Articles on this Page
- 11/18/16--00:03: _安卓银行恶意软件可自行列入白名单以与网...
- 11/18/16--12:11: _CloudSOC Gets Top S...
- 11/18/16--15:42: _Reaching Your Caree...
- 11/21/16--05:57: _Gatak: Healthcare o...
- 11/21/16--22:48: _Gatak将攻击目标瞄准医疗机构
- 11/22/16--08:55: _Inspired, United, I...
- 11/22/16--09:42: _Zero Days and Count...
- 11/22/16--12:39: _Ensuring a Safe and...
- 11/22/16--09:06: _Latest Developments...
- 11/23/16--20:32: _Gatak: 医療機関を集中的に狙うマ...
- 11/27/16--17:40: _Symantec Data Loss ...
- 11/27/16--17:53: _赛门铁克DLP现已和CloudSOC ...
- 11/28/16--15:41: _WEBINAR: New Releas...
- 11/29/16--04:06: _Mirai: New wave of ...
- 11/29/16--10:33: _#GivingTuesday Kick...
- 11/30/16--08:53: _Shamoon: Back from ...
- 11/30/16--21:29: _Shamoon：死灰复燃且破坏性不减当年
- 11/30/16--21:58: _Mirai: IoT ボットネットによ...
- 11/30/16--22:25: _以前より破壊的になって復活した Sha...
- 12/01/16--07:06: _Avalanche malware n...
- 11/18/16--00:03: 安卓银行恶意软件可自行列入白名单以与网络攻击者保持通讯
- 11/18/16--12:11: CloudSOC Gets Top Score for Current Offering in Forrester Wave
- sanctioned and unsanctioned application (shadow IT) detection
- user activity monitoring, profiling, and threat protection, and
- future development and market plans for CSG and technology.
- 11/18/16--15:42: Reaching Your Career Goals May Start with the Person Next to You
- Workforce – Opportunities to partner with our University Relations team to assist in talent acquisition, improving retention, and strengthening advancement of diverse talent.
- Workplace – Internal networking and employee engagement activities, opportunities to learn from company leaders and seek mentorship.
- Community Service – Opportunities for philanthropic outreach and community volunteering.
- Marketing – Opportunities to be involved in branding and culture changes.
- 11/21/16--05:57: Gatak: Healthcare organizations in the crosshairs
- 11/21/16--22:48: Gatak将攻击目标瞄准医疗机构
- Please describe how your role supports Symantec's Corporate Responsibility initiatives and strategy – both globally and within your region?
- How did you move into this role? Was it due to a personal passion/interest, development opportunity, project opportunity?
- What advice would you give to encourage employees to become involved in corporate responsibility at their company? Especially those that may not feel their knowledge/skills are relevant, or understand how corporate responsibility relates to what they do?
- 11/22/16--09:42: Zero Days and Counting: Defending Against the Unknown
- Java exploit protection: Java exploits allow hackers to infiltrate Java code for the purposes of surveillance, data theft, or backdoor access to larger computer systems. Symantec’s Memory Exploit Mitigation completely blocks Java Applets that try to disable Java’s Security Manager.
- Heap spray mitigation: A heap spray attack occurs when the attacker tries to place its attack code onto a predetermined memory location. Attackers may have full control of the application once the injection is completed. Memory Exploit Mitigation reserves the commonly used memory locations to prevent an attacker from using them and disables access to locations in the memory.
- Structured exception handling overwrite protection (SEHOP): Exception handling exploits compromise an application by overwriting the pointer of an exception handler with an attacker-controlled address. Memory Exploit Mitigation provides built-in SEHOP protection, beyond the limited degree of protection in Windows operating systems (which often have the protection disabled by default).
- 11/22/16--12:39: Ensuring a Safe and “Cyber Aware” Cyber Monday
Ensure all devices allowed on company networks have adequate security protections.
Use active monitoring and configuration management to maintain an up-to-date inventory of devices connected to the enterprise network. This includes servers, workstations, laptops, and remote devices.
Implement a removable media policy.
Where practical, restrict unauthorized devices such as external portable hard-drives and other removable media. Such devices can both introduce malware and facilitate intellectual property breaches, whether intentional or unintentional.
Be aggressive in your updating and patching.
