Blog Feature Image: 

blog graphic Forrester CSG wave.jpeg

We are celebrating over here at Symantec. Forrester just named us a Leader in their first Wave for Cloud Security Gateways (CSG)*.

It’s been a journey and we’ve worked hard to create an innovative, data science-based solution to help today’s enterprises safely navigate cloud adoption. We believe our Cloud Access Security Broker (CASB) in addition to our Encryption, Secure Web Gateway, Data Loss Prevention, and User Authentication technologies offers organizations a unique level of security, enabling them to better identify and control shadow IT and safely use cloud applications for their core business activities.

To complete the Wave report Forrester performed a very thorough analysis of our CloudSOC and CDP solution along with other CSG solutions from the most significant vendors. After extensive research and evaluation Forrester gave the Symantec solution the highest possible score across categories including:

• sanctioned and unsanctioned application (shadow IT) detection
• user activity monitoring, profiling, and threat protection, and
• future development and market plans for CSG and technology.

This is excellent news for Symantec but this is just the beginning for our cloud security solution. The analysis done for this report was based on the capabilities of our solution as of June 2016. Since then, we’ve added significant new capabilities to CloudSOC by integrating with Symantec DLP (#1 DLP in the industry) and Symantec Endpoint Manager, and we have many more integrations planned.

Would you like to read a copy of The Forrester Wave™: Cloud Security Gateways, Q4 2016

report where Forrester evaluates the most significant cloud security gateway (CSG) providers in the industry along with an overview of the current market for CSG? You can get it here.

Thanks Everyone! We couldn’t be happier.

Forrester evaluated Blue Coat in the CSG evaluation, which was acquired by Symantec.

Today, millennials make up the largest generation in the American workforce at more than 30%[1] and a total of 53.5 million people. Various sources estimate that by 2025 millennials may represent 75% of the global workforce.

The majority of millennials have grown up in a different environment than their older counterparts and many studies cite the growing differences in the way millennials view their lives, their professional careers, how they rely on and leverage technology to collaborate and network with family, friends and colleagues.

Despite these differences, recent research such as IBM’s Institute for Business Value “Myths, Exaggerations and Uncomfortable Truths: The Real Story Behind Millennials in the Workplace” and Gallup’s study How Millennials Want to Work and Live, show that when it comes to work in fact millennials have similar career goals and desires as their older colleagues. For example, they want to work for a company with similar values as themselves, they work hard to make a positive impact on their company, they want to help solve environmental and societal problems (88% of millennials feel their job is more fulfilling when they have opportunities to make a positive impact on social and environmental issues[2]), they thrive in teams of diverse backgrounds, and ultimately they want to do work they are passionate about.

A recent study by Gallup, How Millennials Want to Work and Live, states that only 29% of millennial employees are engaged at work. Young professionals are the future of every company, every industry, and they add to the diversity of perspectives and skills companies need.

So how can companies help them learn from experienced leaders, advance, challenge themselves, and channel their personal passions to set the stage for what will hopefully be successful and fulfilling careers?

Symantec’s New and Aspiring Professionals (SNAP) employee resource group is one way we do this. SNAP is one of five ERGs across the company that plays a key role in helping Symantec recruit and retain a diverse workforce, foster innovation, support the growth of Symantec’s business, as well as serving as ambassadors to the broader community through volunteering and advocacy.

SNAP focuses on four different pillars of involvement:

• Workforce – Opportunities to partner with our University Relations team to assist in talent acquisition, improving retention, and strengthening advancement of diverse talent.
• Workplace – Internal networking and employee engagement activities, opportunities to learn from company leaders and seek mentorship.
• Community Service – Opportunities for philanthropic outreach and community volunteering.
• Marketing – Opportunities to be involved in branding and culture changes.

“Symantec’s New and Aspiring Professionals group brings together the future leaders of our company. As their Global Executive Sponsor, I am inspired by their energy, passion and desire to learn and grow within our organization as well as build their foundation for longstanding and impactful careers.”

 – Amy Cappellanti-Wolf, Symantec SVP and Chief HR Officer & Global Executive Sponsor, SNAP

While SNAP is fairly new, the group is planning specific events throughout the year aligned to the key focus areas above, as well as increasing participation across Symantec. For example, in early December SNAP is presenting a panel “Advancing Your Career as a Millennial” event, where young professionals at Symantec’s corporate headquarters can meet and learn from diverse leaders across the company.

