Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Showcase


Channel Catalog


older | 1 | .... | 211 | 212 | (Page 213) | 214 | 215 | .... | 254 | newer

    0 0

    Symantec Endpoint Protection 14 Will Change How You Think About Endpoint Security. Here’s Why.
    Blog Feature Image: 
    Twitter カードのスタイル: 
    summary

    Security threats have become part of the daily news landscape in 2016: ransomware attacks on hospitals and investment banks; geopolitical attacks on the Democratic National Committee and Clinton campaign; financial attacks on the Swift banking system; and critical infrastructure attacks that took down the Ukrainian power grid.

    As our businesses, governments and personal lives become more and more digital, we continue to be under attack from many different vectors – and many of the attacks start (directly or indirectly) with malware targeting endpoints.

    The pace and sophistication of these new threats is daunting. In 2015, Symantec reported more than 430 million new pieces of malware – that’s more than one million new malware variants on a daily basis. Further, we expect 2016 to track an even more formidable number, as zero-day attacks accelerate and ransomware introduces a profit motive into the equation. These attacks are designed to enter the enterprise environment from many different vectors, making the endpoint ever more vulnerable and thus more essential to protect.

    The only proper response to this rapidly worsening threat landscape is to innovate and integrate more defense mechanisms across multiple control points.

    That’s what Symantec is doing, together with our new compatriots from Blue Coat. No longer are you forced to stitch together dozens of point products from different vendors that weren’t designed to work together. We are working to build the integrated cyber defense platform of the future, so you can fully orchestrate prevention, detection and response across endpoints, gateways, messaging and the cloud.

    Today’s launch of Symantec Endpoint Protection 14 (SEP14) represents significant innovation and integration for endpoint security, immediately available from the global leader in cybersecurity. Our endpoint protection software has well-established leadership in the industry, as evidenced by 14 years running in the Gartner Magic Quadrant and dozens of third-party awards. Our newest release delivers multi-layered endpoint protection in a single agent, including new innovations for advanced machine learning and zero-day exploit prevention, along with established technologies for file reputation and behavior analysis, firewall and intrusion prevention – all powered by the world’s largest civilian threat intelligence network.

    Let’s break that down.

    Multi-Layered Endpoint Protection

    Endpoint protection requires quick analysis of threats in real time: evaluating files based on their attributes (static), how they behave (dynamic) and their global context (reputation). The security layers themselves are comprised of both proven and emerging technologies working seamlessly at the endpoint, including analysis of files, reputation and behavior along with firewall, intrusion prevention and exploit prevention. SC Magazine recently reviewed SEP14 and rated it as “the most comprehensive tool of its type that we’ve seen with superb installation and documentation.”

    Protection, Detection and Response in a Single Agent

    SEP14 directly addresses multiple use cases including endpoint protection, detection and response capabilities in a single agent. Combined with APIs and built-in management capabilities, this allows customers to respond to threats quickly while reducing operational expenditures. SEP14 delivers this powerful protection in a lightweight package, building on industry-leading 99.9% efficacy, low false positives and a 70 percent reduced footprint over the previous generation through new advanced cloud lookup capabilities. And we haven’t even scratched the surface on how SEP14 reduces Total Cost of Ownership and endpoint complexity.

    Enabled by Artificial Intelligence and Machine Learning

    SEP14 deploys advanced machine learning on both the endpoint and in the cloud, while taking advantage of additional artificial intelligence mechanisms in the cloud. Why does that matter? Machine learning allows us to detect unknown threats or evolving threat families during the early part of infection, in order to stop threats before they have a chance to execute. Our systems are always learning to distinguish between good files and bad files, leveraging prior intelligence and trained machines. There’s a catch, however: the machines are only as smart as the quality of the data they use to learn. This fact lies at the very heart of why Symantec is poised to reinvent endpoint security– because we also have artificial intelligence in the cloud, pulling from our Global Intelligence Network, the largest civilian global threat intelligence in the world. This in turn leads us, inevitably, to the role of big data.

    Powered by Big Data

    Symantec collects threat insights from over 175 million endpoints and 57 million attack sensors across different organizations, industries and geographies.  That all adds up to more than 3.7 trillion rows of security-relevant data.  We leverage the collective intelligence from this diverse threat data and use it to teach our machines how to operate on the front lines of a global battle that changes every day, minute by minute. Beyond the Global Intelligence Network, SEP14 can also share intelligence with Blue Coat’s Secure Web Gateway. As endpoint security learns from network security, and vice versa, threats can be identified and blocked at either control point.

    Innovation and integration are essential to endpoint security. Our enemies are at work around the clock and around the globe looking for ways to steal information, disrupt business, extort money and maliciously interfere with normal daily life. But reputation is essential too, which is why we at Symantec are proud to have a global community with thousands of organizations and millions of people who place their trust in us to protect their most valuable digital assets.

    We can’t wait to show them what’s next.

    Learn more about SEP14 here and watch this space for weekly blog posts that drill deeper into key capabilities with insights from Symantec and third-party experts.

    Facebook Image Post_V1A(1) copy_0.jpg


    0 0

    The Symantec team gave 3 successful presentations at the OpenStack Ocata summit. There was lots of interest in how we are building a cloud platform that will seamlessly and securely merge public and private clouds!

    Check out the videos of our talks:

    Are Your Images Golden, Gilded, or Tarnished? Know What's in Your Glance Store.

    Nailing Your Next OpenStack Job Interview

    Sleep Better at Night- OpenStack Cloud Auto--Healing


    0 0

    Webinar: December 6, 2016

    WEBINAR: December 6, 2016

    TIME: 10:00 AM (PST) / 11:00 AM (EST)

    SPEAKERS: Teresa Law, Sr. Product Marketing Manager,Symantec and Alpesh Mote, Product Marketing, Symantec

    Overview:

    Part 1 of 4: Symantec Endpoint Protection 14 (SEP 14) Webinar Series:



    Threats are becoming more sophisticated with new attacks becoming commonplace. These unknown threats can be devastating for an organization making endpoint protection more critical than ever. The best weapon in your endpoint protection arsenal to combat unknown threats is Machine Learning. Join us to discover:



    •How machine learning addresses unknown threats 



    •Why SEP 14 machine learning is unique



    •Where it fits in a layered solution 



    In addition to a lively discussion we’ll also show you SEP 14 in action, with a demo that showcases how unknown threats don’t stand a chance.

    Register Today: 


    0 0
  • 11/01/16--14:09: Ambassadors of Safety
  • Symantec Staff Educate Communities to Keep Our World Safe Online

    Yesterday marked the closing of National Cybersecurity Awareness Month in the United States where experts, advocates and communities bring awareness to the need for keeping ourselves safe online. This year’s theme “Our Shared Responsibility” emphasizes the role we all play in securing our world online. At Symantec, every day is focused on sharing this responsibility through our world leading cybersecurity products, operating one of the world’s largest cyber intelligence networks, preparing the next generation of cybersecurity professionals, and donating our time, skills and experience to educate our communities. From creating safety ambassadors to protecting terminally ill children to inspiring tomorrow’s leading tech stars, below we highlight recent online safety initiatives across the globe.  

    Kosch-Westerman Foundation and Symantec team up to protect the terminally ill

    Product donation is Symantec’s largest mechanism to support the nonprofit community and help nonprofits fulfill their missions. In partnership with TechSoup, each year we provide cybersecurity solutions to more than 25,000 organizations across 55 countries worldwide, allowing them to secure their most important data wherever it lives. Since launching the software donation program in 2002, Symantec has helped more than 93,000 nonprofits solve today’s biggest security challenges and protect against the ever-evolving threat landscape.

    When a child becomes sick, their world suddenly becomes limited to what they can access from their bed. These children, however, are just as likely to be the target of hackers, stumble upon inappropriate web content or accidentally download malware as anyone else. To address these challenges, the The Kosch-Westerman Foundation, which connects terminally ill children to the outside world, turned to TechSoup and Symantec for help, requesting licenses of Norton Security Deluxe. Our donated product, now installed on all 50 foundation devices, provides peace of mind when the children connect virtually with their family and friends.

