Articles on this Page
- 03/03/17--17:23: _Website Identity- T...
- 03/03/17--10:09: _It’s a Sweep: Syman...
- 03/07/17--10:59: _Technopreneur Abiol...
- 03/08/17--10:40: _How can we attract ...
- 03/08/17--20:27: _Symantec Products N...
- 03/10/17--00:15: _シマンテック製品、WikiLeaks ...
- 03/10/17--07:10: _Latest Intelligence...
- 03/10/17--11:40: _Building Out an End...
- 03/12/17--21:13: _Symantec Endpoint P...
- 03/12/17--23:31: _2017年2月最新情报
- 03/13/17--05:59: _Spam campaign targe...
- 03/13/17--06:21: _ITMS long upgrade t...
- 03/13/17--10:51: _Symantec: Ready for...
- 03/13/17--17:12: _Minnesota’s Common ...
- 03/13/17--19:04: _网络攻击者在垃圾邮件攻击活动中使用虚假...
- 03/13/17--22:33: _2017 年 2 月の最新インテリジェンス
- 03/14/17--02:03: _偽のセキュリティソフトウェアを添付して...
- 03/14/17--13:44: _Microsoft Patch Tue...
- 03/15/17--01:07: _マイクロソフト月例パッチ（Micros...
- 03/15/17--01:35: _微软“周二补丁日” — 2017年3月
- 03/03/17--17:23: Website Identity- The Key to Safety in E-Commerce
- Gartner rated us in the Leaders quadrant for Endpoint Protection Platforms – the 15th consecutive time we’ve made their endpoint Leaders quadrant.
- AV-Test awarded us “Best Protection” for endpoints – making us the first company to win the award in both business and consumer categories two years in a row.
- NSS Labs rated us as “Recommended” for Advanced Endpoint Protection, with strong ratings for security effectiveness and total cost of ownership.
- IDC ranked us as the global market share leader for endpoint security, with 18.2% share of the corporate market and 27.6% of the combined corporate and consumer market (more than the next two players combined).
- Forrester rated us as one of the top three Endpoint Security Suites in their Q4 2016 “Wave” report.
- Radicati awarded us the highest ranking in its “Top Players” category for Endpoint Security.
- 03/07/17--10:59: Technopreneur Abiola Ilupeju is Paying it Forward
- 03/08/17--10:40: How can we attract more women to careers in cyber security?
- 03/08/17--20:27: Symantec Products Not Compromised By Latest WikiLeaks Disclosure
- 03/10/17--00:15: シマンテック製品、WikiLeaks の最新の情報公開による影響なし
- 03/10/17--07:10: Latest Intelligence for February 2017
- 03/10/17--11:40: Building Out an End-to-End DPA Strategy
- 03/12/17--21:13: Symantec Endpoint Protection 14、最新のアナリスト評価でも圧倒的な優位を実証
- Gartner により、エンドポイント保護プラットフォームの部門で「リーダー」に格付け。シマンテックは、エンドポイント部門で連続 15 年間、「リーダー」を獲得したことになります。
- AV-Test から、エンドポイント製品部門の「Best Protection Award」を受賞。ビジネス部門とコンシューマー部門の両方で初の 2 年連続受賞という快挙です。
- NSS Labs では、Advanced Endpoint Protection（高度なエンドポイント保護）部門で「Recommended」に格付け。セキュリティ効果と総保有コストが高く評価されました。
- IDC により、「エンドポイントセキュリティのグローバル市場シェアリーダー」と格付け。シマンテックは、法人市場で 18.2% のシェア、法人とコンシューマーを合わせた市場では 27.6% のシェア（後続 2 位の 2 倍以上）を達成しています。
- Forrester は、2016 年第 4 四半期の報告書「Wave」において、シマンテックを「エンドポイントセキュリティスイートのトップ 3」に選出しました。
- Radicati は、エンドポイントセキュリティの「Top Players」カテゴリで、シマンテックを最高ランクと評価しました。
- 03/12/17--23:31: 2017年2月最新情报
- 03/13/17--06:21: ITMS long upgrade time & workflow "Task Tray tool"
- 03/13/17--10:51: Symantec: Ready for the Cybersecurity Executive Order
- 03/13/17--17:12: Minnesota’s Common Cyber Challenge
- 03/13/17--19:04: 网络攻击者在垃圾邮件攻击活动中使用虚假安全软件，将目标瞄准金融机构
- 03/13/17--22:33: 2017 年 2 月の最新インテリジェンス
- 03/14/17--02:03: 偽のセキュリティソフトウェアを添付して金融機関を狙うスパム攻撃
- 03/14/17--13:44: Microsoft Patch Tuesday – March 2017
- 03/15/17--01:07: マイクロソフト月例パッチ（Microsoft Patch Tuesday）- 2017 年 3 月
- 03/15/17--01:35: 微软“周二补丁日” — 2017年3月
Website identity is important for user safety. While encryption is important, knowing who you are encrypting to is paramount when conducting online transactions. While many users can identify the green bar/lettering associated with an Extended Validation (EV) certificate, recent user interface (UI) changes by browsers make it more difficult to differentiate these certificates from low value, domain validated certificates. This makes it a challenge to figure out the true owner of the website.
