Blog Feature Image: 

Torjus_Gylstorff.png

Torjus Gylstorff
全球合作伙伴销售总裁

Torjus Gylstorff于最近任命为赛门铁克全球合作伙伴销售总裁。我们在随后的采访中询问了以下几个问题：

问：
Torjus，当总公司要求你领导赛门铁克全球合作伙伴销售部门的时候，你有何回应，你的第一反应是什么？

答：
我的第一反应是“是的！当然可以！”。赛门铁克及其合作伙伴Blue Coat的强强联合在网络安全市场中形成一股强劲力量。我们眼前的机会非常巨大，正确搭建和维护合作伙伴关系是促进客户取得成功的主要因素。

问：
对于那些听不懂丹麦语的人，你怎么让他们听懂你名字的读音？

答：
“j”用英语读听起来很像“i”，因此Torjus的发音像TORE – EE – US。

问：
你在上任起的首个一百天内想达成什么样的目标？

答：
我们所在的网络安全市场正在全速发展，因此我们的日常业务将保持不变。然而，我将利用这段时间的一大部分去聆听合作伙伴的声音，了解他们的目标和期望，以及合作关系可以做出改善的地方。我们所拥有的独特机遇就是完善赛门铁克合作伙伴的合作体验和合作环境。我将在这短时间内四处游走，拜访我们的合作伙伴，从而了解我们所需做出的工作。前不久，我参加了我们在东京的Partner Engage（合作伙伴交流）大会，在那里我与来自亚太及日本地区的合作伙伴们进行了会面。而且，我将在月底前往伦敦，参加我们在那里举办的欧洲、中东和非洲合作伙伴交流大会。目前为止，我们与合作伙伴们的交流对话证实了我们共有的大好机遇和合作伙伴的坚强力量。是的，我们还有一些地方需要做出改进，我们将马上着手这些工作。

问：
你期望所有合作伙伴全盘接受赛门铁克的投资组合吗？

答：
不。这是不现实的，我们不会要求某个在特定细分市场中的合作伙伴，如中小型企业，突然去接受大型企业的投资组合，反之亦然。一些合作伙伴在特殊技术上或在纵向市场领域中很专业，我们也不会要求其做出改变。在我们的市场中，客户希望专家们给予帮助。专业知识可以是了解特殊技术或特殊市场的要求等。上述两个例子对于伙伴关系来说同等重要。

我们在了解合作伙伴团体的同时，也将对注重其专业经验的合作伙伴给予支持，无论其专业经验是技术经验，还是吸引特定用户的经验，再或是在特殊纵向市场中的经验。传递给终端用户的价值才是成功的关键。

问：
你住在旧金山，再次组建家庭后，家里有四个女儿需要抚养。除此之外，你还要为世界最大的网络安全公司，领导收入最高和合作伙伴数量最多的全球合作伙伴销售部门。你是怎样做到的呢？

答：
呃，听起来抚养四个女儿可能很难，而且确实是这样的，但是我的家庭使可我保持清醒，帮助我正确看待事情。而且，还有一个优点，那就是与十几岁的孩子打交道极大地提高了我的谈判技巧。

和绝大多数人一样，我也系需要释放压力。我们很有幸能住在旧金山市，那里的景色很美，触手可及。我可以骑着哈雷摩托在一号高速公路上驰骋，一路上加州海岸线和太平洋的景色美不胜收，使我理清思路，精神充沛。

问：
从你的观点看，成功伙伴公司的三大因素是什么？

答：
首先，最重要的是承诺，所有优秀的伙伴关系都搭建在承诺之上。承诺是我们进行合作的基石，无论是日常业务还是战略计划均以承诺作为基础。第二便是创新技巧。赛门铁克投以大量资金去开发引领市场的网络安全解决方案，如果这些产品与优秀技巧、技术或潜在市场相结合，则我们便可稳操胜券。第三，我们必须始终关注客户满意度和客户成功。我们价值链所有环节是否成功，应由其为终端客户带来的价值或利益而决定。

问：
对于合作伙伴团体，你最好还有什么要说的吗？

答：
只有一条：我渴望了解合作伙伴的需要，确保能够始终对我们的业务方式加以改善。而且，我希望聆听合作伙伴的声音，听取他们对发展合作伙伴团体的反馈，使合作伙伴团体发展壮大。我们在与全世界伙伴会面时，将通过论坛对话的方式执行上述工作，我期望能够与合作伙伴保持对话，从而使我们能够获取最佳理念并将其变成现实。

Blog Feature Image: 

Colored triangle seamless pattern background.jpg

December 2016

Symantec announces that it has updated a number of products within its encryption portfolio.  The following updated versions have been released:

• Symantec Encryption Desktop 10.4.1

• Symantec Encryption Management Server 3.4.1

• Symantec Gateway Email Encryption 3.4.1

• Symantec PGP Command Line 10.4.1

The continued risk of data breaches has resulted in an increased focus on data protection and associated legislation.  Encryption is a key technology in protecting information and these product updates provide management, security and platform support enhancements, helping customers deploy encryption at the endpoint, email gateway and through command line interfaces in a more efficient and inclusive way.  In particular additonal support for Mac laptops and desktops using FileVault 2 is now provided.

Release Highlights

Administrator Benefits:

• Simplified MacOS Drive Encryption: Administrators can now manage native encryption offered by Apple (FileVault 2), simplifying the upgrade experience when users upgrade from Mac OS 'Sierra' to a future version. Additionally, administrators now can migrate unmanaged FileVault 2 users to Symantec Encryption Management Server, consolidating hard drive encryption status information. Key administrator functions like Personal key recovery and compliance reporting will continue to work while using this feature.

• Encrypted Drive Recovery Alternative: Administrators can recover a locked machine (if the end user is unwilling or unable to provide the password) by using an Institutional Recovery Key (IRK). 

• Reduced Unauthorized Access: An account lockout feature has been added to help protect administrator accounts against unauthorized access using the brute-force entry method.

User Benefits: 

• Enhanced User data protection: Symantec Gateway Email Encryption will expire the web email invitation links after a specific time period. This feature helps protect data from unauthorized access.

Platform Support:

• Symantec Desktop Email Encryption and PGP Command Line now supports OS 10.12.1 (Sierra)

• Symantec Encryption Desktop offers support for Win 10 rolling release upgrades and is certified with Windows 10 Anniversary Update.