    John Warby and Symantec empower staff to become online safety ambassadors

    “Symantec’s cyber safety volunteering program empowers staff to become ambassadors for safe Internet use in their communities. Our staff share in our company’s commitment to reach out to our local communities and educate parents and students about how they can behave safely and participate responsibly online.” – Symantec Managing Director, Pacific Region, Ian McAdam

    As part of an ongoing community-based leadership and cyber safety education program, this September Symantec hosted approximately 20 students from John Warby Public School at the Symantec’s Security Operations Centre (SOC) in Sydney. John Warby Public School is situated in Campbelltown in South West Sydney and its students come from a variety of cultural and language backgrounds. Nearly all (99 percent) of the students who attend John Warby Public School live in Department of Housing properties and many of the children experience financial and emotional hardships.

    The program, which was an extension of an onsite visit in March, aims to reinforce leadership skills and encourage students to share learnings with their peers.  Additionally, it kicked-off of a 10-week long mentoring program, which pairs students with Symantec employees who guide them on key cybersecurity and online safety topics.

    During the visit, students participated in online safety sessions covering topics such as how to carefully choose the personal information they share and how to create strong passwords.  They had the opportunity to participate in a password hacking experiment, seeing first-hand how Symantec blocks security threats. Students also experienced what a job in the security industry looks like and spoke to Symantec security engineers providing inspiration for potential future careers in cybersecurity. For many it was the first time they visited an office environment or even stepped into a high-rise building.

    The event was also a fantastic experience for the Symantec team, seeing first-hand the interest of the students and often put on the spot with the student’s candid and clever questions.

    NSCAM0.png

    Symantec volunteers at John Warby Public School in Sydney, to educate students on online safety and excite them about careers in tech and cybersecurity. (Source: iTWire)

    Symantec and CoderDojo support tech’s youngest rising stars

    This June, for the fifth consecutive year, CoderDojo, a community of volunteer lead programming clubs for children ages 7-17, held its annual Coolest Projects event in Dublin. The event has grown exponentially from just 19 projects across four CoderDojo’s in 2011 to 700 projects this year (219 created by girls), 90 of which were international projects. Over 13,000 people attended the event, which featured 55 guest speakers delivering presentations across four summits covering Coding, Women in Tech, and Innovation and Games. 

    “CoderDojo is unique. CoderDojo enables young people to develop their skills as creators and inventors of technology outside of the typical classroom environment. It enables creativity & freedom to put imagination to practice while learning computer programming & problem solving in a fun way! Thoroughly enjoyed Coder Dojo volunteering and it was inspiring to spend time with Dojos, especially my new 6 year old friend who was teaching me about the “Alice”. 3D programming environment!”

    - Davorka Banovic, Manager, Business Critical Services, Symantec

    For the first time this year Symantec was engaged as a platinum partner of the event. 19 volunteers gave 125 hours and supported on a range of activities from hosting the Symantec stand to judging to presenting awards, and most importantly educating attendees about best practices for online safety how and representing Symantec Ireland as the leader in IT security. At the Symantec event booth, employees educated attendees about online dangers and how to stay safe when visiting websites and downloading applications or software.

    Additionally, Dublin based Director for Codesigning, Richard Hall, spoke on the Summit stage walking the audience through code-signing security best practices. And project teams all received a goodie bag with a Symantec branded webcam protector which they could stick onto their laptops and tablets as a physical layer of security. Lastly, Symantec sponsored the award for best male and female in the Mobile Application category.

    The team really enjoyed the experience with CoderDojo and hope this is the first of many years in which Symantec can support CoderDojo and the Coolest Projects Awards.

    NSCAM1.png

    Symantec sponsored CoderDojo’s 5th annual Coolest Projects event, which drew 13,000 attendees this June.

    NSCAM2.png

    Symantec employees at the company’s event booth educate CoderDojo attendees on the importance of online safety.

    NSCAM3.png

    Symantec sponsored the award for Best Mobile Application by a male and female at the CoderDojo Coolest Project event.


    0 0

    Symantec Endpoint Protection 14 の登場で、エンドポイントセキュリティに対する考え方が変わります。その理由をお読みください。
    Blog Feature Image: 

    2016 年、セキュリティ上の脅威は、ニュースで日常的に取り上げられるようになってきました。病院投資銀行を狙ったランサムウェアの攻撃、民主党全国委員会クリントン氏の選挙運動を標的にした政治的な攻撃、銀行向けの Swift システムを狙う金融系の攻撃などについて報道があいつぎ、社会インフラに対する攻撃によってウクライナでは電力会社が停止に追い込まれました。

    ビジネスの世界ばかりでなく、行政や個人生活でもデジタル化が進む今、私たちはさまざまな経路で常に攻撃にさらされています。そうした攻撃の多くは、(直接的にであれ、間接的にであれ)エンドポイントを標的とするマルウェアで始まります。

    新しいマルウェアの出現ペースとその高機能化は、今や大きい脅威です。2015 年には、4 億 3,000 万種を超える新しいマルウェアが出現したとシマンテックは報告しました。毎日 100 万種以上の亜種が生まれている計算です。しかも 2016 年には、さらに圧倒的な数字が記録されると予測されています。ゼロデイ攻撃が増え、ランサムウェアによる利潤の追求が現実的になりつつあるからです。こうした攻撃は、多種多様な経路から企業環境に入り込むよう設計されているため、エンドポイントはかつてないほど脆弱になり、その保護がいよいよ不可欠になっています。

    これほど急速に悪化している脅威の世界に対処するうえで唯一の正解は、複数の制御ポイントにわたって防御メカニズムを革新し、統合することです。

    シマンテックが取り組んでいるのは、まさにその点です。その取り組みに、新たな同胞として Blue Coat が加わりました。ベンダーが異なり連携も想定されていない個別の製品を何十も使い分ける必要は、もうありません。シマンテックは、エンドポイントからゲートウェイ、メッセージング、クラウドまですべてを通じて、予防と検出と対応を完全に編成できることを目指し、未来を目指した統合型のサイバー防衛プラットフォームを構築しようとしています。

    サイバーセキュリティのグローバルリーダーであるシマンテックは本日、Symantec Endpoint Protection 14(SEP14)の提供を開始しました。エンドポイントセキュリティの大きな革新と統合を具現した SEP14 を、今すぐご利用いただけます。シマンテックのエンドポイント保護ソフトウェアは、業界において確固たる主導的な地位を確立してきました。それは、Gartner Magic Quadrantで 14 年間連続して、また第三者による数々の授賞暦によっても、裏付けられています。その最新版である SEP 14 で提供されるのが、単一エージェントによる多層エンドポイント保護です。ファイル評価、動作解析、ファイアウォール、侵入防止といった既存のテクノロジーに加えて、最新のマシンラーニングとゼロデイ脆弱性対策も導入されました。そして、そのすべてが民間で世界最大の脅威インテリジェンスネットワークに支えられています。

    SEP 14 の特徴を、ひとつひとつ詳しく見てみましょう。

    多層のエンドポイント保護

    エンドポイントを保護するには、リアルタイムで迅速に脅威を解析しなければなりません。属性(静的)、動作(動的)、さらにはそのグローバルなコンテキスト(評価)に基づいてファイルを評価することが必要です。セキュリティ層そのものは、ファイアウォール、侵入防止、悪用予防のほかにファイル、評価、動作の解析を利用するなど、実績のある技術と新しい技術の両方で成り立っています。SC Magazine は先日 SEP 14 のレビュー記事を掲載し、「同種の製品の中ではこれまでで最も包括的なツール。インストールとドキュメンテーションも素晴らしい」と評しました。

    保護、検出、対応を単一のエージェントで

    SEP14 は、エンドポイントの保護、検出、対応までの各機能を含む複数のユースケースに、単一のエージェントで直接対処します。API と組み込みの管理機能もあわせれば、運用支出を削減しながら、迅速に脅威に対応できます。SEP14 は、こうした強力な保護機能を軽量なパッケージで実現しています。その基盤となるのが、業界トップを誇る 99.9% の検出能力、低い誤認率、そして最新のクラウドルックアップ機能によって前世代から 70% も軽減されたフットプリントです。また、ほとんど紹介すらできていませんが、SEP14 では総保有コストも削減され、エンドポイントの複雑さも緩和されます。