For example, Chrome recently changed the certificate UI for Domain Validated (DV) certificates to show a green padlock. With an increase of DV certificates used by fraudsters for phishing (see: http://toolbar.netcraft.com/stats/certificate_authorities), it is becoming more and more difficult for users to determine if a site is legitimate. DV certificates don’t identify the entity behind the website. You just know you are connected to www.example.com. There is no ownership information vetted about example.com. Organizationally Validated (OV) and EV certificates provide ownership information allowing a user to know who the site belongs to. But unfortunately, browsers do not distinguish sites with these types of certificates.
This chart from the CA Security Council (CASC) shows the confusing UIs that are in current browsers: https://casecurity.org/browser-ui-security-indicators/. It’s no wonder that users have trouble understanding the differences in the various certificates. And they are constantly changing.
A proposal from the CASC for a common, easy to understand, user display for website identity is shown below:
The members of the CASC which include the 7 largest SSL issuers in the world, are endorsing a paper on Website Identity Principles, which was presented at the RSA Conference on February 15, 2017. There are three main principles that summarize the intent of this paper:
1. Website identity is important for user safety.
2. Different TLS certificate types that are used to secure websites – Extended Validation (EV), Organization Validated (OV), and Domain Validated (DV) certificates – should each receive a separate, clearly-defined browser UI security indicator to tell users when a website’s identity has been independently confirmed.
3. Browsers should adopt a common set of browser UI security indicators for different certificate types, and should educate users on the differences among these indicators for user safety.
More information on these principles is available on the CASC website (https://casecurity.org/identity/).
It’s been four months since we launched Symantec Endpoint Protection 14, and the positive reviews are rolling in – from customers, partners, analyst firms and testing labs.
As our CEO Greg Clark shared in our earnings call, SEP 14 is “off to a strong start” and we’re seeing an “acceleration of new wins and pipeline” as customers and partners embrace our unified approach to endpoint security. No longer do you need a series of specialized agents doing piecemeal work to protect users against advanced threats at the endpoint. With SEP 14, we can deliver prevention, detection and response within a single lightweight agent – working across multiple devices and operating systems.
We’ll share more about customer and partner progress in future posts. In the meantime, we want to share some exciting validation from the latest analyst reports and lab benchmarks:
All this feedback is particularly gratifying, since we invested in significant innovations to protect against evolving threats, all while improving product performance and enhancing orchestration with other protection technologies (including ATP: Endpoint and Secure Web Gateway). Here’s some more detail on the analyst commentary and testing benchmarks:
Gartner: Magic Quadrant for Endpoint Protection Platforms (Jan’17)
Gartner puts us in the Leaders quadrant, both for “ability to execute” and “completeness of vision.” Gartner notes that the endpoint market “is heating up again,” and “given the rapid pace of innovation, EPP administrators should upgrade to latest version as soon as practical.” They recommend doing a “configuration policy checkup” with existing vendors to ensure effective protection, while embracing important new features: “EPP buyers should look for vendors that focus on memory exploit protection, script analysis and behavior indicators of compromise. Ultimately, we believe that vendors that focus on detecting behavior indicative of attacker tradecraft (that is, tools, tactics and techniques) will be the most effective.” They also note that EPP vendors are adding EDR capabilities: “Integrated EDR functions can provide an early warning that threats have bypassed malware detection, as well as an invaluable tool for investigating alerts and recovering.”