Spencer Liang, VP Norton Engineering, Elise Shelley, Senior Manager, IT, and Bill McCullough, Director, Human Resources will share how they have all successfully developed their careers at Symantec, and will provide details on their experiences in technical and nontechnical departments.

The event will also include speed networking allowing attendees to personally interact with and ask questions of the guest speakers.

SNAP Leadership Team and CHRO Amy Capellanti-Wolf launch Symantec’s first ERG dedicated to young professional talent.

Symantec New and Aspiring Professionals (SNAP) ERG work together to advance young professionals at the company and together are ambassadors in the community.

SNAP leaders share first-hand all they’ve gained from their experience so far:

“SNAP has given me the opportunity to get out of my comfort zone and be a leader. I am making an impact by creating an opportunity for voices to be heard and highlighting talent that isn’t always visible at Symantec!” - Natasha Marston, Co-Chair

“SNAP not only reflects Symantec’s commitment and investment in its young professionals, but allows us to take charge of our own professional development and growth. It’s been fantastic meeting other young professionals from all over the company, and I am excited to build a strong foundation for SNAP to be one of the most active, long-standing ERGs on campus!” - Anna Xie, Co-Chair

“SNAP gives me a way to network outside of my immediate department with like-minded young professionals.” - Nina Singhal, Community Lead

Whether it’s a specific project, cause, or professional goal, SNAP’s mission is to simply provide a platform where new professionals can come to achieve personal and professional aspirations. We hope SNAP will become one of the many reasons why young professionals want to work at Symantec and a vehicle for new and existing employees to realize the value of connecting with fellow employees.

Young professionals and managers at Symantec gather to celebrate the launch of Symantec’s SNAP employee resource group.

Anna Xie & Natasha Marston are Co-Chairs of Symantec's New and Aspiring Professionals (SNAP) Employee Resource Group.

From increasing the diversity of our workforce and industry to reducing our environmental impacts to empowering our communities through philanthropic investments and volunteering, corporate responsibility (CR) touches every aspect of Symantec’s business. We’ve defined our strategy and are continually working towards our goals to operate as a responsible global citizen.

In addition to our dedicated global corporate responsibility team, every day Symantec employees across countries and business units collaborate to deliver on our mission of protecting our customers, our communities and our planet.

We are happy to feature a quarterly series – Inspired, United, Ignited: Symantec’s Corporate Responsibility Champions- that profiles stand out examples of our how our employees directly contribute to the implementation of our CR strategy. Some are leaders in our CR team, members of our Green Teams or champions for our employee resource groups, others are innovating to address needs in their function or region. All are inspiring others, uniting communities and igniting change to make Symantec a leading corporate citizen and to make our world a safer place.

Today we highlight Elaine Curley, Senior Environmental Compliance Specialist at Symantec. 

1. Please describe how your role supports Symantec's Corporate Responsibility initiatives and strategy – both globally and within your region?

Corporate responsibility and positive societal impact are central elements of Symantec’s business strategy, and as part of the Environmental Compliance Team my job is to ensure that as a company we are embedding environmental and sustainability considerations into all our operations. This includes our products, our Supply Chain, our philanthropic initiatives and engagement with our employees.

On a global level, compliance with relevant environmental legislation is the first step: we are committed to producing products and services that meet and exceed international standards. We continuously monitor changes in legislation that might incur environmental impacts in the regions in which we do business.

Beyond this, we are members of the EICC (the Electronics’ Industry Citizenship Coalition); a non-profit coalition of electronics companies committed to supporting the rights and wellbeing of workers and communities worldwide affected by the global electronics supply chain. By helping to manage this programme for Symantec, the aim is that our first tier suppliers are also working towards the EICC Vision: A global electronics industry that creates sustainable value for workers, the environment and business.

My main task when fulfilling our membership obligations is to manage our suppliers, to ensure they are upholding acceptable standards regarding ethics, environmental, health and safety, and labour policies and procedures – in line with the EICC Code of Conduct. This is mainly done through the EICC’s online platform; here we send our suppliers EICC assessments, and then analyse the results we receive from each supplier. Follow up action is taken if supplier results are not satisfactory, and those with acceptable results are always encouraged to aim for continual improvement year on year.

