Quantcast
Channel: Symantec Connect - ブログエントリ
Viewing all 5094 articles
Browse latest View live

マイクロソフト月例パッチ(Microsoft Patch Tuesday)- 2017 年 1 月

0
0
今月は、4 個のセキュリティ情報がリリースされており、そのうち 2 件が「緊急」レベルです。

続きを読む

微软“周二补丁日” — 2017年1月

0
0
微软在一月份的星期二补丁日共发布了4个漏洞公告,其中有2个漏洞评为严重级别。

続きを読む

Canada's Digital Privacy Act: Where Do I Start?

0
0
Part two in our series

Co-authored by Robert Myles CISSP, CISM and Kevin McPeak CISSP, ITILv3

(continued from part one in our series: What is Canada's DPA?)

Start by understanding how data breaches occur. In simple terms, cyber attackers breach networks by exploiting vulnerabilities in people, processes, and IT systems.

  • People and Processes: Examples include inadequate security policies, ineffective employee training, and weak policy enforcement. Each of these leave users vulnerable to phishing attacks and social engineering, etc.
  • IT systems: Examples include inadequate HW or SW inventory management, weak security controls, unpatched software, and the possible exploitation of unsecured mobile devices and cloud applications and infrastructure.

Ultimately, data breaches are caused by the inability to:

  • IDENTIFY those assets that must be protected,
  • PROTECT sensitive data,
  • rapidly DETECT the occurrence of a data breach,
  • RESPOND quickly to a detected breach, and
  • RECOVER from a breach by using lessons learned and industry best practices to prevent breaches.
     

Best Practices Protect

Organizations that embrace cybersecurity best practices are much less vulnerable to cyber threats. They are also the most likely to detect a threat early and act quickly to prevent data loss when a breach does occur. That said, many organizations still do not have basic security measures in place and according to a 2016 report by the Online Trust Alliance, 91% of breaches could have been prevented. Symantec has worked with the Canadian Government in an effort to address this knowledge gap.

In 2014, Symantec helped develop practical tools that would help Canadian organizations to protect their operations and promote the development of best practices. The “GetCyberSafe” initiative provides Canadian organizations with access to cybersecurity best practices, and can be accessed online here: http://www.getcybersafe.gc.ca/cnt/prtct-yrslf/prtct-smlbsn/index-en.aspx. Many of GetCyberSafe’s recommendations are based on international cybersecurity best practices, such as the United States’ National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF). Symantec was an early collaborator on the development of the NIST CSF and continues to work with NIST to ensure that, as it updates the CSF, it effectively maps to the evolving cyber threat landscape.

For more information on how to prepare for DPA, please visit: go.symantec.com/ca/dpa 

空港の搭乗ゲートで予約コードが表示され、搭乗客データに漏えいの危険性

0
0
予約コードが漏えいすれば、攻撃者は搭乗客の予約を完全にコントロールし、予約を取り消したり、重要情報を盗み出したりできる恐れがあります。

続きを読む

Symantec Introduces Risk Insight to Automate Risk Assessments

0
0
Blog Feature Image: 
Twitter カードのスタイル: 
summary

How secure is your business?  It seems like a simple question, but it can be challenging to answer.

The good news is today Symantec has introduced Risk Insight - a new service that makes answering that question much easier.  We understand that there are a variety of factors that make it daunting to determine the effectiveness of your security posture:

  1. Cyber security threats are growing in frequency and sophistication, making it increasingly challenging to gain a holistic view (Symantec Internet Security Threat Report 2016).
  2. Security products are highly specialized and siloed resulting in an overwhelming stream of notifications and alerts that are hard to prioritize due to their limited scope and visibility.
  3. Risk assessments are traditionally manual, time consuming, and incomplete. And most are based on questionnaires that are outdated before they are even finished.
  4. And finally, gauging effectiveness is difficult without a point of reference in the same industry or region.

What is Risk Insight?

Risk Insight is an automated assessment and planning tool that helps you build a more robust security posture. It complements the other products in your security arsenal to protect, detect, and respond to threats.  It does so by using the data generated by your existing products so that you can pinpoint vulnerabilities and create action plans that will ultimately lead to the better protection of your organization.  Risk Insight uses big data analytics and sophisticated algorithms to present the risks you are facing in an intuitive, actionable fashion useful for both executives and operations teams.  Let’s walk through some ways Risk Insight helps you assess your business risk.

pic1.png

A 360 Degree View of Risk

Risk Insight uses an executive dashboard to provide your security leadership and operations teams with a 360 degree view of your security posture across your enterprise, industry peers, customers - and soon partners. 

pic2.png

It has the unique ability to combine and analyze your enterprise attack and defense data, customer device hygiene, and our global threat intelligence to provide intuitive metrics that offer a true view of risk. Additionally, the easy to understand metrics allow you to effectively communicate the ROI of your security investments to your executive team and your business priorities to operations, enhancing transparency across the various layers of your security organization.   

Risk Insight allows you to make more informed, data-driven decisions and answer questions such as:

  • What risk do your customers and partners pose to your organization?
  • How are you doing compared to your industry? Are there areas for improvement?
  • How have changes in your defense improved your security posture and can you justify new security investments?