    人工知能とマシンラーニングによる機能強化

    SEP14 は、エンドポイントでもクラウドでも、高度なマシンラーニングを採用しており、クラウド側ではさらに人工知能のメカニズムも導入しています。そこに、どんな意味があるのでしょうか。マシンラーニングでは、未知の脅威や新たに出現するマルウェアファミリーを、感染の初期段階で検出し、実行する隙も与えずにマルウェアを停止させることができます。シマンテックのシステムは、正常なファイルと異常なファイルの識別を常に学習しています。過去のインテリジェンスと、鍛えられたマシンを効果的に活用するのですが、ここに落とし穴があります。機械は、学習に使ったデータの水準以上にスマートになることはない、ということです。シマンテックがエンドポイントセキュリティを作り直そうとしている理由も、まさにこの事実にあります。シマンテックがクラウド側に用意している人工知能は、民間として世界最大のグローバルな脅威インテリジェンスである Global Intelligence Network からデータを取得しています。ここから必然的に導き出されるのが、ビッグデータの果たす役割です。

    ビッグデータの機能

    シマンテックは、各種の組織、業種、拠点に存在する 1 億 7,500 万のエンドポイントと、5,700 万の攻撃センサーから、脅威に関する知見を収集しています。それをすべて合わせると、セキュリティ関連のデータは 3.7 兆行以上になります。シマンテックは、この多様な脅威データから集合的インテリジェンスを導き出し、それを利用して機械をトレーニングしています。毎日、毎分、毎秒で刻々と変化するグローバルな戦場の最前線でどう闘うか、機械に教え込むわけです。Global Intelligence Network だけでなく、SEP14 は Blue Coat のセキュア Web ゲートウェイとも情報を共有できます。エンドポイントセキュリティとネットワークセキュリティは、双方向で学習し合うので、どちらの制御ポイントでも脅威の識別と遮断が可能です。

    シマンテックは、各種の組織、業種、拠点に存在する 1 億 7,500 万のエンドポイントと、5,700 万の攻撃センサーから、脅威に関する知見を収集しています。それをすべて合わせると、セキュリティ関連のデータは 3.7 兆行以上になります。シマンテックは、この多様な脅威データから集合的インテリジェンスを導き出し、それを利用して機械をトレーニングしています。毎日、毎分、毎秒で刻々と変化するグローバルな戦場の最前線でどう闘うか、機械に教え込むわけです。Global Intelligence Network だけでなく、SEP14 は Blue Coat のセキュア Web ゲートウェイとも情報を共有できます。エンドポイントセキュリティとネットワークセキュリティは、双方向で学習し合うので、どちらの制御ポイントでも脅威の識別と遮断が可能です。

    次にどんなことをお伝えできるのか、待ちきれないくらいです。

    SEP14 について詳しくは、こちらをご覧ください。また、こちらの毎週のブログ記事では、シマンテックとサードパーティーの専門家による知見を交えながら主な機能を詳しく解説しています。

    Facebook Image Post_V1A(1) copy_JA.png

    【参考訳】


    0 0

    Symantec Endpoint Protection 14 将改变您对端点安全的看法。原因如下。
    Blog Feature Image: 

    2016年,安全性威胁成为日常新闻中的重要话题:勒索软件攻击医院投资银行民主党全国委员会希拉里·克林顿的竞选活动受到地缘政治攻击;环球同业银行金融电讯协会(Swift)银行系统遭受金融攻击;严重的基础设施攻击破坏乌克兰电网

    随着我们的企业、政府和个人生活变得越来越数字化,我们持续遭受不同媒介的攻击,其中很多攻击是由针对端点的恶意软件直接或间接发起的。

    这些恶意软件的发展速度和专业程度令人生畏。2015年,赛门铁克曾报道新恶意软件的数量已超出了4.3亿,也就是说每天就会新出现100万个恶意软件变体。此外,因为零日攻击发展迅速,且勒索软件带来的利润使网络攻击者更为疯狂,我们认为恶意软件的数量在2016年将更为惊人。这些攻击通过多种不同媒介进入企业环境,使端点更为脆弱,因此端点保护变得愈加重要。

    只有一种方式能够阻止这种快速恶化的威胁,那就是对更多的防御机制进行创新,并将其整合于多个控制点之中。

    赛门铁克及其新合作伙伴Blue Coat正照此方向努力。您将无须联合使用不同供应商的几十种端点产品,这些产品本来也不适合共用。我们正致力于搭建未来的整合性网络防御平台,使您能够完全对端点、网关、信息传递和云进行防护、检测和回应。

    Symantec Endpoint Protection 14 (SEP14)于今日发布,这代表着端点安全在创新和集成性上迈出了一大步。作为全球的网络安全领导者,我们即将对该软件进行出售。我们的端点保护软件在业界处于领先地位,Gartner市场研究报告14年的相关数据和数十个第三方奖项可对此加以证明。我们最新发布的这款软件在单一媒介中提供多层端点保护功能,包括高级机器学习和零日漏洞利用预防等创新功能,以及文件信誉、行为分析、防火墙和入侵防御的相关技术。所有这些功能都是由世界最大的平民情报网络加以技术支持。

    让我们一起排除万难。

    多层端点保护

    端点保护需要实时对这些威胁进行快速分析:依据文件属性(静态)对文件加以评估,并研究这些文件如何表现(动态)及其全球化背景(信誉)。 安全层本身采用了原有的可靠技术和新兴技术。这些技术在端点能进行无缝对接,包括文件分析、信誉和表现,以及防火墙保护、入侵防御和漏洞防御。美国计算机安全(SC)杂志最近对SEP14做以评论,将其定为是“目前此类工具最全面性的一款,其安装方法和文档设置都非常出色”。

    在单一媒介中进行保护、检测和回应

    SEP14可直接处理多种任务,包括在单一媒介中进行端点保护、检测和回应。该软件结合了API和内置管理功能,从而使用户能够在减少业务费用的同时快速地对相关威胁做出响应。SEP14体积虽小却拥有着强大的保护功能,其有效率为99.9%,达到业界领先地位。SEP14误报率很低,且云查找功能使SEP14比原先版本节省了70%的查找时间。而且,我们甚至还没有论及该安全软件能够降低所有权总成本和端点复杂性的优点。

    依赖于人工智能和机器学习

    SEP14 在云端使用额外人工智能机制的同时,还为端点和云端配置高级机器学习功能。为什么这种工作会如此重要了?因为机器学习功能使我们能够在设备感染前期检测未知恶意软件或演变的恶意软件,从而在恶意软件有机会执行之前将其扼杀在萌芽之中。我们的系统总是学习如何区分好坏文件,利用先前情报和受训机器进行工作。然而,这里有一个问题:机器智能性跟其学习的数据质量息息相关。这个事实正是赛门铁克为什么准备彻底改造端点安全的主要原因 —因为我们的云端也具有人工智能,可在我们的全球情报网络中收集世界上内容最全的民用全球威胁情报。这种情况反过来使我们不可避免地起到了大数据的作用。

    依赖于大数据

    赛门铁克从不同组织、行业和地域收集来自于1.75亿个端点和5700万攻击传感器的威胁情报,与安全相关的数据总共超出了3.7万亿行。我们利用从各种威胁数据中收集的情报,以教授我们的机器如何安全运行于分秒必变的全球性战场前线。除了利用全球情报网络之外,SEP14还可以与Blue Coat的Web 安全网关(Secure Web Gateway)风险情报。由于端点安全软件和网络安全软件能够互相学习,我们便能够在控制点对威胁加以识别和阻拦。

    创新与整合对于端点安全来说至关重要。我们的对手来自于全球各地,他们昼夜不停地工作就是为了寻找各种方法以盗取信息、扰乱市场、勒索钱财,以及恶意干扰人们的日常生活。然而,信誉也非常重要,这也是为什么赛门铁克非常自豪能拥有一个由数千家机构及几百万人组成的全球性社区。这些用户信任我们能够保护好他们最宝贵的数字财产。

    我们迫不及待地想向用户展示更多相关信息。

    点击此处了解更多有关SEP14的信息,并可查看赛门铁克和第三方专家每周编写的深度介绍该安全软件主要功能的博文。

    Facebook Image Post_V1A(1) copy_SC.png


    0 0

    What the recent Mirai attack means for global insurers
    Blog Feature Image: 

    We are entering a new era for global insurers, where business interruption claims are no longer confined to a limited geography, but can simultaneously impact seemingly disconnected insureds globally. This creates new forms of systemic risks that could threaten the solvency of major insurers if they do not understand the silent and affirmative cyber risks inherent in their portfolios.  

