Blog Feature Image: 

thought-leadership-1000x1000.png

시만텍이 블루코트(Blue Coat) 인수를 마무리함에 따라 이제 사이버 보안의 새 시대가 열렸습니다. 우리는 시만텍이라는 이름 하에 지속적으로 전 세계의 정보와 고객을 보호하는데 열정을 다할 것입니다.

이번 인수를 발표한 후 수많은 고객, 파트너, 투자자로부터 아낌없는 지지를 받았습니다. 이들은 시만텍과 블루코트가 다른 누구도 따라올 수 없는 가장 혁신적인 포트폴리오를 제공하며, 따라서 이 둘의 조합이 중요한 의미를 가진다고 말합니다. 직원의 모바일화 및 클라우드로의 이동이 더욱 가시화되는 가운데 기업이 지능형 공격에 대한 사이버 방어 전략을 마련하도록 도울 수 있는 전문성, 규모, 리소스를 갖춘 곳은 시만텍뿐입니다.

시만텍은 통합 전략을 본격적으로 이행하면서 양사의 강점을 살려 원활하고 효율적인 전환이 이루어지도록 하는 데 역점을 두고 있습니다. 원대한 기회가 우리를 기다리고 있지만 이를 실현하기 위해서는 신중한 자세로 더 민첩하게 행동하며 변함없이 혁신에 매진해야 합니다. 저의 주 임무는 시만텍 고객에게 더 신속하게 혁신적인 제품을 제공할 수 있도록 지원하는 것입니다.

전 세계를 보호하기 위해 사이버 보안 기술이 어떻게 활용되는지 고려해보면 고객이 적합한 전략적 의사 결정을 내릴 수 있도록 돕는 것이 이 업계의 사명이라고 생각합니다. 저는 시만텍 플랫폼이 규모에 관계없이 모든 벤더가 업계의 가장 까다로운 과제 해결에 동참할 수 있는 에코시스템의 근간이 될 것으로 기대합니다. 시만텍과 블루코트 통합의 모든 영역에서 개방형 플랫폼을 적극적으로 지원하겠습니다.   

저는 시만텍이 확장된 제품 혁신 및 성장의 새로운 장을 여는 이 시점에 시만텍을 이끌게 된 것을 영광스럽게 생각합니다. 세계 최대 규모의 사이버 보안 전문 기업인 시만텍은 새로운 시작을 힘차게 출발하면서 여러분과 함께 사이버 보안의 미래를 정의해 나갈 것입니다.

감사합니다.

Greg Clark
시만텍 CEO

Blog Feature Image: 

thought-leadership-1000x1000.png

今天，賽門鐵克已完成 Blue Coat 併購案，寫下網路安全新紀元的開始。我們驕傲地站在賽門鐵克的旗幟下，秉持相同的熱忱，矢志守護我們客戶與全球資訊的安全。

自從這項交易公佈以來，便有無數客戶、合作夥伴與投資者向我表達支持。他們告訴我，這樣的結合十分合理，因為我們將藉此創造前所未有、無人能及的產品組合。只有賽門鐵克才有足夠的人才、規模與資源，能夠協助客戶建構網路防禦策略，在越來越多員工使用行動裝置，並將工作轉移至雲端的同時，保護企業不受進階攻擊危害。

如今我們的整合策略已進展至執行階段，我們將致力於保留雙方公司的優勢，以確保能順暢、有效率地完成過渡時期。在我們前方的是無窮的龐大商機，想要把握住這波商機，我們必須嚴格自我要求、快速採取行動，並持續進行轉型。我的工作中很重要的一部分，便是加快培養我們的能力，以期更快將創新的產品帶到客戶面前。

當我在思考網路安全技術將如何用來保護這個世界時，我認為我們產業的當務之急是讓客戶做出正確的策略決定。我的願景是以賽門鐵克的平台建立一個生態系統，鼓勵各種規模的廠商共同參與，一起應對這個產業最艱難的挑戰。我們對建立一個開放平台的承諾，無論在任何層面，都將使賽門鐵克與 Blue Coat 的整合作業更為穩固。  

