Articles on this Page
- 10/24/16--10:05: _Symantec VIP Access...
- 10/24/16--10:26: _Destination Endpoin...
- 10/24/16--14:38: _Symantec Data Loss ...
- 10/25/16--15:27: _Innovation and Cybe...
- 10/25/16--15:40: _A New Perspective o...
- 10/26/16--05:57: _Tech support scams ...
- 10/26/16--13:15: _The Clock is Tickin...
- 10/26/16--21:19: _進化する技術サポート詐欺
- 10/26/16--21:41: _技术性诈骗程序变得愈加复杂
- 10/27/16--04:24: _Flash zero-day bein...
- 10/27/16--06:00: _Android ransomware ...
- 10/27/16--07:36: _Mirai: what you nee...
- 10/27/16--14:00: _You Can’t Have Priv...
- 10/27/16--18:24: _Flash のゼロデイ脆弱性、標的型攻...
- 10/27/16--18:44: _网络攻击者利用Flash零日漏洞发起目...
- 10/27/16--18:56: _安卓勒索软件伪装成启动器以躲避自动启动限制
- 10/28/16--01:33: _Mirai：对于最近几次DDoS大型攻...
- 10/28/16--04:20: _Android のランチャーに偽装して...
- 10/28/16--13:55: _WEBINAR: Current St...
- 10/30/16--20:46: _Mirai: 先週の大規模な DDoS...
- 10/24/16--10:05: Symantec VIP Access for MacOS Sierra
- 10/24/16--14:38: Symantec Data Loss Prevention - Now in the Cloud with CASB
Accidents happen: The ease-of-use that makes cloud apps excellent for collaboration, also makes it easy to accidentally expose data. Research shows that 23% of files in cloud apps are broadly shared and 12% of those files contain sensitive or compliance-related data.*
Attackers target cloud: Bad actors use brute force attacks and malware to break into cloud app accounts. In the first 6 months of 2016, 37% of abnormal cloud app activity indicated attempts to takeover cloud accounts and 63% of abnormal cloud app activity indicated attempts to steal data.*
- Stay compliant, or else: Regulatory requirements are growing stricter and the penalties for being non-compliant can be very expensive. In February of 2016 alone, the FCC assigned nearly $36 Million in fines to companies for PII violations.
- Discover sensitive data in 60+ cloud apps including Office 365, Box, Dropbox, Google Apps, or Salesforce via integration with CloudSOC.
- Get faster performance running DLP detection as a service rather than on-premises.
- Manage DLP from one console where you can enforce policies and workflows everywhere – in the cloud and on-premises.
- Leverage your existing DLP policies and workflows to extend your finely tuned rules sets and business logic to cloud apps.
- Detect and mitigate risky user activity by leveraging user behavior analytics to identify, block or remediate potentially malicious activity in cloud apps.
- Protect against the risk of exposure with granular visibility and control over user access and transactions with data in cloud apps.
- Investigate cloud incidents by easily monitoring cloud events using granular log data through an intuitive user interface.
- Discover shadow IT, identify potentially thousands of cloud services and analyze applications for their business readiness.
- 10/25/16--15:27: Innovation and Cyber Insurance
- Assembled a team of actuaries, insurance experts and risk analysis experts, and established collaborations across our entire company to go after this opportunity (SRL, Cyber Security Services, STAR, WW Sales)
- Launched five pilot go-to-market programs with leading insurers; we are piloting ways in which insurers can refer to or even sell our products
- Launched a cyber resilience readiness assessment product in record time to help companies obtain a self-assessment of their cyber-resilience
- Delivered prototypes for catastrophe modeling and underwriting tools, and secured a development partnership with Marsh & McClennan’s Guy Carpenter division, the leading cyber reinsurance brokerage firm
- 10/25/16--15:40: A New Perspective on My Future in Tech
- 10/26/16--05:57: Tech support scams increasing in complexity
- Code.org - dedicated to expanding access to computer science, and increasing participation by women and underrepresented students of color.
- Human Rights Campaign - America's largest civil rights organization working to achieve lesbian, gay, bisexual, transgender and queer equality.
- Rainforest Alliance - works to conserve biodiversity and ensure sustainable livelihoods by transforming land-use practices, business practices and consumer behavior.