Update, patch, and migrate from outdated and insecure browsers, applications, and browser plug-ins. This also applies to operating systems—not just across computers—but mobile, ICS, and IoT devices, as well.
Enforce an effective password policy.
Encourage users to avoid reusing the same passwords on multiple websites, and sharing of passwords with others should be forbidden. Passwords should be changed regularly—at least every 90 days.
Ensure regular backups are available.
Create and maintain regular backups of critical systems, as well as endpoints. In the event of a security or data emergency, backups should be easily accessible to minimize downtime of services and employee productivity.
Restrict email attachments.
Configure mail servers to block or remove email that contains file attachments that are commonly used to spread viruses, such as .VBS, .BAT, .EXE, .PIF, and .SCR files. Enterprises should investigate policies for PDFs that are allowed to be included as email attachments.
Ensure that you have infection and incident response procedures in place.
- Keep your security vendor contact information handy, know who you will call, and what steps you will take if you have one or more infected systems.
- Ensure that a backup-and-restore solution is in place to restore lost or compromised data in the event of a successful attack or catastrophic data loss.
- If network services are exploited by malicious code or some other threat, disable or block access to those services until a patch is applied.
Have online security protection.
Make sure to install online security protection on your computer, laptops, and mobile devices. Symantec offers consumers the latest Norton solutions for both computers and mobile devices.
Update your browser, endpoints and software.
Use the latest version of your internet browser to shop online and ensure that all of your software, including antivirus software, is up-to-date.
Look for external signs of trust.
Only purchase goods through reliable online retailers, and be sure to check if the website you’re shopping on is secure.
Monitor bank statements.
Monitor your bank or credit card activity over the holiday season for suspicious purchases or unauthorized money transfers.
Make sure you’re using strong passwords and practice basic cyber security awareness.
- 11/22/16--09:06: Latest Developments of Cross-Border Data Transfers
- 11/23/16--20:32: Gatak: 医療機関を集中的に狙うマルウェア
- 11/27/16--17:40: Symantec Data Loss Prevention - CloudSOC CASB とともに、クラウドに登場
- 事故は起きるもの: クライアントアプリケーションがコラボレーションに最適な理由は、その容易さにありますが、それはデータが誤って漏えいするのも容易だということです。調査によると、クラウドアプリケーションに保存されているファイルのうち 23% が広く共有されており、そのうち 12% は機密に属する、あるいはコンプライアンスに関わるデータだといいます。*
- 攻撃者はクラウドを狙う: サイバー犯罪者は、総当たり攻撃やマルウェアを利用して、クラウドアプリケーションのアカウントに侵入します。2016 年の 1 月から 6 月の間で見ると、クラウドアプリケーションの異常な活動のうち 37% はクラウドアカウントの乗っ取りを試みたケース、63% がデータを盗み出そうとするケースでした。*
- コンプライアンス順守の重要性: 規制上の要件は厳しくなる一方であり、コンプライアンスを達成できない場合のペナルティは巨額にのぼります。2016 年の 2 月だけでも、PII に違反した企業に対して FCC が課した罰金は、3,600 万ドルに達しました。
- CloudSOC との統合によって、Office 365、Box、Dropbox、Google Apps、Salesforce など 60 以上のアプリケーションで機密データを検出します。
- DLP 検出をオンプレミスではなくサービスとして実行し、高速パフォーマンスを達成します。
- 1 つのコンソールで DLP を管理。ポリシーとワークフローを、クラウドでもオンプレミスでも、どこでも実施できます。
- DLP の既存のポリシーとワークフローを活用し、綿密に調整されたルールセットとビジネスロジックをクラウドアプリケーションに拡張します。
- シャドウ IT を検出し、何千というクラウドサービス候補を識別して、アプリケーションのビジネス対応度を分析します。
- 11/27/16--17:53: 赛门铁克DLP现已和CloudSOC CASB一并纳入云服务
- 通过整合CloudSOC以发现60余种云端应用程序中的敏感数据，这些云端应用程序包括Office 365、Box、Dropbox、Google Apps或Salesforce等。
- 11/28/16--15:41: WEBINAR: New Release of Advanced Threat Protection: Email
- 11/29/16--04:06: Mirai: New wave of IoT botnet attacks hits Germany
- 11/29/16--10:33: #GivingTuesday Kicks off the Holidays with a Global Call for Giving
- Join the movement and download the official #GivingTuesday toolkit to get started on your individual giving plan and to encourage others to do the same.
