Articles on this Page
- 12/01/16--09:43: _Innovation InFocus ...
- 12/01/16--15:16: _Healthy Buildings: ...
- 12/01/16--19:58: _执法机关的捣毁行动重创Avalanch...
- 12/01/16--22:52: _マルウェアネットワーク「Avalanc...
- 12/02/16--14:19: _Symantec is now a c...
- 12/02/16--15:45: _SEP and ransomware ...
- 12/02/16--17:44: _Update on Chrome 53...
- 12/05/16--00:06: _SEP和勒索软件防御
- 12/05/16--21:51: _SEP とランサムウェア対策
- 12/06/16--09:41: _Bring an Hour of Co...
- 12/06/16--15:01: _New to Data Loss Pr...
- 12/07/16--12:19: _Cloak and Dagger: U...
- 12/08/16--05:58: _PowerShell threats ...
- 12/08/16--20:19: _PowerShell恶意软件数量激增：...
- 12/08/16--20:34: _PowerShell マルウェアが急増...
- 12/08/16--07:36: _Symantec Recognized...
- 12/12/16--15:33: _Symantec Files Pate...
- 12/13/16--09:33: _Follow the Frog to ...
- 12/13/16--11:45: _Microsoft Patch Tue...
- 12/13/16--13:37: _WEBINAR: How the NI...
- 12/01/16--09:43: Innovation InFocus Video Series Launches
- Cafeterias focused on healthy food choices
- Open, agile workspaces
- Shuttle services
- On-site health talks and health screening
- Continued expansion of PIT stops with IT
- On-site managed fitness centers
- Increased adoption of technology allowing extended teams to connect from anywhere around the world
- Support is provided for varied work styles, including quieter areas for dedicated focus.
- 12/01/16--19:58: 执法机关的捣毁行动重创Avalanche恶意软件网络
- 12/01/16--22:52: マルウェアネットワーク「Avalanche」、法執行機関により摘発
- 12/02/16--14:19: Symantec is now a certified OpenID Connect Provider
- 12/02/16--15:45: SEP and ransomware protection
- 12/02/16--17:44: Update on Chrome 53 Bug Affecting Symantec SSL/TLS Certificates
- 12/05/16--00:06: SEP和勒索软件防御
- 12/05/16--21:51: SEP とランサムウェア対策
- 12/06/16--09:41: Bring an Hour of Code to a Classroom Near You!
- Support for files encrypted with Microsoft Rights Management Service (RMS)
- Improved regex detection – faster (up to 40X) and more consistent across the endpoint agent and detection servers
- New and updated policy templates including for the new European General Data Protection Regulation (GDPR) and U.S. HIPAA and HITECH
- New built-in Data Identifiers for China, France, India, Japan, Korea, Mexico, Spain, Sweden and the U.S.
- Mac OS 10.12
- Microsoft Outlook 2016
- Microsoft Windows 10 Anniversary Update Enterprise
- Citrix 7.9 XenApp and XenDesktop
- Microsoft Edge via Agent Configuration
- More granular monitoring for applications via Application Monitoring
- 12/07/16--12:19: Cloak and Dagger: Unpacking Hidden Malware Attacks
- Our customers’ security teams are able to expose and evaluate the deepest layers of malware, maximizing protection and minimizing the impact of malicious payloads.
- Threat intelligence can be used to educate security systems and protocols, while informing new techniques to stay ahead of the bad guys.
- Threats can be detected quickly with minimal performance and productivity impact, so people can focus on getting their jobs done.
- 12/08/16--20:19: PowerShell恶意软件数量激增：经分析的脚本程序有95.4%为恶意脚本程序
- 12/08/16--20:34: PowerShell マルウェアが急増: 解析したスクリプトの 95.4% が悪質
- 12/08/16--07:36: Symantec Recognized in CRN’s 2016 Products of the Year Awards
- 12/12/16--15:33: Symantec Files Patent Lawsuit Against Zscaler
- 12/13/16--09:33: Follow the Frog to the Winner of Our CR Report Grant Campaign!
- Planted over 64,800 trees across approximately 300 hectares in coastal Oaxaca, Mexico
- Provided training on improved coffee management practices to over 400 coffee farmers, many of whom have also received training on reforestation and sustainable agroforestry techniques. The training techniques are designed to successfully increase forest cover, as well as to improve coffee productivity and quality.