AV-TEST awarded Symantec “Best Protection” for 2016, making it the only vendor ever to win Best Protection for both corporate and consumer users for two consecutive years. AV-TEST concludes: “With virtually 100% malware detection in all six certification tests throughout the year, Symantec’s Endpoint Protection demonstrates strong protection for corporate users above the industry average.” (Readers should note that AV-TEST conducts both open and commissioned tests, so make sure you read the fine print on vendor claims. Symantec participates in the open tests that are completely controlled by AV-TEST, with no vendor influence on test methodology. We consistently outperform competitors in those real-world tests, which simulate what end users do and the attacks they normally face.)
NSS Labs gave us its “Recommended” rating in the labs’ first-ever Advanced Endpoint Protection benchmark, with a 98.7 percent security effectiveness score. The new test is designed to determine the efficacy of advanced endpoint security, well beyond traditional anti-virus and firewall capabilities. This test evaluated our SEP 14 product together with ATP: Endpoint (for endpoint detection and response). Unlike many vendors, our products detected 100% of evasion techniques which is an important evaluation criterion. While some NSS results have been debated by other vendors, and we may have our own quibbles, we believe it’s an important testing initiative that reflects the evolution of the market for holistic prevention, detection and response.
IDC: Worldwide Endpoint Security Market Shares, 2015 (Nov’16)
IDC’s analysis showed Symantec leading the market with 27.6% share of an $8.5 billion endpoint security market, as of 2015. Symantec led both the corporate endpoint security market (18.2% share of $4.2 billion) and consumer endpoint security market (37.8% share of $4.3 billion). Symantec also held #1 or #2 market share in four of five subcategories of corporate endpoint security, including access and information protection (#1 with 23.0%), antimalware (#1 with 21.6%), server security (#2 with 26.3%), and security suite vendors (#2 with 17.8%). IDC also noted that the Blue Coat acquisition “could enable stronger Symantec endpoint protection ties between Blue Coat’s cloud and web security gateways and its network packet recording and security analytics platform.”
Forrester ranks Symantec as one of the top three vendors, concluding: “Symantec offers the most complete endpoint security suite on the market. Symantec’s deep bench of endpoint security technologies spans a range of prevention, detection, and remediation capabilities. Almost every possible attack surface is covered when buyers utilize the full extent of this portfolio.” Forrester sees additional strengths as Symantec continues to develop “advanced post-compromise detection techniques,” and extends integration of endpoint protection with other Symantec and Blue Coat products.
Radicati Group: Endpoint Security – Market Quadrant 2016 (Nov’16)
Radicati places us at the top of its “Top Players” category, highlighting our approach to “multi-layered protection powered by artificial intelligence and advanced machine learning.” The report calls out SEP 14’s “many features” for both physical and virtual machines, and notes that the “level of granularity and flexibility in the management console is higher than many other solutions in the market.” Radicati also notes our competitive pricing “given the rich functionality of Symantec’s endpoint security platform.”
Not Resting on Our Laurels
Endpoints have become the battleground for protecting users against advanced threats. We take that responsibility seriously, and we are committed to staying at the forefront of both innovation and integration on the endpoint. We have a long track record – including 15 years as a Leader in Gartner’s Magic Quadrant – and don’t plan to sit still or play it safe. Together with your input, we can make endpoint security a cornerstone of integrated cyber defense, protecting users and their data and messages wherever they roam.
# # #
For more information, download and read the Gartner Magic Quadrant for Endpoint Protection Platforms and the Forrester Wave on Endpoint Security Suites.
For Abiola Ilupeju, mentorship has shaped her career into what it is today. Her first experience was during her second year of college when a lecturer she admired greatly shared her IT consultancy experience in class. Soon after this, Abiola realized she wanted to do the same and began to look for ways to prepare and shape her career. It was then that she came across the opportunity to apply for the TechWomen program.