- Raise money for a cause you care deeply about or for your favorite non-profit. Donate or organize a fundraiser for a nonprofit and leverage #GivingTuesday. Experiment with creative approaches to expand your donor base, for example, launching a campaign on #GivingTuesday to increase donations through the end of the year. Have a friend who’s running a race or looking for donations to support their cause? Today is a great reason to do so!
- Volunteer by yourself, with others, online or in your community. Volunteering is not one size fits all. Use #GivingTuesday as a way to define and start your personal commitment to public service, whether that be one hour, one day or one month every year. From virtual volunteering to lending your expertise through mentoring to cleaning up local beaches, volunteering should be defined by you and fit your interests and schedule.
- Share your passion for giving back on social media using #GivingTuesday. Spread the news on Twitter, Facebook, LinkedIn - whichever platforms you use - about your favorite non-profits and let others know how you are giving back this Tuesday and throughout the year. For many organizations, spreading awareness of their mission makes a significant impact in itself.
- 11/30/16--08:53: Shamoon: Back from the dead and destructive as ever
- 11/30/16--21:29: Shamoon：死灰复燃且破坏性不减当年
- 11/30/16--21:58: Mirai: IoT ボットネットによる攻撃の新しい波、ドイツのユーザーを直撃
- 11/30/16--22:25: 以前より破壊的になって復活した Shamoon
- 12/01/16--07:06: Avalanche malware network hit with law enforcement takedown
We are celebrating over here at Symantec. Forrester just named us a Leader in their first Wave for Cloud Security Gateways (CSG)*.
It’s been a journey and we’ve worked hard to create an innovative, data science-based solution to help today’s enterprises safely navigate cloud adoption. We believe our Cloud Access Security Broker (CASB) in addition to our Encryption, Secure Web Gateway, Data Loss Prevention, and User Authentication technologies offers organizations a unique level of security, enabling them to better identify and control shadow IT and safely use cloud applications for their core business activities.
To complete the Wave report Forrester performed a very thorough analysis of our CloudSOC and CDP solution along with other CSG solutions from the most significant vendors. After extensive research and evaluation Forrester gave the Symantec solution the highest possible score across categories including:
This is excellent news for Symantec but this is just the beginning for our cloud security solution. The analysis done for this report was based on the capabilities of our solution as of June 2016. Since then, we’ve added significant new capabilities to CloudSOC by integrating with Symantec DLP (#1 DLP in the industry) and Symantec Endpoint Manager, and we have many more integrations planned.
Would you like to read a copy of The Forrester Wave™: Cloud Security Gateways, Q4 2016
report where Forrester evaluates the most significant cloud security gateway (CSG) providers in the industry along with an overview of the current market for CSG? You can get it here.
Thanks Everyone! We couldn’t be happier.
Forrester evaluated Blue Coat in the CSG evaluation, which was acquired by Symantec.
Today, millennials make up the largest generation in the American workforce at more than 30% and a total of 53.5 million people. Various sources estimate that by 2025 millennials may represent 75% of the global workforce.
The majority of millennials have grown up in a different environment than their older counterparts and many studies cite the growing differences in the way millennials view their lives, their professional careers, how they rely on and leverage technology to collaborate and network with family, friends and colleagues.
Despite these differences, recent research such as IBM’s Institute for Business Value “Myths, Exaggerations and Uncomfortable Truths: The Real Story Behind Millennials in the Workplace” and Gallup’s study How Millennials Want to Work and Live, show that when it comes to work in fact millennials have similar career goals and desires as their older colleagues. For example, they want to work for a company with similar values as themselves, they work hard to make a positive impact on their company, they want to help solve environmental and societal problems (88% of millennials feel their job is more fulfilling when they have opportunities to make a positive impact on social and environmental issues), they thrive in teams of diverse backgrounds, and ultimately they want to do work they are passionate about.
A recent study by Gallup, How Millennials Want to Work and Live, states that only 29% of millennial employees are engaged at work. Young professionals are the future of every company, every industry, and they add to the diversity of perspectives and skills companies need.
So how can companies help them learn from experienced leaders, advance, challenge themselves, and channel their personal passions to set the stage for what will hopefully be successful and fulfilling careers?