• Symantec Desktop Email Encryption is now supported on Citrix XenApp 7.9.

• Symantec Gateway Email Encryption is now supported on Google Chrome for web email delivery. 

Documentation

• Refer to this KB article for the release notes and other documentation for this release.

It is no secret that the outlook for STEM careers is strong - over a ten year period (2012 – 2022) it is estimated that 9 million jobs will be added in STEM fields[1]. However, at the same time ensuring this future workforce is inclusive of diverse profiles is a significant challenge. For example, currently African Americans represent only six percent of the STEM workforce and The New York Times estimates this is even lower in Silicon Valley tech companies[2]. 

At Symantec, our belief is that when you give people equal opportunity, amazing things happen. As a result, we've made investing in diversity a priority.

From a talent perspective, we aim to increase the percentage of diverse talent at all levels within the company globally by expanding our diverse talent acquisition strategies, engaging leadership in diversity planning and designing talent development opportunities. Our Symantec Black Employee Resource Group (SYBER) has a multi-tiered strategy that plays a key role in our efforts. Additionally, through SYBER and other initiatives we collaborate with key research, nongovernmental organizations, public policy and education partners to promote equality globally, and to move the needle on diversity in STEM and cyber security, from K-12 education to college, to career.

Recently, Symantec professionals and leaders took part in UNCF’s fourth annual Historically Black Colleges and Universities (HBCU) I.C.E. (Innovation, Commercialization and Entrepreneurship) Summit. The goal of the four-day summit is to empower African American students—most of whom are computer science, engineering and information technology majors—to chart their career paths within STEM fields. More than 200 HBCU students applied for 53 spots, and were competitively selected based on their GPAs, personal statements, internships, computer science skills and demonstrated leadership. More than 100 HBCU faculty applied for nearly 20 spots, and they were chosen based on their background in computer science education, leadership, and willingness to serve as change agents on their respective campuses.

As a sponsor of the Summit, on November 16th Symantec hosted university students as part of the “HBCU Tech Trek”. During the Tech Trek students visit sponsors across Silicon Valley and the Bay Area including Adobe, eBay, Google, NetApp, PureStorage, Salesforce, Visa, and Veritas.

Students visiting Symantec had the unique chance to hear from leaders across the business who discussed topics ranging from the technical to the more personal:

• Joel Fulton - Senior Director, Information Security, Global Security Office who discussed various paths for cybersecurity professionals and emphasized that success is not one size fits all, and how to find your unique path.
• Amy Cappellanti-Wolf, SVP, Chief HR Officer, Human Resources who discussed key success factors for a culture of innovation.
• Silvia Johnson, VP, Human Resources, HR Direct & Bus Prtnr Consltg who looked at how to be a strong leader and develop effective decision making skills.
• Tina Randhawa, Senior Manager, Global Staffing, HR Direct & Business Partner Consulting who reviewed best practice job hunting strategies such as leveraging resources available and cleaning up your digital footprint.
• Kumar Chivukula, Sr Dir, IT, Network & Infrastructure Services who discussed cloud computing, how to adapt to a changing job market and the importance of finding a professional mentor.

Reaching students when they are first entering the workforce is key to helping them understand the possibilities that exist and to learn what it takes to make their professional dreams a reality.

“The opportunity to connect with this talented group of future professionals was especially meaningful to me as a graduate of a HBCU; Tuskegee University, Class of 96’.  These institutions have been academic springboards for generations of African-American scholars, scientists, innovators and thought leaders. I am proud to be a part of company that not only values this but takes an active role in creating a pathway for the legacy to continue.”

– Vyvry Thomas, Symantec Sales Compensation Program Manager

Symantec’s Cecily Joseph, VP, Corporate Responsibility & Chief Diversity Officer speaks to students as part of the HBCU Tech Trek event at Symantec. Image by Don Feria.

The experience was a learning experience for Symantec participants as well. For example, seeing leadership take the time and passionately engage with the students demonstrated the dedication to diversity at the company.

“To have the support of my managers during the planning stages and as participants of the event, really meant a lot to me. It reflects that Symantec leadership truly believes diversity is important to our company and to cybersecurity in general.”

– Rochelle Lakey, Symantec Principal IT INF Backup Specialist

It’s no doubt that the event was a success, helping to drive UNCF’s efforts in exposing and encouraging HBCU students to careers in technology. UNCF cites that nearly one third of the 2014 and 2015 participants are now interning or working full time at technology companies across the nation. Additionally, the engagement from the student guests during the Symantec Tech Trek event was outstanding.

We’re confident, that in addition to being advocates for themselves, they will take these learnings to their friends and social networks to become ambassadors for the many opportunities a career in STEM and cybersecurity offers.

Students engage with Symantec professionals to learn more about careers in cybersecurity at UNCF’s fourth annual HBCU I.C.E. (Innovation, Commercialization and Entrepreneurship) Summit. Images by Don Feria. 

Check out the video for more highlights from UNCF's 2016 #HBCUInnovation Tech Trek

Blog Feature Image: 

Torjus_Gylstorff.png

グローバルパートナーセールスリーダー
Torjus Gylstorff

先日、Torjus Gylstorff がシマンテックのグローバルパートナーセールスリーダーに就任しました。その Gylstorff に対するインタビューの様子をお伝えします。

質問:
Torjus さん、グローバルパートナーセールス部門の責任者というポジションを打診されたとき、どう感じましたか。最初は、どう反応したのでしょうか。

答え:
開口一番で、「もちろん、お引き受けします」と答えました。シマンテックとブルーコートがひとつになって、サイバーセキュリティ市場にとても強大なコミュニティが生まれました。そのサイバーセキュリティ市場には、これからも大きい可能性が広がっています。適切なパートナーシップを築き、維持していくことが、お客様の成功を決める大きい要因です。

