives this description:

“Modern DDoS attacks generate such huge amounts of network traffic by utilizing something called a botnet…a network of computers that have been infected with malicious software that allows a hacker to hijack them remotely. These infected computers behave completely normally most of the time, except when they are given the command to spam a target. Once a command is received, each computer in the botnet starts sending out a specified type of Internet traffic at a specified target. After a hacker group builds a botnet, DDoSing services becomes much easier and defending against it becomes nearly impossible.”

While there’s no way to prevent attacks completely, strategic planning will mitigate the impact. It’s essential to have an action plan in place and to prepare for the inevitable.

If you think that DDoS is irrelevant to your company, or you’re in the middle of a DDoS attack and overwhelmed, or you want to make the best-informed choices to enact a DDoS game plan, this article is for you.

Who Is at Risk of a DDoS Attack?

Governments, organizations, and even individuals are targeted with the intention of disrupting business as usual. Motives include hactivism (political protest), blackmail, harassment, attention seeking/bragging rights, and competitive advantage (especially in online gaming).

According to the Neustar 2015 DDoS Attacks and Protection Report, the respondents reported:

Different Kinds of DDoS

Top 5 DDoS attack traffic seen by Symantec’s Global Intelligence Network

The majority of DDoS attacks are ICMP flood attacks, where a large volume of (typically) ‘ping’ requests from multiple sources attack one target at the same time until it overloads and can no longer handle legitimate traffic. These attacks are often conducted through botnets.

2015 attacks by type

Source: 2016 Internet Security Threat Report

Common DDoS attacks
The most common DDoS attacks fall under three categories:

• Volume-based attacks - A variety of methods are used to saturate bandwidth so that traffic slows to a standstill, which can eventually crash servers. ICMP floods dominated in 2015. Other types include UDP and other spoofed-packet floods.
• Protocol attacks - Protocol attacks target resources over bandwidth and can overload firewalls and load balancers. Tools of the trade are SYN floods, Ping of Death, Smurf DDoS, and fragmented packet attacks. Protocol attacks accounted for roughly 8.5 percent of attacks in 2015.
• Application layer attacks - Application layer attacks send ‘legitimate’ requests to crash servers. They use fewer resources than other exploits. Common types include DDoS attacks, Slowloris, and attacks targeting known vulnerabilities in Apache, OpenBSD, and Windows. 

Botnets-for-hire
Botnets-for-hire were used in roughly 40 percent of all DDoS network layer attacks in the second quarter of 2015, according to Incapsula, a Symantec partner. While criminals can go to the effort of infecting multiple vulnerable devices and creating their own botnet to carry out DDoS attacks, it’s often much easier to hire pre-made botnets for a set amount of time.

Simple, but affective
According to the ISTR 21 Report, DDoS attacks are, “simple to set up, difficult to stop, and very effective.” DDoS attacks often cause collateral damage to companies close to the real target. Once the bandwidth fills up, any site hosted by the same provider may not be accessible through the Internet. As a result, these sites might face downtime even if they were not targeted directly.

What Are Some of the High-Profile Recent DDoS Targets?