- 10/26/16--21:19: 進化する技術サポート詐欺
- 10/26/16--21:41: 技术性诈骗程序变得愈加复杂
- 10/27/16--04:24: Flash zero-day being exploited in targeted attacks
- 10/27/16--14:00: You Can’t Have Privacy Without Security
- You can have security without privacy, but you can’t have privacy without security. Privacy includes the laws and regulations requiring companies to protect your data, and security is the technical method used to protect that data. Privacy laws are shifting globally in a big way, and this evolution is keeping privacy professionals on their toes. With the increased complexity of compliance with global privacy requirements, adequate security is the one constant and the simplest way to ensure that companies are both complying with law and protecting their customers’ and employees’ most important information.
- Security and transparency are privacy’s key driver of success. Above and beyond the laws governing privacy, companies are obligated to ensure that proper administrative, technical and physical security safeguards are in place to protect personal information. By affirming adequate security measures and providing transparency about security protocols, companies can help customers feel more confident about the decisions they are making regarding the information they choose to share. A recent study by the Office of the Australian Information Commissioner (OAIC) revealed that “71 percent of Internet of Things (IoT) devices and services used by Australians failed to adequately explain how personal information was collected, used and disclosed.” Companies that hold and manage critical information must gain and continually earn customers’ trust through transparency – why else would we risk handing over our most personal, high-value details?
- There is no “one size fits all” in privacy and security. Security and privacy must be implemented across all thresholds, and there is no “one size fits all” security and privacy answer. A smart security solution should therefore employ preventative, defensive and reactive solutions – it has to be strategic, innovative and smart. Today’s strongest security leaders will partner with key stakeholders to stay at the forefront of cybersecurity trends and leverage this knowledge to constantly innovate and implement creative solutions.
- We are only as secure as the weakest link. In our connected world, data protection is key to a prosperous future, but we are only as secure as the weakest link in the chain. The most common privacy weaknesses are often human error and technical shortcomings. For example, data from the ISTR shows spear-phishing campaigns targeting employees increased 55 percent in 2015, and fake technical support scams have evolved from cold-calling unsuspecting victims to attackers fooling victims into calling them directly.
- 10/27/16--18:24: Flash のゼロデイ脆弱性、標的型攻撃での悪用を確認
- 10/27/16--18:44: 网络攻击者利用Flash零日漏洞发起目标性攻击
- 10/27/16--18:56: 安卓勒索软件伪装成启动器以躲避自动启动限制
- 10/28/16--01:33: Mirai：对于最近几次DDoS大型攻击，您都需要了解些什么
- 10/28/16--04:20: Android のランチャーに偽装して自動起動の制限を回避するランサムウェア
- 10/28/16--13:55: WEBINAR: Current State of Endpoint Protection
- What is the state of the industry for Endpoint Protection technology
- Why machine learning is not enough
- Discover how to reduce the number of agents on your endpoint with the high-performance lightweight agent that includes advanced machine learning, exploit mitigation, antimalware, and more
- 10/30/16--20:46: Mirai: 先週の大規模な DDoS 攻撃に使われたボットネットについての心得
VIP Access is now compatible with macOS Sierra (10.12)
You may download the updated version below or via the knowledge base article.
Thank you for your continued use of VIP.
The "Crown Jewels" in any business is its data. And the most damaging and high-profile attacks of recent years have all targeted sensitive or critical data assets. It's not surprising, then, that the volume and scope of cyber attacks is changing rapidly and that much of the innovation that we have seen in cyber crime has been in finding new ways to get to the “home” of the data—the endpoint.
In 2015, Symantec detected more than 430 million pieces of malware compared with just over two million, six years previously. That represents over a million attacks a day. The days when you could build a wall around your data center and think that mitigated the risk are long gone.
Now, nearly half (43 percent) of ransomware infections occur inside the business, with cybercriminals often targeting individuals and the endpoints on which they rely. Whatever their approach, the ultimate destination for cybercriminal attacks is the endpoint. With mobile working and the proliferation of devices housing your data outside the corporate firewall, the endpoint is increasingly vulnerable.
So how do you protect the endpoint? With a multi-layered approach. You need prevention to avoid attacks, if possible; specialized protection to catch threats as they strike; and detection and response to put remediation measures in place when things go wrong.
This multi-layered protection needs to work across all four stages of an endpoint attack:
• Incursion – Where are the threats coming from?
• Infection – Which endpoints do I need to protect?
• Infestation – How will malicious code spread?
• Inoculation – How do I clean up after a breach?