質問:
デンマーク語を読めない人もいるので、ファーストネームの発音を教えていただけますか。

答え:
「j」の文字が、英語では「i」のような音になるので、TORE – EE – US（トリアス）と発音します。

質問:
入社して最初の 3 カ月は、どんなことを目標にしていますか。

答え:
サイバーセキュリティ市場はフルスピードで変化しており、私たちも日々の業務を同じスピードでこなしています。しかし私は、最初の 3 カ月間たっぷり時間をかけて、パートナー各社のご意見に耳を傾け、各社のご期待やご希望を知ることに努めるつもりです。シマンテックとのパートナー関係の向上に何が必要かも、伺いたいと思っています。シマンテックとのパートナー関係やエコシステムを健全に進めていくうえで、私たちにしか活かせないチャンスがあるからです。この 3 カ月は、あちこち跳び回って個人的にパートナーに面会し、何をすべきか把握しようと考えています。先日も、Partner Engage Conference が開かれた東京で、アジア太平洋地域のパートナー様とお会いしたばかりです。今月末には、ヨーロッパ・中東・アフリカ向けの Partner Engage Conference が開かれるロンドンに向かいます。これまでにパートナー様とお話ししただけでも、私たちを待ち受けている可能性と、パートナーコミュニティの強みを、改めて実感できました。もちろん、改善が必要な部分はありますので、その対応はすぐに始めるつもりです。

質問:
パートナー全社が、シマンテックのポートフォリオすべてを販売することになりそうですか。

答え:
いいえ。それは現実的ではありません。特定の市場セグメントに特化している、たとえば中小規模企業のパートナー様に、エンタープライズ市場への参入をお願いすることはできませんし、その逆もできないからです。特定の技術や限定業種の市場で専門性を活かしているパートナー様に、いきなり転進を求めるつもりもありません。セキュリティ市場のお客様は、専門家の助力を求めます。その専門家の知識とは、特定の技術を深く理解していることかもしれませんし、特定の市場で求められる要件を熟知していることかもしれません。どちらも、私たちのパートナーシップにとって等しく大切です。

パートナーコミュニティを見渡してみても、シマンテックがサポートするパートナー各社は、それぞれの専門性に立脚しています。それは、技術上の専門知識であり、特定の顧客セグメントに対する営業力であり、特定の垂直市場における専門技術です。成功への鍵は、エンドカスタマーに届けられる価値にあります。

質問:
サンフランシスコにお住まいで、お嬢様 4 人という大家族のお父様でいらっしゃいます。そのうえ、最大手のセキュリティ企業でグローバルパートナーセールス部門を率い、パートナーの数やその業績を統括なさっているわけですが、頭が変になったりしませんか。

答え:
そうですね。娘が 4 人もいる家族の父親というと、大変そうに聞こえます。実際、大変ですが、家族のおかげで元気でいられる、ものごとを大局的に見られるという面もあります。それからもうひとつ、ティーンエイジャーの相手をしていると、交渉のスキルも衰えませんね（笑）。

皆さんもそうでしょうが、気分転換はしていますよ。サンフランシスコに住んでいるおかげで、美しい景色に身近で接することができます。ハーレーダビッドソンに乗って国道 1 号線を飛ばせば、カリフォルニアの海岸線がどこまでも続き、その先に太平洋が広がっていて、頭をリセットして充電するには最高です。

質問:
お考えをお聞かせください。パートナーシップが成功する要因を 3 つ挙げるとしたら、何でしょうか。

答え:
まず、何より重要なことがあります。良好なパートナーシップはすべて、真摯な取り組みの上に成立するということです。真摯な取り組みこそが、パートナーシップのなかで進めるあらゆること、日々の営業から戦略立案まで、すべての土台になります。第 2 は、スキルの確立です。シマンテックは、市場をリードするサイバーセキュリティソリューションの開発に大きく投資していますが、その製品が技術面でも営業面でも卓越したスキルに出会ったとき、成功の条件がそろいます。第 3 に、お客様の満足度と成功に常に全力を注ぐ必要があります。バリューチェーンのあらゆる段階は、エンドカスタマーにとっての価値やメリットが増えて初めて、その存在意義が保証されるのです。

質問:
パートナーコミュニティについて、最後に何かひと言ございますか。

答え:
ひとつだけ。私は、シマンテックのビジネスを改善するための努力をこれからも常に惜しまないつもりです。パートナーコミュニティが繁栄と発展を今後も続けられるように、パートナー様の声を聞き、フィードバックをいただきたいと考えています。そのために、パートナー各社と出会う場を世界中に設けています。パートナー各社との対話を続け、素晴らしいアイデアをたまわりながら、それをビジネスに活用していければ、それにまさる喜びはありません。

【参考訳】

Thanks to all who attended our webcast, "Effective Patch Strategies for Windows 10 and Office 365".

If you missed the webcast, listen to the recording here:

https://www.brighttalk.com/webcast/13361/226913?cid=70138000001BafJAAS 

We also had quite a few questions during the webcast. Please find the Q & A transcript below.

Q: Is the peer downloading opt in?  I assume we can turn it off if we don't want to use that?
A: Yes this is optional. You have control over this. For example, you could only allow certain computers in a certain location or branch use the peer to peer downloading.

Q: Are these enhancements available with ITMS 8.0 HF4?
A: Many of the enhancements discussed during the webcast are part of HF5 which was released on December 15. Learn more about HF5 here:
https://www.symantec.com/connect/forums/it-management-suite-80-hf5-now-available 

Q: Are these enhancements in patch available in 7.5 or is it 7.6 or higher
A: They are (or will be) available on 7.6 and 8.0. If you are on 7.5 today, you will need to upgrade to 7.6 or higher to take advantage of these new capabilities. The hotfix and pointfix released on December 15th includes support for peer to peer on 8.0 and 7.6. There is another update (currently scheduled for January) that will introduce Office 365 support.

Q: What are the scheduling options for win10 feature updates?  What are the options to notify users that there computer will be down during the potentially long (40 +minutes) install process?
A: Because Windows 10 feature updates are similar to an image, it does take a little bit of time to get installed and running. We recommend treating these feature updates just like you would for imaging a computer and the processes you follow for that. Please share your feedback with your experiences deploying these feature updates as we are working on some enhancements in this area.

It’s also worth mentioning that there is no Altiris Agent running during feature update installation (as basically new OS is installed during this time) and therefore computer is not able to distribute downloaded feature update image to other computers. So admins need to make sure that there is enough time between computers receive patch policy with feature update and actual installation (so computers would be able to share the image and won’t download from NS/PS individually) – it’s recommended to use the scheduled time for feature update installation and not “Run ASAP”.

As for notification we have improved notification options starting from Patch 8.0 so would suggest customers review and utilize them.