    On Friday, October 21, a distributed denial of service attack (DDoS) rendered a large number of the world’s most popular websites inaccessible to many users, including Twitter, Amazon, Netflix, and GitHub. The internet outage conscripted vulnerable Internet of Things (IoT) devices such as routers, DVRs, and CCTV cameras to overwhelm DNS provider, Dyn, effectively hampering internet users ability to access websites across Europe and North America. The attack was carried out using an IoT botnet, called Mirai, which works by continuously scanning for IoT devices with factory default user names and passwords.

    The Dyn attack highlights three fundamental developments that have changed the nature of aggregated business interruption for the commercial insurance industry:

    1. The proliferation of systemically important vendors

    The emergence of systemically important vendors can cause simultaneous business interruption to large portions of the global economy.

    The insurance industry is aware about the potential aggregation risk in cloud computing services, such as Amazon Web Services (AWS) and Microsoft Azure. Cloud computing providers create potential for aggregation risk; however, given the layers of security, redundancy, and 38 global availability zones built into AWS, it is not necessarily the easiest target for adversaries to cause a catastrophic event for insurers.

    There are potentially several hundred systemically important vendors that could be susceptible to concurrent and substantial business interruption. This includes at least eight DNS providers that service over 50,000 websites, and some of these vendors may not have the kind of security that exists within providers like AWS.

    2. Insecurity in the Internet of Things (IoT) built into all aspects of the global economy

    The emergence of IoT with applications as diverse as consumer devices, manufacturing sensors, health monitoring, and connected vehicles is another key development. Estimates vary that anywhere from 20 to 200 billion everyday objects will be connected to the internet by 2020. Security is often not being built into the design of these products with the rush to get them to market.

    Symantec’s research on IoT security has shown the state of IoT security is poor:

    • 19 percent of all tested mobile apps used to control IoT devices did not use Secure Socket Layer (SSL) connections to the cloud
    • 40 percent of tested devices allowed unauthorized access to back-end systems
    • 50 percent did not provide encrypted firmware updates, if updates were provided at all
    • IoT devices usually had weak password hygiene, including factory default passwords; for example, adversaries use default credentials for the Raspberry Pi devices to compromise devices

    The Dyn attack compromised less than one percent of IoT devices. By some accounts, millions of vulnerable IoT devices were used in a market with approximately 10 billion devices. XiongMai Technologies, the Chinese electronics firm behind many of the webcams compromised in the attack, has issued a recall for many of its devices.

    Outages like these are just the beginning. Shankar Somasundaram, Senior Director, Internet of Things at Symantec, expects more of these attacks in the near future.

    3. Catastrophic losses due to cyber risks are not independent, unlike natural catastrophes 

    A core tenant of natural catastrophe modeling is that the aggregation events are largely independent. An earthquake in Japan does not increase the likelihood of an earthquake in California.

    In the cyber world consisting of active adversaries, this does not hold true for two reasons (which require an understanding of threat actors).

    First, an attack on an organization like Dyn will often lead to copycat attacks from disparate non-state groups. Symantec maintains a network of honeypots, which collects IoT malware samples. A distribution of attacks is below:

    • 34 percent from China
    • 26 percent from the United States
    • 9 percent from Russia
    • 6 percent from Germany
    • 5 percent from the Netherland
    • 5 percent from the Ukraine
    • Long tail of adversaries from Vietnam, the UK, France, and South Korea

    Groups, such as New World Hacking, often replicate attacks. Understanding where they are targeting their time and attention, and whether there are attempts to replicate attacks, is important for an insurer to respond to a one-off event.

    Second, a key aspect to consider in cyber modeling is intelligence about state-based threat actors. It is important to understand both the capabilities and the motivations of threat actors when assessing the frequency of catastrophic scenarios. Scenarios where we see a greater propensity for catastrophic cyber attacks are also scenarios where those state actors are likely attempting multiple attacks. Although insurers may wish to seek refuge in the act of war definitions that exist in other insurance lines, cyber attack attribution to state-based actors is difficult—and in some cases not possible.

    What Does This Mean for Global Insurers?

    The Dyn attack illustrates that insurers need to pursue new approaches to understanding and modeling cyber risk. Recommendations for insurers are below:

    1. Recognize that cyber as a peril expands far beyond cyber data and liability from a data breach and could be embedded in almost all major commercial insurance lines
    2. Develop and hire cyber security expertise internally, especially in the group risk function, to understand the implications of cyber perils across all lines
    3. Proactively understand whether basic IoT security hygiene is being undertaken when underwriting companies using IoT devices
    4. Partner with institutions that can provide a multi-disciplinary approach to modeling cyber security for insurer including:
    • Hard data (for example, attack trends across the kill chain by industry)
    • Intelligence (such as active adversary monitoring)
    • Expertise (in new IoT technologies and key points of failure)

    Symantec is partnering with globally-leading insurers to develop probabilistic, scenario-based modeling to help understand cyber risks inherent in their standalone cyber policies, as well as cyber as a peril across all lines of insurance. The Internet of Things opens up tremendous new opportunities for consumers and businesses, but understanding the financial risks inherent in this development will require deep collaboration between the cyber security and cyber insurance industries.

    Additional insights: 

    7 Predictions on How IoT will impact Insurance Industry
    Approaching Cyber Risk Management Holistically


    0 0

    Highlights from our series Black Lives Matter & Beyond: Corporate Leaders Respond

    Over the past month and a half Symantec has joined other leading companies and Triple Pundit - a global media platform that demonstrates how business can be a force of good – to facilitate Black Lives Matter & Beyond: Corporate Leaders Respond, a series of articles examining the challenges of truly fostering a culture of diversity and equality.

    For example, how do you support employees in discussing controversial topics such as police violence and the BLM movement? How do you respect the views of others when they are very different from your own? And how can companies increase diversity in their ranks directly?

    In the article “Talking About Race and Police Violence at Work” author Sherrell Dorsey discusses the unusual silence in corporate America around recent police violence and shootings. She highlights the example of Mandela Schumacher-Hodge, portfolio services director for social impact investment firm Kapor Capital, who spoke out publicly about her colleagues opening up to discuss recent shootings and violence in the US. Schumacher-Hodge’s boss Freda Kapor further discusses how Kapor Capital has fostered a culture where employees feel comfortable getting to the heart of sensitive issues like racial injustice, and what it takes to bring equality to the workplace.    

    “It’s our responsibility to educate ourselves and other white people, especially those in power,” she says. “It’s not our job to delegate [the responsibility of diversity] and ask others to clean up the mess we made.”

    Additionally, in our Twitter chat for the series: #BLMandBeyond w Symantec, Ben & Jerry’s, Net Impact, we examined how companies should respond to national controversies like police violence and the Black Lives Matter movement. I was joined by Chris Miller, Social Mission Activism Manager, Ben & Jerry’s and Liz Maw, CEO, Net Impact. Some highlights from the speakers included:

    Cecily Joseph: Talk about it! Don’t ask employees to leave a part of themselves at the front door of the office

    Chris Miller: The best businesses have dynamic, diverse, and inclusive workplaces. You have to intentionally build that culture.

    Liz Maw: Silence has perpetuated racial injustice; talking will help us heal

    Diversity and equality is an ongoing journey and often it’s the issues and situations that make us feel uncomfortable that are the most critical. We are trying to bring light to some of these, and hope you will join us to read part or all of this series. We all need to start acknowledging the critical challenges and issues, but most importantly, we need to take these insights back to our companies, to our teams, to our friends, to our communities.