Focusing on one area to the exclusion of another gives a false sense of security. It’s like putting superbolts on the front door and leaving the back door open.
There is a confusing array of endpoint protection systems available. Some solutions put the emphasis on specialized protection, with machine learning defending against previously unknown threats. That will only be as good as the machine is at learning (its source data and how it leverages it) and it doesn’t prevent attacks getting onto the network in the first place.
Similarly, other systems place the emphasis on inoculation. Ideally, of course, we would never need to remediate.
Join us at one of our technical roadshows in your region and you’ll see that Symantec takes a different approach. Our Next Generation Symantec Endpoint Protection is one complete solution that provides the most advanced protection on the market. New features of Symantec Endpoint Protection enable you to intercept malware even after it has penetrated the perimeter, while artificial intelligence defends your endpoints against previously unknown threats and zero-day attacks.
And it works. Independent testing shows Symantec Endpoint Protection blocks 100 percent of incursion attacks and leads the way in stopping infection attacks (99 percent). (Source: “Real world test for Drive by Downloads” & “Deliberate Downloads” from live domains hosting malware” by TASER)
You can find out first-hand how our Next Generation Symantec Endpoint Protection protects your business against the changing face of threat. Visit the Symantec Endpoint Protection Technical Roadshow on its way to a location, near you, soon.
For more insights, read:"Intended and Unintended Consequences of Innovation".
We are so happy to announce that we did it! We created the industry’s first integrated cloud security solution with true enterprise DLP and full cloud access security broker (CASB) capabilities. And it’s available now.
From the moment the Symantec acquisition of Blue Coat closed in August, our joined development teams went all in to solve this critical issue. And we did it in just over two months!
Security is the biggest challenge faced by enterprises adopting cloud apps – especially with popular business apps like Office 365 or Salesforce where all kinds of sensitive company data will be stored and shared, because:
Symantec customers can now get complete visibility and control of data in the cloud with fully integrated Symantec DLP and Symantec CloudSOC CASB.
Symantec DLP Cloud
You can uncover data blind spots in the cloud by extending your Symantec DLP with the new DLP Cloud Service Connector, a content detection service powered by the same, industry-leading technology as our on-premises software. With Cloud Service Connector, you can:
In addition to the Symanted DLP Cloud integration, CloudSOC also provides full CASB visibility and control directly over user activity in cloud apps. You can use CloudSOC to:
Learn more about protecting your data in cloud apps with DLP Cloud and CloudSOC today: go.symantec.com/dlp-casb
*Source: Blue Coat Elastica Shadow Data Report, 2016
Challenges in the Cyber Insurance Industry
Cyber insurance is rapidly evolving; in fact, what’s core coverage today was probably not available a few years ago. Unfortunately, insurers don’t always understand the risks they’re underwriting because all of this is new and there is limited information on the losses organizations have suffered. Many insurers lack the technology, knowledge and strategy to deal with this new industry; they don’t see the bigger picture of evolving risk and threats. Cyber insurance is vital, but all these challenges prevent insurers from advancing and growing the market.
Incredible Growth in Cyber Insurance
Even so, the cyber insurance market is booming; in fact, it’s predicted to grow to $20 billion in premium revenue in the not too distant future. The board asked the Symantec executive team a year ago to see what we should do in this market.
The answer was that Symantec had a phenomenal opportunity to use the company’s unique assets, IP and telemetry to analyze, assess, and mitigate the risk to help the cyber insurance market grow. Not only does Symantec understand the risks, we can prevent, reduce and remediate threats when needed. Symantec operates one of the world’s largest cyber intelligence networks. We approach cyber risks in a holistic manner and can help grow/advance the cyber insurance industry. Actuaries, underwriters, brokers and insureds can tap into Symantec’s threat intelligence using innovative data tools. That’s part of the story of what we are doing.
Now, 14 months down the road, Symantec has:
How This Helps Our Symantec Customers
Our cyber insurance initiatives have gained momentum―and it’s unleashing opportunities for us to explain to the industry that they are not secure and do not have all the answers today to identify and quantify cyber risks. Symantec believes in the importance of approaching cyber risk management holistically. We aim to partner with insurers and re-insurers to help our customers minimize the cost of managing their cyber-risk. This is win-win-win. We can win, and our customers and partners can win too.