- Helped build the capacity of the local coffee cooperative, UNECAFE (Unidad Ecológica para el Sector Café Oaxaquenio, S.C.), and local partners to implement and monitor a successful forest- carbon initiative for decades to come
- 12/13/16--11:45: Microsoft Patch Tuesday – December 2016
- 12/13/16--13:37: WEBINAR: How the NIST CSF Benefits Small and Medium Businesses (SMB)
We’re excited to announce the launch of Symantec Innovation InFocus, a short video series featuring insights from Symantec leadership. As part of our ongoing commitment to innovating for our customers, partners, and the industry, Innovation InFocus builds upon our momentum.
Be sure to check out the following video featuring Darren Thomson, Symantec's Chief Technology Officer (CTO) and Vice-President of Technology for the EMEA region, sharing his unique philosophy on the intended and unintended consequences of innovation.
Looking for more insights? Be sure to read Darren Thomson’s post: “Intended and Unintended Consequences of Innovation”.
Knight in shining armor, indoor track, inspirational messages, lighting that mimics your daily rhythms, on-site health screenings? Are you thinking office space yet? We bet not.
However, these are just some of the changes defining our new workspaces at Symantec. We believe that the workplace can be an important agent for change. Space can help define a culture, impact productivity and well-being, support innovation, socialization and inspiration.
Over the past year our Workplace team has implemented our new Global Workplace Guidelines making the following updates to various sites around the world:
Take a peek inside Symantec's Mountain View, California Headquarters
In August 2015, our new Cambridge, Massachusetts site became the first to implement these new guidelines. The site moved from Waltham and is now a brand new facility with the latest technology and amenities including an open floorplan, abundant sunlight, dedicated team rooms, and a campus easily connected to public transportation.
“Our Cambridge location sets us up for success – it serves as a melting pot of technology innovation, offers a diverse and productive workforce, and produces more engineering graduates than any other US city.” – Samir Kapuria, Symantec Senior Vice President and Site Executive
Additionally, Symantec recently became one of the first technology companies in Silicon Valley to obtain the WELL certification at our Mountain View, California headquarters. While green building standards such as LEED focus on reducing the impacts of the materials and resources used to create and occupy buildings, the WELL certification addresses the effect of a building’s environment on the health and well-being of its occupants.
Developed over seven years, the WELL standard was the result of a public commitment to the Clinton Global Initiative by design agency Delos “to improve the way people live by developing spaces that enhance workers’ health and quality of life.” The WELL standard looks at seven key factors - air, water, nutrition, light, fitness, comfort, and mind – that medical research tells us contribute to spaces, which promote and improve the health and wellbeing of its occupants.
“WELL is a pilot program, and we’re learning while evolving our buildings with each future project. Everything that I’ve seen in the WELL Building standard is important for our employees– which, in turn, supports engagement and performance in Symantec’s workplace.” - Jim Grenier, Symantec VP Performance & Rewards, Workplace, HR Ops.
In Mountain View, the office today looks nothing like it did in 2001, when the building was opened. Approximately 60 percent of the campus has been renovated and the new buildings – named INSPIRE – are infused to tell a story. Each floor has its own distinct personality and walls display company values. Cues of security are sprinkled through the space, whether it is a Sherlock Holmes pillow or images of keys in the artwork. Lighting shifts color to complement one’s natural physiological rhythm— more blue in the morning, more yellow in the evening.
From the jumprope wall, hulahoop wall, to an indoor track for walking meetings, all promote health and wellness. A walking path is designed to connect buildings and within the campus, approximately 12,000 square feet of space has been dedicated to a stateoftheart gymnasium called SymFit Center.
Rooted in best practice
To develop our Global Workplace Guidelines in line with best practices, we compared our data with the standards of 30 hightech companies, while also gathering feedback from employees via workshops across 20 locations and 3 global regions.
Concepts are one thing, but putting them into practice is another. We additionally held events with proposed mock ups/demos of furniture choices to select those which met the majority of our users’ needs.
The Symantec work experience is about highperformance integration in a technologyrich environment that provides a sense of wellbeing for its employees. Our Global Workplace Strategy aligns to this and brings intent to how we use our spaces worldwide, embedding the five Principles that support our mission of "the right talent and performance driven workplace to enable growth at the best cost".