    Cecily Joseph is Symantec’s VP Corporate Responsibility and Chief Diversity Officer


    0 0

    Blog Feature Image: 

    「マシンラーニング」という言葉は、すっかり流行語になりましたが、広く言われているほど万能薬ではありません。つまり、セキュリティ上の問題をなんでも解決できるわけではないということです。マシンラーニングが、脅威を特定する有効な武器にならないと言うつもりはありませんが、実のところ、その効果が発揮されるのは攻撃チェーンの特定のポイントだけです(下図)。そして、何事もそれだけで 100% 有効とはいかないものです。

    4 I 80pc_JA.png

    攻撃チェーンの各段階を表す言葉も、攻撃チェーン自体を表す言葉も、いろいろ使われています。筆者自身は、攻撃チェーンを脅威のライフサイクルと考えていますが、今までに見たなかでも特に感心したのは、医学用語を使った表現です。ウイルスや脅威にさらされ(侵入)、それを食い止められない場合には感染します(infection)。ひとたび感染すると、ウイルスや脅威はさらに拡散しようとし(蔓延)、場合によってはコマンドセンターや制御センターとの通信、あるいは情報の抽出を試みます。攻撃を受けたあとには、ウイルスや脅威を無力化できるのが理想的な結果です(予防接種)。攻撃チェーンで捕捉が遅れるほど、被害は大きくなるので、できるだけ早く捕捉できれば有利ですが、最も重要なのは、とにかく捕捉することです。何カ月にもわたって脅威が環境の中に存続し、情報を収集したりビジネスを妨害したりすることも、皆無ではありません。

    他の保護技術と違い、マシンラーニングならではの特徴と言えるのが、教え込まなければならないという点です。脅威を正確に識別するには、探す対象を理解できるように鍛え、しかも常に更新する必要があります。新しい脅威は、絶えず出現しているからです。そのため、高水準のトレーニングが特に重要になります。そうしないと、実際には存在しない脅威を検出してしまう、つまり誤認が多発することになりかねません。

    ここで言う高水準のトレーニングとは、新しいグローバルな脅威データによって常に更新される有用なデータを大量に使うことを意味します。有用なデータと言っても、既知のマルウェアだけでマシンラーニングをトレーニングするという意味ではありません。そんな対策は、ハッカーに簡単にすり抜けられてしまいます。トレーニングでは、新しい脅威と侵害指標(IOC)を常に更新しながら、正常なファイルと異常なファイルの両方を使う必要があります。真に優秀なマシンラーニングは、きわめて高度なアルゴリズムと、強力にトレーニングされた分類機能を使って、最新の脅威を検出するよう学習できますが、それも長期的にはデータセットの品質にとどまります。これまで知られていない新しい脅威を的確に検出する、それこそマシンラーニングが最も価値を発揮することですが、そのためには、できるだけ高い品質のグローバルな脅威データが必要です。

    マシンラーニングやディープラーニングについては、評価ベース、行動ベース、属性ベースという種類もはっきりさせておかねばなりません。脅威の識別では、そのすべてに役割があるので、すべてをエンドポイント保護ソリューションの一部として組み込む必要があります。

    それでも、前述したように、単独で 100% 有効なものなどありません。バックアップとして、また攻撃チェーンの下流で使えるように、別の武器も必要になります。要するに、使えるかぎりどんな手段を使ってでも脅威は排除したいということです。こうした理由で、セキュリティ上のあらゆるニーズに対する答えを、マシンラーニングだけに求めるわけにはいきません。エンドポイント保護ソリューションは、侵入の段階で、あるいは脅威がなんらかの形で外部との通信を試みるときに、効果的に脅威を識別して排除できる必要があります。

    結論として、脅威に対しては以下のように最善の保護対策を実施するよう心がけてください。

    1. お使いのソリューションが、初期状態でもグローバルソースから可能なかぎり最高で多様なデータセットを使って、マシンラーニングをトレーニングできること。

    2. お使いのソリューションが、やはりグローバルソリューションを使って常に更新されており、最小限の誤認率で、知られていない最新の脅威の大半を捕捉できること。

    3. マシンラーニングだけでは十分でないことを受け入れ、以下の図を参考にして、攻撃チェーンのすべてを保護する武器を用意すること。侵入防止サービス、定評のあるシグネチャベースの技術、ブラウザ保護、デバイスやアプリケーションの制御、メモリ悪用の防止、カスタムパッケージのマルウェアへの対策機能などが必要です。

                          Attack Chain 3 I 75pc_JA.png

    マシンラーニングは、強力な武器ですが、唯一の正解ではありません。

    エンドポイント保護について詳しくは、go.symantec.com/sepを参照してください。

    【参考訳】


    0 0

    Blog Feature Image: 

    どんなソフトウェアアプリケーションにも脆弱性が存在します。その多くはすぐに対処されますが、なかには開発者にすら気付かれない脆弱性もあります。そうした脆弱性を発見し、悪用しようと待ち構えているのがサイバー犯罪者たちです。それどころか、脆弱性の悪用はビジネスとして確立しつつあります。シマンテックの『インターネットセキュリティ脅威レポート』によると、ゼロデイ脆弱性は 2015 年に 125% へと増加しました。

    Zero day exploits 60pc.jpg
    出典:シマンテック『インターネットセキュリティ脅威レポート、2016 年 4 月』

    広く利用されている有名なアプリケーションほど脆弱性は少ないものだとお考えなら、それは間違いです。一般的なオペレーティングシステム、エンドユーザー向けのブラウザ、企業アプリケーションなど、要するに社内のソフトウェアスタックのあらゆる層が、危険にさらされています。つい最近も、複数のベンダーが、ソフトウェアスイートに存在する 200 件から 300 件もの脆弱性に対するパッチを公開しました。その多くはリモートで悪用が可能であり、緊急度は最高でした。あるいは、20 年も前から、丸見えの脆弱性が残り続けているオペレーティングシステムもあります。

    攻撃者の立場からすると、ブラウザの脆弱性を悪用するというのは、組織の出入口に大きな足がかりを持つことです。オペレーティングシステムの中までアクセスできるというのは、1 台のマシンを感染させたうえで、その 1 台を水飲み場に利用して他のマシンにも感染し、組織内を自在に行き来できることを意味します。そして最終的に、企業アプリケーションに侵入できれば、ミッションクリティカルな情報、ERP システム、顧客データなどにアクセスできることになります。

    本当に恐ろしいのは、ゼロデイ脆弱性が、またたく間に武器として利用されることです。『インターネットセキュリティ脅威レポート』でも説明されているように、脆弱性の悪用コードは、アンダーグラウンドで公開されてから数時間以内に、きわめて高機能な悪用ツールキットで使えるようになります。たとえば Angler Exploit kitは、何十万件もの攻撃を引き起こしていますが、ディスクにいっさいファイルを書き込むことなく、メモリからマルウェアをダウンロードして実行できる悪用コードを備えています。従来型の保護方法では大半の検出をすり抜けられてしまいますし、たとえ次世代の手法でも、ファイルに依存する場合は無力です。それほど遠くない過去に、こうした悪用コードは各国にローカライズされた形で出現しました。現在も、世界的な規模で、次々と公開されています。

    悪用コードが登場してからでも、ベンダーがパッチを公開するまでに数週間かかる場合もあり、エンドポイントが更新されるにはさらに数カ月かかることもある―そのことをサイバー犯罪者は承知しています。それだけの期間、脆弱性の悪用を続けられれば、重要なデータを盗み出したり、企業を停止に追い込んだりするには十分です。

    ここまでお読みになって、このような悪用コードにはどう対処するのがベストかとお考えでしょう。メモリ悪用は、シグネチャでは遮断できません。エンドポイントの新しい特効薬であるマシンラーニングでも識別できないため、 独自の技術が必要になります。それが、悪用防止(Exploit Prevention)です。Symantec Endpoint Protection(SEP)の悪用防止は、「メモリ悪用緩和(Memory Exploit Mitigation)」と呼ばれています。シグネチャのかわりに、悪用コードの動作に関する解釈を利用し、ゼロデイ脆弱性を先制して遮断します。これをインストールしておけば、ソフトウェアの欠陥やバグ、脆弱性を悪用する動作や技術にかかわらず、エンドポイントはメモリ悪用から保護されます。

    では、その動作を 2 種類だけ紹介しておきましょう。

    • ヒープスプレー(Heap Spray)。アプリケーションのメモリを特定のパターンで埋める攻撃です。このパターンは、マルウェアによって管理されたメモリに制御を戻すようアプリケーションに仕向けるだけでなく、実行することもできます。シマンテックは、ヒープスプレー攻撃を緩和するために、このようなパターンで指定されるメモリ上の場所を特定し、例外を生成するコードを挿入して、シマンテックのエンドポイント保護製品に制御を取り戻します。