• Sony Playstation has been targeted so often, Shuhei Yoshida, President of Worldwide Studios, said: “Actually, an attack happens every day. Literally every day. Some days are bigger and some days smaller. Some days they devise new means, new ways—it's like cat and mouse.
• Microsoft Xbox has been taken down many times since Christmas, 2014. A small band of hackers calling themselves Lizard Squad took responsibility for the 2014 DDoS attack, which affected up to 160 million Xbox and PSN users. Another group, New World Hacking, took responsibility for a February 2016 attack, stating: “We attacked Xbox as once again a test of our power. We plan on taking down a few major ISIS channels next month. And it just seemed like the perfect time to test.”
• BBC On New Year’s Eve, 2015, a hacktivist took down all digital services at the bbc.co.uk, including the news website, apps, and live streaming. New World Hacking claimed responsibility for this biggest DDoS attack yet. They are an anti-ISIS group and launched the attack to test their capabilities, without any particular maliciousness against the BBC. The DDoS reportedly reached a peak of 602 Gbps and ‘unintentionally’ lasted nearly four hours. This DDoS was particularly malicious. Not only was a leading DDoS mitigator taken down, but they also experienced a prodigious data breach. During the outage, information appearing to be Staminus’ customer credentials, support tickets, credit card numbers, and other sensitive data were posted online. A group claimed to have seized control over most or all of Staminus’s Internet routers and reset the devices to their factory settings.
• HSBC suffered a huge DDoS attack on January 29, 2016. "Source explains there's been a wave of DDoS attacks on HSBC & other UK banks this week using 'crude but disruptive' tools bought on dark web,” BBC Technology Correspondent Rory Cellan-Jones tweeted. HSBC Turkey had already been hit with a DDoS attack earlier in November 2015.

What Are the Motivations Behind DDoS Attacks?

Hactivism
Anonymous is perhaps the most sophisticated—and most publicized—hactivist group. They even petitioned the White House: “Make, Distributed Denial-Of-Service (DDoS), a Legal Form of Protesting," characterizing DDoS as, “the equivalent of repeatedly hitting the refresh button on a webpage…Instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website to slow (or deny) service of that particular website for a short time.”

Anonymous wages many high-profile attacks, with Donald Trump as their most recent target. In his article, “The Anonymous Hack of Donald Trump,” Adam G. Klein says: “Most hacktivist ‘operations’ are backed by a clear mission statement…Their tactics reflect this drive for social change. Journalist Andres Jauregui likened one Anonymous method, DDoS, to a civil disobedience strategy employed by student activists in the 1960s: ‘Clog the hallway of a government office with enough people, and it effectively ceases to function; direct enough traffic to a website, and the same thing happens.’”

Anonymous has launched crippling DDoS attacks against governments, groups, enterprises, and organizations, including:

• Turkey in December 2015 for supporting ISIS
• Saudi Arabia since 2013 in #OpSaudi
• ISIS in November 2015: “Expect massive cyber attacks. War is declared.”
• PayPal in 2010, supporting Jullian Assange (Wikileaks)
• KKK in 2015: Operation KKK exposed the identities of 1,000 members

Extortion
DDoS attacks and holding a site hostage are big money makers. With the ability to rent a booter or stresser for mere dollars a day, enterprising criminals run highly-profitable attacks with threats of repeated shutdowns.

Considering that Joseph Bonavolonta, of the FBI’s Cyber and Counterintelligence Program has encouraged victims of cyber attacks to pay up, bad actors are encouraged, even citing his advice in their ransom demand emails.

Diversion
According to Gary Sockrider, Principal Security Technologist at Arbor Networks, “Historically, ‘ideological hacktivism’ has commonly been the top motivation (of DDoS attacks), only displaced last year by ‘nihilism/vandalism’. This year, however, things have changed. A growing number of respondents are seeing DDoS attacks being used as a distraction for either malware infiltration or data exfiltration.”

In Sony’s infamous data breach, DDoS attacks were used up to three years in advance of the actual exfiltration to gain intelligence into the network, while diverting resources away from detecting and stopping the infiltration. 

Competitive advantage/bragging rights
DDoS attacks are prominent in online gaming. According to Symantec’s Candid Wueest, a DDoS attack rented for just a few minutes can create an insurmountable advantage during an online gaming contest.

Igal Zeifman of Incapsula highlights both bragging rights and ROI as strong motivators: “Take Lizard Squad’s attack this past Christmas on the PlayStation and Xbox networks: In that 24-hour period, the group was mentioned more than 100,000 times on Twitter alone. As viral impact goes, these attacks reach the level of ‘Gangnam Style’ notoriety—the best return on investment any attention-seeking perpetrator can hope for with a single DDoS burst.”

How Expensive Is a DDoS Attack?

DDoS attacks are very cheap to mount but very costly to endure.