If you have ever worked on a crucial web service, you know that one obstacle to expanding the service is user account management and authentication services. The days of creating a simple MySQL with PHP frontend page will not cut it anymore in any enterprise space. The security is too limited, the asset is too valuable, and the risk is too high. However, an investment in a custom identity solution is complex, costly, and takes away time from focusing on the core product features. Imagine if each team at Symantec provided a different login account and mismatching experiences for each product. This is where Norton Secure Login fits in, and why OpenID Connect certification matter to teams with user information.
Norton Secure Login (NSL) is an Identity Provider that provides a simple, secure, and centralized way to authenticate users. We provide an infrastructure for identity management for millions of users across various Norton brands (Norton Security, Norton Mobile Security, Norton Online Family, Norton Identity, and more), Symantec’s EPMP, and even upcoming products like Norton Core. To date NSL has used SAML2.0 protocol, an industry standard for the past decade, to handle these communication traffic loads. The protocol has become more complex and expanded to accommodate new needs that were not accounted for at the onset. In mid-2015, when Ilya Sokolov presented OpenID Connect protocol to the team as the next step, we were excited to make it happen. After a year of hard work, the NSL team is proud to announce our certification as an OpenID Connect Provider. More importantly for you, below, we outline what the protocol offers its adopters:
Simplicity– SAML2.0 protocol uses XML and data compression to minify the message. This makes it difficult for our clients (Service Provider or Relying Party) to understand why a request failed, and even more difficult to debug a problem without reading the lengthy SAML 2.0 spec. OpenID Connect does away with tags and replaces it with JSON schema, thus providing more concise data for developers to examine and identify problems. The protocol also shifts public details and metadata content from the message to the provider’s metadata end point in human readable form.
Performance– Those who have worked with SAML2.0 protocol understand that a basic SAML2.0 can be quite large. Currently, a simple request is more than 800 characters and the encrypted response is over 12,000 characters. OpenID Connect starts with a mobile-first mindset and removes redundant specifications. In addition, it uses JSON schema and relies on RESTful APIs to make the messages smaller. As a result, the same request and response in OpenID Connect protocol is under 3500 characters of uncompressed text. This is a message size reduction of almost 75% compared to SAML2.0 protocol!
Resilience– OpenID Connect is built on top of OAuth2.0 protocol, but extended to provide a standard with flexibility. One way it achieves this is by creating a separation of concerns, where one end point (URL) is for authentication and authorization (i.e., log in users), while other end points are for other services (e.g., retrieve user’s data). These end points work together using a token system, where a JSON Web Token (JWT) is used in exchange for the authorized user’s information.
Beyond OpenID Connect Provider certification, the NSL team has also developed a Java client library that your web service can leverage to use OpenID Connect protocol. This library provides a configuration-based Java Servlet filter that handles a user authentication and session. If your project is currently authenticating with NSL (at https://login.norton.com URL), we strongly encourage you to consider this upgrade. Many prominent identity providers like Google, Microsoft, and Amazon have seen the benefits and have become certified OpenID Connect Providers in the past 18 months. If you have any questions or want to us know what you think, just shoot us an email. We welcome and appreciate your feedback. Even better, visit us in-person! We have team members in the west coast (Culver City, Mountain), east coast (Cambridge), or India office (Chennai).
During the SEP discussion at the DC User Group meeting on Wednesday (11/30), there was some concern around SEP and ransomware protection. Below are some articles that can help (thank you to Curtis Carroll at InfoLock for sending these over):
Ransomware removal and protection with Symantec Endpoint Protection - https://support.symantec.com/en_US/article.HOWTO124710.html
Defeat Powerware Using SEP Application Control Policies - https://www.symantec.com/connect/blogs/defeat-powerware-using-sep-application-control-policies?cid=11587651#comment-11587651
As mentioned on November 10, 2016, we were made aware of a bug in Chrome version 53 that affects some Symantec, GeoTrust, and Thawte SSL/TLS certificates resulting in an untrusted error displaying when visiting affected websites. There were no issues with the certificates used on the affected websites, but rather, the issue is entirely a Google bug with specific versions of Chrome, Chromium, Chrome Custom Tabs and WebView.