Actionable Insights for Operations Teams

Ultimately the questions arise: why are we performing poorly compared to the industry average? What is making that particular endpoint so much more vulnerable?  And perhaps most importantly, where should we focus to have the greatest impact?  These questions inevitably fall to the operations teams. Risk Insight offers interactive drill down and granular analysis capabilities to provide security operations with the ability to identify your most vulnerable endpoints, riskiest users, applications, customers and suppliers - always using real-world data. 

pic3.png

Through risk scoring, Risk Insight can help you prioritize your efforts to create detailed action plans.  It then tracks the results of your actions over time and displays the information using intuitive trending graphs.  These graphs make it easy to digest months of data and compare your results against industry and geographic benchmarks. 

An Automated Service That Makes your Existing Investments Work Harder

Risk Insight is an automated service, powered by your current security investments like Symantec Endpoint Protection, and fed by the unparalleled data visibility of the largest civilian global intelligence network in the world – which means you can base your important decisions on the best data available. 

As a cloud-based service Risk Insight is available from anywhere, on any device; and you always have the latest up to date view of your internal and external risk.

And best of all being able to implement Risk Insight without adding agents, infrastructure, or substantial resource commitments means you can maximize the value of your existing security investments with no operational overhead.

Being Better Prepared Means Better Protected

We have seen time and again that organizations who adopt a proactive stance toward security are ultimately better able to protect themselves from the ever changing threat landscape.  Risk Insight allows you to make that transition from reactive to proactive.

Want to learn more?

Visit Risk Insight at Symantec for more information or to contact us for a free demo, so you can see Risk Insight for yourself.  Want to see how secure your business is – let us enable Risk Insight specific for your organization.

Celebrating the Women Transforming Tech

0
0
For the 8th Consecutive Year, Symantec Joins the Anita Borg Institute for the Largest Celebration of Women in Tech in the US and India

By: Meg Layton, Leader, Managed Security Services R&D, Symantec

To paraphrase Ferris Bueller “Tech moves pretty fast. If you don’t stop and look around once in a while, you could miss it…”
 
One of the cardinal truths about working in technology and computing is that there is always something new, so there is always something to learn.  However, in our professional and personal lives, it is easy to become solely focused on the day to day activities of our direct community and teams. The opportunity to interact with and learn from others outside our close network, to look around and generate new ideas, to hear inspirational stories from others can have invaluable impacts on our success and satisfaction in both.

As a female in technology, on the professional side this can be challenging. For example, in 2015, 25 percent of computing positions in the U.S. were held by women. Five percent of these were Asian women, three percent were African-American women, one percent were Hispanic women. Additionally, according to the National Center for Women in Technology's By the Numbers, only 17 percent of Fortune 500 Chief Information Officer (CIO) positions were held by women in 2015. While the number of females in technology careers is increasing, finding a place where females don’t feel like the minority, where they can network with technology peers outside their direct network can be challenging.

Where females in tech are the majority

For thousands of women worldwide, the annual Grace Hopper Celebration of Women in Computing, presented by the Anita Borg Institute for Women in Technology (ABI) and the Association for Computing Machinery, is a unique chance for this. Since 1994, Anita Borg Institute has developed a world-class event, the largest gathering of women in technology today, that celebrates the contributions of women in technology and computing careers. The conference offers unique opportunities for collaboration, networking, professional development and mentoring for the 18,000 attendees that range from students exploring careers to senior leaders at the world’s top technology companies. Attendees at ABI’s US and India conferences are joined by presenters that are leaders in their respective fields, representing industry, academia and government.

This has been my fourth opportunity to attend Grace Hopper in my 15+ years of employment at Symantec, where I have served as a presenter, attendee and hiring manager. The best part of Grace Hopper is the opportunity to connect with people within your own company, as well as world-renowned industry and tech influencers. For instance, I was able to meet with amazing women from the gateway security teams in Symantec and discuss shared challenges and experiences with agile transformation, and then in the same day have the opportunity to discuss trends with Megan Smith – U.S. CTO, who is a personal role model of mine.  This sort of mix is not something you have in every conference. 

Meg Layton.jpg

Above: Meg Layton (right), Leader, Managed Security Services R&D, attended the Grace Hopper Celebration of Women in Computing for the fourth time in her 15 years at Symantec.

Reflections from Grace Hopper

“I would say I found the conference to be extraordinary on many fronts – the sea of incredibly talented women in tech, the rich content which provided valuable insights and mechanisms for these participants to take back with them, and the opportunity to network and experience the collective power, thought leadership and energy at a conference with 18,000 participants.

I also personally loved getting to know more of our Symantec talent as we worked together to greet the multitudes of conference attendees at our booth. Amazed at our strength and ingenuity.” – Amy Cappellanti-Wolf, Senior Vice President and Chief Human Resources Officer

“The most exciting part of Grace Hopper each year is to see women in technology surrounded by other technical women, especially in niche fields where they may be one of the only. It is inspiring for all and the energy and excitement from this is tangible. Personally, it is heartening to see our employees from across the world get together and meet each other in person, sometimes for the first time, even though they’ve known each other virtually for years.” – Ruha Devanesan, Manager, Global Diversity and Inclusion

“Grace Hopper is not only about attending the conference, but I think there is more to be learned by participating in the making of the conference. As a committee member, your networking starts right there as every committee is a heterogeneous group of representatives from different companies.    