Innovation is about momentum and collectively working to solve problems. Cyber insurance is a new area and Symantec is helping to drive new growth. We’re excited to work with other industry leaders to constantly bring new things to the table. Cyber insurance is not a standalone defense; it’s another layer of defense that compliments other security efforts. The holistic approach Symantec takes is another example of our ongoing innovation.
Be sure to read Roxane Divol's “What Every CISO Needs to Know About Cyber Insurance” and follow her @rdivol
The American Association of University Women (AAUW) runs hands-on science and math camps each summer called Tech Trek with the goal of encouraging, motivating, and inspiring girls in science, technology, engineering and math (STEM). Symantec has supported Tech Trek through a grant to develop cyber security curriculum as well as through employee volunteers who review applications and mentor Tech Trekkers. Since its inception in 1998, Tech Trek has been adopted as a national program and over 9,000 girls have attended one of the camps! Last year we featured the story of Gabrielle, a Tech Trekker who attended the Bowling Green summer camp and this year we are featuring Grace, a Tech Trekker who attended at Stanford University.
Tech Trek Campers are exposed to computer science in a myriad of ways, from robotics, cyber security, coding and more!
I think there must be times in everyone’s life when something or someone inspires you, however, it’s not until you look back on it that you realize what a difference it made.
For me, that inspiration was Tech Trek. As a junior high student, I have always been aware of technology and computer science – these days it is almost impossible not to be! I was curious about it, but never envisioned myself as a computer science or technology professional in the future. Why you might ask? While everyone I know is familiar with technology – many have computers at home, mobile phones to keep in touch with family, and sometimes more – we hadn’t talked about it a lot in school. Additionally, there are so many different types of computer science, it always felt pretty overwhelming.
That all began to change one day about a year ago. In my seventh grade science class I was told about a science and math camp for girls. My teacher encouraged us all to look into it. My first thought was “no way!”, but I went home and showed my parents the flyer. They were really excited because they knew I had an interest in this area. (Sometimes I guess parents do know best) The more we talked about it, the cooler it sounded, the more I could envision myself going, and the more excited I became.
Ok, I thought, I’ll just try it out. I thought it would be fun, but to be honest, I was not super invested in the idea. As I went through the application process I became more and more excited. I was called back for interview and then…..then the real letter came saying I had been accepted!
I was happy, nervous, and curious what I’d think of the experience. I spoke with someone from Tech Trek on the phone who helped me sign up for the classes I wanted. What to choose? I didn’t know a lot about coding, however, cyber security sounded really interesting on the phone so I opted for this.
When I found I had gotten into the cyber security class I couldn’t have been happier! The class was great for me – it was interesting and practical. I had gone in without any knowledge of coding and came out with a real understanding of how to code and numerous other technology subjects. We talked about the types of cyber-attacks that happen online, the strategies of cyber criminals, what is possible for them to achieve, and how to recognize a good and bad source. We also learned about computers, old and new, and the basics of binary coding. And my favorite part of the entire class…taking apart a computer to see the actual physical software. I had never done this before and it was pretty amazing to see how it really works!
Lastly, I really found interesting our discussions about the dark web –hard-to-access sites that can be used for illegal activity. Unknown to me (and I bet many of us!), Google is not the entire internet and there are other places scams can originate from. I had never really thought about this before and it really has opened my eyes to how myself, my friends and my family can be much safer online.
Tech Trek definitely gave me a boost of confidence. I came in very unsure of it all – would I enjoy it, would I understand it, would I be able to complete the work?
Honestly, I didn’t think I would do that well, but I picked it up really quickly! Prior to Tech Trek, coding and computer science seemed out of my reach, but now after a week of working in coding, taking apart computers, it now seems a lot more do able. Additionally, the experience has opened my eyes and interest to many areas of technology. I now want to research different areas and learn more about different jobs in tech.
For any girl interested in science, technology or math, I would say don’t let misconceptions of what you can or can’t do get in the way. Computer science and technology is everyone’s future. It applies to us all and it’s important in all of our lives. If you are interested in STEM, then nothing is stopping you! Just start to learn a little bit, and I bet you’ll want to learn more.
Tech Trek was a once in a lifetime opportunity and it has opened up my eyes to a whole new idea of what my future career can be. It’s also given me broader confidence and taught me that as long as you make yourself familiar with something, learn more about it, anything is possible.
I will always remember my Tech Trek experience and it really has – and will continue to - impact my life. I am so thankful to everyone who made this happen and feel so much excitement for other girls who have the chance to participate!