Through our EICC membership, we also participate in the Conflict-Free Sourcing Initiative (CFSI), one of the most utilized and respected resources for companies addressing conflict minerals issues in their supply chains; currently we are working toward our 2017 goal that our products be conflict mineral free. This process involves identifying and assessing risks in our supply chain, which is done through completion of the EICC Conflict Minerals Reporting Questionnaire. Suppliers are sent this questionnaire on an annual basis – we then take the supplier responses and assess them against a Due Diligence Decision Tree. We then rank Suppliers for risk, ranging from low to high, based upon issues raised in suppliers' survey responses. The final step in this process is reporting our results and findings to the rest of the company, the EICC and CFSI, and the general public.

More recently I have become involved in Human Rights and Human Trafficking issues – this is a new area for me and is there is a great deal to learn about it. Symantec’s Corporate Responsibility strategy states that respect for and upholding human rights is of the utmost importance, and therefore we engage with our suppliers and stakeholders to ensure that our policies and practices are continuously improved upon in this area.

On a local level, in Dublin we have a group of employees who form the Dublin Corporate Responsibility team – part of being a member of this team entails helping to organise ad hoc volunteering events for employees, arranging CR related events, promotion of volunteering initiatives on site, as well as going out and volunteering myself. The most recent CR initiative we had was ‘Global Service Week’ in October – were all employees were encouraged to volunteer as much time as possible over the course of one week.

Additionally, leading the Dublin Green Team, I try to organise several events a year with an environmental organisation; a recent example of this was the group of employees who volunteered with a local children’s nature charity to build their summer camp.

1. How did you move into this role? Was it due to a personal passion/interest, development opportunity, project opportunity?

Having studied Environmental Law and Sustainable Development at University, I had always wanted to pursue a career within the environmental field. After working for a year in a graduate position in Queen’s University Belfast, I wanted to try something slightly different from the work I had previously undertaken when the role with Symantec came up. It seemed quite unique and so I was happy to accept the offer and move to Dublin in November 2014 to join the company.

1. What advice would you give to encourage employees to become involved in corporate responsibility at their company? Especially those that may not feel their knowledge/skills are relevant, or understand how corporate responsibility relates to what they do?

A lot of employees may not realise the great variety of volunteering initiatives they can get involved in – from helping to deliver Online Safety training to schools, to beach clean ups, to lending a hand in a local hospice – there is a volunteering opportunity out there for everyone.

You don’t need to be highly skilled or have a great deal of technical knowledge in order to give local charities a helping hand – you just need to make the time and effort to do it when you decide what kind of activity you would like to engage in. It’s also a great way to socialise with your fellow employees outside the office, whilst knowing you’re doing something good for society.

Many people hesitate to volunteer as they don’t feel they can ask their manager for time off work. However, many companies offer time off to volunteer, such as our Symantec Service Time program that allows employees worldwide to take up to five work days each calendar year.

A little time goes a long way so it can’t hurt to ask!  

Blog Feature Image: 

Facebook Image Post_V1A(1).jpg

Zero-day vulnerabilities inhabit a special, scary place in the cyber threat landscape. That’s due in part to human fear of the unknown, but also because they flip the timeline of threat mitigation. For security leaders and software companies, the clock is ticking…

Symantec’s annual security report shows the zero-day threat is growing, as the number of discovered vulnerabilities more than doubled in 2015 over the previous year, with a new one uncovered every week (on average). Attackers are drawn to popular applications used on a daily basis by millions of people around the world. Malicious code on rogue web sites can exploit vulnerabilities in popular Web browsers such as Internet Explorer, and phishing scams tucked away in seemingly friendly emails or embedded in Adobe Flash videos can wreak havoc in an enterprise within minutes.

It gets worse: Once discovered, these vulnerabilities are quickly promulgated within the hacker community and added to exploit toolkits. 2015 witnessed a discouraging uptick in use of the Angler Exploit Kit, a drive-by download that has spread ransomware, malvertising and even hacktivism. Zero-day exploits have also become quite lucrative, so much so that Symantec now characterizes the criminal hunt for zero days as professionalized.

Preemptive Protection: Stopping Vulnerabilities Without Signatures

Businesses today need more powerful, multi-layered endpoint protection that extends well beyond traditional signature-based antivirus. They need cutting-edge technology capable of securing all possible attack vectors.