Additionally, the opportunity to submit a paper in GHC is an experience in itself.  It provides a great avenue for every individual to put their innovative and creative aptitude to test and compete with the best in the industry. Overall, from idea to execution, the entire journey is exciting, challenging and of course rewarding.” - Sushma Joshi, Co-Champion of SWAN Pune, Senior Manager-Internal Communications and GHC India participant

Anita Borg booth.jpg

Above: Symantec employees at the Grace Hopper Celebration of Women in computing. Symantec’s conference booth featured a variety of activities for participants including a book signing and virtual reality tour of Symantec’s security operations center. 

“Having been personally present for all seven years that Symantec has taken part in the Grace Hopper India conference, I can vouch for the way Symantec’s 'presence' in the mind of people has evolved. From the time where we were only known as a “Norton” company to being now known as a great “cyber security company” has been very evident.

People KNOW us and want to KNOW MORE. This is very encouraging and is compelling enough for us to keep returning, year after year.” – Shefali Desai, Director - Talent Acquisition, and GHC India participant

Anita Borg_Amy C-W.jpg

Above: The Grace Hopper Celebration of Women in Computing was attended by employees from all levels at Symantec, including the company’s Chief Human Resources Officer Amy Capellanti-Wolf.

Turning inspiration into action

The challenge with any conference – not just GHC - is to sustain the enthusiasm when you return to work. How can professionals build and nurture the networks and connections forged at the conference, and carry that through so that the individual, your company and your team can reap the benefits?

Make sure you follow-up on connections you made, discover the tools within your organization to help you do this, make an action or goal list based on what you learned from the event and share this with your manager.

Above all else, continue to grow and learn and be curious, and to share that excitement with others. Passion and the attitude of discovery are infectious.

We are proud to be a sponsor of Grace Hopper and a historical partner of the Anita Borg Institute who continue to help us excite and engage females in technology careers and demonstrate the role a passionate, talented female workforce plays in the future of Symantec and tech.

ABI_virtual reality.jpg

Above: Symantec offered Grace Hopper participants a virtual reality tour of the company’s security operations center.

Meg Layton is Symantec's Leader, Manager Security Services R&D. 

New Launches: Symantec Endpoint Protection 14 and Data Center Security - Server Advanced 6.7 Exams

0
0
Available Now!

About SCS Exams

The Symantec Certified Specialist (SCS) credentials are industry-recognized exams and are available to customers, partners, and employees. The SCS technical certification targets people who have hands-on experience with the product. They might be called technical sales engineers, partner integrators, product engineers, administrators, architects, designers, technical support engineers, or consultants, for example.

Although each technology varies in complexity and depth, SCS exams measure technical knowledge and skills needed to efficiently deploy, configure, utilize, troubleshoot, and optimize Symantec solutions. SCS exams are based on a combination of training material, commonly referenced product documentation, and real-world scenarios. Learn more by visiting http://go.symantec.com/certification.

How do you access this exam?

This exam is delivered only through Pearson VUE test centers.  To register for the exam, log in to CertTracker or create a new account.  Please see our step-by-step registration instructions for more information.

Recommended preparation

Exam Details

  • Number of Questions: 65-75
  • Exam Duration: 90 minutes
  • Passing score: 80%  

 

Questions?

For more information about the Symantec Certification Program, contact Global_Exams@Symantec.com.

Thank you for your support of the Symantec Certification Program!

Everyone Can Be Great Because Everybody Can Serve

0
0
Celebrating Symantec's Own Community Heroes

“Everyone can be great because everybody can serve.” – Martin Luther King Jr.

At Symantec, we believe that together, we have the power to change the world and make it a better, safer place.  And every day, our own heroes are making significant impacts in their communities. The spirited activism, advocacy, and passion of employees on the ground is what transforms our corporate responsibility strategy into tangible, real-world results.

Today we’re celebrating two Symantec employees that exemplify a dedication to service for others, and who have taken a personal passion and turned it into a local movement.

A local cyber security hero

As a Symantec professional, Radio RJ, freelance technology and online safety journalist, and father, Sangam Manikkayamiyer, Principal Security Specialist, Symantec Canada, has now added community ambassador to the list.

While visiting Symantec customers on the East and West Coasts of the United States and educating them on enterprise and personal cyber security, he reflected on how impactful some of these lessons could be for children.

While children are spending a significant portion of their day online, they often do not realize the risks they face and how to mitigate them. For example, the power of a long-term and often permanent online footprint, the importance of a strong passcode and the ability of a perpetrator to track a location based on your social media account.

Sangam reached out to a few schools in his local area of Ontario, Canada and pitched the idea of an online safety course for the students (grades 5-8), incorporating curriculum provided by Symantec and customized for this age range.

The initial session was a hit, the local newspaper wrote a story on his efforts, and news spread quickly to other schools who contacted Sangam and requested he visit. Over the course of his efforts he’s had the chance to interact with over 1,000 students.

It wasn’t only the schools recognizing Sangam. Most recently, he was awarded for his standout efforts in leading the Cyber Security Awareness & Digital Privacy Campaign for kids by Mrs. Sonia Sidhu - M.P., Government of Canada – Canada House of Commons and Mrs. Harinder K Malhi - M.P.P., Ontario Provincial Parliament.