TechWomen is an initiative of the U.S. Department of State's Bureau of Educational and Cultural Affairs that aims to provide professional development, mentorship and skills development opportunities to women from Africa, Central and South Asia, and the Middle East. Symantec is a proud partner of TechWomen where to date the company has hosted 21 female Emerging Leaders.
As part of TechWomen, future female leaders in STEM come to work at Symantec and other leading Silicon Valley technology companies for five weeks. Participants work side-by-side with Symantec mentors, gaining technical and soft skills to take back to their job and share with others. Each year, select mentors also choose to visit participant home countries and engage females in STEM through additional mentoring, educational workshops and more.
Abiola chose TechWomen because of the opportunities it presented to build her network and learn from the best in Silicon Valley. When asked to select the placement company of choice, Symantec was top of her list as she felt strongly that learning from professionals at the world’s leading cyber security company would strengthen her future career.
Technopreneur, Symantec TechWomen participant, and founder of Moat Consulting and Moat Academy, Abiola Ilupeju, is working hard to strengthen the IT industry in Nigeria through best practice technical consulting and critical skills development for local IT professionals.
Her experience at Symantec was a rich one, where she received technical training in various areas by Symantec mentors from Mountain View to India. Additionally, Symantec sponsored Abiola’s attendance at the Grace Hopper Conference that she describes as “a once in a lifetime experience”.
Abiola at the Grace Hopper Celebration in 2015, along with over a hundred other Symantec technical women.
Even after the program completed, Abiola received ongoing mentorship from her Symantec professional mentor Eileen Brewer, another ongoing benefit of the program.
“The leadership session in the TechWomen program gave me the opportunity to meet and learn from women leaders who revealed the secrets of their career success. On the very first day, Sheila Jordan, Chief Information Officer (CIO) of Symantec spoke to us on ‘Personal Branding and Impact’. An inspiring aspect of her career story was the fact that she had a background in Accounting, not IT. Many of the statements she made that day have become my favorite quotes that I reflect on now.
I also had the opportunity of meeting the then Symantec CEO Mike Brown with the other Emerging Leaders during the event. It was a surprise as my professional mentor, Eileen Brewer, introduced us. I never thought I would have the chance to meet the CEO of such a large company within five weeks of my professional mentorship in the company.”
Today, Abiola is the founder of Nigerian-based Moat Consulting and Moat Academy, which go hand-in-hand to support locally developed, high quality software. Moat Consulting offers high-caliber technical consulting, while the Academy provides targeted training to ICT graduates to increase their qualifications and employability. According to a recent article “Moat Academy is on a mission to make unemployed software developers become employable”, the academy’s first cohort graduated in January with the second set to begin this past month.
“During a discussion with my professional mentor from Symantec, Eileen Brewer, we were trying to streamline all the offerings of my company, Moat Consulting Limited. Through our conversations, I realized that rather than just testing the software products, I could also train and raise developers in globally acceptable best practices in software development. This gave birth to the creation of Moat Academy.”
Growing Moat Consulting and Moat Academy has not been without its challenges. For example, Moat Academy has faced skepticism from the public as they work to increase awareness and build credibility of the consultancy. Additionally, for many the Academy’s “10-week boot camp” approach to training is new. Some initially questioned how you could take someone with little or no prior knowledge in software development to an advanced level within a short time frame.
Abiola and her team are well aware and working to address this. For example, the boot camp includes an intensive class where participants deliver various hands-on and real-world coding projects as they build their portfolio at the boot camp. Students share their projects publicly, which as positively influenced perceptions of the boot camp approach and increased awareness of Moat Consulting. Additionally, the consultancy has begun building partnerships with local companies that have expressed interest in hiring Moat Academy graduates.
Abiola’s goal is to increase the quality of locally developed software products and to offer a platform where professionals can learn from globally acceptable best practices in software development. Additionally, she hopes to expand the training to other areas of software development such as Testing/ Quality Assurance and IT Security.