Q: Is this an additional package that needs to be purchased or is it included in my Small Business Endpoint Protection software?          
A: The functionality we’re discussing on today’s webcast (Patch management) is included with Symantec Client Management Suite, IT Management Suite or Patch Management Solution and so would not be part of your Small Business Endpoint Protection Suite. If you would like more information on purchasing one of these solutions to add these capabilities, please contact Spencer Tait or your local sales rep. 

Q: Hear back from your customers?  What is the best method as I have been trying to understand the roadmap and direction with respect to Windows 10 and it has seemed to be an issue through any methods I have tried.
A: For more information regarding the product roadmap, contact your account rep who will arrange a meeting with our Product Management team. If you are not sure who that is, please contact Spencer Tait.

Q: Will clients attempt to discover peers when offsite (CEM active)?
A: The peer to peer functionality does not currently support devices connected via CEM.  Such support will be considered for inclusion in a future release.

Q: We have NS version 8.0 but I don't see the option for peer download, what version is this feature in?
A: It is available starting with HF5 released December 15. Learn more here:

https://www.symantec.com/connect/forums/it-management-suite-80-hf5-now-available 

Q: Are there routing concerns using peer to peer like with using multicast and broadcasts?         
A: It would help to have more specific details to better answer this question. But, the short summary is that our p2p relies both on broadcast traffic inside subnet and unicast traffic to hosts from ARP cache in order to quickly and effectively find peers.

Typical network configuration is that broadcast traffic is allowed inside subnet, but not routed to other networks and unicast is only routed in case port exception is intentionally added to firewall. Also, our implementation doesn’t use any of multicast type traffic.

Q: For Office 365 patches, will the agent automatically download updates from the closest package server or does it require GPO or XML to set download location?
A: With the current implementation, the best package server is identified when policy with Office 365 updates arrives on the client (so situation may change by the time updates will be actually installed). We plan to add the re-evaluation of selected package server right before the updates installation in future updates for Office 365 support.

Q: Any plans to handle feature updates on W10 machines using Language packs?  My understanding is that they will be removed during the update of a feature pack. It would be great if they could get automatically re-applied by patch mgmt.     
A: The functionality works fine with foreign language versions of Windows 10.  Additional research is being conducted to seamlessly handle situations involving language packs.

Q: Can the feature update occur leveraging an Internet Gateway?          
A: Feature updates can be distributed to devices connected via the Internet Gateway.  The peer to peer package download feature is not currently supported for devices connected via the Internet. Gateway support will be considered for inclusion in a future release.

Q: We had what looks like a win 10 insider patch come down in the patch cycle. Was this a mistake? How can this be avoided in future?
A: IT Management Suite does not include patches that are only available to Windows 10 insiders.  ITMS does not currently distinguish between devices that are on the Windows 10 Current Branch and the Windows 10 Current Branch for Business, but customers have full control over when updates are distributed to each and every device.  Inventory data can be used to create separate targets for devices on the Current Branch and those on the Current Branch for Business.

Q: How does the peer to peer downloading work related to CEM?  We have remote sites running on generic networks (i.e. 192.168.x.x).  Will the tool be able to share packages only to the local network, or will it share to anything in an identical subnet?               
A: The peer to peer package download feature does not currently support devices connected via CEM.  Such support will be considered for inclusion in a future release.

Q: With the comment of automatically deploying patches are you intending on adding support for this that does not require the use of Workflow?
A: We don’t have auto-install feature in our short term plans but there is an automation developed by Ludovic Ferre that can auto-install updates without workflow that you may want to take a look at.

https://www.symantec.com/connect/blogs/cwoc-patchautomation-and-zerodaypatch-builds-80

Q: Peer to Peer: Does a client favor a local PS over local peer with the package?
A: No

Q: With respect to patching other applications, is there any effort going into expanding the applications supported and cleaning up of existing products of no interest anymore.  The interface includes things like Skype 1, 2 ancient versions.  Others like Adobe Reader 6.0 etc. Suggestion is the ability to "Hide" products not of interest so that new products can be easily identified.            
A: Customers are encouraged submit requests to add support for additional applications.  Requests will be evaluated based on the overall value provided to the collective customer base.

Q: Can we expect to see the P2P behavior being implemented in Symantec Endpoint Protection product as well to distribute the definition updates?
A: Please direct this question to the SEP product team by contacting your Symantec account rep.

Q: PEER DOWNLOAD - how long does the process take to elect the 'endpoint 1' to be the downloader and then 'endpoint 2' to get the package from 'endpoint 1'
A: The process of electing "endpoint 1" to be the downloader happens instantaneously.  The amount of time that it takes for "endpoint 2" to get the package is entirely dependent on the size of the package.
 

Q: What is different between peer-to-peer and multicasting and where do you recommend using one versus the other?
A: There are several differences between multicasting and peer to peer.  One significant difference is that the process of negotiating and creating a multicast session requires more time than the process for identifying peer devices that have a package.  In addition, it is not possible for a device to join a multicast session after it has started.

Q: Can you shed some light on how the Symantec product handles 3rd party software patching?
A: Symantec IT Management Suite supports the patching of a large number of commonly used third party Windows applications.  From a technology perspective, the process is identical to the process for patching Microsoft products.

Q: Will peer to peer work for other items than just patch?  Managed Software Delivery for example.
A: Yes, peer to peer will work for software deliveries.  It does not currently support the distribution of Deployment Solution image files.

Q: How is peer to peer different than multicast? And will you be able to control resource utilization?
A: Yes, the peer to peer feature enables you to control resource utilization.  There are several differences between multicasting and peer to peer.  One significant difference is that the process of negotiating and creating a multicast session requires more time than the process for identifying peer devices that have a package.  In addition, it is not possible for a device to join a multicast session after it has started.

Q: Will the peer-to-peer distribution and streaming work the same for Windows 10 security only updates?         
A: Yes.

Q: One of the key things that is currently missing in Symantec Patching is the ability that Windows Update has to patch at the Driver level.  We have full blown patch management in effect and still to be effective, we often need to run Windows Update on machines to correct issues that have been resolved by Microsoft but relate to driver issues. How can we handle this product gap?
A: Support for driver updates will be considered for inclusion in a future release of IT Management Suite.

Q: Is this for all O365 or just the 2016 bits?           
A: Microsoft is ending support for the 2013 version of Office 365 in February, 2017.  ITMS' support for Office 365 is limited to the 2016 version.