Sangam’s efforts are ongoing and the requests from schools continue to come in. He also continues to learn more with each session he teaches

Sangam originally saw this as a one-time effort and never expected this momentum and recognition, or what a refreshing and rewarding experience it would be. Additionally, he recognizes the benefit to his role at Symantec; through his online safety efforts he is applying his expertise, while also engaging with education and government stakeholders, his key customers, in a way that demonstrates his and Symantec’s broader commitment to their communities.

For Sangam, this is only the starting point. He has the vision and passion to continue to grow his efforts in the years ahead. The Canada House of Commons has asked that he be a monthly spokesperson for their community education efforts with the potential of turning this into a community wide public awareness campaign.

Sangam.jpg

Symantec Canada’s Sangam Manikkayamiyer, Principal Security Specialist, is providing online safety sessions to schools in Ontario and was recently acknowledged by the Canada House of Commons for his exemplary service in the community.

Sangam2.jpg

Mrs. Sonia Sidhu, M.P., Canada House of Commons recognizes Sangam Manikkayamiyer for his ongoing efforts to educate students in online safety.

Supporting India’s children in need

Symantec employee Nilesh Shinge, principal software engineer, is actively involved with the NGO Akshar Bharati (an initiative of Sewa International) on a variety of initiatives to support children in underprivileged and remote regions of India.

With the help of Symantec, his colleagues and friends, he has taken part in numerous activities to strengthen education and literacy, ensure children have the supplies they need for schooling, and contribute to STEM education through fun and engaging science-based activities:

  • Visiting local orphanages and schools, applying a concept based on Arvind Gupta that uses everyday items or trash, such as paper, cardboard, wood sticks, and more, to create educational toys such as Amazing Astronomy, Beginner’s Biology, and Force Fun 
  • Supporting literacy through a weekly reading activity in two schools
  • Distributing school kits and story books to the underprivileged children of rural and tribal area schools. A school kit contains a school bag with notebooks, pencils, eraser, sharpener, crayon box, coloring books etc. To date over 360 school kits have been compiled and distributed (65 in 2015 and 300 in 2016)
  • Distributing Diwali gifts consisting of a story and drawing books for the children
  • Organizing clothing and blanket donation drives for children in the slums of the region
  • Driving financial support for a local NGO working on initiatives for draught affected farmers

Commemorating his hard work, Nilesh recently received the 'Volunteer of the Year' award from Akshar Bharati for his 'Activities and Scientific toys' work, as well as the Global Karamveer Chakra and Rex Karmaveer Global Fellowship instituted by iCoNGO in association with the United Nations.

The Rex Fellowship encourages proactive citizenship and voluntary action.  It helps champions of change and people striving to fulfill their passions and dreams, to network and collaborate with like-minded, ethically and socially conscious global citizens from around the world.

The chosen fellows share their impactful ideas for action and transforming lives at an annual event, the REX Conclave, held in New Delhi. The ideas discussed at the REX forum have led to action for educational reform, climate change, accessibility, humane capitalism, dignity for people living with HIV, and much more.

India.jpg

medal.jpg

Symantec’s Nilesh Shinge receives the Global Karamveer Chakra and Rex Karmaveer Global Fellowship instituted by iCoNGO in association with United Nations. The award recognizes his efforts to support children throughout the region.

India2.jpg

Nilesh Shinge and Symantec employees volunteer to fill and provide school kits for underprivileged children in the Pune region of India. 

Congratulations to these Symantec community heroes! As Martin Luther King Jr. once said “Life’s most persistent and urgent question is, "What will you do for others?” Imagine the impact of everyone dedicating a minute, an hour, a day or more to the service of others. If there is one lesson we can all take from Sangam and Nilesh's stories, it's the power of the individual to make a positive impact.


WEBINAR: Doing More With Symantec Control Compliance Suite

0
0
February 28, 2017

Webinar: Doing More With Symantec Control Compliance Suite

Date: February 28, 2016

Speaker: Anand Visvanathan, Principal Product Manager, Symantec

In the past year, Symantec Control Compliance Suite (CCS) has added several new features that provide additional flexibility and platform coverage including:

•Custom scripting
•Support for network devices and Docker containers
•Generic device platform

Please join us for this special webcast to learn how:

• The new features will simplify and enhance your ability to assess the compliance of your data center and get an update on the product roadmap

Register today

Symantec Endpoint Encryption updated

0
0
V11.1.2 released today

18 January 2017

Today, Symantec releases an updated version of Symantec Endpoint Encryption (v11.1.2) that helps customers encrypt a broader range of devices and operating systems, extends the functionality for managing Windows devices using BitLocker and simplifies the way IT administrators and help desk staff can support their users.

Endpoint encryption is a fundamental technology to ensure that information contained on computing devices is protected, should that device be lost or stolen.  As organisations use an increasing range and variety of devices (tablets, laptops, removable media drives, opal-compliant self-encrypting drives etc.), being able to protect and manage these with one technology solution offers efficiency advantages.  Windows and Apple computers are now provided with native encryption technology (BitLocker and FileVault 2) but their protection is limited to their respective operating systems.