According to the Incapsula Survey: What DDoS Attacks Really Cost Businesses, the estimated cost is $40,000 per hour.
Many companies also experience non-financial, intangible costs, such as:

• Loss of customer trust
• Loss of intellectual property
• Virus/malware infection
• Hardware replacement
• Data breaches and theft of customer information that occur under the cover of a DDoS attack             

How Cheap Is a DDoS Attack to Mount?

Very cheap—in the range of $10 to $1,000 a day. Pricing is based on duration and sometimes bandwidth and can easily be purchased online. You can shop online bazaars and buy seemingly legal ‘stressers,' which are intended to test your own website’s tolerance.

A Russian crime group called Forceful rents their DDoS services for:

• Daily – $60
• Weekly – $400
• 10% discount on orders of $500
• 15% discount on orders of $1000

Considering the amount of damage you can cause for next to nothing, there is no barrier to entry for attackers and ROI is huge. According to Arbor Network’s Worldwide Infrastructure Security Report (WISR), the average cost to the victim is around $500 per minute, but the mean cost to the attacker is only $66 per attack.

How Do You Plan for a DDoS Attack?

Symantec researcher, Candid Wueest, contends that companies—and people—think that DDoS attacks are for somebody else: “Sony, Xbox, BBC News, Donald Trump—those attacks that grab headlines make sense, but it’s not going to happen to my company.”

But the truth is, if you have a public-facing company of any size, or you're an online game enthusiast, or even if you anger the wrong person, or you espouse an idea that’s controversial to somebody anywhere in the world, you’re a natural target.

Be Prepared: It Might Happen to You

1. Don’t expect it’s not going to happen to you. There's an excellent chance that it will.

2. Prepare a thorough game plan in anticipation of DDoS attacks.

• Consider your infrastructure, assess your vulnerabilities, and plan accordingly. For instance, if you have ISP-hosted servers, you’ll probably endure a shorter attack than if you maintain your own servers.
• Having an agreement in place with a mitigation service is ideal. If not, you should at least do your legwork in advance and know whom you’ll turn to in case of attack.
• Ensure your website security software offers DDoS mitigation. Symantec Complete Website Security, for example, has added Imperva Incapsula service, which offers enterprise-grade web application security, DDoS mitigation, performance optimization, and load balancing.

3. Create a DDoS Playbook, which should include:

• Contact names and numbers for your ISP and mitigation service.
• Know what questions to ask your ISP and what protocols they have in place for DDoS attacks.
• Communication strategy on how to inform your customers, as attacks can last from several hours to a few days. Good communication can lessen the tarnish on your reputation.

4. Cover yourself with Cyber Insurance.

• Make sure your coverage mitigates and transfers the risk of exposure from cyber events.
• Ensure your coverage complements the efforts of your information security protections.

What’s on the Horizon for DDoS?

Candid Wueest’s white paper, “The Continued Rise of DDoS Attacks," offers a comprehensive view of the landscape and what can be done to shield yourself from DDoS attacks. When asked what we should anticipate in the future, he cites:

• The Internet of Things (IoT) will be the next growth area in exploits, as there will be an estimated 20 billion connected devices by 2020.
• CCTV surveillance cameras running Linux on BusyBox were hijacked and turned into botnets in a global DDoS—which is a new trend. Many of these devices use default passwords and are fully exposed.
• Routers are routinely hijacked and zombified. Your Linux-based home router is a target for a new worm called KTN-Remastered, which infects embedded systems by taking advantage of weak Telnet passwords.

Bottom line, cybercrime is the new normal. The sheer magnitude of reported attacks, vulnerabilities and costs in dollars, exposure, and harm done is overwhelming. It is a near certainty that you’ll be breached. Being prepared for the inevitable and mitigating the impact of a DDoS attack is the best strategy.

Candid Wueest sums it up like this: “You’re not adding speed to your arsenal if you’re not prepared.”

April 22nd 2016 marks the 46th annual Earth Day celebration, where more than 1 billion people[1] worldwide celebrate our planet and the importance of environmental conservation.