Symantec Endpoint Protection 14 is answering that clarion call with the broadest suite of endpoint protection techniques – some traditional, some new and some improved. One of the newest features is Memory Exploit Mitigation, which we use to preemptively block exploit techniques regardless of whether they are known or unknown, foiling attackers’ attempts to take advantage of zero-day vulnerabilities.

At the core, Memory Exploit Mitigation is designed to detect and mitigate against generic exploit attacks – without signatures. It works at the shellcode execution level to counter different exploitation techniques. It also hardens the targeted software applications, making it difficult for hackers to write exploits.

Memory Exploit Mitigation includes multiple mitigation techniques “out of the box” that don’t need prior knowledge of an exploit to block it. It watches for a broad range of exploit behaviors and leverages Symantec’s deep intelligence from millions of endpoints, billions of files and trillions of relationships. Most importantly, you don’t need an additional endpoint agent to take advantage of new techniques.

In its initial release, Memory Exploit Mitigation includes three popular exploit mitigation techniques:

• Java exploit protection: Java exploits allow hackers to infiltrate Java code for the purposes of surveillance, data theft, or backdoor access to larger computer systems. Symantec’s Memory Exploit Mitigation completely blocks Java Applets that try to disable Java’s Security Manager.
• Heap spray mitigation: A heap spray attack occurs when the attacker tries to place its attack code onto a predetermined memory location. Attackers may have full control of the application once the injection is completed. Memory Exploit Mitigation reserves the commonly used memory locations to prevent an attacker from using them and disables access to locations in the memory.
• Structured exception handling overwrite protection (SEHOP): Exception handling exploits compromise an application by overwriting the pointer of an exception handler with an attacker-controlled address. Memory Exploit Mitigation provides built-in SEHOP protection, beyond the limited degree of protection in Windows operating systems (which often have the protection disabled by default).

All the techniques have been tested and proven already on more than 40 million endpoints via Symantec’s Norton line of products. This field testing has allowed us to tune the techniques for very low false positives and certify against relevant programs before bringing them to enterprise customers. We are currently working on additional techniques that will be introduced in 2017 – stay tuned for more.

Unlike competitors, our Memory Exploit Mitigation works within a single agent alongside other protections, and provides centralized policy management and reporting. It can also run without a network connection – protecting disconnected or occasionally connected endpoints – and provide reporting on failed exploit attempts in addition to blocked exploits.

How effective is it? Based on internal tests, Memory Exploit Mitigation alone was able to block more than 60 percent of the zero-day exploit attacks from the last five years, with no reliance on prior knowledge of the attacks. Additional attacks were neutralized by the other capabilities built into Symantec Endpoint Protection, providing a highly effective combined defense against unknown threats.

The threat landscape is always changing, and customers are demanding more from their endpoint products. We hear all the time from customers that they “want additional controls, not an additional agent.” With Symantec Endpoint Protection 14, we’re delivering just that – a variety of new and established techniques for prevention, detection and response from a single agent. As Forrester wrote it in its recent Wave report on endpoint security suites:“Almost every possible attack surface is covered when buyers utilize the full extent of this portfolio.”

________________________________________________________________________________________________________________________

Check out our webinar on next-generation endpoint protection with Adrian Sanabria from 451 Research, and watch this space for weekly blog posts that drill deeper into key capabilities with insights from Symantec and third-par

Blog Feature Image: 

click.jpg

As folks in the U.S. prepare for their upcoming Thanksgiving dinner, enterprises should brace for the beginning of the frantic holiday shopping season.  

The scales finally tipped during the 2015 Thanksgiving holiday weekend in the U.S., as the number of consumers shopping online exceeded those shopping in stores, according to the Symantec 2016 Internet Security Threat Report, Vol. 21 (ISTR). With this year's Cyber Monday around the corner (November 28), security teams need to make sure that their websites are patched and protected. The ISTR Vol. 21 report found that more than 75 percent of all legitimate websites have unpatched vulnerabilities. In addition, 15 percent of legitimate websites have vulnerabilities deemed critical, which means it takes trivial effort for cyber criminals to gain access and manipulate these sites for their own purposes. In short, websites remain a key element in major attacks: they're a way into the network, into sensitive data, and to your customers and partners.

But what if your organization doesn’t sell goods online? Should you be concerned about Cyber Monday? The answer is a resounding, “Yes!” Here’s why. Employees could potentially be shopping online during work whether on company-owned computers or BYOD devices, such as smartphones and tablets. How do you plan to protect your organization (and employees) from cyber criminals this holiday shopping season?