Symantec Endpoint Encryption v11.1.2 protects, not only a wide range of devices, but also provides a unified management console that also supports native encryption technology, with the ability to “lock-out” a Windows device running BitLocker that has failed to connect to the network after a specified period of time.  This new functionality surpasses that provided by Microsoft and allows administrators to proactively protect against potential data loss should a device go missing.

The release provides benefits for administrators, extended support for Microsoft BitLocker, users of Windows tablets and extends platform support.  Further details are below:
 

Administrator Benefits:

Key Recovery Enhancements:

  • Web console: Help Desk administrators now can retrieve recovery keys for users who have forgotten their login credentials.

  • Simplified authentication: Additionally Help Desk administrator can use their domain credentials to authenticate to the web console for key recovery. This eliminates the need for each Help Desk administrator to install the management console on their machines, simplifying key recovery and enhancing the overall product experience.  

 

Bolstered Native Encryption Capabilities (SEE-Bitlocker):

  • Policy-driven client lockout: To reduce the risk of data leakage for SEE-BitLocker encrypted machines, administrators can enforce a policy to lock out machines that fail to communicate with the server beyond a certain period of time, thereby enhancing overall security. 

  • Hardware encryption support: Customers can take advantage of BitLocker hardware encryption via Microsoft eDrive for supported models, ensuring little to minimal impact on overall the performance of the machine.

 

User Benefits:

  • Virtual Keypad Support for Windows Tablets: End users can log in to a SEE encrypted Windows tablet via a virtual keypad. This eliminates the need to rely on a physical keyboard for authenticating to the Windows environment, enhancing the overall experience for Windows tablet users.

Platform Support:

  • Smart card support for Surface Pro 4 tablets

  • Smart card (PIV CACv2) support for legacy BIOS mode

  • BitLocker XTS-AES cipher mode

  • MacOS 10.12.1 (Sierra)

  • Windows 10 Anniversary Update

  • Windows Server 2016

 

Documentation:

Refer to this KB article for the release notes, system requirements and other documentation for this release.

For more information:

Visit the Symantec Endpoint Encryption website

A Climate Change Leader

0
0
CDP Score Demonstrates Symantec’s Improvements to Corporate Climate Strategy and Performance

Former U.S. Treasury Secretary Henry Paulson describes climate change as "the single biggest risk that exists to the economy today." It is estimated that $4 trillion in assets globally will be at risk from climate change by 2030.

At Symantec, focusing on environmental performance not only supports our business objectives, it also contributes to the urgent action needed to combat global climate change and other environmental challenges. Our environmental strategy addresses our responsibility as an individual business and as a global stakeholder to create a world where connectivity and environmental health can flourish. A central part of this is our ability to support a low carbon future through minimizing resource use across our business operations, incorporating environmental stewardship into our product and supply chain operations, engaging employees in protecting the environment and partnering with others to leverage our collective impact.

This past fall CDP published its annual scoring and leadership indices across crucial environmental impact areas including climate change, supply chain impacts, water scarcity and deforestation. CDP is a globally recognized reporting framework that is integral to our environmental strategy for a variety of reasons:

  • Provides a rigorous and standardized framework for measuring and reporting our impact and for targeting improvement efforts. This helps us realize cost savings and mitigate risk while enhancing our company’s status as responsible corporate citizen.  CDP cites that companies reporting and responding to the organization’s climate change program have reported $53bn worth of savings.
  • Enables us to benchmark progress over time and in relation to industry peers, and aligns our reporting and transparency process to that of our industry peers.
  • Demonstrates our commitment to stakeholders, including our investors and customers, many of whom look to CDP to evaluate a company’s environmental strategy and exposure to environmental related risk.  In 2013, CDP was highest ranked in the evaluation of external sustainability raters by SustainAbility in their Rate the Raters report 2013.
    • Investors increasingly incorporate climate change into their investment decisions. According to the CDP, the population of companies that respond to CDP have a 67% higher return on equity than their non-responding peers.
    • Customers often incorporate climate change assessment into RFPs and are concerned about their suppliers’ performance, transparency and accountability. Each year a number of Symantec customers request our CDP data; in 2016 11 key customers requested that we respond to the CDP Climate Change survey.

Symantec is proud to have reported to the CDP Climate Change survey since 2008, CDP Supply Chain since 2012, and to CDP Water for the past three years. Symantec received an A- on our climate change response, placing the company in the leadership bracket.  Additionally, we scored an A- on the supply chain response and a B on the water response.

Details behind our improvements

Our improved CDP Climate Change score wasdue in part to our new ambitious GHG reduction target (reducing GHG emissions by 30% from 2015 to 2025) and environmental projects that resulted in a 5% reduction in GHG emissions from FY15 to FY16. Examples of projects include energy use reductions in our Tuscon data center, energy efficient design and operational updates to our Mountain View campus, increasing our reliance on clean energy in regions such as India, and strategically consolidating space to increase efficiencies.

Additionally, we continued to take part in various industry initiatives to tackle climate change and transition to a clean energy future:

Continuing to set our bar high

Our improvements this year are exciting, however, we recognize the need for continual improvement to meet our goals. Over the coming months we will gather data on our FY17 progress, remain focused on our ambitious 3% per year GHG emission reduction goal, continue our advocacy efforts and work to integrate newly acquired companies into our environmental strategy.