Symantec’s New and Aspiring Professionals (SNAP) employee resource group is one way we do this. SNAP is one of five ERGs across the company that plays a key role in helping Symantec recruit and retain a diverse workforce, foster innovation, support the growth of Symantec’s business, as well as serving as ambassadors to the broader community through volunteering and advocacy.
SNAP focuses on four different pillars of involvement:
“Symantec’s New and Aspiring Professionals group brings together the future leaders of our company. As their Global Executive Sponsor, I am inspired by their energy, passion and desire to learn and grow within our organization as well as build their foundation for longstanding and impactful careers.”
– Amy Cappellanti-Wolf, Symantec SVP and Chief HR Officer & Global Executive Sponsor, SNAP
While SNAP is fairly new, the group is planning specific events throughout the year aligned to the key focus areas above, as well as increasing participation across Symantec. For example, in early December SNAP is presenting a panel “Advancing Your Career as a Millennial” event, where young professionals at Symantec’s corporate headquarters can meet and learn from diverse leaders across the company.
Spencer Liang, VP Norton Engineering, Elise Shelley, Senior Manager, IT, and Bill McCullough, Director, Human Resources will share how they have all successfully developed their careers at Symantec, and will provide details on their experiences in technical and nontechnical departments.
The event will also include speed networking allowing attendees to personally interact with and ask questions of the guest speakers.
SNAP Leadership Team and CHRO Amy Capellanti-Wolf launch Symantec’s first ERG dedicated to young professional talent.
Symantec New and Aspiring Professionals (SNAP) ERG work together to advance young professionals at the company and together are ambassadors in the community.
SNAP leaders share first-hand all they’ve gained from their experience so far:
“SNAP has given me the opportunity to get out of my comfort zone and be a leader. I am making an impact by creating an opportunity for voices to be heard and highlighting talent that isn’t always visible at Symantec!” - Natasha Marston, Co-Chair
“SNAP not only reflects Symantec’s commitment and investment in its young professionals, but allows us to take charge of our own professional development and growth. It’s been fantastic meeting other young professionals from all over the company, and I am excited to build a strong foundation for SNAP to be one of the most active, long-standing ERGs on campus!” - Anna Xie, Co-Chair
“SNAP gives me a way to network outside of my immediate department with like-minded young professionals.” - Nina Singhal, Community Lead
Whether it’s a specific project, cause, or professional goal, SNAP’s mission is to simply provide a platform where new professionals can come to achieve personal and professional aspirations. We hope SNAP will become one of the many reasons why young professionals want to work at Symantec and a vehicle for new and existing employees to realize the value of connecting with fellow employees.
Young professionals and managers at Symantec gather to celebrate the launch of Symantec’s SNAP employee resource group.
Anna Xie & Natasha Marston are Co-Chairs of Symantec's New and Aspiring Professionals (SNAP) Employee Resource Group.
Mysterious threat group infects organizations using malicious key generators for pirated software.
From increasing the diversity of our workforce and industry to reducing our environmental impacts to empowering our communities through philanthropic investments and volunteering, corporate responsibility (CR) touches every aspect of Symantec’s business. We’ve defined our strategy and are continually working towards our goals to operate as a responsible global citizen.
In addition to our dedicated global corporate responsibility team, every day Symantec employees across countries and business units collaborate to deliver on our mission of protecting our customers, our communities and our planet.
We are happy to feature a quarterly series – Inspired, United, Ignited: Symantec’s Corporate Responsibility Champions- that profiles stand out examples of our how our employees directly contribute to the implementation of our CR strategy. Some are leaders in our CR team, members of our Green Teams or champions for our employee resource groups, others are innovating to address needs in their function or region. All are inspiring others, uniting communities and igniting change to make Symantec a leading corporate citizen and to make our world a safer place.
Today we highlight Elaine Curley, Senior Environmental Compliance Specialist at Symantec.
Corporate responsibility and positive societal impact are central elements of Symantec’s business strategy, and as part of the Environmental Compliance Team my job is to ensure that as a company we are embedding environmental and sustainability considerations into all our operations. This includes our products, our Supply Chain, our philanthropic initiatives and engagement with our employees.
On a global level, compliance with relevant environmental legislation is the first step: we are committed to producing products and services that meet and exceed international standards. We continuously monitor changes in legislation that might incur environmental impacts in the regions in which we do business.