Here are a few security best practices to keep your organization safe.

Best Practice Guidelines for Businesses

• Ensure all devices allowed on company networks have adequate security protections.
  Use active monitoring and configuration management to maintain an up-to-date inventory of devices connected to the enterprise network. This includes servers, workstations, laptops, and remote devices.
• Implement a removable media policy.
  Where practical, restrict unauthorized devices such as external portable hard-drives and other removable media. Such devices can both introduce malware and facilitate intellectual property breaches, whether intentional or unintentional.
• Be aggressive in your updating and patching.
  Update, patch, and migrate from outdated and insecure browsers, applications, and browser plug-ins. This also applies to operating systems—not just across computers—but mobile, ICS, and IoT devices, as well.
• Enforce an effective password policy.
  Encourage users to avoid reusing the same passwords on multiple websites, and sharing of passwords with others should be forbidden. Passwords should be changed regularly—at least every 90 days.
• Ensure regular backups are available.
  Create and maintain regular backups of critical systems, as well as endpoints. In the event of a security or data emergency, backups should be easily accessible to minimize downtime of services and employee productivity.
• Restrict email attachments.
  Configure mail servers to block or remove email that contains file attachments that are commonly used to spread viruses, such as .VBS, .BAT, .EXE, .PIF, and .SCR files. Enterprises should investigate policies for PDFs that are allowed to be included as email attachments.
• Ensure that you have infection and incident response procedures in place.
  • Keep your security vendor contact information handy, know who you will call, and what steps you will take if you have one or more infected systems.
  • Ensure that a backup-and-restore solution is in place to restore lost or compromised data in the event of a successful attack or catastrophic data loss.
  • If network services are exploited by malicious code or some other threat, disable or block access to those services until a patch is applied.

It’s wise to remind your employees of cyber security best practices. As more consumers shop online, the threat of cyber criminals increases. However, with some common sense and cyber awareness, you can help protect your organization, employees, and yourself.

Best Practices for Consumers

Employees, end users, and consumers—that can be any or all of us—are most likely going to be browsing and shopping online this holiday season. Here are a few cyber security online best practices to consider.

• Have online security protection.
  Make sure to install online security protection on your computer, laptops, and mobile devices. Symantec offers consumers the latest Norton solutions for both computers and mobile devices.
• Update your browser, endpoints and software.
  Use the latest version of your internet browser to shop online and ensure that all of your software, including antivirus software, is up-to-date.
• Look for external signs of trust.
  Only purchase goods through reliable online retailers, and be sure to check if the website you’re shopping on is secure.
• Monitor bank statements.
  Monitor your bank or credit card activity over the holiday season for suspicious purchases or unauthorized money transfers.
• Update passwords.
  Make sure you’re using strong passwords and practice basic cyber security awareness.

Stay Cyber Aware and Safe 

Overall, consumers and retailers should follow this advice to stay safe this Cyber Monday, and IT teams and web administrators should ensure that any potential infrastructure vulnerabilities are patched before Cyber Monday to prevent attackers from taking advantage of these flaws. Security teams should also monitor network traffic for any suspicious activity. Online shopping doesn't end this holiday shopping season, so remember to constantly educate your whole organization on cyber security best practices to keep your organization, employees, and yourself safe. And that's something you can be thankful of—all year round. 

One of the most frequent forms of data transfer covered under EU privacy law is the transfer of data from Europe to the United States. Often this takes the form of using cloud-computing resources or outsourcing of information technology services. Since the ECJ decision on Safe Harbor in October 2015, the question of legitimate cross-border data transfers has been a key theme among privacy and information technology practitioners.

Between October 2015 and the summer of 2016, there have been a number of developments on privacy law that affect data transfers. Four key developments affecting technology practitioners are explored below.

What Has Changed?

The introduction of the General Data Protection Regulation (GDPR) builds on the existing legal framework of Directive 95/46/EC. In that sense, the data transfer landscape does not fundamentally change with the advent of GDPR. The most frequently used transfer mechanisms foreseen by 95/46/EC are an adequacy finding, the unambiguous consent of the data subject, the standard model clauses approved by the European Commission, and binding corporate rules. The GDPR maintains these four and creates additional mechanisms, including the privacy codes of conduct, the privacy certification mechanisms, and standard contractual clauses adopted by a data protection authority and approved by the European Commission.