Each year at Symantec, we celebrate Earth Day and our dedication to environmental stewardship both inside and outside our company through a variety of global activities and events. Sponsored by our Global Green Teams, a highlight of this year's Earth Day activities include:

• Ireland: Symantec Dublin employees will build a Conservation Garden with The National Trust for Ireland An Taisce, an independent charity who is "working to preserve and protect Ireland's natural and built heritage."
• United States: At our headquarters in Mountain View, California we are holding our 7th annual Earth Day Fair on Wednesday, April 20th with the goal to increase awareness of simple sustainable actions that can be taken at home and at work. The fair will feature 25 vendors ranging from sustainable businesses to local government agencies to nonprofit organizations, offering attendees the chance to test drive an electric vehicle, try out a Segway, taste local, organic fruits and vegetables and learn about other environmentally friendly lifestyle choices.  

Additionally, to help keep our oceans and beaches free of waste, in Culver City, California, we are hosting a beach clean up with local employees. We hope to build on last year's successful clean up that resulted in 38lbs of collected waste!

• India: At our Pune, India office, employees are hosting an art competition where they have invited "little Picassos" (aka employees' child(ren)) to submit paintings/drawings related to the theme of water conservation. The paintings will be showcased on Symantec's Pune office walls during the office's Earth Day celebration on Friday, April 22nd.

Earth Day Everyday at Symantec

Alongside this monumental day for the environment, we are proud to highlight one of our most important environmental initiatives at Symantec, our Global Green Teams. Our Green Teams support and challenge our environmental efforts, assist us in reaching key goals such as Symantec's GHG reduction goal, educate and influence employees to reduce their impact on the environment at work and home, and provide opportunities for employees to join activities supporting environmental conservation.

Launched a number of years ago, our Global Green Teams currently exist in 12 sites and comprise of a large volume of volunteers across Symantec who have a keen interest in the environment. Last year our Green Teams executed global and local projects reducing Symantec's environmental impacts including:

• One Mug, One Planet Campaign: Through this campaign to reduce paper cup usage, employees at Symantec pledged to stop using paper cups in favor of a reusable mug. The campaign surpassed our original goal of 1,000 pledges with over 2,400 employees (or 12% of all employees) committing to reduce their use of paper cups.

• Launch of Green Talks: In July 2014, the Green Teams launched quarterly "Green Talks" that educate employees on topics related to Symantec's environmental priorities (e.g. Green IT, resource conservation, responsible sourcing and travel and events). Five talks have been held across Symantec's global network from Mountain View to Mexico to the UK with topics including ocean conservancy, climate-friendly agriculture, and efforts to transform communities to a sustainable/low-carbon future.

What's Next for Our Global Green Teams

While we have experienced significant changes at Symantec with the sale of our Veritas business, we want to ensure we continue building on the momentum behind key corporate responsibility initiatives such as our Green Teams. We are therefore working hard to leverage the work our employees have accomplished so far, while implementing a refined Global Green Team strategy that aligns with our new company structure.

The strategy includes three opportunities for employee involvement:

1. Common Cause: All sites are engaged on a Corporate Goal/Objective and metrics are set. For example, our previous "One Mug, One Planet" campaign.  Our future GHG reduction goal.
2. Grass Roots Cause: Initiatives are selected by local green teams that will energize and engage local employees.
3. Environmental Volunteering: Employees identify individual local volunteer opportunities either as a group or on their own.

We have appointed a new Global Green Team Coordinator Amanda Davis (Senior Manager, CR & Environment), who holds quarterly meetings with our local Green Team Leads. Local Green Team leads then coordinate the local greens teams meetings and activities. Its quiet informal and we encourage all of our green team members to participate as much as they can and to have fun.    

While our Green Teams framework has been revised, their importance and objectives remains the same. As the Earth Day Network states on their website, "Let's get really big stuff done for our planet. What are we waiting for? Now is the time”. 