“I want Moat Academy to be a bridge between academia and the industry, a place where every graduate interested in software development can come to hone their skills before transitioning into jobs.”
She will also continue to make her mark on the lives of many through the ever-expanding TechWomen Alumni Network, the network she describes, “is like a family with ‘sisters’ helping and strengthening one another to succeed.”
As a TechWomen alumni, technopreneur / founder of Moat Consulting, and champion for skills building through Moat Academy, there is no doubt Abiola is someone that many professionals in tech will aspire to follow.
As a delegate of TechWomen, Abiola Ilupeju had the opportunity to visit Symantec where she worked closely with Symantec mentors, met leaders across the business, and gained valuable technical and soft skills.
Featuring a article from Symantec Security Response Threat Intel’s #WednesdayWisdom Medium column, a weekly read to help improve your cyber security knowledge and keep you informed on important developments.
Today is International Women’s Day, a global day to celebrate the achievements of women and call for gender parity in all walks of life around the world.
So, it is a fitting moment to consider the position of women in STEM and, in particular, cyber security.
Research carried out by the National Center for Women and Information Technology (NCWIT) in the US in 2015 found that just one quarter of computing jobs were held by women. The disparity in cyber security is even more drastic, with a survey by ISC2 in 2015 finding that just one tenth of those working in cyber security were women.
That same survey also found pay inequalities, with 47 percent of men reporting salaries of $120,000, compared to 41 percent of women.
The underrepresentation of women in cyber security is significant for many reasons. Many studies show that gender diverse organizations perform better. However, the cyber security industry has a more immediate talent gap problem with the demand for cyber security talent expected to rise to six million globally by 2019.
Symantec’s number one priority is the protection of our customers. With the world’s largest civilian research organization, we spend every day identifying and stopping vulnerabilities and attacks, regardless of where threats may originate. Based on the information contained in the Vault 7 release, to date we see no evidence of the ability to bypass or exploit vulnerabilities in Symantec products and services. In addition, we are carefully reviewing the documents and data released to identify areas where Symantec’s solutions that span the endpoint, data protection, cloud and network may be able to protect our customers and help mitigate the variety of risks included in the WikiLeaks release. We will continue to diligently monitor for any further information released and will keep our customers and constituents updated here: Click to Access Link
シマンテックが常に最優先に考えているのは、お客様をお守りすることです。民間として世界最大の研究機関を擁するシマンテックは、どんな発生源からの脅威であろうと、脆弱性と攻撃を特定し、食い止めようと、日々尽力しています。WikiLeaks が公開した Vault 7 に含まれる情報を調べた結果でも、シマンテックの製品やサービスに関してセキュリティをすり抜けたり、脆弱性を悪用したりできるという証拠は、今のところ見つかっていません。そのうえでシマンテックは、公開された文書とデータを慎重に吟味しながら、自社のソリューションによってお客様を保護できる範囲を見極め、WikiLeaks の発表に含まれるさまざまなリスクを緩和できる分野を特定しています。シマンテックのソリューションは、エンドポイントからデータ保護、クラウド、ネットワークまでに及ぶからです。シマンテックはこれからも、公開される情報を鋭意モニタし、お客様や関係各位に最新の情報をお届けしていく予定です。
Number of new malware variants reaches highest level since October 2016 and Symantec uncovers a wider campaign carried out by Shamoon attackers.
Co-authored by Ken Durbin, CISSP and Kevin McPeak, CISSP, ITILv3
(Continued from part nine in our series on Canada's Digital Privacy Act)
In the previous blogs of this series, we covered the five major Functions of the NIST Cybersecurity Framework (CSF). We explained how these Functions break down into their respective Categories, Subcategories, and Informative References. We also discussed how the NIST CSF can help your organization to best prepare for the Canadian Digital Privacy Act (DPA). Symantec recommendations are based on decades of research and close collaboration with our partners and customers across numerous industries. We’ve seen large organizations develop outstanding cybersecurity programs and we’re able to notice patterns that typically occur when developing successful organizational cyber defensive teams.