How Does the Safe Harbor Ruling Impact Data Transfers and the GDPR?

The Safe Harbor decision was an “adequacy finding” from the European Commission on which industry relied for years to conduct data transfers. The invalidation of Safe Harbor means that data transfers are still legally possible, but for them to be valid, they should use one of the other mechanisms foreseen in 95/46/EC. Practically, this means that the standard model clauses and the binding corporate rules become the most frequently used transfer vehicles. Even if the GDPR were in force today, the situation would not have been very different. More transfer mechanisms would have been available, but not the adequacy finding that Safe Harbor provided.

The Expected Outcome of the EU-US Privacy Shield

Adopted to replace the now invalid Safe Harbor, the Privacy Shield is essentially a framework of rules that renders transfers safe as long as companies commit to abide by those rules. It is a framework that provides what is considered an adequate level of protection, and as such, receives an “adequacy finding” that is one valid legal basis for data transfers both in 95/46/EC and the GDPR. One should note that the Privacy Shield is a more onerous framework than the invalid Safe Harbor and is subject to more frequent reviews and certification requirements. Its protections from activities of public authorities extend to other transfer mechanisms, such as the model clauses. Already a number of companies have adopted the Privacy Shield as their preferred transfer mechanism.

On-Going Litigation Concerning Privacy Shield and Other Transfer Instruments

At this point, there is an on-going case before the courts of Ireland that may end up in the European Court of Justice. The timelines are unclear, as is the outcome of the judgment and its impact on Privacy Shield or in any other transfer instrument. The negotiators of the EU-US Privacy Shield have developed it with the expectation that it may be challenged in court but have expressed confidence in the legality of the agreement. Until a judgment is issued, Privacy Shield and the other existing transfer mechanisms continue to be a valid way to transfer data.

A degree of ambiguity is to be expected as the evolution of privacy legislation continues once the GDPR comes to force. A key aspect of the GDPR is risk management. In that sense, data transfers are not very different. It is becoming impossible to prevent data transfers in the current globalized economy. Therefore, the focus of information technology professionals needs to be around understanding the legal requirements and managing the technological and commercial risk appropriately.

For more information on the EU GDPR and Data Privacy click here.

Blog Feature Image: 

DLP[1000].png

シマンテックはこのたび、真の DLP と、完全なクラウドアクセスセキュリティブローカー（CASB）機能を備えた、業界初の統合型クラウドセキュリティソリューションを開発しました。その完成を、ここにお伝えできることをうれしく思います。いよいよご利用いただけます。

シマンテックによる Blue Coat の買収が完了した 8 月以来、両社の共同開発チームは一貫してこの難題に取り組んできました。結果的に、およそ 2 カ月で目標は達成されました。

セキュリティは、クラウドアプリケーションを導入している企業にとって、とりわけ大きい課題です。特に、Office 365 や Salesforce といった人気のビジネスアプリケーションでは、あらゆる種類の重要な企業データが保存・共有されており、以下の理由で影響は重大です。

• 事故は起きるもの: クライアントアプリケーションがコラボレーションに最適な理由は、その容易さにありますが、それはデータが誤って漏えいするのも容易だということです。調査によると、クラウドアプリケーションに保存されているファイルのうち 23% が広く共有されており、そのうち 12% は機密に属する、あるいはコンプライアンスに関わるデータだといいます。*
• 攻撃者はクラウドを狙う: サイバー犯罪者は、総当たり攻撃やマルウェアを利用して、クラウドアプリケーションのアカウントに侵入します。2016 年の 1 月から 6 月の間で見ると、クラウドアプリケーションの異常な活動のうち 37% はクラウドアカウントの乗っ取りを試みたケース、63% がデータを盗み出そうとするケースでした。*
• コンプライアンス順守の重要性: 規制上の要件は厳しくなる一方であり、コンプライアンスを達成できない場合のペナルティは巨額にのぼります。2016 年の 2 月だけでも、PII に違反した企業に対して FCC が課した罰金は、3,600 万ドルに達しました。

答えはここに

シマンテック製品をお使いのお客様は、フル統合型の Symantec DLP と Symantec CloudSOC CASB を利用してデータを完全に可視化し、制御できるようになりました。  

Symantec DLP Cloud

Symantec DLP を拡張して、クラウドにおけるデータの盲点を見つけ出せるのが、新しい DLP Cloud Service Connector。シマンテックのオンプレミス型ソフトウェアと同じ、業界屈指のテクノロジーを基盤としたコンテンツ検出サービスです。Cloud Service Connector には、次のような機能があります。