    • Java エクスプロイト(Java exploit)が悪用するのは、ロジック上の欠陥です。インタープリタで、あるコールを別のコールと誤解釈させ、セキュリティマネージャの無効化を狙います。それに成功すれば、通常のユーザーが実行できることを攻撃者も自由に実行できるようになります。この場合、最も確実な対処方法は、セキュリティマネージャを無効化できないようにすることです。

    これでおわかりのように、どの悪用コードも固有の特徴があるため、緩和するには綿密な戦略が必要になります。同じ動作に対処するときでも複数の取り組み方があり、それぞれ効果が異なることに注意してください。

    悪用防止は、ごく限られた用途を想定したものですが、多層型のソリューションにおいて包括的な次世代のエンドポイント保護を導入するうえでは、重要な役割を果たします。

    • 侵入防止システム、マルウェア対策、レピュテーション分析は、ネットワークバケット、シグネチャ、レピュテーションの監視に基づいて大量の攻撃に備えますが、悪用防止はそれらの技術を補完します。

    • アプリケーション制御によってアプリケーションのホワイトリストを識別できたとしても、悪用防止は欠かせません。すでに述べたように、脆弱性が多く存在するのは、ホワイトリストに載っている「正規の」アプリケーションだからです。

    • 他の次世代テクノロジーでは、ディスクにファイルが書き込まれるか、実行されなければ脅威を特定できないため、悪用防止はほかでは不可能な保護を実現します。エンドポイント保護ソリューションには、マシンラーニングと悪用防止の両方を備えましょう。

    • 攻撃の出どころ(マルバタイズメント、USB メモリから感染したファイルなど)にかかわらず保護します。

    いったんデバイスに導入しておけば、悪用防止はユーザーがどこにいてもメモリ攻撃を緩和します。お出かけの前に、万全に備えましょう。

    Symantec Endpoint Protection について詳しくは、こちらをご覧ください。

    【参考訳】


    0 0

    Blog Feature Image: 

    有关机器学习的“吹嘘声”不绝于耳,但不管怎么说,机器学习也成为不了万能神器,更不能解决您的所有安全防护问题。我并不是说机器学习不是识别威胁的重要工具,但老实说其只对攻击链(下图)中的具体点有效,而且没有什么工具能百分百有效。

    4 I 80pc_SC.png

    我见过很多描述攻击链及其不同阶段的各种术语。我认为攻击链代表着恶意软件的生命周期。我见过最有趣的方法是使用医学术语描述攻击链:首先设备接触到病毒或恶意软件(入侵),若未加制止,则设备便会受其感染。病毒或恶意软件在感染设备后便会试图蔓延(传播),有时会尝试与其命令或控制中心通讯,或泄露相关信息。在网络攻击中,最理想的结果就是病毒或恶意软件失效(接种)。您在攻击链中发现威胁越晚,则其破坏力就越大,因此最好尽早发现威胁,但最重要的是您能及时发现这些威胁。恶意软件有时会在一个环境中逗留好几个月,收集信息或扰乱公司业务。

    与其他防护技术截然不同的是,机器学习的一个特点是您必须对其进行教授。机器学习必须经过训练才能懂得如何精确识别恶意软件,并随后进行不断升级以应对源源不断的新恶意软件。因此,高质量教育至关重要,否则机器学习功能将标出一堆不存在的恶意软件,换句话说,您会得到很多误报信息。

    在这种情况下,高质量教育意味着使用大量不断随全球新恶意软件数据一起刷新的数据。说到大量数据,我指的不是只用已知恶意软件对您的机器进行培训,那样的话黑客们会很轻松地躲过这种技术的检测。训练必须使用好坏文件一起执行,并对最新恶意软件和入侵指标(IOC)加以不断更新。优质的机器学习功能使用非常专业的算法和高度训练的分类器,从而学习如何发现最新的恶意软件,但是长期看来,其归根结底还是依赖于数据集的质量。为了能够最准确地发现新恶意软件或未知恶意软件,将机器学习功能发挥出最大价值,您需要不断提供最佳的全球恶意软件数据。

    我们也应清楚机器学习或深度学习有很多种类型,即基于信誉、行为和属性的类型。所有类型均对识别恶意软件起着一定作用,都应纳入您的端点保护解决方案之中。

    然而,正如我在上面所说的一样,没有什么工具能百分百有效。您可能会考虑使用其他备用工具,并在攻击链后期使用 — 说到最后就是为了消除威胁,您可以不惜使用任何手段。这就是您不能仅依赖于机器学习以满足所有防护需要的原因。您必须确保在恶意软件入侵或尝试对外交流时,您的端点保护解决方案能够对其进行识别和消除。

    总而言之,请确保制定最佳的保护方案:

    1. 确保您的解决方案尽可能通过全球资源使用最佳和最多样化的数据集,以对机器学习功能加以训练

    2. 确保通过全球资源持续更新您的解决方案,以发现最新的未知威胁,并使误报次数达到最少

    3. 仅依靠机器学习是不够的,确保使用其它工具以在整个攻击链(见下图)中为您提供保护:入侵防御服务、可靠的签名授权技术、设备和应用控制、内存漏洞利用缓解和定制恶意软件包处理能力

                          Attack Chain 3 I 75pc_SC.png

    机器学习功能是重要工具,但并不是唯一解决方案。

    了解更多有关端点防护的信息,请访问go.symantec.com/sep


    0 0

    Blog Feature Image: 

    所有软件都有漏洞,很多会得以及时处理,但还有一些就连软件开发商都没有及时发现。然而网络罪犯们竭力去发现这些漏洞并对其大肆利用。事实上,漏洞发生率在日益升高,赛门铁克互联网安全威胁报告声称零日漏洞的发生率在2015年增加了125%。

    Zero day exploits 60pc.jpg 
    图片来源:赛门铁克2016年4月份的互联网安全威胁报告

    如果您认为最常见的应用程序漏洞最少,那就错了。常见操作系统、终端用户浏览器和企业应用程序均存在风险,也就是说在您的机构中,所有软件堆栈层都面临风险。在最近一段时间内,安全软件供应商为软件套件中的200或300个漏洞发布了相关补丁程序。我们发现这些漏洞有很多可以远程利用,严重程度也非常高 — 或一个20余年的漏洞就那么众目昭昭地存在于常见操作系统之中。

    从网络攻击者的角度看,他们能够利用浏览器漏洞强行闯入机构系统之中。通过操作系统获取访问权意味着网络攻击者们可以感染一台机器,之后将其作为“水坑”感染其他机器,从而在机构系统中为所欲为。最后,侵入企业应用程序能够使网络攻击者访问关键任务信息、ERP系统和客户数据。

    真正令人生畏的是零日漏洞具有快速自我武装能力。我们从赛门铁克互联网安全威胁报告中得知,隐秘发现漏洞利用工具的时间和其纳入专业漏洞利用工具包的时间仅相隔数个小时。例如,Angler漏洞利用工具包已发起过无数次攻击,其能在不编写磁盘文件的情况下使用多种漏洞利用工具下载并执行恶意软件,从而躲避很多传统防护方法和下一代防护方法(依赖于文件)的检测。在不久之前,这些漏洞利用工具还以局部方式出现,而现如今它们很快就会在全世界范围内进行大规模传播。

    网络罪犯们很清楚,在漏洞利用工具发布后,安全软件供应商有时需要用几周的时间发布补丁。这就说明,用户可能在几个月后才能够升级端点设备。对于网络攻击者来说,这是一个继续利用漏洞、盗取敏感信息和扰乱机构业务的绝佳机会。

    你可能会问自己,处理这些漏洞利用工具的最佳方法是什么。签名技术无法阻拦内存利用工具,而作为端点保护王牌技术的机器学习也无法对其进行识别。因此,我们需要一种独特的技术,即漏洞利用工具预防技术。Symantec Endpoint Protection (SEP)使用的漏洞利用工具预防技术称为内存利用缓解。这种技术很少使用签名功能,而是转而使用漏洞利用工具行为感知功能,以预先阻拦零日漏洞。安装SEP之后,该软件便会保护您的端点设备免受内存利用工具影响,使您无需顾忌利用软件缺陷和漏洞时使用的攻击行为或技术。