As Rosie the Revere said, “Life might have its failures, but this was not it. The only true failure can come if you quit.”
Tech support scammers have begun using code obfuscation to avoid detection.
Last month, Symantec launched our FY16 Corporate Responsibility Report demonstrating how through our promise to protect the world’s information we are creating opportunities and opening doors both within and outside our company, staying true to our commitment to make our world a better place.
As part of this, we are making a $100,000 USD donation to one of three nonprofit organizations:
All you need to do is provide feedback on our FY16 Corporate Responsibility Report and you can vote for where it goes!
Time is running out…the last day to vote is November 9th!
Adobe patches vulnerability (CVE-2016-7855) which was being used in a limited number of targeted attacks.
The latest Android.Lockscreen variants declare their activity as part of the launcher category to get around Android's security restrictions.
Botnet has grown by exploiting weak security on a range of IoT devices.
This blog was originally posted on the Stay Safe Online Blog October 26, 2016 and authored by Carolyn Herzog, Symantec's Chief Compliance Officer, Vice President, Legal and Public Affairs.
By 2020, Gartner estimates there will be nearly 21 billion connected Internet of Things (IoT) devices. Additionally, today in the United States alone, there are 25 connected devices per 100 inhabitants. Your watch, your phone, your laptop, your car, your TV, your bank and your doctor, can all be collecting and storing your personal information.
We are producing more data than ever, and as a result our data and privacy are increasingly at risk. According to Symantec’s Internet Security Threat Report (ISTR), in 2015 the number of zero-day vulnerabilities discovered more than doubled to 54, a 125-percent increase from the year before. Additionally, the study showed a record-setting total of nine mega-breaches, and the reported number of exposed identities jumped to 429 million.
These numbers, however, hide a larger story. Although a conservative estimate of unreported breaches pushes the number of records lost to more than half a billion in 2015, more companies chose not to reveal the full extent of their data breaches.
The bottom line is no person or business is without risk – and we are often unaware of the magnitude of our exposure.
As customers balance the increasing need to use connected devices with the risks of losing touch with where their personal information is going, they will have a harder and harder time determining where to draw the line between protection and enablement of our technology-driven, day-to-day lives. Customers are putting their faith in companies to protect their information with adequate security and privacy measures. This is prescribed by law, but it’s also a company’s responsibility as an ethical business provider.
So what are the key components of a strong corporate privacy program, and what should customers look for when determining whether they can trust their information with a provider?
As we see time and time again, these data breaches compromise privacy, security and economic well-being, and the financial and reputational risks have both immediate and long-term impacts. That’s why consumer and employee education about security and data protection is paramount and essential for ethical corporate citizenship.
We all have an obligation to ourselves to protect our information. When we entrust our data to a company, it becomes a shared partnership to protect that data.
The Internet of Things is changing the landscape of privacy and security every day. We must remember that convenience comes at a price and we will have to determine our own comfort levels with this evolving digital world. Customers have the ability to see what companies are doing with their data –what is stored, collected and done with their information. And companies have the responsibility to be transparent and demonstrate the corporate practices, processes and steps taken to ensure the highest level of credibility.
Customer choice is what drives our market demand, and this is no different in the world of privacy.
Similar to our ongoing efforts to find a perfect work-life balance, there is sometimes a tradeoff between privacy and technology use. Being informed, knowing the risks and benefits and understanding who you can trust is crucial to balancing these tradeoffs on your own terms.
Android.Lockscreen の最新の亜種は、ランチャーの一種として動作するように宣言して、Android のセキュリティ制限を回避しています。
New Webinar: Nov 10th
Title: Current State of Endpoint Protection: How Machine Learning Helps Stop the Attacks
Speakers: Adrian Sanabria, Sr. Security Analyst from 451 Research and Kevin Haley, Director Security Response, Symantec
Today, targeted attacks and Zero-Day vulnerabilities are the two most common advanced threats. Attacks are designed to enter your environments from many different vectors so an endpoint security solution that detects and blocks threats at all points in the attack chain is critical.
Join the 451 Analyst, Adrian Sanabria and Symantec as they discuss the challenges, business needs and technology options for Endpoint Protection. Learn more about Machine Learning, what it is, how it works, and what else you need to protect yourself across all points of attack. During this webcast, you will learn:
さまざまな IoT デバイスに存在するセキュリティ上の弱点を悪用して、ボットネットが増殖しつつあります。