• CloudSOC との統合によって、Office 365、Box、Dropbox、Google Apps、Salesforce など 60 以上のアプリケーションで機密データを検出します。
• DLP 検出をオンプレミスではなくサービスとして実行し、高速パフォーマンスを達成します。
• 1 つのコンソールで DLP を管理。ポリシーとワークフローを、クラウドでもオンプレミスでも、どこでも実施できます。
• DLP の既存のポリシーとワークフローを活用し、綿密に調整されたルールセットとビジネスロジックをクラウドアプリケーションに拡張します。

Symantec CloudSOC

Symantec DLP Cloud 統合に加え、CloudSOC では CASB を完全に可視化して、クラウドアプリケーションにおけるユーザーのアクティビティを直接制御できます。CloudSOC の主な機能は、次のとおりです。

• ユーザー行動の分析を通じて、悪質な可能性のある活動をクラウドアプリケーションで特定し、遮断または修復することによって、危険なユーザーアクティビティを検出・低減します。
• クラウドアプリケーションのデータに対する粒度の高い可視性と、ユーザーアクセスおよびトランザクションの制御によって、データ漏えいのリスクを予防します。
• 直感的なユーザーインターフェースで、粒度の高いログデータを利用してクラウドイベントを監視し、クラウドでのインシデントを捜査します。
• シャドウ IT を検出し、何千というクラウドサービス候補を識別して、アプリケーションのビジネス対応度を分析します。

DLP Cloud と CloudSOC によってクラウドアプリケーションのデータを保護する方法について詳しくは、今すぐ go.symantec.com/dlp-casb をご覧ください。

*出典: Blue Coat Elastica Shadow Data Report、2016 年

【参考訳】

Blog Feature Image: 

DLP[1000].png

我们在此很高兴地宣布，在不久之前，我们创建了业界首个集成式云安全解决方案。该解决方案具有真正的企业级数据丢失保护和全面的云访问安全代理(CASB)能力。而且，用户现在便可以获取此解决方案。

自赛门铁克在八月份成功收购Blue Coat的那一刻起，我们的联合开发团队便开始全力以赴解决这一关键问题，并只用两个多月的时间就取得成功！

企业在应用云端应用程序时所面临的最大挑战是安全问题。那些知名的企业应用程序（如Office 365或Salesforce）存储和分享所有类型企业敏感数据，因此尤其容易出现安全问题。原因如下：

• 意外事件：云端应用程序简单易用，这使其不仅具有优秀的兼容性，也更容易意外地泄露数据。相关研究表明云端应用程序中的文件有23%广为分享，而这些文件中有12%内含敏感数据或与合规性相关的数据。*
• 网络攻击者将目标瞄准云端：网络攻击者使用暴力攻击和恶意软件来破解云端应用程序账户。在2016年上半年，云端应用程序异常活动中有37%是企图破解云账户，还有63%是企图盗取数据。*
• 遵守法规，否则重罚：监管要求越来越严格，触犯法规的罚金非常高昂。仅在2016年2月，美国联邦通信委员会（FCC）便针对违反个人验证信息法规对相关公司处以将近3600万美元的罚金。

解决方案

赛门铁克客户现在可以使用完全整合的赛门铁克DLP和CloudSOC CASB全面查看和管理相关数据。

赛门铁克DLP云

您可以使用新DLP云服务连接器将您的赛门铁克DLP加以扩展，从而发现云端中的数据盲点。DLP云服务连接器是一种内容检测服务，与我们的本地软件同样具有着业界领先的相同技术。有了云服务连接器，您可以：

• 通过整合CloudSOC以发现60余种云端应用程序中的敏感数据，这些云端应用程序包括Office 365、Box、Dropbox、Google Apps或Salesforce等。
• 不同于本地应用，其可作为一种服务更快速地运行DLP检测。
• 通过控制台管理DLP，您可以利用控制台在云端和本地的任何位置执行相关策略和工作流。
• 利用现有的DLP策略和工作流以将精确调整的规则集和业务逻辑扩展至云端应用程序。

赛门铁克CloudSOC

除了整合赛门铁克云端DLP之外，CloudSOC还提供全面的云访问安全代理（CASB）功能，并可以直接管理云端应用程序中的用户活动。CloudSOC的使用功能如下：