    让我们来看看几个不同类型的攻击行为:

    • 例如,Heap Spray(一种攻击技术)利用特定模式填写应用内存。这种模式不仅能使应用程序将控制权返交给由恶意软件控制的内存,而且还能够加以执行。赛门铁克缓解Heap Spray 攻击的方法是先识别这些模式所指的内存位置,之后插入相关代码以生成异常情况并将控制权返交给我们的端点保护产品。

    • 利用逻辑缺陷的Java漏洞利用工具。这种恶意软件可造成解释器误读调用程序,从而有机会禁用安全管理器。在禁用安全管理器之后,网络攻击者便能够在机器上执行用户平时所执行的任何工作。

    您可以看出所有漏洞利用工具都很独特,因此我们需要深思熟虑地制定相关策略,才能够降低风险。请注意,攻击行为可通过不同策略加以解决,且某些策略和其他策略相比更为有效。

    漏洞利用工具预防技术可针对具体问题使用,而且在为分层解决方案提供下一代综合性端点保护功能中起着重要作用。

    • 漏洞利用工具预防技术要强于很多其他技术,如入侵防御系统、反恶意软件和信誉分析技术。上述技术主要依靠对网络数据包、签名和信息的监测,以抵御高容量攻击。

    • 即便您拥有能够识别可信应用程序的应用控制工具,也请务必使用漏洞利用工具预防技术。就像我们在上边说讨论的一样,很多“合法”应用程序均含有漏洞。

    • 其他下一代技术依靠编写硬盘文件或执行程序以识别威胁,漏洞利用工具预防技术能够提供这些技术无法提供的防护功能。请您始终确保在端点防护解决方案中使用机器学习和漏洞利用工具预防技术。

    • 无论怎样发起攻击(如恶意宣传或从USB闪存盘下载受感染文件等),这种技术总会为您提供相关保护。

    您的设备一旦拥有漏洞利用工具预防功能,便能够随时随地缓解内存攻击所带来的风险,因此它是一种必备技术。

    点击此处,获取更多有关Symantec Endpoint Protection软件的相关信息。


    0 0

    How Symantec is “Defining the Future of Cyber Security” today
    Blog Feature Image: 
    Twitter カードのスタイル: 
    summary

    “With Blue Coat and Symantec combined, our customer is getting two amazing sets of threat telemetry and innovation,” Symantec CEO Greg Clark said during his opening keynote at Spotlight LA. “What we’re doing today is helping to move the needle forward.”

    CEOGregClarkSpotlightLA.png

    The recent Symantec Spotlight event in Los Angeles reinforced the company’s commitment to defining the future of cyber security for customers, partners, and the industry. Symantec Spotlight provides a unique opportunity to hear insights directly from Symantec leadership and other industry luminaries.

    CIOSheilaJordanSpotlightLA.png

    Symantec SVP and CIO Sheila Jordan opened Spotlight LA and welcomed the audience for a day filled with thought-provoking keynotes, interactive breakout sessions, and hands-on experience alongside industry leaders. After a short, high-energy welcome, Jordan introduced CEO Greg Clark to the stage for his keynote presentation.

    Blue Coat and Symantec = The Power of Combined Intelligence and Innovation

    Data is everywhere today with users coming from different access points. Data encryption is key. However, cyber criminals are now deploying malware to hide in encryption. What’s happening now is that malware is multi-staged, explained Clark, which overall makes it harder to detect.

    “Long term,” warned Clark, “this is going to get worse. Your security vendor needs to be good at a few things. However, not all vendors are good at everything. To fight this malware you need to fight all these different pieces.”

    With all the advanced cyber threats, Clark explained why organizations need a security partner that has a good investment in the cyber security landscape. “In the ten weeks since we put Blue Coat and Symantec together, the results have brought 300,000 new detections everyday,” shared Clark.

    Clark, who has a deep engineering background, admits to often reading source code to get a better understanding. “At Symantec, we care about tradecraft; we want to see source codes and want to see what’s being developed and how it’s being used,” said Clark. 

    Five Converging Trends

    Symantec SVP and CIO Sheila Jordan returned to the stage and summarized the key trends driving the explosion of information. “Everything has changed massively in the last five years,” explained Jordan at the start of her keynote. “CIOs must protect their companies’ most important asset—data.”

    Jordan shared her insights on the five trends that are converging: mobility, cloud applications, data, identities, and the Internet of Things.

    “What’s the common thread? It’s the data that’s moving between all these trends,” noted Jordan, who explained how Symantec sits in the center and protects this data in transit.

    Jordan explained how organizations can secure their data architecture, and shared best practice on how organizations can protect data wherever it lives.  

    Securing the Rio 2016 Olympic Games

    Jordan introduced a panel that included Rio 2016 Technology Director Elly Resende and Symantec Vice President and Chief Technology Officer Peter Hancock who discussed Symantec’s role as the official Rio Olympics security partner.     

    “What does it mean to really protect the Olympics?” Jordan asked her panelists.

    Rio Olympics Technology Director Resende explained it was a daunting task to digitally secure the 2016 Olympics with over 15,000 athletes (and their medical records); 8 million ticket holders and the logistical challenges that come with such huge attendance numbers; and a staff of 7,000 people just working with technology. “The scope was huge and we had to plan very well,” said Resende.

    Symantec’s Peter Hancock explained how Symantec worked with the Rio Olympics technology teams to push all the procedures to the limit. Technical rehearsals were conducted with the creation of problem scenarios and preparation tests to see how strong the defenses were.

    And the results?

    “We had zero incidents hit the 2016 Rio Olympics,” said Hancock. “We were the first cyber security defense organization for the Olympics, which is also a historic achievement.”

    Futurist Marc Goodman

    The final keynote session was presented by author and futurist Marc Goodman, who talked about a massive paradigm shift and the digitalization of crime. He explained that as technology advances, so do criminals. “With Moore’s Law, comes more outlaws,” explained Goodman. He also talked about how criminals are coordinating on a vast scale, and explained how cyber crime is now a service—like software as a service (SaaS).

    On future horizons, Goodman commented how cyber crime is becoming three-dimensional, as connected devices through the expansion of IoT are now offering ways for criminals to hack these devices. Connected cars, medical devices, manufacturing equipment, and connected appliances are all becoming targets for cyber criminals.

    “The Internet of Things is what I like to refer to as the ‘Internet of Things…to be hacked,'” warned Goodman.

    Symantec’s Commitment to Defining the Future of Cyber Security

    Overall, the opening keynote presentations and panels at Spotlight LA helped set the tone for the day’s compelling content, which featured interactive breakout sessions hosted by Symantec executives and experts. It was a privilege to be a part of Symantec Spotlight LA and hear directly from Symantec leadership how we are, in fact, leading the industry and working with our customers and partners to shape cyber security for future generations.


    0 0

    Symantec releases a newer version of Symantec™ Advanced Threat Protection (ATP), which includes a brand new module- ATP: Roaming, and other significant features

    Overview

    Today’s advanced attacks hide themselves on legitimate websites, leverage new and unknown vulnerabilities to enter targeted organizations via HTTP or HTTPS encrypted traffic. These attacks are designed to evade typical network-based security approaches, allowing them to infiltrate the victim’s infrastructure where they can then compromise critical systems and data.

    A recent study showed that 86% of websites contain at least one serious vulnerability1. Today, preventing threats is simply not enough. Attackers are moving faster. At some point, they will find their way through. While organizations are seeking for ways to secure their endpoint and network, roaming users could be another issue. 70% of organizations support BYOD2, implying a great chance that advanced threats can infiltrate into endpoints while end users are browsing the internet outside of corporate network. When an advanced threat slips through, you need a comprehensive security solution that can quickly contain and remediate the breach. Symantec Advanced Threat Protection is the only solution that would allow you to uncover, prioritize, investigate, and remediate advanced threats across endpoint, network, email, and web traffic, all through a single management console.

     

    Key new features in the latest release

    • Advanced Threat Protection: Roaming- A brand new ATP module that protects roaming users against advanced threats and provides full visibility into your web traffic, including HTTP and HTTPS encrypted traffic. It protects users wherever they are browsing the internet, even when they are outside of the corporate network. Malicious events detected from ATP Roaming will be correlated with those detected from other ATP control points (endpoint, network, and email), allowing customers to prioritize and focus on what matters the most.