本人很榮幸能帶領賽門鐵克邁向新的階段，擴大產品的創新與成長。作為全球規模最大的專業網路安全公司，我們熱切希望能開啟新頁，也期待能與您一同定義網路安全產業的未來。

如果您想更深入了解我們的前期規劃，請收看上方我與賽門鐵克的 Hugh Thompson 的談話影片。 

順頌 商祺

Greg  敬啟

今天，赛门铁克成功收购了Blue Coat (一家知名的应用交付网络技术厂商)，这标志着一个网络安全新纪元的开始。我们非常骄傲能在公司领导下，团结一心，共同保护全球信息和客户安全。

自从公司宣布此次收购交易后，很多客户、合作伙伴和投资者向我表达了对该决定的支持。他们说这次合并投资可谓史无前例，无与伦比，其意义非常重大。随着客户的工作变得更具机动性，并转向云系统，只有赛门铁克拥有足够的人才、规模和资源帮助客户创建网络防御策略，防止客户遭受高技术网络攻击。

我们在执行整合策略时，着重寻找两家公司各自的优势，确保公司合并可无缝及高效过渡。尽管前方的机遇非常多，但若想抓住这些机遇，我们必须克服困难，加速发展，继续转型。我的主要职责是提高我们的相关能力，更快地为客户提供创新性产品。

我认为，网络安全业要想利用网络安全技术保护全球信息，则必须允许客户制定适合自己的决策。我希望赛门铁克这个平台能够推出一个生态系统，鼓励各种规模的供应商共同解决网络安全业最困难的问题。在赛门铁克和Blue Coat的整合过程中，所有相关工作均体现出我们要建立一个开放式平台的决心。 

在赛门铁克进入新纪元之际，我非常荣幸能够作为公司领导，帮助公司加大产品创新力度，促进公司发展。作为全世界最大的专业网络安全公司，我们期望能够付诸行动，与您共创网络安全的未来。

听取更多有关我们前期构思的内容，请观看我与公司领导Hugh Thompson的对话视频。

此致

敬礼

Greg 

Blog Feature Image: 

thought-leadership-1000x1000.png

サイバーセキュリティの新しい時代が始まります。本日、シマンテックは Blue Coat 社の買収を完了いたしました。シマンテックブランドのもと、世界中の情報とお客様の安全を守りたいという熱い情熱を分かち合えることを、誇らしく思います。

今回の買収を発表して以来、たくさんのお客様、パートナー様、そして投資家の皆さまから、ご賛同の声をたまわりました。このたびの買収は、これまでにない空前のポートフォリオを実現するものであり、非常に意義深いといったご意見をいただいております。顧客企業の従業員間では、モバイルの導入が進み、クラウドへの移行も広がっています。そんな状況で、サイバー防御戦略を構築して高度な攻撃を防ごうというお客様をサポートできる人材、スケール、リソースを兼ね備えているのは、シマンテックだけです。

シマンテックの統合戦略が実施段階へと進む今、私たちは両社の強みを活かしながら、シームレスかつ効率的な移行を確実に実現することに注力しています。目の前に広がる可能性は広大ですが、その可能性をつかむためには、厳格な取り組み、迅速な行動、継続的な変革が必要です。私の大きい仕事は、革新的な製品を、もっと短時間でお客様にお届けできるように、その工程をスピードアップすることです。

サイバーセキュリティの技術を世界の保護にどう利用するかを考える場合、セキュリティ業界のお客様が適切な戦略上の意思決定を下せることが欠かせません。あらゆる規模のベンダーが業界屈指の難題に取り組めるようなエコシステムを、シマンテックのプラットフォームによって促進するというのが、私のビジョンです。シマンテックのオープンプラットフォームへの取り組みが、シマンテックと Blue Coat の統合業務をあらゆる側面から補強します。

シマンテックが新たな段階で発展的な製品のイノベーションと成長を目指そうとする今、そのシマンテックを率いる立場にいることを名誉に思います。世界最大のサイバーセキュリティ専門企業として、シマンテックはここに新たなスタートを切ろうとしています。皆さまと一緒に、サイバーセキュリティの未来を形づくることを楽しみにしております。

私たちの今の考え方については、シマンテックの Hugh Thompson と私が対談している上記の動画を、ぜひご覧ください。

敬具

Greg 

【参考訳】

Symantec promotes responsible business not only in our own operations, but also throughout our supply chain, to ensure that the practices and policies we put forth in our corporate responsibility strategy are upheld throughout our entire value chain.