• 利用用户行为分析识别、阻拦或修复云端应用程序中的潜在恶意活动，从而检测及缓解用户危险性活动。
• 利用云端数据仔细观察和管理用户访问和交易活动，从而防止数据暴露风险。
• 通过直观的用户界面上的详细日志数据，轻松检测云端事件并对其进行调查。
• 发现影子IT，识别数千种云服务并分析相关应用的业务可行性。

立即了解更多利用云端DLP和CloudSOC保护云端应用程序数据的相关信息，请访问网站：go.symantec.com/dlp-casb

*信息来源：《2016 Blue Coat Elastica影子数据报告》

Webinar: New Release of Advanced Threat Protection: Email

Time: 8:00 AM (PST) / 11:00 AM (EST)

Speakers: Jane Wong, Sr. Director Product Management, Gateway Security Group, Symantec and Nirav Shah, Email Security Product Marketing Manager, Symantec

Email continues to be the #1 threat vector for targeted and advanced attacks. The ubiquity of email and the widespread adoption of traditional email security solutions has led attackers to move beyond basic spam and phishing emails to more targeted and sophisticated attacks to infiltrate an organization,

Join Symantec’s Jane Wong, Sr. Director, Product Management,Gateway Security Group and Nirav Shah, Email Security Product Marketing Manager to learn how Symantec can help your organization uncover, stop and respond to sophisticated email attacks while providing the deepest level threat intelligence.

Click here to register

Blog Feature Image: 

GivingTues.png

Today is no ordinary Tuesday. As the build up to the holidays begins, people across the world are thinking about how they are going to give back this holiday season, both to their families and friends, but also to their communities and those in need. In response to many days commemorating the holiday shopping season such as Black Friday and #CyberMonday in the United States, in 2012 #GivingTuesday emerged as a global day of giving to remind all of us of the importance of holiday and end-of-year charitable activity and volunteering.  #GivingTuesday connects diverse groups of individuals, communities and organizations around the world for one common purpose: to celebrate and encourage giving.

As the #GivingTuesday movement emphasizes, the annual event is only as strong as all of those taking part. In 2015, people across 71 countries raised $116.7 million USD during #GivingTuesday with 700K online donors.

So how will you take part in #GivingTuesday this year? Here are some ideas (hint: most of these work every day of the year!)

• Join the movement and download the official #GivingTuesday toolkit to get started on your individual giving plan and to encourage others to do the same.
• Raise money for a cause you care deeply about or for your favorite non-profit. Donate or organize a fundraiser for a nonprofit and leverage #GivingTuesday.  Experiment with creative approaches to expand your donor base, for example, launching a campaign on #GivingTuesday to increase donations through the end of the year. Have a friend who’s running a race or looking for donations to support their cause? Today is a great reason to do so!
• Volunteer by yourself, with others, online or in your community. Volunteering is not one size fits all. Use #GivingTuesday as a way to define and start your personal commitment to public service, whether that be one hour, one day or one month every year. From virtual volunteering to lending your expertise through mentoring to cleaning up local beaches, volunteering should be defined by you and fit your interests and schedule.  
• Share your passion for giving back on social media using #GivingTuesday. Spread the news on Twitter, Facebook, LinkedIn - whichever platforms you use - about your favorite non-profits and let others know how you are giving back this Tuesday and throughout the year. For many organizations, spreading awareness of their mission makes a significant impact in itself.

Symantec employees donate their time to Sydney Dogs and Cats Home in Sydney, Australia

Companies can also leverage the momentum of this day to highlight the importance of service. At Symantec, we are offering special holiday opportunities for our employees to maximize their impact. For example, all donations recorded November 29 will be double-matched – meaning that for every $1 USD contributed, the organization will receive $3 USD. Additionally, for all employees that volunteered during our recent Global Service Week, we are holding a raffle to win one of 200 Global Giving gift cards, which can be used to donate funds to a charitable project of your choice. Any volunteer hours during #GivingTuesday will also qualify for our Dollars for Doers program.

As we enter the holiday season and approach the end of a new year, it is a special time to reflect on the many organizations that rely on the help of volunteers and donations to achieve their missions. We can all make a difference, whether large or small, through our time, expertise or donations. In the end it’s our time, passion and caring for a cause that truly makes an impact.  

What will your giving commitment be in 2017?