Since my initial post, we’ve gained more insight into the scope of impacted platforms and releases for this bug, and although the majority of them have been patched, there is an outstanding issue with Android apps that leverage the WebView version 53. To remedy this problem, end users of affected applications will need to update to the most recent version of WebView (version 54) and the forthcoming Chrome version 55. Developers using Android Open Source Platform (AOSP) will need to review their own apps to ensure compatibility.
Other Chrome-based applications and platforms have been patched by Google including Chrome Mac, Chrome Windows, Chrome Linux, Chrome Android, Chrome iOS, Chromium, Chromium-based browsers, and Chrome Custom Tabs. All of these will operate normally on Chrome version 54 for the time being, and are fully patched in Chrome version 55. We expect no adverse issues on these platforms at this time, and no action should be required by users leveraging typical update mechanisms.
Symantec is continuing to work with Google as they push the fix to their bug through the Chrome eco-system. We will update this blog as we learn more information.
通过 Symantec Endpoint Protection 防御和删除勒索软件 - https://support.symantec.com/zh_CN/article.HOWTO124710.html
Defeat Powerware Using SEP Application Control Policies - https://www.symantec.com/connect/blogs/defeat-powerware-using-sep-application-control-policies?cid=11587651#comment-11587651
去る水曜日（11 月 30 日）に開かれた DC User Group の会合で、SEP に関する議論があり、SEP とランサムウェア対策についての関心が話題になりました。以下に、そのお役に立つ記事をご紹介します（この件につきご連絡いただいた InfoLock 社の Curtis Carroll 氏にお礼を申し上げます）。
Symantec Endpoint Protection によるランサムウェア対策とランサムウェアの駆除 - https://support.symantec.com/ja_JP/article.HOWTO124710.html
SEP アプリケーションのコントロールパネルを使って Powerware を撃退 - https://www.symantec.com/connect/blogs/defeat-powerware-using-sep-application-control-policies?cid=11587651#comment-11587651
-- Steve Jensen
Computer science is the defining field of the 21st century, yet most schools don’t teach it. This week, classrooms across the globe will celebrate Computer Science Education Week (December 5-11) and Hour of Code, a global movement reaching over 100 million students of diverse backgrounds in 180+ countries to help broaden participation in computer science and promote diversity in tech.
Speak with local schools in your community to understand if and how they are celebrating Hour of Code. Encourage those who are not participating to get involved next year. While Hour of Code is officially celebrated this week, events happen all year long and volunteers are needed to present in classrooms in-person or virtually!
For example, through Code.org’s local volunteer search, educators can locate engineers in their area willing to donate their time to educate and inspire students interested in computer science. Through the local volunteer search, Tejaswi Billa-Koti, Senior Software Engineer in Symantec’s Norton Business Unit, recently met with high school students at California’s San Pedro High School to answer questions about the profession, address common misconceptions and for many, help excite them about the opportunities that a college degree in the subject can bring.
Hour of Code Students at San Pedro High School in California where Symantec employee Tejaswi Billa-Koti, Senior Software Engineer, Norton Business Unit recently visited the school to inspire and educate students interested in a future in computer science.
This week, we’re announcing several significant updates to Data Loss Prevention to help you work more securely and compliantly with sensitive information. This includes more coverage for cloud apps, stronger endpoint monitoring, and improved data detection. Read on to learn more!
Get better visibility into cloud blind spots with DLP Cloud
This year, we’ve been seeing enterprise customers move their IT workloads to hybrid cloud infrastructures at a remarkable pace. “Forty-eight percent of large enterprises with off-premise workloads have handed off at least one workload to a hyperscale provider [Amazon, Google, Microsoft] in the last year, and that number is expected to rise to roughly 80% by 2018,” a report from McKinsey’s Silicon Valley group has found. The survey also determined that security and compliance continue to be the top barriers to cloud adoption, especially for large enterprises. Not too surprisingly, cost is the third most important consideration – not the main driver for adoption.