Now is the Time

Now IS the time to engage yourself, engage your co-worker, office, community in taking small or large steps to protecting our environment.

For those of you outside of Symantec, there are numerous ways you can get involved. Visit http://www.earthday.org/take-action/& Google's list of Earth Day events worldwide https://www.google.com/maps/d/viewer?mid=zClNjYr-OyQE.kRmd-WG6PK5o for activities in your local area.

“This Earth Day and beyond, let’s make big stuff happen” “Let’s start now. And let’s not stop”[2]

Happy Earth Day to all!

Chris Abess is is Symantec’s VP, Operations and Global Green Teams Executive Sponsor

Thanks to all who attended our Launch Webcast for Ghost Solution Suite 3.1. Special thanks to David Evans and Rob Barker for their presentation and demo reviewing some of the new features in this new release including:

• Support for multiple versions of WinPE
• Support for WinPE 10
• Linux PE update
• Automation folders (imaging without PXE)
• Partition based imaging

Play or Download the Webcast

• Webcast Recording

Download the Webcast slides

• See below the file attached to this post

Ghost Solution Suite Links shared during the Webcast

• www.ghost.com
• eLearning
• Data Sheet
• How-to Webcast Series
• How-to Videos
• Installation and Upgrade Guide
• Product Documentation
• Download 30 Day Free Trial
• Buy
• Contact Customer Care

IT Management Suite 8.0 Links shared during Webcast

• ITMS 8.0 Launch Webcast Recording
• ITMS 8.0 Videos
• Endpoint Management User Groups
• Upgrade to IT Management Suite 8.0 Landing Page

Q & transcript

• We had a ton of questions and are going through them now. We will post as soon as possible!

Today, computers and smart devices are inexpensive enough that we can own many of them: smart phones, laptops, tablets, and even wearable micro devices. Our work and private lives demand portability. This, along with a trend towards moving enterprise servers into the cloud, makes secure user authentication even more imperative…and tricky. That brings us to multi-factor authentication (MFA), what it means, and how it is achieved.

What Is Multi-Factor Authentication?

The goal of multi-factor authentication is to create a layered defense of two or more independent credentials: what you know (password), what you have (security token), and what you are (biometric verification). Requiring multiple factors to authenticate a user makes it more difficult for an unauthorized person to gain access to computers, mobile devices, physical locations, networks, or databases; each successive layer should help protect where other layers may be weak.

Multi-factor authentication is becoming more common, particularly in the financial industry, and is advancing to include retina and fingerprint scanning, voice recognition, and even facial recognition.

How Does Multi-Factor Authentication Add Security Benefits?

If only it were possible to develop a single method of authentication that was 100 percent accurate and could not be hacked—we wouldn’t need multi-factor authentication. But passwords can be seen, overheard, guessed, or bypassed; a token can be lost or stolen; and an identical twin or using a photograph may even work to fool biological recognition systems. This is why multi-factor authentication is currently very important to account security.

The concept of security using multi-factor authentication is that, while there may be a weakness in one authentication factor—say, a stolen password or PIN—the strength of a second or third factor would compensate to provide proper authorization for access.

What Multi-Factor Authentication Options Are Available for Mobile Devices?

One-time passwords

Applications are available which generate one-time passwords in the same way that security tokens have operated in the past. The one-time password is generated and sent to the mobile device using a time-based SMS.

Using a smartphone or tablet eliminates the need for a user to keep track of a token, and companies incur less cost replacing lost tokens, activating tokens for new employees, or deactivating tokens when an employee leaves.

Biometric authentication

Top smartphone manufacturers understand that security is a growing customer concern, and have also started offering biometric authentication to ensure that only the authorized user can access the device. Each of these techniques have advantages and disadvantages.

How Is Multi-Factor Authentication Implemented in the Cloud?

As data, communication, training, storage, server infrastructure and more are migrated to the cloud, IT admins must deal with the risks of moving beyond the more traditional on-premises server location. Multifactor, random authentication for user access is essential to protect data in the cloud.