Beyond this, we are members of the EICC (the Electronics’ Industry Citizenship Coalition); a non-profit coalition of electronics companies committed to supporting the rights and wellbeing of workers and communities worldwide affected by the global electronics supply chain. By helping to manage this programme for Symantec, the aim is that our first tier suppliers are also working towards the EICC Vision: A global electronics industry that creates sustainable value for workers, the environment and business.
My main task when fulfilling our membership obligations is to manage our suppliers, to ensure they are upholding acceptable standards regarding ethics, environmental, health and safety, and labour policies and procedures – in line with the EICC Code of Conduct. This is mainly done through the EICC’s online platform; here we send our suppliers EICC assessments, and then analyse the results we receive from each supplier. Follow up action is taken if supplier results are not satisfactory, and those with acceptable results are always encouraged to aim for continual improvement year on year.
Through our EICC membership, we also participate in the Conflict-Free Sourcing Initiative (CFSI), one of the most utilized and respected resources for companies addressing conflict minerals issues in their supply chains; currently we are working toward our 2017 goal that our products be conflict mineral free. This process involves identifying and assessing risks in our supply chain, which is done through completion of the EICC Conflict Minerals Reporting Questionnaire. Suppliers are sent this questionnaire on an annual basis – we then take the supplier responses and assess them against a Due Diligence Decision Tree. We then rank Suppliers for risk, ranging from low to high, based upon issues raised in suppliers' survey responses. The final step in this process is reporting our results and findings to the rest of the company, the EICC and CFSI, and the general public.
More recently I have become involved in Human Rights and Human Trafficking issues – this is a new area for me and is there is a great deal to learn about it. Symantec’s Corporate Responsibility strategy states that respect for and upholding human rights is of the utmost importance, and therefore we engage with our suppliers and stakeholders to ensure that our policies and practices are continuously improved upon in this area.
On a local level, in Dublin we have a group of employees who form the Dublin Corporate Responsibility team – part of being a member of this team entails helping to organise ad hoc volunteering events for employees, arranging CR related events, promotion of volunteering initiatives on site, as well as going out and volunteering myself. The most recent CR initiative we had was ‘Global Service Week’ in October – were all employees were encouraged to volunteer as much time as possible over the course of one week.
Additionally, leading the Dublin Green Team, I try to organise several events a year with an environmental organisation; a recent example of this was the group of employees who volunteered with a local children’s nature charity to build their summer camp.
Having studied Environmental Law and Sustainable Development at University, I had always wanted to pursue a career within the environmental field. After working for a year in a graduate position in Queen’s University Belfast, I wanted to try something slightly different from the work I had previously undertaken when the role with Symantec came up. It seemed quite unique and so I was happy to accept the offer and move to Dublin in November 2014 to join the company.
A lot of employees may not realise the great variety of volunteering initiatives they can get involved in – from helping to deliver Online Safety training to schools, to beach clean ups, to lending a hand in a local hospice – there is a volunteering opportunity out there for everyone.
You don’t need to be highly skilled or have a great deal of technical knowledge in order to give local charities a helping hand – you just need to make the time and effort to do it when you decide what kind of activity you would like to engage in. It’s also a great way to socialise with your fellow employees outside the office, whilst knowing you’re doing something good for society.
Many people hesitate to volunteer as they don’t feel they can ask their manager for time off work. However, many companies offer time off to volunteer, such as our Symantec Service Time program that allows employees worldwide to take up to five work days each calendar year.
A little time goes a long way so it can’t hurt to ask!
Zero-day vulnerabilities inhabit a special, scary place in the cyber threat landscape. That’s due in part to human fear of the unknown, but also because they flip the timeline of threat mitigation. For security leaders and software companies, the clock is ticking…
Symantec’s annual security report shows the zero-day threat is growing, as the number of discovered vulnerabilities more than doubled in 2015 over the previous year, with a new one uncovered every week (on average). Attackers are drawn to popular applications used on a daily basis by millions of people around the world. Malicious code on rogue web sites can exploit vulnerabilities in popular Web browsers such as Internet Explorer, and phishing scams tucked away in seemingly friendly emails or embedded in Adobe Flash videos can wreak havoc in an enterprise within minutes.