Tis’ the season for giving…According to Charity Navigator, 1.4 billion people worldwide donate to NGOs and by 2030, the number is expected to grow to 2.5 billion[1]. The organization also cites research showing that in 2014, 31% of online giving took place in December, with 12% taking place on the last three days of the year[2]. Additionally, #GivingTuesday, “a global day of giving” taking place on November 28th has seen a huge increase in donations from $10 million in 2012 to over $168 million in 2016 (and a total in 2016 of 1.56 million gifts across 98 countries).

All of this shows that while the holidays are often focused on buying presents for family and friends, people are increasingly looking to give back to their communities and those in need.

This has definitely been the case at Symantec where on #GivingTuesday Symantec employees contributed more than $195,000 in donations over the course of a single day. Additionally, from California to Dublin to South Africa to Dubai, our employees have been busy taking part in projects large and small, on their own and in teams, to ensure that people everywhere have a happy holiday season:

Europe, Middle East and Africa  

• Dublin Christmas Challenge for the St. Vincent de Paul

In Dublin, Ireland 52 people volunteered over 300 hours up to December 23rd as part of the office’s Christmas Challenge in support of the Society of St. Vincent de Paul. To date, employees have created over 300 hospital bags, exceeding the office’s target. Over the 10-day challenge, more than 50 employees volunteered over 300 hours.

In Dublin, Ireland 52 Symantec employees volunteered over 300 hours as part of the office’s Christmas Challenge in support of the Society of St. Vincent de Paul.

• Playing Santa for the UK’s Rainbow Trust and Christmas Carols at Symantec

More than 50 employees in the Reading office supported the UK Rainbow Trust Giving Tree Appeal, playing Santa for children in need and filling bags according to the wish lists of children. Employees donated a total of 100 Christmas toys, books and games.

Students from the Reading Girls High School Choir performed variety of Christmas carols to 500 employees in the Reading office as part of the office’s annual Christmas lunch. A fun activity for all as the school is one of the selected schools that Symantec employees volunteer with throughout the year.

Students from the Reading Girls High School Choir performed variety of Christmas carols to 500 employees in the Reading office as part of the office’s annual Christmas lunch.

• Holiday Gift Bags for the Dubai Women and Children’s Foundation

The Dubai office in partnership with the Dubai Women and Children’s Foundation distributed nearly 40 holiday gift bags to the women and children at the shelter of Dubai Foundation. The bags for women contained toiletries and holiday sweets including towels, shampoo, deodorant, body lotion, scarves, and chocolates. The bags for the kids were organized according to age including child/baby toiletries, toys, clothes, chocolates, hair clips, stationery, and activity books.

Symantec’s Dubai office distributes nearly 40 holiday gift bags to the women and children at the shelter of the Dubai Women and Children’s Foundation.

Americas

• Washington DC Holds its First Annual Thanksgiving Food Drive

In November, Symantec held its First Annual Thanksgiving Bag Food Drive to benefit Loudoun Hunger Relief resulting in over 300 pounds of donated food that contributed to feeding over 1,000 families, and close to 5,000 Loudoun County residents on Thanksgiving. 

• Virtual Volunteering with CareerVillage End of Year Thanks

Symantec employees across the company took part in the CareerVillage End of Year Thanks, where over 300 volunteers provided over 600 pieces of career advice as part of the organizations mission to crowdsource career and school guidance for youth. We estimate that Symantec advice was read over 300,000 times, benefitting over 100,000 students.

• San Francisco’s Giving Tree 

For the fourth year in a row Symantec San Francisco’s Giving Tree drive met its quota of 50 wish card gift requests filled, with a third of the sites full time employees participating.

A third of full-time employees at Symantec’s San Francisco office took part in the holiday Giving Tree campaign.

• Utah’s Angel Tree, Herndon Virginia Food Drive and Culver City Supports Toys for Tots 

Symantec’s Draper & Lindon offices in Utah participated in The Salvation Army’s Angel Tree program providing over 150 Christmas presents for children and elderly in need. Additionally, our Herndon, Virginia site took part in a food drive for Loudoun Hunger Relief collecting over 300 pounds of food for the Thanksgiving holiday. Lastly, Culver City employees lead a collection of holiday toys at the office for non-profit Toys for Tots.

Symantec employees in Culver City donate to the Toys for Tots holiday gift drive.

Asia Pacific & Japan

• Chennai Fulfills New Years Wishes for Students

Symantec Community OutReach Programme (SCORP) in Chennai is holding an iWish event in association with Team Everest NGO. Through the program, employees fulfill holiday wish lists provided by Team Everest for students with single parents. Presents range from a watch to a dictionary to toys and more. Symantec has committed to fulfilling 91 children’s wishes this year.  

• Sydney Operation Christmas Cheer

For the 12th year, the Sydney office held its ‘Operation Christmas Cheer’ with the Salvos Chatswood Salvation Army.  More than 50 employees took part in this year’s event for the Salvation Army, volunteering to purchase, wrap and unload toys, gifts and food hampers. Additionally, the event included a food drive, where 200 employees in the office were asked to donate at least one item of non–perishable food.

• Cape Town Supports Baitul Ansaar Home for Children

Over 100 employees from the Cape Town office compiled goodie bags for children of the Baitul Ansaar Child and Youth Centre. Nearly 80 bags were created and given to children up to 14 years of age containing soap, facecloths, stationary and clothes, with a special toy wrapped separately for the children to receive on Christmas day.

More than 50 employees at Symantec’s Sydney office took part in this years ‘Operation Christmas’ for the Salvation Army.

Over 100 employees from Symantec’s Cape Town office volunteered to support the children of the Baitul Ansaar Child and Youth Centre.