Additionally, as a company whose core mission is the protection of information, we recognize the role our market-leading products and services play in ensuring that technologies contributing to a sustainable future are able to remain safe and secure.

We look forward to bringing you more updates on our environmental activities here on our Corporate Responsibility blog and in our annual CR report next year.

Amanda Davis is Symantec's Senior Manager, Corporate Responsibility and Environment. 

 

Symantec Norton Secure Login Attains Industry’s First Identity Ecosystem Framework Certification

0
0
Solution aligns with the National Strategy for Trusted Identities in Cyberspace for more secure online authentication.
Blog Feature Image: 
Twitter カードのスタイル: 
summary

As more services are provided online – from healthcare patient portals and electronic prescriptions to government services – they must be safe and secure to protect consumers’ personal information.  To respond to this growing need, Symantec’s Norton Secure Login provides a trusted authentication infrastructure for identity assurance. 

Norton Secure Login recently achieved Identity Ecosystem Framework (IDEF) certification – the first identity solution to do so.  The certification provides organizations in the public and private sectors, as well as citizens, with increased confidence that their online services and transactions are secure.

The IDEF was developed by the Identity Ecosystem Steering Group (IDESG), a public-private partnership committed to developing and implementing identity practices that make the internet safer.  The framework is based on the National Strategy for Trusted Identities in Cyberspace (NSTIC), a government initiative calling for an online environment where individuals can choose from a variety of credentials to use in lieu of passwords for interactions conducted online.[1] 

The solution employs Symantec’s proven security measures such as two factor authentication, anomaly detection, activity monitoring, encryption, and single sign-on.  With Norton Secure Login, users can access services and complete transactions online without needing to create and manage multiple log-ins and passwords, which can be easily compromised. 

The IDEF certification confirms that Symantec Norton Secure Login meets a set of common requirements for privacy, security, interoperability, and user experience. It further proves Symantec’s commitment to the NSTIC initiative and dedication to leading the way in providing compliant identity services that support and protect customers’ online activities.  Symantec Norton Secure Login is also Federal Identity, Credential, and Access Management (FICAM) certified– providing Federal agencies with the assurance that it meets the government’s standards for secure authentication.

“Symantec is an IDESG founding member and has been an important and valued contributor to the group and to the development of the IDEF.  Symantec’s investment to improve the identity ecosystem and obtain IDEF certification is clear evidence of its commitment to improving customers’ online security and privacy.  Symantec’s participation in the IDEF further solidifies the framework as the emerging gold standard for Internet identities,” said Sal D’Agostino, IDESG President.

Symantec is one of only four vendors that are FICAM certified and the only vendor to have an identity service that is both FICAM and IDEF certified.  The new certification supports Symantec’s dedication to providing a safe and secure environment to support online innovation for its customers.  As the first company to achieve IDEF certification, Symantec provides its customers – commercial companies and Federal agencies alike – with the comfort of knowing they have a secure authentication infrastructure.

1 http://www.idesg.org/About/Overview

How to Be Successful in Health IT With an Unusual Degree

0
0
Insights from Symantec’s David Finn
Blog Feature Image: 
Twitter カードのスタイル: 
summary

**REPOSTED FROM HEALTHITJOBS.COM BLOG Tuesday, January 17, 2017**

What do theater and health IT have in common? A lot, according to David Finn, CISA, CISM, CRISC, member of ISACA, and Health Information Technology Officer for Symantec. Although he now works to combat major cybersecurity issues in health IT, he began his career with a master’s degree in theater. And he’s just as passionate about health IT as a thespian is about their art. 

“This may be the most exciting time in the history of healthcare and the most exciting time to be engaged in information technology,” Finn said. “Put the two industries together and you have a chance to really change the world, to make people well and keep them healthy with technology. You have the opportunity to change the way healthcare is delivered, making it cheaper, better, and faster than we ever imagined.” 

We spoke with Finn to talk about his unique path into the field, cybersecurity, and the future of health IT. Here’s what he had to say:

Where art meets science

While a theater degree and IT seem like an odd pairing, Finn sees his career as a natural progression. Many of the concepts he learned in theater actually apply to skills he’s needed to succeed in IT. 

Theater is about understanding what drives people to do things the way they do. So, writing code was an easy leap from theater — I was telling a computer what to do to elicit a particular input from an end-user. Play script or deck of punch cards, it was the same process to end production.

For several years, I moved back and forth between IT audit and what was then called management information systems. As an auditor, I learned controls and risk. In IT, I learned that operations for an organization were much more critical than filling out the questionnaires “properly.” Both were important lessons, and they shouldn’t be mutually exclusive. I had been an auditor at a major Integrated Delivery System and I had seen IT from both sides, but “cyber security” hadn’t really been invented yet. 

When I had the chance to move from IT consulting to security in healthcare — this is still before HIPAA was in effect — I jumped at it. It was like writing my own play, where operations and security actually worked together. The best art comes from constraints and limits. The best systems are created when security is built into operations and workflows. An uncontrolled system is as worthless as one that is so locked down, no one can use it.

Taking the path less traveled

For professionals with unusual educational backgrounds looking to enter health IT or even those with at least some of the technical fundamentals, Finn suggests they start on the clinical side.

Learn healthcare first, preferably from an operational perspective, then move to technology. People with clinical backgrounds are in great demand.