A focus on supply chain practices brings numerous benefits to our business - things such as mitigating risks through fair labor practices, reducing costs through more efficient energy and resource use, increasing trust and credibility with stakeholders by demonstrating we are addressing our key environmental, social and governance (ESG) impact areas and helping our suppliers adopt more responsible practices within their own value chain.

As we have discussed here in the past, and as detailed in our annual CR Report, to implement responsible supply chain practices we have adopted and aligned with leading guidelines from a variety of supply chain experts such as the Electronic Industry Citizenship Coalition (EICC), the Conflict-Free Sourcing Initiative (CFSI), and the Organization for Economic Cooperation and Development (“OECD”).  We also support and respect internationally recognized human rights and labor standards as proclaimed in the Universal Declaration of Human Rights, the International Labor Organization’s Core Conventions, the International Covenants on Civil and Political Rights and on Economic, Social, Cultural Rights and the United Nations Guiding Principles on Business and Human Rights.

Today we bring you recent updates on two of our primary supply chain initiatives – our Electronic Industry Citizenship Coalition (EICC) membership and our efforts to trace conflict minerals in our supply chain:

EICC Membership

We are committed to progressively aligning our own operations with the provisions of the EICC Code of Conduct and to support and encourage our own Tier 1 suppliers to do the same. Where possible and applicable, we seek to adopt the EICC approach and tools in practical ways in the spirit of the industry’s common goals and continuous improvement.

In FY16, we integrated additional corporate responsibility and environmental guidelines and requirements into approximately 47 percent of our supplier contracts. Of these suppliers, 100 percent have completed the EICC self-assessment questionnaire, which enables us to understand the risk level of our suppliers and inform stakeholders how we target and address the most significant risks in our supply chain. Additionally, we use the results of the self-assessment questionnaire as a means to provide constructive feedback to suppliers on areas for improvement. 

This year we became full members of the EICC, which expands our reporting and compliance requirements. Additionally, in the next year we aim to integrate the additional CR and environmental guidelines into 100 percent of our Tier 1 supplier contracts, as well as establishing a framework that will enable us to audit suppliers against these requirements.

Conflict Minerals

We are working towards our 2017 goal that our products be conflict mineral free. The SEC Dodd-Frank Wall Street Reform Act states that due diligence must be completed to establish if companies are purchasing the 3TG’s - Tin, Tungsten, Titanium and Gold - from the Republic of Congo, where regional conflict exists and there is a significant risk of human rights violations. To achieve this, we must work closely with our suppliers to gain transparency into the source of their materials as well as providing support in moving to conflict free mineral resources.  

To date we have engaged with the EICC who together with CFSI have developed a comprehensive due diligence process in line with the OECD's five-step framework, outlined in the Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict Affected and High-Risk Areas. The framework includes:

• Establishing strong company management systems, as can be seen in our publicly available Conflict Minerals Policy.
• Identifying and assessing risks in our supply chain, which is done through completion of the EICC Conflict Minerals Reporting Questionnaire. In 2015 we reached out to all of our Tier 1 Product Suppliers, we had a 90 percent supplier response rate.  Of those, 50 percent were able to verify their materials as conflict mineral free. Of the remaining 50 percent that use the minerals in products, 33 percent could verify that the minerals were purchased from approved smelters. The remaining 67 percent are still investigating the source. Symantec provides direction to resources and training, such as EICC approved conflict-free smelters from the CFSI Training Program, and we outline our expectations to each supplier.  
• Designing and implementing a strategy to respond to identified risks. Symantec has designed a Due Diligence Decision Tree that sets forth steps to be taken to mitigate risk based on a supplier’s responses to our EICC survey. Suppliers are ranked for risk, ranging from low to high, based upon issues raised in suppliers’ survey responses. Regardless of their risk level, in 2015, all suppliers were contacted via email with follow-up questions, comments and/or requests.
• Third-party auditing of Symantec's conflict minerals due diligence process, conducted by the CFSI if required.
• Reporting on our conflict minerals due diligence process and outcomes as can be accessed in our publicly available Conflict Minerals Report.