Microsoft, Google, Amazon Web Services, Facebook, and Twitter—among others—all offer two-factor authentication for access to their cloud services, and some are extending to multi-factor authentication strategies.

Multi-factor authentication for Office 365

Office 365 requires a password to access applications on PCs, Macs, and mobile devices. The Office 365 admin tool automatically issues a random, 16-character token for users to sign in. When signed in, users are prompted to set up additional authentication.

• Call My Mobile Phone: When the users receive the confirmation call, they press # in the phone's dial pad to log in.
• Call My Office Phone: This works like Call My Mobile Phone, but the confirmation call is sent to a separate line, such as a desk phone.
• Text Code to My Mobile Phone: A code is sent via SMS text message to the user’s phone, to be entered into the Office 365 login form.
• Notify Me through App: The user can use a Microsoft smartphone app to receive and confirm the notification; the app is available for Windows Phone, iPhone, and Android.
• Show One-Time Code in App: This uses the same app as for the Notify Methrough App option, but sends a one-time, six-digit code that must be entered in the Office 365 login screen.

Multi-factor authentication for Office 365 using Microsoft Azure Active Directory

Office 365 with Microsoft Azure Active Directory is an enterprise-level solution that requires users to correctly enter a password, and then acknowledge a phone call, text message, or an app notification on their smartphone to authenticate and sign in.

What Is the Best Way to Implement Multi-Factor Authentication?

Using and supporting multi-factor tools requires that IT organizations coordinate and configure the enterprise infrastructure to get protected logins working properly. Most tools include various software agents that can protect VPNs, SharePoint servers, Outlook Web App, and database servers. As more traditional hardware-based onsite servers move into the cloud, most multi-factor solution vendors offer cloud and on-premise options. Customers are choosing offsite deployments more and more because of the support and management flexibility the cloud offers.

It’s important to evaluate multi-factor authentication products carefully to determine how each one differs subtly with regard to the desired deployment. Not every vendor can handle all scenarios equally well, and this is often a prime factor in product selection. Here are a few questions to ask when preparing to look more closely at multi-factor authentication products for a business:

1. How much private information does the network handle? If the network currently doesn’t handle much private information, or plan to expand the storage of critical data, it’s probably not necessary to change existing authentication methods.
2. Who will need to view the reports produced by these products? It’s important to determine who will receive alerts when something goes wrong with the authentication system. Some products can send out alerts whenever anything goes wrong, and most enterprises don't want to get management into a fire drill unnecessarily. 
3. Does the business require the ability to scale up deployment? It’s important to consider future licensing costs. Most multi-factor products are used to handling tens of thousands of tokens and users, but they can also serve a smaller enterprise.
4. Who will be among the initial collection of pilot users? This might determine which direction a company takes for securing particular apps and use cases.
5. Are employees already using the two-factor authentication tools available with some consumer services? If not, enterprises should start spreading the word and making employees familiar with second-factor option on common cloud services. Multi-factor authentication is already built into these services, and it won't cost anything other than a small amount of training time to try them.
6. How will a password reset be handled in a multi-factor authentication environment? Ideally, any reset or recovery process should be at least as strong as the multi-factor authentication process itself. There should be ‘secret questions’ a user would answer, or an SMS code might be sent to a recognized email or phone number.

What Are the Obstacles to Implementing Multi-Factor Authentication?

Making a business case for multifactor authentication clearly requires some advanced planning. There are many use cases for the technology that can be applied in different ways to different parts of an IT infrastructure. Understanding how MFA will be used ahead of time will be helpful when it comes time to selecting a provider.

Before you begin the task of picking a multi-factor authentication vendor, carefully consider the following possible obstacles to deployment:

1. If your Active Directory is not lean and accurate, implementing a MFA solution will be a painful way to get there.
2. If you still use mostly on-premises servers, you might be better off using (or at least starting with) Windows Server's built-in password-strengthening policies. This will allow you to gauge how much resistance there is from users when they have to regularly change their passwords and make them more complex.
3. If your company has a geographically-distributed staff, with a few people in many cities, it may be difficult to train the user population or disseminate physical key fobs. In such cases, enterprises may want to look into software tokens or software apps instead.