Blog Feature Image: 

ThinkstockPhotos-469109385.jpg

在过去的一年里，网络罪犯定位企业信息数据的方式发生了巨大变化。美国民主党全国委员会等机构遭受网络攻击后，各大IT知名企业均保持高度警惕。而且，诸如Dyn （一家大型DNS服务商）遭受的网络攻击，更使这些企业将信息安全列为首要任务。随着企业持续应用先进的数字化工作平台，员工们能够灵活地随时随地在任何设备上执行工作，Cloud Generation（云生成）的崛起将使信息安全的注重点发生巨大变化。

网络安全格局不断变换，因此我们必须去花时间对潜在危险进行评估，并确定网络安全业需要关注的相关领域。随着2017年的邻近，赛门铁克详细地对未来一年的网络安全趋势进行了预测。

云生成动态确定企业的未来

• 企业网络将得到扩展并变得愈加模糊和分散。 在劳动力移动性前所未有增大的背景下，以内部网络为主要保护对象的想法变得更无远见。若网络与云端相连接，使用防火墙防御单独网络则变得毫无必要。所有企业都将开始使用无线服务和云服务，而不会去把钱花在昂贵且多余的网络解决方案之上。

• 勒索软件将攻击云端。 考虑到计算机技术向云存储和云服务的方向快速转变，因此对于网络攻击者来说，云端成为了一个非常有利可图的目标。由于防火墙或其他更为传统的网络安全保护措施无法对云端进行保护，企业保护数据的方式将发生巨大转变。云攻击可导致企业损失数百万美元，以及丢失重要数据，这使保护云端变得更为重要。

• 人工智能/机器学习将需要复杂的大数据能力。 在2017年，机器学习和人工智能将继续发展。随着新型机器学习和人工智能技术持续进入市场，各个企业将需要对相关解决方案进行投资，从而可以从不同、行业和区域的无数终端和为网络攻击传感器中收集和分析数据。全球化网络安全战争分分秒秒都改变着我们的生活，这些解决方案对于教会机器如何在网络安全前线作战来说非常重要。

网络犯罪成为主流

• 流氓国家通过窃取钱款的方式筹措资金。 可能会有一种很危险的情况，那就是某些流氓国家为了私利而与有组织的网络罪犯结盟，比如我们在SWIFT遭受的网络攻击中便看到了这一幕。这种情况可能导致国家政治、军事或金融系统的停滞不前。

• 无文件式恶意软件将有所增加。 无文件式感染。这种恶意软件直接写入计算机RAM之中，而无需使用任何类型的文件。而且，这种恶意软件经常能够躲避入侵防御和反病毒程序的检测，因此很难发现。这种攻击最有可能是通过PowerShell发起攻击，其攻击次数在2016年一整年中均有增加，且在2017年将继续增加。

• 安全套接层（SSL）滥用将导致使用HTTP的网络钓鱼网站增多。 免费SSL安全证书的兴起，以及谷歌最近将HTTP-only(安全)网站列为危险网站的做法，导致网络安全标准大大降低，更使搜索引擎恶意优化推动了鱼叉式网络钓鱼或恶意软件程序的发展。

• 无人飞机将用于间谍活动和爆炸攻击。 这种情况可能在2017年出现，但更可能在更晚时候出现。在2025年前，我们可能会看到“无人飞机受劫持”的情况，即网络攻击者出于个人利益对无人飞机的信号进行拦截并将其重新定向。鉴于这种可能，我们还可能会看到网络罪犯们开发出“反无人飞机黑客技术”，用以控制无人飞机的GPS和其他重要系统。

物联网纳入企业业务

• 云生成的扩散。 企业将继续允许员工们在网络上引入各种新型技术，如可穿戴式设备、虚拟现实和物联网连接设备，与此同时还将对云应用和解决方案形成的快速分散劳动力提供支持。企业将需要将其重要任务从保护终端设备转变为保护使用所有相关应用和服务的用户和信息。

• 物联网设备将继续渗入企业之中，导致物联网DDoS攻击增多。除了仅查看计算机和移动设备的漏洞外，安全事件反应小组当前还需要考虑到作为网络跳转点的调温器和其他联网设备。Dyn 在十月份遭受的网络攻击证明，大量物联网设备并不具有企业级的安全保护水平，非常容易遭到网络攻击。随着物联网设备的增多，安全漏洞带来的风险将大大增加。这些危险设备一旦投入市场，那么除了召回设备或发布产品安全升级之外，则几乎不可能解决这一问题。

信息安全行业在2016年遇到了很多新挑战， 但2017年可能会有过之而无不及。我们需要提高对潜在威胁的意识，这样才能够在面对网络攻击时更好地进行自我保护和及时响应。

Co-authored by Robert Myles CISSP, CISM and Kevin McPeak CISSP, ITILv3

Data breaches in Canada have accelerated alarmingly in recent years, placing the security of Canadian citizens and the country’s economy at risk.  In June 2015, the Government of Canada passed the Digital Privacy Act (DPA), which amends and updates existing federal privacy legislation. The DPA governs how private sector organizations collect, use, and disclose personal information in the course of commercial business. The intent of the DPA is to encourage Canadian organizations to properly safeguard any private data they collect on their customers, members, employees and/or donors.  It is also an effort to restore confidence in Canada’s digital ecosystem among Canadians who have become increasingly alarmed about the frequency with which private information has been compromised or mishandled. The DPA requires all Canadian organizations to:

• Report any security breach involving private information to Canada’s Privacy Commissioner if it is “deemed to create real risk of significant harm,” such as reputation damage, financial loss, identity theft, and/or negative effects on one’s credit record.
• Notify all affected individuals “as soon as feasible” that their information has been breached and that there is a risk of significant harm.
• Maintain records of all security breaches.

The DPA is expected to go into effect in 2017 and gives Canada’s Privacy Commissioner the authority to audit any organization and impose fines for non-compliance. Many Canadian organizations are now reassessing their cyber defense posture, technical capabilities, and overall readiness to meet this new legal requirement in order to avoid the negative consequences for non-compliance.

It has been repeatedly proven that even if you discover a data breach and report it, responding to and recovering from a breach is still costly. In Canada, the cost of remediating a single breached record averages $250.  The same study pegs the total cost of a breach incident at over $5 million.   This estimate takes into account lost customer business (34%), investigations and forensics (23%), auditing and consulting (10%), increased customer acquisition cost (9%), and others, such as identity theft protection fees.  In Canada and around the world, the ability to prevent breaches and quickly respond when a compromise happens has become a key business imperative.

For more information on how to prepare for DPA, please visit: go.symantec.com/ca/dpa 

Symantec’s Volunteer of the Quarter initiative highlights and rewards those employees who dedicate their time and talents to those in need. We have a long and proud history of encouraging our employees to volunteer. While the driving force of our efforts is largely altruistic, there is even more to volunteering than giving back to our communities. Volunteering makes our company a better place to work, so employees are helping both Symantec and the organizations they volunteer for.

Today we highlight members of our Warsaw office for their work supporting a local orphanage group Dom Dziecka.   