Managing risks and impacts throughout our supply chain is a challenging, yet crucial, component to conducting our business responsibly. We are always striving to strengthen our relationships with suppliers and improve transparency into their operations.

We look forward to bringing you additional details on our FY16 outcomes in this year's Corporate Responsibility Report. Until then, to learn more about our supply chain practices please visit our 2015 Corporate Responsibility Report as well as our Corporate Responsibility website.

Amanda Davis is Symantec's Senior Manager, Corporate Responsibility & Environment.

Ghost Solution Suite 3.x, like Deployment Solution 6.9 with which it shares basic architecture, allows remote consoles to be installed. From an upgrade standpoint, this can cause issues when trying to upgrade. The installer for Ghost Solution Suite 3 performs a check for Ghost 3.x or Deployment Solution 6.9 consoles. If one is found, it will report this error: "We have detected that the Ghost Solution Suite Console is running on one or more remote computers." This will prevent installation from happening.

The solution, of course, is to close all these remote consoles. Subsequent checks will pass and allow you to proceed. In the event where the location of the remote console cannot be discerned, however, you can forcibly sever these connections by rebooting the mahcine where the upgrade is being done. Severing the connections in this manner will cause the remote consoles to display a connection error, but it is effective for bypassing the error. As always, it is recommended that you keep accurate inventory of all Ghost & Deployment Solution consoles so that errors like this are prevented from happening, and that upgrades can be performed when no others will be utilizing the software.

New Symantec Certified Specialist (SCS) BETA exam – 250-421: Administration of Symantec Advanced Threat Protection 2.0.2 

Do you or your teams work with Advanced Threat Protection (ATP) 2.x? Are you interested in becoming certified? 

Starting on Tuesday, August 16th, Symantec Education is seeking candidates to take our new Administration of Symantec Advanced Threat Protection 2.0.2 Symantec Certified Specialist (SCS) beta exam.

Beta exams are crucial in the development process of new certification exams. Beta exams provide the data necessary for Symantec Education to select the best performing items so that we can build a valid, reliable, and fair certification exam.

Symantec Certified Specialist exams cover core elements measuring technical knowledge against factors such as deployment, configuration, product administration and day-to-day maintenance. Symantec Certified Specialists will have demonstrated the knowledge and skills to effectively plan, design, deploy, and administer ATP in an enterprise environment.

What’s in it for me when I become a BETA candidate?

• You have the opportunity to see the entire pool of questions and to provide feedback.
• You have the opportunity to take the beta exam for FREE if you are one of the first 40 candidates to sign up with the code: 250421External
  • Note: If you sign up after the 40 free slots have been filled, you can still save 50% off the standard price of the exam by using our beta promotion code: 250421-50 
• If you pass the exam, you will become certified and will receive a special certificate with the words “Beta Exam” in a gold embossed stamp.

How do I register?

NOTE: You must have an existing CertTracker account in order to register for this exam. Be sure to complete the LMS SCS questionnaire if you don't already have a CertTracker account by going to https://i7lp.integral7.com/symantec and clicking First Time Users.

1. Visit http://www.symantec.com/certtracker
2. Click on “Schedule Proctored Exams”
3. Select "Schedule an Exam"
4. Click “View Exams”
5. Select the Administration of Symantec Advanced Threat Protection 2.0.2 (250-421) beta exam
6. Select the location of the nearest test center and schedule the exam
7. Proceed to checkout

If you need further assistance, please view the step by step registration instructions on our website. If you are one of the first 20 to register, the price will be reduced to $0 (FREE). If you register after the first 20 using the beta promotion code, the price will be reduced by 50%!

What if I am not one of the 1st 20 to register for free?

Once all free beta exam seats are filled, you can still use the beta promotion code to receive 50% off the exam fee. 

Please make sure that you have 3 to 4 hours available for completion of the beta exam.  The promotional price is offered on a first-come, first-served basis.  If you register for free and then have to cancel and reschedule your exam, we cannot guarantee that you will be able to register for free again.   If you do not show up for your exam, and do not cancel at least 24 hours before your scheduled exam, you will be taking a free seat from someone else and costing Symantec for an empty seat.  Please be sure to schedule on a day you know you have availability.

How much knowledge and skill do I need to take the beta exam?