It gets worse: Once discovered, these vulnerabilities are quickly promulgated within the hacker community and added to exploit toolkits. 2015 witnessed a discouraging uptick in use of the Angler Exploit Kit, a drive-by download that has spread ransomware, malvertising and even hacktivism. Zero-day exploits have also become quite lucrative, so much so that Symantec now characterizes the criminal hunt for zero days as professionalized.
Preemptive Protection: Stopping Vulnerabilities Without Signatures
Businesses today need more powerful, multi-layered endpoint protection that extends well beyond traditional signature-based antivirus. They need cutting-edge technology capable of securing all possible attack vectors.
Symantec Endpoint Protection 14 is answering that clarion call with the broadest suite of endpoint protection techniques – some traditional, some new and some improved. One of the newest features is Memory Exploit Mitigation, which we use to preemptively block exploit techniques regardless of whether they are known or unknown, foiling attackers’ attempts to take advantage of zero-day vulnerabilities.
At the core, Memory Exploit Mitigation is designed to detect and mitigate against generic exploit attacks – without signatures. It works at the shellcode execution level to counter different exploitation techniques. It also hardens the targeted software applications, making it difficult for hackers to write exploits.
Memory Exploit Mitigation includes multiple mitigation techniques “out of the box” that don’t need prior knowledge of an exploit to block it. It watches for a broad range of exploit behaviors and leverages Symantec’s deep intelligence from millions of endpoints, billions of files and trillions of relationships. Most importantly, you don’t need an additional endpoint agent to take advantage of new techniques.
In its initial release, Memory Exploit Mitigation includes three popular exploit mitigation techniques:
All the techniques have been tested and proven already on more than 40 million endpoints via Symantec’s Norton line of products. This field testing has allowed us to tune the techniques for very low false positives and certify against relevant programs before bringing them to enterprise customers. We are currently working on additional techniques that will be introduced in 2017 – stay tuned for more.
Unlike competitors, our Memory Exploit Mitigation works within a single agent alongside other protections, and provides centralized policy management and reporting. It can also run without a network connection – protecting disconnected or occasionally connected endpoints – and provide reporting on failed exploit attempts in addition to blocked exploits.
How effective is it? Based on internal tests, Memory Exploit Mitigation alone was able to block more than 60 percent of the zero-day exploit attacks from the last five years, with no reliance on prior knowledge of the attacks. Additional attacks were neutralized by the other capabilities built into Symantec Endpoint Protection, providing a highly effective combined defense against unknown threats.
The threat landscape is always changing, and customers are demanding more from their endpoint products. We hear all the time from customers that they “want additional controls, not an additional agent.” With Symantec Endpoint Protection 14, we’re delivering just that – a variety of new and established techniques for prevention, detection and response from a single agent. As Forrester wrote it in its recent Wave report on endpoint security suites:“Almost every possible attack surface is covered when buyers utilize the full extent of this portfolio.”
Check out our webinar on next-generation endpoint protection with Adrian Sanabria from 451 Research, and watch this space for weekly blog posts that drill deeper into key capabilities with insights from Symantec and third-par
As folks in the U.S. prepare for their upcoming Thanksgiving dinner, enterprises should brace for the beginning of the frantic holiday shopping season.
The scales finally tipped during the 2015 Thanksgiving holiday weekend in the U.S., as the number of consumers shopping online exceeded those shopping in stores, according to the Symantec 2016 Internet Security Threat Report, Vol. 21 (ISTR). With this year's Cyber Monday around the corner (November 28), security teams need to make sure that their websites are patched and protected. The ISTR Vol. 21 report found that more than 75 percent of all legitimate websites have unpatched vulnerabilities. In addition, 15 percent of legitimate websites have vulnerabilities deemed critical, which means it takes trivial effort for cyber criminals to gain access and manipulate these sites for their own purposes. In short, websites remain a key element in major attacks: they're a way into the network, into sensitive data, and to your customers and partners.
But what if your organization doesn’t sell goods online? Should you be concerned about Cyber Monday? The answer is a resounding, “Yes!” Here’s why. Employees could potentially be shopping online during work whether on company-owned computers or BYOD devices, such as smartphones and tablets. How do you plan to protect your organization (and employees) from cyber criminals this holiday shopping season?
Here are a few security best practices to keep your organization safe.
Best Practice Guidelines for Businesses
It’s wise to remind your employees of cyber security best practices. As more consumers shop online, the threat of cyber criminals increases. However, with some common sense and cyber awareness, you can help protect your organization, employees, and yourself.