So if you are in IT already and want to move to health IT, start to learn how healthcare works. Volunteer at a hospital to see and understand the needs. Take classes. There are more and more educational opportunities to learn health IT. Get certified in privacy or security in healthcare.

Getting involved

Learning the ins and outs of healthcare is just the first step. Finn believes it’s important for all professionals to earn certifications and participate in organizations like ISACA to keep their skills sharp.

Certifications are critical to maintain professionalism and stay current in a world that changes, literally, hour by hour. It is nearly impossible to keep up on your own. And belonging to organizations like ISACA provide the platform, training, and education to keep up with the times. 

ISACA is one the best professional membership organizations worldwide and it is directly related to some of the most important work going on in the world — protecting our information and our identities. ISACA defines the roles of information systems governance, cybersecurity, audit, and assurance.

One of the things that our cyber world has done is shrink our “real” world. Cyber is global, and our training, education, personal network, and certifications should be as well.

The security problem 

Security is one of the biggest issues in health IT right now, but Finn thinks the nature of healthcare will require different solutions. 

In my opinion, there are two main barriers to better security in healthcare. First, because healthcare was late to digitizing business, there was never really a need for cybersecurity. When you could lock up all the medical records in the records room, security was easy. 

Then we rolled out Electronic Medical Records (and that happened quite fast, frankly), but it happened with little attention to privacy and security because no one understood that was a need. So, you have this historical lack of attention to and investment in security. 

Now, people are beginning to understand. After millions of breached records and hundreds of hospitals shut down or slowed down due to ransomware, it is beginning to sink in. Not unrelated to that is the fact that privacy and security was pushed out under HIPAA as a compliance issue. It was more important to check the boxes than to really implement effective, risk-based policy and procedure.

Second, healthcare is a uniquely difficult environment to secure against cyber threats, and often, security measures conflict with care delivery or research. There are a lot of shared devices, many of which are critical to patient care. Routine security measures in other industries sometimes won’t work in a clinical context. You can’t just log a doctor off the system if his session times out in surgery.

Information and trust

Despite ongoing challenges, Finn sees health IT as an exciting field that’s improving information and trust in the healthcare system. 

Introducing information technology to healthcare has already changed it forever. One could argue about which changes are for the good and which may be a step backward in the patient-caregiver relationship, but healthcare will never be the same. I believe, overall, these changes have been and will be immensely positive. 

Healthcare has always been about information: the details the patient can provide, the results of tests, what the physician knows about a specific disease or certain populations of people. But as we learn more, no one person can retain enough information to effectively correlate and synthesize millions of pieces of data. IT makes that possible. IT will be as indispensable as the stethoscope — and may replace it.

How do security, assurance, and privacy play into that? It’s about trust. If patients can’t trust doctors with their information, if physicians can’t trust the veracity of information from patients or other providers, if we don’t know who we are actually talking to or caring for, that is the end of healthcare. 

As we have digitized healthcare, we have made information security and privacy a strategic function of providing care and the business of healthcare. Data may run at internet speed, but healthcare runs at the speed of trust.

Take the Customer Satisfaction Survey and Win with Symantec!

0
0
Twitter カードのスタイル: 
summary

As a member of the Connect Community, we value your opinion about how we're doing and where we can improve. Please help us by taking this survey and tell us about your experience with Symantec Connect. One lucky winner will receive 500 Connect points!*

Take the survey. 

* The winner will be selected from a random drawing of survey respondents and will be announced via this blog post on 2/13/17.

2017 年以降のセキュリティ: シマンテックによる今後の予測

0
0
Blog Feature Image: 

この 1 年間で、サイバー犯罪者が企業情報のデータを狙う手口には大きい変化が見られました。民主党全国委員会などの組織に対する攻撃や、Dyn への攻撃の脅威を受けて、情報セキュリティが最優先されるようになり、IT 部門の責任者は厳重な警戒態勢を続けています。クラウド時代が進み、企業で職場のデジタル化が続いていくと、従業員はいつでも、どこからでも、どんなデバイスを使っても業務をこなせるようになるため、情報セキュリティに対する焦点の当たり方も必然的に変わるでしょう。

セキュリティを取りまく世界は常に変動しているので、時間をかけてでも、予想されるリスクを評価し、セキュリティ業界がどんな点に特に注意すべきなのか確かめる必要があります。2017 年を間近に控え、シマンテックは今後の数年間に予想される傾向を綿密に予測しました。

企業の未来を決めるクラウド時代のダイナミクス

  • 企業ネットワークが拡大し、境界線が不明確に: 従業員のなかでモバイル化が進むため、オンプレミスのネットワークを中心に保護するという発想ではますます近視眼的になります。クラウドに接続していれば、単一のネットワークをファイアウォールで保護することは、必要ありません。企業はすべて、高価で無意味なネットワークソリューションに投資するより、Wi-Fi とクラウドベースのサービスに移行し始めるでしょう。
  • ランサムウェアがクラウドを攻撃する:クラウドベースのストレージやサービスへの大きいシフトが進んでいることから、クラウドは攻撃者にとって儲けの大きい標的になりつつあります。クラウドは、ファイアウォールなど従来型のセキュリティ対策で保護されていないので、企業がデータを守る防衛線も変わっていきます。クラウドが攻撃されれば、被害額は何百万ドルにも及び、重要なデータも失われます。クラウドの保護は、これからますます不可欠になるでしょう。
  • AI/マシンラーニングには高度なビッグデータ機能が不可欠: 2017 年、マシンラーニングと AI はひたすら成長を続けるでしょう。新しい形のマシンラーニングと AI が市場に流入し続けており、企業は無数のエンドポイントや攻撃センサーからデータを収集して分析できるソリューションに投資する必要があります。その対象は、各企業の枠を越え、業種や地理の壁も越えています。毎日、毎分、毎秒で変化するグローバルな戦場の最前線でどう闘うかを機械に教え込むためには、こうしたソリューションの役割が必須になります。