Knowledge, skill, and experience vary from individual to individual.  During the beta exam, Symantec seeks all candidates who are interested.  This includes candidates who are considered above qualified, below qualified, and minimally qualified.

How long will the beta exam take to complete?

The beta exam has a total of 240 minutes (4 hours) allotted. However, depending on your knowledge, skill, and experience, you may not need the entire time to complete the exam.

How long will the beta exam be available?

The beta exam opens for registration on August 16th and will close on September 7th.  You must register for and complete the exam by the end of business on September 7th.

What can I do to prepare for the exam?

You may download the 250-421: Administration of Symantec Advanced Threat Protection 2.0.2 SCS Beta Exam Study Guide to review objectives, resource materials, and test parameters. For more information about how to prepare for this exam, visit https://www.symantec.com/services/education-services/certification/all-exams/exam-250-421  

Thank you for your support of the Symantec Certification Program!

New Symantec Certified Specialist (SCS) BETA exam – 250-421: Administration of Symantec Advanced Threat Protection 2.0.2  

Do you or your teams work with Advanced Threat Protection (ATP) 2.x? Are you interested in becoming certified? 

Starting on Tuesday, August 16th, Symantec Education is seeking candidates to take our new Administration of Symantec Advanced Threat Protection 2.0.2 Symantec Certified Specialist (SCS) beta exam.

Beta exams are crucial in the development process of new certification exams. Beta exams provide the data necessary for Symantec Education to select the best performing items so that we can build a valid, reliable, and fair certification exam.

Symantec Certified Specialist exams cover core elements measuring technical knowledge against factors such as deployment, configuration, product administration and day-to-day maintenance. Symantec Certified Specialists will have demonstrated the knowledge and skills to effectively plan, design, deploy, and administer ATP in an enterprise environment.

What’s in it for me when I become a BETA candidate?

• You have the opportunity to see the entire pool of questions and to provide feedback.
• You have the opportunity to take the beta exam for FREE if you are one of the first 40 candidates to sign up with the code: 250421External
  1. Note: If you sign up after the 40 free slots have been filled, you can still save 50% off the standard price of the exam by using our beta promotion code: 250421-50 
• If you pass the exam, you will become certified and will receive a special certificate with the words “Beta Exam” in a gold embossed stamp.

How do I register?

NOTE: You must have an existing CertTracker account in order to register for this exam. Be sure to complete the LMS SCS questionnaire if you don't already have a CertTracker account by going to https://i7lp.integral7.com/symantec and clicking First Time Users.

1. Visit http://www.symantec.com/certtracker
2. Click on “Schedule Proctored Exams”
3. Select "Schedule an Exam"
4. Click “View Exams”
5. Select the Administration of Symantec Advanced Threat Protection 2.0.2 (250-421) beta exam
6. Select the location of the nearest test center and schedule the exam
7. Proceed to checkout

If you need further assistance, please view the step by step registration instructions on our website. If you are one of the first 20 to register, the price will be reduced to $0 (FREE). If you register after the first 20 using the beta promotion code, the price will be reduced by 50%!

What if I am not one of the 1st 20 to register for free?

Once all free beta exam seats are filled, you can still use the beta promotion code to receive 50% off the exam fee. 

Please make sure that you have 3 to 4 hours available for completion of the beta exam.  The promotional price is offered on a first-come, first-served basis.  If you register for free and then have to cancel and reschedule your exam, we cannot guarantee that you will be able to register for free again.   If you do not show up for your exam, and do not cancel at least 24 hours before your scheduled exam, you will be taking a free seat from someone else and costing Symantec for an empty seat.  Please be sure to schedule on a day you know you have availability.

How much knowledge and skill do I need to take the beta exam?

Knowledge, skill, and experience vary from individual to individual.  During the beta exam, Symantec seeks all candidates who are interested.  This includes candidates who are considered above qualified, below qualified, and minimally qualified.

How long will the beta exam take to complete?

The beta exam has a total of 240 minutes (4 hours) allotted. However, depending on your knowledge, skill, and experience, you may not need the entire time to complete the exam.

How long will the beta exam be available?

The beta exam opens for registration on August 16th and will close on September 7th.  You must register for and complete the exam by the end of business on September 7th.

What can I do to prepare for the exam?