Best Practices for Consumers
Employees, end users, and consumers—that can be any or all of us—are most likely going to be browsing and shopping online this holiday season. Here are a few cyber security online best practices to consider.
Stay Cyber Aware and Safe
Overall, consumers and retailers should follow this advice to stay safe this Cyber Monday, and IT teams and web administrators should ensure that any potential infrastructure vulnerabilities are patched before Cyber Monday to prevent attackers from taking advantage of these flaws. Security teams should also monitor network traffic for any suspicious activity. Online shopping doesn't end this holiday shopping season, so remember to constantly educate your whole organization on cyber security best practices to keep your organization, employees, and yourself safe. And that's something you can be thankful of—all year round.
One of the most frequent forms of data transfer covered under EU privacy law is the transfer of data from Europe to the United States. Often this takes the form of using cloud-computing resources or outsourcing of information technology services. Since the ECJ decision on Safe Harbor in October 2015, the question of legitimate cross-border data transfers has been a key theme among privacy and information technology practitioners.
Between October 2015 and the summer of 2016, there have been a number of developments on privacy law that affect data transfers. Four key developments affecting technology practitioners are explored below.
What Has Changed?
The introduction of the General Data Protection Regulation (GDPR) builds on the existing legal framework of Directive 95/46/EC. In that sense, the data transfer landscape does not fundamentally change with the advent of GDPR. The most frequently used transfer mechanisms foreseen by 95/46/EC are an adequacy finding, the unambiguous consent of the data subject, the standard model clauses approved by the European Commission, and binding corporate rules. The GDPR maintains these four and creates additional mechanisms, including the privacy codes of conduct, the privacy certification mechanisms, and standard contractual clauses adopted by a data protection authority and approved by the European Commission.
How Does the Safe Harbor Ruling Impact Data Transfers and the GDPR?
The Safe Harbor decision was an “adequacy finding” from the European Commission on which industry relied for years to conduct data transfers. The invalidation of Safe Harbor means that data transfers are still legally possible, but for them to be valid, they should use one of the other mechanisms foreseen in 95/46/EC. Practically, this means that the standard model clauses and the binding corporate rules become the most frequently used transfer vehicles. Even if the GDPR were in force today, the situation would not have been very different. More transfer mechanisms would have been available, but not the adequacy finding that Safe Harbor provided.
The Expected Outcome of the EU-US Privacy Shield
Adopted to replace the now invalid Safe Harbor, the Privacy Shield is essentially a framework of rules that renders transfers safe as long as companies commit to abide by those rules. It is a framework that provides what is considered an adequate level of protection, and as such, receives an “adequacy finding” that is one valid legal basis for data transfers both in 95/46/EC and the GDPR. One should note that the Privacy Shield is a more onerous framework than the invalid Safe Harbor and is subject to more frequent reviews and certification requirements. Its protections from activities of public authorities extend to other transfer mechanisms, such as the model clauses. Already a number of companies have adopted the Privacy Shield as their preferred transfer mechanism.
On-Going Litigation Concerning Privacy Shield and Other Transfer Instruments
At this point, there is an on-going case before the courts of Ireland that may end up in the European Court of Justice. The timelines are unclear, as is the outcome of the judgment and its impact on Privacy Shield or in any other transfer instrument. The negotiators of the EU-US Privacy Shield have developed it with the expectation that it may be challenged in court but have expressed confidence in the legality of the agreement. Until a judgment is issued, Privacy Shield and the other existing transfer mechanisms continue to be a valid way to transfer data.
A degree of ambiguity is to be expected as the evolution of privacy legislation continues once the GDPR comes to force. A key aspect of the GDPR is risk management. In that sense, data transfers are not very different. It is becoming impossible to prevent data transfers in the current globalized economy. Therefore, the focus of information technology professionals needs to be around understanding the legal requirements and managing the technological and commercial risk appropriately.
For more information on the EU GDPR and Data Privacy click here.