To help companies move to the cloud securely and compliantly, we’ve made huge investments in cloud DLP. In October 2016, we built and integrated our new DLP Cloud Service Connector, a cloud-based detection service powered by the same powerful technology as our on-premises detection software, with Symantec Cloud Access Security Broker (CASB). With this fully integrated solution, you can extend your existing DLP policies to over 60 cloud apps including Office 365, Box, Dropbox, Goole Apps and Salesforce.
This month, we’re adding another integration between DLP Cloud Service Connector and our cloud-delivered web security service, Symantec Blue Coat Web Security Service, to monitor and block uploads of sensitive data to website and cloud apps.
And this is just the beginning. We’re have more cloud DLP capabilities in store for 2017!
Use improved content detection to find more types of sensitive data
Content-aware detection technology is at the core of enterprise DLP solutions. By layering different detection techniques ranging from fingerprinting to image recognition, you get the ability to find sensitive data stored in virtually any location and file format with minimal false positives. Since 2014, we’ve made continuous improvements to our detection engine so you can accurately and confidently identify sensitive PII and IP.
In DLP 14.6, we’ve rolled out several detection enhancements:
Keep up with new apps and platforms with the DLP Endpoint Agent
Employees face countless cybersecurity risks and threats ranging from basic security negligence to phishing email campaigns. With the DLPEndpoint Agent, you can keep them safe wherever they work by monitoring and protecting sensitive data in use across a wide range of user activities – both inside and outside the corporate firewall. In this release, we’ve added endpoint coverage for platforms and applications:
Learn more about what’s new in the latest version of Data Loss Prevention 14.6 here!
Malware attacks have become part of our daily life. In just the past six weeks, we’ve seen a major DDoS attack take down Twitter, Spotify and other high-traffic internet properties, a ransomware attack on the San Francisco Municipal Transportation Authority, and perhaps most notably, the new “Gooligan” attack on Android phones – reportedly responsible for “the biggest single theft of Google accounts on record.”
According to AV-TEST, there are 578.7 million malware programs in existence today, with four to five new malware threats per second. Many of these malware programs make use of “packers” – software programs used to compress and encrypt files for transport, which are then executed in memory upon arrival.
While packers themselves are not malware, attackers use them to hide malware and obfuscate the code’s real intention. Once unpacked, the malware executes and launches its malicious payload with impunity – often bypassing firewalls, gateways and malware protection. Over the past 10 years, attackers have shifted from using commercial packers (UPX, PECompact, ASProtect, Themida, etc.) to creating custom packers, which use proprietary algorithms to bypass standard detection techniques.
Many of the emerging custom packers are polymorphic, which simply means that they use an anti-detection strategy whereby the code itself changes frequently, but the purpose and functionality of the malware remains the same. Custom packers are also able to use clever ways of injecting code into a target process and change its execution flow, frequently throwing off unpacker routines. Some of them are computationally intensive, calling special APIs that make unpacking difficult.
In short, custom packers are growing increasingly sophisticated, operating like “cloaking devices,” to steal a Star Trek metaphor, to hide the attack until it’s too late. (Romulans may or may not be involved). In fact, custom packer usage has become so widespread that by 2015, Symantec saw them deployed in upwards of 83% of all malware attacks, with Upatre, Virut and Sality malware families being particularly virulent.
Symantec Endpoint Protection 14 has introduced a powerful new malware killer – called the Emulator – to counter custom packer attacks. The Emulator fools malware into thinking it will run on the regular machine, and instead unpacks and detonates the file in a lightweight virtual sandbox on the endpoint. The malware then opens up and shows its true colors, causing threats to reveal themselves in a contained environment.
While this sounds straightforward, it requires incredibly sophisticated technology that mimics operating systems, APIs and processor instructions, while managing virtual memory and running various heuristics and detection technologies to examine the payload. All this takes place in milliseconds – an average of 3.5ms for clean files and 300ms for malware -- to minimize impact on the user experience. The sandbox so created is ephemeral and goes away after the job is done.
The real power of Emulator is that it works in concert with Symantec’s full endpoint suite to protect and respond at scale. This includes a broad array of powerful techniques including advanced machine learning, memory exploit mitigation, behavior monitoring and reputation analysis. Sometimes multiple engines come into play, collaborating in an orchestrated response to prevent, detect and remediate attacks.