You may download the 250-421: Administration of Symantec Advanced Threat Protection 2.0.2 SCS Beta Exam Study Guide to review objectives, resource materials, and test parameters. For more information about how to prepare for this exam, visit https://www.symantec.com/services/education-services/certification/all-exams/exam-250-421  

Thank you for your support of the Symantec Certification Program!

The role and structure of employee resource groups (ERGs) has evolved in recent years as businesses recognize the value creation both for participants AND for the bottom line.

For example, according to a recent USA Today article, Google is leveraging its ERGs to increase the gender and ethnic diversity of its largest developer conference, I/O. AT&T, with a recent goal to hire 20,000 veterans by 2020, relies on its veterans ERG to mentor and support veterans transitioning into the company. 

At Symantec our ERGs directly support business goals such as increasing the diversity of our workforce at all levels of the company by 15 percent by 2020, and completing an average of four volunteer hours per employee by 2020, among others.

ERGs at Symantec and many other companies originated as networks or affinity groups – the gathering of individuals from similar backgrounds who share a common culture or common characteristics and have a desire to connect. While this proved a solid model in the past, today leaders in diversity feel they should be structured like any other business initiative - rooted in strategic objectives and measurable outcomes.

At Symantec, we have five active ERGs, each led by a global executive sponsor – a representative from Symantec’s executive leadership team. Executive sponsors are responsible for advocating internally and externally on behalf of the group.

• Symantec Women’s Action Network (SWAN)

“As the Global Executive Sponsor for SWAN, I love that I have the opportunity to engage with and learn from passionate female leaders in our company, and to support them in creating opportunities for women at all levels to thrive at Symantec.” – Sheila Jordan, SVP and Chief Information Officer

• Symantec’s Black Employee Resource Group (SyBER)

“I look forward to leading SyBER as the Global Executive Sponsor, creating opportunities for employees to drive business performance, celebrate their culture and work together to open doors for others. Taking opportunities to network and expand my skills is what I believe has propelled me forward in my career and I look forward to helping our employees do the same."– Scott Taylor, EVP and General Counsel

• Symantec’s Lesbian, Gay, Bisexual, Transgender and Allies (LGBTA) Group (SymPride)

“As SymPride's Global Executive Sponsor, I couldn’t be more proud to lead this expanding group of dedicated employees across Symantec who continue to ensure we are a workplace that embodies acceptance and inclusivity for all employees."– Fran Rosch, EVP and GM, Norton Business Unit

• Symantec’s Veteran Employees and Troop Support (VETS)

"As the Global Executive Sponsor for Symantec’s Veterans ERG, I am proud to support the efforts of our employees who have also served our country. This group of employees has a unique impact on our organization and I am thrilled to champion them at Symantec.” – Tim Fitzgerald, VP and Chief Security Officer

• Symantec New and Aspiring Professionals (SNAP)

"Symantec’s New and Aspiring Professionals group brings together the future leaders of our company. As their Global Executive Sponsor, I am inspired by their energy, passion and desire to learn and grow within our organization as well as build their foundation for longstanding and impactful careers.” – Amy Cappellanti-Wolf, SVP and Chief HR Officer

Executive sponsors help the ERG set and deliver against its strategy that is aligned to key business impact areas including:

• Employees: Engaging employees, building cultural awareness, and increasing all employees’ knowledge of the key issues for specific groups. For example, SymPride has been central in the development of various corporate policies for LGBT employees. SWAN has developed a formal mentoring program and hosted leadership training sessions, and SNAP hosted a 401k educational session for millennials. We also tap into our SWAN, VETS, SNAP and SyBER ERGs to assist with recruiting new talent.
• Community: Serving as an ambassador for the company in the community. Our ERG members volunteer and engage their community to advocate for issues.  For example, SymPride recently launched a chapter in India that is a first of its kind in the country, advocating for LGBT rights. SyBER hosted the VIP tent at the San Jose Juneteenth Festival to bring awareness to the importance of cultural awareness in community partnerships. 
• Marketplace: Driving innovation, and engaging customers to join and support the work of the ERGs.  For example, our SWAN groups worldwide host women’s leadership panels in partnership with some of our customers and community partners.

One thing we cannot dispute – there is power in numbers and bringing people together from different levels and different functions has a profound impact on an individual and corporate level. 