The Future of Multi-Factor Authentication

MFA has become a more mainstream option for financial firms and other consumer-facing businesses. In 2014, more than 1800 respondents to a Ponemon Institute survey indicated that their organizations planned to adopt some form of multi-factor authentication, while another 40 percent were considering it. As passwords become increasingly insecure, and as our mobile, cloud-based computing becomes more prevalent, multi-factor tools are finding use in just about every corner of the enterprise, especially where personal information is being consumed. For example, Symantec Validation and ID Protection Service is a highly scalable, cloud-based solution that delivers highly secure multi-factor authentication for enterprises of all sizes.

Throughout the week we've been discussing, celebrating, and taking action in honor of tomorrow's very important day for our planet – Earth Day!

This year's Earth Day theme "Trees for the Earth" brings awareness to the crucial contribution trees make to our planet and personal well-being. For example, they reduce and absorb CO2 emissions helping mitigate the risk of climate change, they purify our air absorbing odors, gases and even filtering out particulates in their leaves and bark, they provide food, energy and incometo communities supporting their social and economic stability[1].…

….and as most of us can agree, who doesn't love perching under a shady tree for a picnic, reading a book, or just relaxing?

In short, trees are one of mother earth's greatest assets and we need them to survive.

Preserving Forests through Climate-Friendly Coffee Farming

Mexico is one of 12 “mega-biodiverse” countries that together are home to nearly 70% of our planet's biodiversity. While the country has made notable climate commitments and commendable progress in recent years, it is still one of the world’s top emitters of CO2, with deforestation and forest degradation as primary contributing factors.  

At Symantec, we are proud to support the Rainforest Alliance “CO2 coffee” project, which is working with 400 coffee farmers and local partners in Oaxaca, Mexico to reduce greenhouse gas (GHG) emissions in coffee landscapes, enhance carbon storage, and promote a model that improves economic stability in one of Mexico's poorest regions.   

With Symantec’s philanthropic support the Rainforest Alliance is working with coffee-producing communities to reforest degraded landscapes, reintroducing native tree species and establishing a balanced percentage of production area devoted to shade-grown coffee. This will help farmers transition away from the clearing of forestland and intensive use of agrochemicals.

{Click here to see the Rainforest Alliance Oaxaca CO2 Coffee Project in Action}

The CO2 Coffee Project is unique and cutting-edge as it is the first coffee agroforestry project in Mexico to be validated by the Verified Carbon Standard, and one of the first in the world linked to Sustainable Agriculture Network (SAN) standards. The VCS requirements ensure that the initiative is a highly traceable and accountable reforestation effort, and will enable the communities to generate additional income through carbon credits in the longer term. Additionally, training and technical assistance delivered to coffee farmers is helping to improve the environmental, social and economic impacts of coffee production and increasing farmers' resiliency to the threats and realities of climate change.

Last year, the program saw great success and we look forward to continuing the progress in 2016. In 2015 the project team:

• Planted more than 25,000 trees in the coastal communities of Nuevo San Juan Lachao, Santa Rosa de Lima, Santa Lucía Teotepec and Soledad Piedra Larga
• Supported ongoing training and technical assistance to more than 400 farmers through the UNECAFE coffee cooperative
• Helped build the capacity of UNECAFE and local partners to manage the initiative well into the future

At Symantec we have set our own target to minimize the GHG impacts of our business, but we also look to organizations like the Rainforest Alliance who can help us make an impact outside our walls. On Earth Day we thank the Rainforest Alliance and our other environmental partners for their dedication to a model of environmental sustainability that gives back to our planet and our people. 

Questions regarding Symantec’s environmental impact? Visit our website or contact Environmental_Responsibility@Symantec.com to learn more.