シマンテックはこのたび、真の DLP と、完全なクラウドアクセスセキュリティブローカー（CASB）機能を備えた、業界初の統合型クラウドセキュリティソリューションを開発しました。その完成を、ここにお伝えできることをうれしく思います。いよいよご利用いただけます。
シマンテックによる Blue Coat の買収が完了した 8 月以来、両社の共同開発チームは一貫してこの難題に取り組んできました。結果的に、およそ 2 カ月で目標は達成されました。
セキュリティは、クラウドアプリケーションを導入している企業にとって、とりわけ大きい課題です。特に、Office 365 や Salesforce といった人気のビジネスアプリケーションでは、あらゆる種類の重要な企業データが保存・共有されており、以下の理由で影響は重大です。
シマンテック製品をお使いのお客様は、フル統合型の Symantec DLP と Symantec CloudSOC CASB を利用してデータを完全に可視化し、制御できるようになりました。
Symantec DLP Cloud
Symantec DLP を拡張して、クラウドにおけるデータの盲点を見つけ出せるのが、新しい DLP Cloud Service Connector。シマンテックのオンプレミス型ソフトウェアと同じ、業界屈指のテクノロジーを基盤としたコンテンツ検出サービスです。Cloud Service Connector には、次のような機能があります。
Symantec DLP Cloud 統合に加え、CloudSOC では CASB を完全に可視化して、クラウドアプリケーションにおけるユーザーのアクティビティを直接制御できます。CloudSOC の主な機能は、次のとおりです。
DLP Cloud と CloudSOC によってクラウドアプリケーションのデータを保護する方法について詳しくは、今すぐ go.symantec.com/dlp-casb をご覧ください。
*出典: Blue Coat Elastica Shadow Data Report、2016 年
*信息来源：《2016 Blue Coat Elastica影子数据报告》
Webinar: New Release of Advanced Threat Protection: Email
Time: 8:00 AM (PST) / 11:00 AM (EST)
Speakers: Jane Wong, Sr. Director Product Management, Gateway Security Group, Symantec and Nirav Shah, Email Security Product Marketing Manager, Symantec
Email continues to be the #1 threat vector for targeted and advanced attacks. The ubiquity of email and the widespread adoption of traditional email security solutions has led attackers to move beyond basic spam and phishing emails to more targeted and sophisticated attacks to infiltrate an organization,
Join Symantec’s Jane Wong, Sr. Director, Product Management,Gateway Security Group and Nirav Shah, Email Security Product Marketing Manager to learn how Symantec can help your organization uncover, stop and respond to sophisticated email attacks while providing the deepest level threat intelligence.
New variant of malware used in attacks that knocked 900,000 home internet users offline.
Today is no ordinary Tuesday. As the build up to the holidays begins, people across the world are thinking about how they are going to give back this holiday season, both to their families and friends, but also to their communities and those in need. In response to many days commemorating the holiday shopping season such as Black Friday and #CyberMonday in the United States, in 2012 #GivingTuesday emerged as a global day of giving to remind all of us of the importance of holiday and end-of-year charitable activity and volunteering. #GivingTuesday connects diverse groups of individuals, communities and organizations around the world for one common purpose: to celebrate and encourage giving.
As the #GivingTuesday movement emphasizes, the annual event is only as strong as all of those taking part. In 2015, people across 71 countries raised $116.7 million USD during #GivingTuesday with 700K online donors.
So how will you take part in #GivingTuesday this year? Here are some ideas (hint: most of these work every day of the year!)
Symantec employees donate their time to Sydney Dogs and Cats Home in Sydney, Australia
Companies can also leverage the momentum of this day to highlight the importance of service. At Symantec, we are offering special holiday opportunities for our employees to maximize their impact. For example, all donations recorded November 29 will be double-matched – meaning that for every $1 USD contributed, the organization will receive $3 USD. Additionally, for all employees that volunteered during our recent Global Service Week, we are holding a raffle to win one of 200 Global Giving gift cards, which can be used to donate funds to a charitable project of your choice. Any volunteer hours during #GivingTuesday will also qualify for our Dollars for Doers program.
As we enter the holiday season and approach the end of a new year, it is a special time to reflect on the many organizations that rely on the help of volunteers and donations to achieve their missions. We can all make a difference, whether large or small, through our time, expertise or donations. In the end it’s our time, passion and caring for a cause that truly makes an impact.
What will your giving commitment be in 2017?
Malware hit targets in Saudi Arabia and was configured to wipe disks on November 17.
サウジアラビアの企業を狙った Shamoon は、11 月 17 日にディスクを消去するように設定されていました。
Symantec plays part in takedown of the Avalanche malware-hosting network.