The more we can provide a platform for our employees to band together around the issues they are passionate about, the stronger and more prosperous our company will continue to be into the future. 

Markus Achord is Symantec's Manager, Diversity & Inclusion.

The U.S. National Institute for Standards and Technology (NIST) released a draft of Digital Authentication Guidelines and has suggested SMS-based out-of-band two-factor authentication is no longer secure enough to prevent identity theft because users may not always be in possession of the phone or SMS messages can be intercepted and not delivered to the phone.

As stated in the draft guideline 800-63B,

”Due to the risk that SMS messages may be intercepted or redirected, implementers of new systems SHOULD carefully consider alternative authenticators.”

Before we jump into any conclusions, we should keep in mind that this guideline is only a draft version – a preview used to seek public comments and explore industry reactions. While SMS might not be the suggested method to protect access, it is still better than traditional static password or just using one-factor for authentication protection.

Symantec aligns with NIST guideline regarding SMS is not the best solution for two-factor authentication. For customers who feel SMS does not provide enough security for authentication we provide and recommend using more secure multi-factor authentication methods based on credentials.  With these solutions, authentication channels are more secure while also providing greater user experiences. The following are few examples we recommend - all include in Symantec VIP (Validation and ID Protection) Service: 

• One-tap Push Verification that sends a DENY or APPROVE notification to your phone
• Biometric Authentication that uses fingerprint to make authentication easy
• VIP Mobile App that generates One-time password (OTP)
• Risk-based Intelligent Authentication that assess user behavior and device reputation to prevent unauthorized access
• Credential Development Kit (CDK) that allows developers to embed VIP credential into mobile application 

Symantec VIP provides strong authentication that cannot be intercepted or redirected. Our cryptographic keys are generated on dedicated FIPS 140-2 [1] compliant hardware security modules, and stored in an encrypted format. Our cloud infrastructure is operated from multiple Tier 4 data centers—the most stringent level of data center defined by ANSI/TIA-942 [2]. Symantec authentication solutions are designed for high-availability, fault-tolerance, and adherence to the strictest security processes and standards. In addition, we continue to make investments in security enhancement. With Symantec VIP, you can have peace of mind and enjoy secure authentication process anytime, anywhere, from any devices.   

Learn more about Symantec VIP and all the benefits!

[1] Federal Information Processing Standards 


[2] American National Standards Institute/Telecommunications Industry Association 


Blog Feature Image: 

cto-blog.png

It’s official! After all the high-level planning and meticulous preparation, Symantec has successfully completed its acquisition of Blue Coat. This signals a historic moment: the creation of the industry’s largest pure play cyber security company.

It’s hard to describe just how remarkable an opportunity this is. We are creating a union that will produce one of the most powerful and respected forces in cyber security as we leverage our combined strengths and technological innovations. Greg and Mike have a history of making acquisitions thrive and prosper, and as a management team we now bring that expertise to bear as our two enterprises come together, streamlining and integrating our individual assets to make Symantec stronger than ever before.

The best part of the story? Undoubtedly, it’s our complementary products with very little overlap and the tens of thousands of customers who have put their faith in those products. It’s also our people, passion, and talent they bring to work every day. I continue to be blown away by the amazing technical talent inside this company. Together we will meet the challenges of the cloud generation, particularly around securing the mobile workforce, ensuring safe cloud usage and intelligently protecting enterprises against advanced threats.

Within all the opportunity and excitement, however, one of the areas I most look forward to is continuing to engage closely with the industry analysts who have helped to shape our direction. Symantec will now be taking on its greatest challenge to become the world’s cyber security innovation leader and the most strategic vendor in the industry. To do that, now more than ever, we’ll need the guidance and input of our industry analyst partners: all of you who will be instrumental in helping us make that vision a reality.

To get started on our journey together, please watch the above video featuring Symantec’s new CEO, Greg Clark, where Greg lays out what he sees as our greatest opportunities and initial steps. The second part of this video contains a few more details on our direction and how we plan to get there.

Symantec sees the world of cyber security as one where all the best security technologies and ideas need to openly work together, combining forces to succeed. I encourage all of you to take a look at the video and to let me know your thoughts on how we can continue to work together to make that strategy a winning one.

Best,

Hugh Thompson