All of this is fueled by the world’s largest civilian threat intelligence network. Thanks to our broad footprint across endpoint, network and cloud security, we have threat data from more than 175 million endpoints and 57 million attack sensors being monitored in real time every day, minute by minute. Our Security Technology and Response team also monitors malicious code reports from 200-plus countries, tracking more than 25,000 vulnerabilities affecting more than 55,000 technologies from more than 8,000 vendors.
The advantages to this approach are easy to see:
Attackers are always on the lookout for new ways to penetrate the enterprise, and custom packers have been a big open hole in the security landscape. We’re excited to deliver new techniques like the Emulator to help our customers fight back.
# # #
Check out our webinar with Adrian Sanabria from 451 Research to learn more about next-generation endpoint protection, and watch this space for regular blog posts that drill deeper into key capabilities with insights from Symantec and third-party experts.
Symantec analyzed 111 threat families that use PowerShell, finding that they leverage the framework to download payloads and traverse through networks.
シマンテックは、PowerShell を使っているマルウェアファミリー 111 種を解析し、そのフレームワークがペイロードのダウンロードやネットワーク中の自在な移動に利用されていることを突き止めました。
At Symantec, we work hard to deliver innovative products that enable our customers to always stay one step ahead of attackers. We’re honored to share that CRN, a brand of The Channel Company, has recognized us for our innovation by naming Symantec Advanced Threat Protection (ATP) and Blue Coat Security Platform finalists in the 2016 Product of the Year Awards for endpoint security and cloud and application security, respectively. Symantec ATP was also named a finalist in the publication’s 2016 Tech Innovator Awards.
In 2015, 35 percent of targeted attacks were launched against large companies (2,500+ employees) and 65 percent against small-and-medium-sized organizations. As cyber threats continue to evolve, yesterday’s methods of security are ill-equipped to keep up, putting organizations of all sizes and in all geographies at risk.
Symantec Advanced Threat Protection (ATP)
Symantec ATP provides the first unified platform that uncovers, prioritizes, investigates, and remediates advanced threats across endpoints, networks, email and roaming, all from a single console.
Symantec ATP uncovers stealthy threats that others miss by leveraging one of the world’s largest civilian threat intelligence networks combined with local customer context. Incident responders are notified as soon as an organization has been identified as a target of an active attack campaign and provides customers with granular attack details allowing them to remediate all instances of threats in minutes. It is the first solution in the market that can detect, prioritize, and remediate advanced threats across multiple control points, through a single console with no new endpoint agent to deploy.
Blue Coat Security Platform
The Blue Coat Security Platform unites the network, security and the cloud capabilities to provide maximum protection for organizations’ complete computing environment – while minimizing impact on network performance and enabling them to fully embrace cloud applications and services.
The Blue Coat Security Platform helps organizations manage the complexities of several massive shifts taking place in their computing landscape such as evolving networks, migration to the cloud and the endpoint revolution. This integrated security platform addresses these evolving network + security + cloud requirements.
Symantec ATP and Blue Coat Security Platform were subject to vast evaluation criteria. CRN evaluated a number of vendors, selecting the top five finalists across 17 different categories. Solution providers’ partners were then surveyed and asked to rate those finalists to determine the winner. The survey garnered over 5,000 responses, with solution providers considering a number of factors in determining their ratings, including product quality and reliability, technical innovation, ease of integration, potential to drive revenue, and fulfillment of market and customer demands.
To be recognized as the winner demonstrates our commitment to continuous innovation that addresses customer needs as enterprise security becomes more complex due to ever evolving threats.
Symantec today filed a patent infringement lawsuit against Zscaler, Inc. in the U.S. Federal District Court for the District of Delaware. As we noted in the press release we issued this afternoon, this lawsuit asserts that Zscaler’s products violate seven of Symantec’s patents across a variety of network security technologies including web security, data loss prevention, threat prevention, access control and antivirus techniques.
Symantec has invested over $10 billion in research and development since 2004 in order to provide our customers with innovative technologies, and much of that investment is protected by Symantec’s portfolio of more than 2,000 United States patents.