本格化するサイバー犯罪

  • 「無法国家」が自らの手で犯罪行為に乗り出す:すでに、SWIFT への攻撃で前例が見られたように、いわゆる「無法国家」が、利己的な意図で組織犯罪と手を組むという危険な可能性があります。国家の政治システム、軍事または経済システムが停止に追い込まれる可能性すら想定されるでしょう。
  • ファイルが存在しないマルウェアが増える: ファイルレス感染(まったくファイルを用いず、直接コンピュータの RAM に書き込まれる感染)は、検出が難しく、侵入防止やウイルス対策のプログラムも容易にすり抜けてしまいます。この種の攻撃は、2016 年の 1 年間で増加しましたが、2017 年にもさらに増えるでしょう。特に、PowerShell が攻撃に利用される恐れがあります。
  • SSLを悪用したフィッシングサイトが増加する: HTTP のみのサイトを危険に分類するという計画を Google が最近発表したことを受け、無料の SSL 証明書の人気が上がっています。そのため、悪質な検索エンジン最適化の手法によって、セキュリティ標準が弱体化し、スピア型フィッシングやマルウェアの可能性があるプログラムが横行しそうです。
  • ドローンがスパイ活動や過激な攻撃に悪用される: これは 2017 年に起きる恐れもありますが、さらにそれ以降に起こる可能性が高いでしょう。2025 年までには「ドローンジャック」も発生するものと予測されています。ドローンの操作信号を傍受し、攻撃者の都合に合わせてドローンを利用するのです。この可能性を踏まえると、ドローンハッキング対策として、ドローンの GPS など重要システムを制御するテクノロジーも進むと考えられます。

エンタープライズビジネスに押し寄せる IoT(モノのインターネット)

  • クラウド時代に伴う脅威の増加: ウェアラブル、仮想現実、インターネット対応の IoT デバイスといった新しいテクノロジーを従業員がネットワークに持ち込むことを企業が許容する傾向は、今後も続くでしょう。それとともに、クラウドのアプリケーションとソリューションのおかげで、労働力の急速な分散化もサポートされるようになっています。大規模な企業は、エンドポイントデバイスを保護するのではなく、あらゆるアプリケーションとサービスにわたってユーザーと情報を保護するという方向にシフトを迫られるでしょう。
  • IoT デバイスの企業への浸透が進み、IoT への DDoS 攻撃が増加: コンピュータとモバイルデバイスの脆弱性に対応するだけでなく、インシデント対応チームはサーモスタットなどのインターネット対応デバイスが、ネットワークに侵入する足がかりになると心する必要があります。10 月に確認された Dyn への攻撃で、企業レベルのセキュリティに対応していない大量の IoT デバイスが存在し、攻撃に対してきわめて脆弱なことが明らかになりました。導入される IoT デバイスが増えていけば、セキュリティ侵害のリスクも増えるでしょう。セキュリティに乏しいデバイスがひとたび市場に出回れば、その問題を是正するには、リコールするかセキュリティアップデートを発行するしかありません。

2016 年は、情報セキュリティ業界にとって新しい課題が次々と登場する年でしたが、2017 年も同様に危機的な年になる可能性があります。予想される脅威についての認識を深めれば、自分たちの保護態勢を強化し、攻撃を受けた場合でも対策を講じることができるはずです。

【参考訳】


Greenbug cyberespionage group targeting Middle East, possible links to Shamoon

0
0
Greenbug may answer the question of how Shamoon obtains the stolen credentials needed to carry out its disk-wiping attacks.

続きを読む

Greenbug 网络间谍团伙将目标瞄准中东地区可能和 Shamoon 有所关联

0
0
Shamoon 如何盗取执行磁盘数据清除攻击所需的认证信息,Greenbug 可能会解答这一问题。

続きを読む

2016 年 12 月の最新インテリジェンス

0
0
1 日あたりに遮断される Web 攻撃の数は、ほぼ 10 万件近く増加し、シマンテックは法執行機関によるサイバー犯罪の摘発に貢献しました。

続きを読む

机场登机门显示屏泄漏机票预定代码,使乘客信息面临风险

0
0
网络攻击者利用泄露的预定代码,可完全掌控乘客机票预定,并可取消航班,盗取敏感信息。

続きを読む

マイクロソフト月例パッチ(Microsoft Patch Tuesday)- 2017 年 1 月

0
0
今月は、4 個のセキュリティ情報がリリースされており、そのうち 2 件が「緊急」レベルです。

続きを読む
Viewing all 5094 articles
Browse latest View live




Latest Images