Members of Symantec’s Warsaw site – Gener Perez Torres, Monika Olszewska, and Christian Woegerer – channeled their personal passion for this issue and began to volunteer with a local orphanage, Dom Dziecka.  Dom Dziecka’s mission is to offer programs designed to help ease the problems of displacement and positively influence the future fate of the children.

There are many motivations for volunteering. In the case of our Warsaw team, it was driven by our common passion to help children in need, especially those lacking basics needs and one of the most important things we often take for granted – parental love and affection. It’s estimated that there are 143 million orphans in the world and an additional 20 million displaced children in the world.

For the past three years, we have volunteered with Dom Dziecka, supporting various initiatives of the organization. For example, we have spent several hours teaching the children language and helping them with their studies in all subjects such as Math, Physics, and others. We have also organized international cooking events where we prepared food from several countries for the children. Our next endeavor is to organize a Global Village event in which we will present a stand for each participating member country with typical items and talk a bit about the history and culture of the representing country.

Employees at Symantec's Warsaw office have supported local orphanage group Dom Dziecka for over three years.

Time and donations go a long way

With our Dollars for Doers and the Volunteer of the Quarter grant, the organization will be able to support hiring additional staff for vital activities, such as the daily care of the children, education, health diagnosis and tracking child development. And when concerns are detected, arranging for treatment and rehabilitation. Additionally, the staff is crucial in providing organized activities for children outside the premises of the institution such as going to the cinema, theater, trips, and summer camps.

A win-win

While you often feel you’re the one doing the giving in the volunteering experience, it has also been a unique chance for all of us to exercise our personal and professional strengths in new ways. For example, applying our knowledge of specific subjects such as grammar and science, and in the future we hope to bring in our knowledge of information security. Additionally, we’ve had the opportunity to speak in public, develop campaigns to increase awareness of this cause, engage and organize volunteers and lead fundraising efforts. It has also increased our exposure to each other when we may not have worked closely together, as well as our exposure to new members of our community.

Volunteering has brought a new meaning to life and career outside of our daily jobs. It has changed us as people to be so close to this community of children.  By far, the most rewarding moment was seeing the faces of the children when they were getting a package each full of items they deserved. It is this happiness that never made us question any minute, any hour of our work with Dom Dziecka and we look forward to continuing our partnership. 

Blog Feature Image: 

ThinkstockPhotos-177683051.jpg

I noticed some spam using a relatively uncommon "new TLD" (.christmas) in my honeypots this week, and, since it is almost Christmas, thought it was worth a look to see how it's being used or abused...

.Christmas has been around for a couple of years, but hasn't had many high-traffic domains, at least, until recently.

Checking the WebPulse logs for .christmas traffic revealed quite a lot of it, most of which appeared to be shady. How shady? Well, not as bad as most of the Shady TLDs we've profiled over the last couple of years, but still enough to warrant consideration for membership on Santa's naughty list...

Here is a look at how the Top 50 sites, by total traffic, stack up in our logs the last few days:

Without the two Placeholder sites being included (they're not considered to be quite shady enough for counting in the rankings), .christmas would score an even 80% shady. Compared to other Shady TLDs, this wouldn't rank in the top 20.

Still, all of the high-traffic .christmas domains are shady, and so we might make our first calendar-based recommendation. Namely, if you don't have WebPulse to let you know if a particular .christmas domain is likely to be shady or not, maybe consider blocking all .christmas URLs from January thru October, as the legitimate ones are very seasonal, as you might expect.

Peeking at the Packages

So what are these shady .christmas sites up to? It appears to be primarily spam-related, with some high-traffic WebAd/Analytics sites -- many of the URLs I checked returned single-pixel "tracking PNGs" (small image files used to track users who visit sites), or else they relayed visitors to sites that we had already identified as Spam or Phishing. Unfortunately, tracking pixels don't make for compelling screenshots, so I'm leaving those out.

There are several different domain naming styles being used by the major shady networks:

(1) A random-words-glued-together group (using words related to Christmas), such as happysing.christmas, celebratewish.christmas, merryseparate.christmas, jollysleep.christmas, etc.

(2) A random-word-plus-a-color group, with domains like happenyellow.christmas, dependred.christmas, turnblack.christmas, etc. (My favorite was kronosaurusblack.christmas.)

(3) A random-words-plus-digit group: handbelieve0.christmas, reasoncould7.christmas, bodyconsist1.christmas, namedevelop9.christmas, etc.

As shown in the table above, there were a handful of legitimate Christmas-themed businesses (generally "come meet (or e-mail) Santa" type), and a few other legitimate sites in the mix. But they were outnumbered by shady shopping sites (in particular, there is a network of cookie-cutter sites that weren't quite believable as places I'd want to spend money), and a couple of sites offering knock-off fashion goods for ultra-low prices.

In summary, it looks like the spammer/scammer Grinches are definitely out to ruin .christmas...

--C.L.

P.S. For easy reference, here are the links to the earlier posts in our "Shady TLD" series:

.country

.kim

.science

.gq

.work

.ninja

.xyz

.date

.faith

.zip

.racing

.cricket

.win

.space

.accountant

.top

.stream

Blog Feature Image: 

ThinkstockPhotos-464832262.jpg

Securing industrial control systems (“ICS”) against cyber attacks is a very difficult challenge.  ICS networks connect thousands of devices, often decades old and ranging from simple sensors to sophisticated SCADA servers.  The range of operating systems, protocols, and chipsets dwarfs the range seen in IT systems, which are fairly consolidated by comparison.  This complexity increases the ICS attack surface and makes traditional security approaches either infeasible or incomplete.  And while ICS networks are exposed to classic IT threats like denial-of-service attacks, the past five years have seen new threats like Stuxnet and Dragonfly that target ICS first.  Industrial control systems run a lot of the critical infrastructure supporting modern life, and vulnerabilities in these systems mean vulnerabilities in our power grid, manufacturing plants, and water treatment centers, among others.

At Symantec, we have been working on this problem for years.  We have put together a suite of solutions that identify and authenticate devices, lock down ICS endpoints and ensure the software running on them hasn’t been tampered with. This month we launched Anomaly Detection for ICS, which is security analytics built from the ground up for the ICS space.