These technologies are found in solutions that our customers use to safeguard against cyber threats across endpoint, email, web, network and servers. Every day, our vast threat telemetry, when combined with our solutions, protects 175 million consumer and enterprise endpoints, 163 million email users, and 80 million web proxy users, and processes nearly eight billion security requests on the Web. This level of visibility across endpoint, email, and web traffic allows Symantec to discover and block targeted attacks that would be otherwise undetectable from any one control point. The enormous scale and resources required to offer this caliber of cyber defense is unmatched by any other company in the industry. As such, when we see someone attempt to benefit from our assets, we take swift action to stop it. In this instance, our intent is to prevent Zscaler from copying our pioneering technologies in network security.
We owe it to our customers and shareholders to vigorously defend our intellectual property when we believe it has been infringed. We plan to continue investigating this matter and will file further claims if additional infringements are identified.
Symantec’s Executive Vice President, General Counsel and Secretary
This year as part of the launch of Symantec’s FY16 Corporate Responsibility (CR) Report, we chose three of our nonprofit partners as part of a contest to encourage feedback on the report. Hearing from our readers is one of the primary ways we adapt our annual CR report to ensure it includes the information most relevant to our stakeholders in a compelling and easy to digest format.
After six weeks of voting, we received over 600 submissionswith our readers choosing Rainforest Alliance– who will receive a $100,000 USD donation. We are happy to provide this additional funding to one of our key partners, especially as they enter their 30th year of operation! Runners up Human Rights Campaign (HRC) and Code.org will also receive $10,000 USD in donations.
Sustainable Climate-Smart Coffee (The CO2 Coffee Project)
Photo credit: Rainforest Alliance
The Rainforest Alliance is an international nonprofit whose mission is to promote biodiversity conservation and ensure sustainable livelihoods by transforming land-use practices, business practices, and consumer behavior. Specifically, Symantec supports the Rainforest Alliance project on climate-smart coffee farming – the CO2 Coffee Project.
The CO2 Coffee Project works with over 400 local smallholder coffee farmers from the Chatino indigenous group in Oaxaca, Mexico, as well as local organizations to increase sequestration of greenhouse gas emissions (carbon stocks) through reforestation, and works to develop a model that improves economic stability for one of Mexico's poorest regions, which also produces of some of the world’s finest organic coffee.
With the support of Symantec's multi-year grant, the Rainforest Alliance works with these producer communities to reforest degraded coffee farms and pastureland by reintroducing native tree species and fruit trees while restoring shade-grown coffee farms. Diversified farm production and shade-grown coffee techniques help farmers avoid an alternative approach that requires the clearing of forestland and the intensive use of agrochemicals. These activities contribute to reducing greenhouse gas emissions by enhancing forest carbon stocks in coffee landscapes.
The CO2 Coffee Project is unique and leading-edge, since it is the first coffee agroforestry project in Mexico to be validated by the Verified Carbon Standard (VCS) and one of the first in the world linked to Rainforest Alliance/Sustainable Agriculture Network (SAN) standards. The VCS requirements ensure that the initiative is a highly traceable and accountable reforestation effort, enabling the communities to generate additional income from the receipt of carbon credits and climate-smart-branded coffee through the years. Community-based technicians, most of the them women, have been trained as part of the initiative, which have resulted in additional local employment and community engagement. Additionally, the Rainforest Alliance is providing training to farmers in sustainable and climate-friendly agricultural practices. These practices help strengthen sustainable coffee production and increase the farms’ resiliency to the effects of climate change.
To date, the CO2 Coffee Project has:
We thank the Rainforest Alliance for their continued partnership and opportunity to support programs crucial to the health and vitality of communities and the environment in Mexico.
This month the vendor is releasing 12 bulletins, six of which are rated Critical.
Webinar: How the NIST CSF Benefits Small and Medium Businesses (SMB)
Time: 10:00 AM (PST) / 1:00 PM (EST)
Speaker: Ken Durbin, CISSP, Strategist for Symantec focused on CRM and Threat Intel. Sharing
The National Institute of Standards and Technology (NIST) recently released guidance for Small and Medium Sized Business can utilize the NIST Cybersecurity Framework (CSF) to improve their Cybersecurity posture.
Key Learning Objectives:
-Basic understanding of the Cybersecurity Framework
-Introduction to the NIST small business information security document (purpose and scope)
-A review of the alignment of Symantec solutions to Cybersecurity Framework
Join this webinar for a review of the new guidance and how to apply it to assess and manage the Cybersecurity Risks to your business