    • Public APIs and Integration with ServiceNow and Splunk- Customers often have existing security products for incident response and security monitoring. In this release, we include public APIs, so that customers can leverage the products they have already invested in to conduct investigations. Symantec Advanced Threat Protection is also now integrated with Splunk and ServiceNow, the two popular SIEM and workflow products, to facilitate out-of-the-box use of our APIs.

    • Dynamic Adversary Intelligence- A high-value feed of actionable intelligence data extracted from comprehensive investigations into targeted attacks. It automatically searches for known IOC, quickly identifying whether your organization is under a targeted attack, so that you can respond to targeted attacks more appropriately. (Learn More)
       

    For more information, visit: http://atp.symantec.com

    Resource:

    Symantec ATP Platform Datasheet

    Symantec Endpoint Detection and Response (ATP Endpoint) Datasheet

    Symantec ATP Network Datasheet

    Symantec ATP Roaming Datasheet

    Symantec ATP Email Datasheet

    Source:

    SC magazine, 2015

    Bitglass BYOD Trends Report, 2016              


    0 0

    Q&A session with Torjus Gylstorff
    Blog Feature Image: 
    Twitter カードのスタイル: 
    summary

    Torjus_Gylstorff_1.png
    Torjus Gylstorff
    Global Partner Sales Leader

    Torjus Gylstorff, recently named Symantec’s new Global Partner Sales leader, sat down with us to answer a few questions:

    QUESTION:
    Torjus, when you were asked to lead Symantec’s Global Partner Sales organization, what was your response—your very first reaction?

    ANSWER:
    My very first reaction was “Yes! Absolutely!” The combined Symantec and Blue Coat partner community is an incredibly strong force in the Cyber Security market. We have such a big opportunity in front of us, and building and maintaining the right partnerships is a key element in making customers successful.

    QUESTION:
    For someone who does not speak Danish, how do you say your first name?

    ANSWER:
    In English, the “j” sounds like an “i” so phonetically it sounds like TORE – EE – US.

    QUESTION:
    Your first 100 days. What do you hope to accomplish?

    ANSWER:
    The market we are in is moving at full speed, so we will continue to execute our day-to-day business as such. I will, however, spend a good portion of my first 100 days listening to our partners, understanding the expectations, the wishes, and where we can improve the experience of partnering with Symantec. We have a unique opportunity to get Symantec’s partner experience and ecosystem right. I will be traveling a lot in my first 100 days to meet partners personally so I can learn what we need to do. I was just in Tokyo at our Partner Engage event and met our partners from the APJ region. I am headed to London at the end of the month to attend our EMEA Partner Engage event. The conversations with partners have so far confirmed the opportunity we have together and the strength of our partner community. And yes – there are areas of required improvement, for which the work will begin immediately.

    QUESTION:
    Are you expecting all partners to be selling the entire Symantec portfolio?

    ANSWER:
    No, it’s not realistic and we’re not going to ask a partner who specializes in a particular market segment, like SMB, to suddenly sell into Enterprise, or vice versa. Nor will we ask a partner who is an expert in a particular technology or a particular vertical market area to suddenly change. In our market, customers want experts to help them. This expert knowledge can be understanding a particular technology or understanding the requirements of a specific market, etc. Both examples are equally valuable to the partnership.

    As we look at our partner community, we are going to support partners focusing on their expertise, whether that’s a technical expertise, expertise in reaching a specific customer segment, or expertise in a particular vertical market. The key to success will be in the value delivered to the end customers.

    QUESTION:
    You live in San Francisco and you are a father in a combined family of four daughters. In addition you lead the largest global partner sales division, in terms of revenue and number of partners, for the largest security company in the world. How do you prevent yourself from going crazy?

    ANSWER:
    Well, it might sound like being a father in a family with four daughters could be challenging - and it is - but my family actually keeps me sane, and helps me put things in perspective. And as an additional benefit, dealing with teenagers keeps my negotiation skills sharp.

    Like most people, I do have a safety valve. We are fortunate to live in San Francisco, with easy access to beautiful scenery. Taking my Harley Davidson for a cruise on Highway 1 with all the fantastic views of the California coastline and the Pacific Ocean is a great way to clear the mind and recharge.

    QUESTION:
    In your view – which are the top three elements in successful partnerships?

    ANSWER:
    First and foremost all good partnerships are based on commitment. This commitment is the foundation for everything else we do in the partnership – that being day-to-day execution or strategic planning. Secondly, building skills. Symantec is investing heavily in developing market leading Cyber Security solutions, when these products are matched with excellent skills, technical or go-to-market, we have a winning combination. Thirdly, we must always stay focused on customer satisfaction and customer success. All parts of our value chain should be justified by additional value or benefits to the end customer.

    QUESTION:
    Any final thoughts for the partner community?

    ANSWER:
    Only one: I am eager to learn and to ensure that we constantly seek to improve the way we do business. I want to hear from partners and get their feedback on how to develop this community so it thrives and grows. We are doing that in forums when we meet partners around the globe, and I appreciate if we can keep the dialogue going so we capture the best ideas and transform them into business.


    0 0

    This month the vendor is releasing 14 bulletins, six of which are rated Critical.

    続きを読む

    0 0

    今月は、14 個のセキュリティ情報がリリースされており、そのうち 6 件が「緊急」レベルです。

    続きを読む

    0 0

    微软在十一月份的星期二补丁日共发布了14个漏洞公告,其中有6个漏洞评为严重级别。

    続きを読む

    0 0

    Business email compromise scammers have gradually changed their tactics to improve their scam success rate.

    続きを読む

    0 0

    Blog Feature Image: 
    Twitter カードのスタイル: 
    summary

    Blog Header Image_2_2_0_0.jpg

    Nine years ago -- back when clouds stored rain and nothing more -- we unveiled a revolutionary two-factor authentication process for computers and mobile devices called Symantec Validation ID Protection (Symantec VIP for short.) Tried, tested, and true, it was the first password protection built with cloud-based infrastructure and it soon became the gold standard in defending the fight against network attacks and password breaches. Today we reintroduce the VIP Access app. This new version offers an updated workflow with a beautiful new user interface and QR Codes. Essentially, it now doubles down on the two core fundamentals that made the original so reliable: easy-as-pie simplicity and tough-as-nails security. 

    output_xqhc3s.gif

    VIP Access Push: The New Simplicity of VIP

    To ensure smooth sailing from the get go, we have made the authentication set-up process as effortless as possible. With our new Push technology, you only need to go through the procedure once. Type your name, enter your password, and hit “accept.” Push will then send a notification to your mobile device that you can use in place of a security code, which you can use to securely access any of your online accounts that are powered by VIP with just a click. Ultimately, this one-tap system is a tremendous time-saver, doing away with all the hours wasted fumbling with six-digit verification codes. Even better, if your device is Touch ID enabled and your organization supports it, you can approve the notification with your thumbprint. Doesn’t get much easier or more well-protected than that. 

    output_9TJj2D.gif

    QR Codes: The New Security of VIP

    Beefing up the security on your favorite websites is a snap as well. Using the camera on your smartphone, position a QR Code (you know, one of those matrix barcode thingies) in the center of your screen and make sure that it is in focus. Once the code is validated, your device will display the QR Code image and indicate the process was successful by beeping or vibrating.  Now you can visit your favorite websites and simply paste in the freshly generated verification codes. This process provides a sky-high level of anti-tampering, with keys protected and stored in a much more secretive manner than any methods provided by Microsoft Authenticator or Google Authenticator.  In fact, our two-factor authentication process is so powerful that it has been adopted by hundreds of major websites, including eBay, PayPal and E*TRADE.  And we’re only just getting started.

    output_Phm3Hj.gif

    The next generation of universal security is currently on iPhone and will be available on Android soon.  We hope you enjoy VIP access, the future of password authentication!

    Download VIP for free

    Download from iTunes

    Visit our website

    http://symantec.com/vip

    To speak with a Product Specialist in the U.S.

    Call toll-free 1(800) 745 6054


older | 1 | .... | 211 | 212 | (Page 213) | 214 | 215 | .... | 254 | newer