Anomaly Detection for ICS deploys at the network level and passively monitors traffic in order to learn the system and create a model of expected behavior. Anomaly Detection for ICS then automatically looks for anomalous behavior relative to that learned model, without the user creating any rules or policies.  Proprietary machine learning algorithms help Anomaly Detection for ICS do deep packet inspection of any industrial protocol as well as look for subtle, correlated anomalies across the system.  This approach to ICS security monitors legacy and simple devices that can’t be directly locked down, and can detect zero day attacks because it does not rely on signatures.

There is no silver bullet product to solve ICS security, but the best solution is a defense in depth approach that protects up and down the stack.  With the launch of Anomaly Detection for ICS, Symantec adds network monitoring to its existing solutions in authentication, endpoint, application, cloud, and data center security for industrial systems.

Blog Feature Image: 

ThinkstockPhotos-160331372.jpg

So far in this blog series, we’ve taken a deep dive into the important innovations built into Symantec Endpoint Protection 14 – specifically advanced machine learning, memory exploit mitigation, and the Emulator– and how they work together to fight malware attacks.

This week we want to take a closer look at the critical role performance plays in securing the endpoint. Ultimately, if endpoint protection is cumbersome, if it slows down device performance or frustrates the user, then it doesn’t matter how innovative the technology is – users will turn it off. That’s why security software development requires a constant balancing act between increasing protection and minimizing performance impact.

That balancing act was top of mind as we created Symantec Endpoint Protection 14. Our development teams invested in three key areas to deliver multi-layered defense without compromising end-user or IT productivity. Let’s take a look at each area in detail.

Smaller footprint

We knew each new weapon in our endpoint arsenal would need to be carefully optimized so as to not slow down either the network or the end user, in effect bolstering security while prioritizing efficiency. For example, we deploy our machine learning technology to both the endpoint and the cloud – analyzing file attributes and behaviors locally on the device, while analyzing relationships and reputation using big data at scale in our cloud. That delivers incredible intelligence for endpoint protection without requiring a bulky application.

We also optimized and enhanced the core application to minimize the volume of signature definitions stored locally. All told, the typical application footprint for a fresh install was reduced 68% for core definitions from SEP 12.1, an impressive delta that reflects both a smaller application footprint and reduced definitions file updates.

Reduced downloads

Intelligent Threat Cloud is one of the breakthrough technology innovations in Symantec Endpoint Protection 14. The use of machine learning has reduced our dependence on signatures, but using them wisely still adds value. We built Intelligent Threat Cloud to provide real-time “on demand” cloud lookup for signatures, so we don’t need to keep all definitions on the endpoint – allowing updates to focus on the newest threat information. This reduces the frequency and size of signature definition files, which in turn lowers network usage and increases performance.

Based on our testing to date, the use of Intelligent Threat Cloud has helped reduce daily updates by 70% (comparing SEP 14 with core definitions to SEP 12.1).  That’s roughly the equivalent of two emails per day, versus nearly two megabytes per day in the prior release. What happens if we can’t connect to the cloud? Multiple signature-less technologies such as machine learning and memory exploit mitigation are already in position to deliver a fairly definitive verdict at the endpoint – so if we can’t corroborate it, we convict it.

Intelligent Threat Cloud is powered by a variety of advanced techniques including data pipelining, trust propagation, and batched queries. And while some security vendors would like you to believe signatures are obsolete, as we mentioned above, the reality is that signature-based detection systems still play an essential role in preventing known threats – while machine learning, exploit prevention and virtual sandboxes are used to tackle the unknown. Deploying one without the other is akin to installing a fancy new alarm system on your house and then intentionally taking the locks off your doors.

Faster scan times

Last but not least, our development teams worked hard to deliver better protection with faster scanning times via Symantec Endpoint Protection 14. The new software conducts set scans on samples that combine both clean files and those that contain malware nearly 20% faster, an increase that can be attributed in large part to the addition of Intelligent Threat Cloud.

Real-time scanning of new files also works incredibly fast. The Emulator, for example, uses virtual sandboxing to shut down custom packer attacks, deploying sophisticated technology that mimics operating systems, APIs and processor instructions, all while managing virtual memory and running various heuristics and detection technologies. The Emulator operates in milliseconds – an average of 3.5ms for clean files and 300ms for malware – significantly minimizing detection and response impact on the network and user experience.

One agent, multiple layers of protection

The threat landscape is always changing, and malware can infiltrate the enterprise at any point in the attack chain. The reality is no single technology can stop all malware, all the time. Multiple technologies are a fundamental requirement for the future of endpoint security. At the same time, users don’t want the performance hit of multiple agents – and IT doesn’t need the headache of separate applications from multiple vendors, with the need to install, patch, update, troubleshoot and integrate each of them separately.

With Symantec Endpoint Protection 14, we combine new and established technologies in a single, lightweight agent to stop known and unknown threats across multiple vectors, going far beyond the reach and capability of point products. That includes machine learning, exploit prevention, antivirus, and reputation and behavioral analysis all within a single high-performance agent. That same agent can also collect the data you need to feed endpoint detection and response (EDR) via Symantec and third-party consoles.

Bottom line: Organizations no longer need to install and manage multiple endpoint agents for prevention, detection and response. With the consolidated technologies of Symantec Endpoint Protection 14, they can reap the enormous benefit of next generation protection, all while improving the user experience, reducing IT burden, and lowering total cost of ownership. All the better to focus on fighting the bad guys.

# # #

Check out our webinar with Adrian Sanabria from 451 Research to learn more about next-generation endpoint protection, and watch this space for regular blog posts that drill deeper into key capabilities with insights from Symantec and third-party experts.

Webinar: ATM Threats to the Financial Sector

Time: 9:00 PM (Pacific) or watch ondemand any time

Date: January 23, 2017

There’s a new threat in town – Jackpotting. It utilises malware directly infected onto ATMs, requiring no card skimmers that can be easily detected, no time needed to steal credentials, and grants access to every single dollar held in the machine. 



ATM machines may not follow the strict patch management regimes that corporate machines do, leaving their operating system potentially much more vulnerable to malware attacks. Beyond the monetary loss, being Jackpotted can also negatively impact the brand, and expose the bank to regulatory action from lack of due diligence in risk management.



Hear how Symantec Cyber Security Services can help deliver a solution for these types of attacks. Through the combination of Data Center Security (DCS) and Managed Security Services (MSS) monitoring, you will receive prompt validated detection of both pre and post compromise attempts in near real-time, allowing faster responses and remediation.

Register fo this free webcast. Click Herehttp://bit.ly/Webinar0123