Appointing a CISO and Task Organizing for Cyber Success
Achieving success on this journey typically begins by appointing a Chief Information Security Officer (CISO) who is a committed cybersecurity leader who can effectively develop and drive policy, implement procedures, and provide proper cyber training for your staff across all organizational levels. Hiring such a leader ensures that your organizational cyber audits and related compliance activities are not simply paper exercises, but that those activities foster realistic confidence in your cyber preparedness. Although many organizational structures require the CISO to report directly to the Chief Information Officer (CIO), you should consider appointing your CISO as an “organization chart peer” to your Chief Information Officer (CIO). This type of CISO role allows the CISO to develop his or her own reporting relationships with access to the CEO and Board of Directors, with a commensurate budget and executive support to invest in a strong cybersecurity program with supporting processes and defensive technologies.
Imagine if your company’s cybersecurity team served as an elite example to a myriad of organizations across Canada. Rather than “build” cyber hygiene components “around” existing legacy IT systems, imagine if your business could effectively “clean house” and remove insecure technologies and broken processes and replace them with IT systems and automated procedures that have security baked in from inception rather than tacked on as an afterthought. Imagine also if your business was able to understand and anticipate new, emerging cyber threat vectors and take fast, proactive, defensive countermeasures – almost in real-time – and prior to adversaries attacking your systems through those new attack surfaces.
Once the right CISO is in place within an organizational structure that allows for energetic cyber leadership, that CISO can implement policies and continuously review them as they are implemented. Examples of policies that should be developed and put in place for acceptable use, security awareness training, BYOD, flash/USB drive use, incident response, vendor relationship management (and vendor risk management), outsourcing activities such as cloud deployments, and DPA.
Centralizing, Rationalizing, and Managing IT Assets to Include Hardware, Software, Hosted Solutions, and Cyber Tools
A centralized asset identification and asset management system should then be put in place. You can’t conduct proper defense, and can’t realize cost reductions, if you do don’t know what hardware and software you have deployed throughout your enterprise. In essence, you can’t protect what you don’t know you have or that you can’t see. Hardware should be actively managed via tools that conduct network device inventory, and then track those devices throughout their lifecycle from their initial procurement through their end-of-life tech refresh activities. In this way, only authorized devices are given access to network infrastructure and resources, and unauthorized and unmanaged devices are found, prevented from gaining access, and removed. Likewise, with regards to software, rigorous software discovery should occur at a regular cadence to identify rogue applications that have found their way inside the trusted perimeter. A mature, predictable, reliable patch management regimen should be in place to identify operating system and application patches that are needed, testing and evaluating such patches, and then rolling those approved and tested patches across the enterprise should occur on a regular, well tracked basis. Lastly, rogue hosting solutions should likewise be identified and blocked.
Once a professional CISO is in place, and the above mentioned policies, procedures, and asset tracking methods are implemented, the business of identifying, procuring, and deploying cybersecurity and audit tools should occur. If existing security tools are in place, a top to bottom review of those security tools should occur in order to remove duplicative tools, reduce licensing costs, improve security insight, and prevent such tools from causing harm on the network.
Data Governance, Data Classification, & Configuration Management
Rules for proper data governance should be put in place to insure that sensitive data is tracked and secured. The new CISO should know who owns what data sets, and those data sets should be classified for their level of sensitivity and tagged for use as Sensitive, Internal, or Public. Information Exchange Agreements should also be reviewed and periodically reassessed to insure that your business is only sharing sensitive information with trusted downstream partners who have an operational need to know and business needs that justify the added risk posture.
Configuration Management should then be put in place to establish, implement, and actively manage (track, report on, correct) the security configuration of laptops, servers, workstations, and mobile devices using a rigorous configuration management and change control process in order to prevent attackers from exploiting vulnerable services and settings. If your business relies not just on Information Technology (IT) assets but also on Operational Technology (OT) assets, such as SCADA systems or Internet of Things (IoT) devices, these devices should also be rigorously and consistently reviewed for proper configuration as well. Proper Configuration Management entails conducting change control approvals before deployment, along with risk and vulnerability assessments of existing infrastructure. The goal is to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers.
The new CISO will likely establish a robust, defense in depth posture for your business. Technologies such as firewalls, IPS/IDS, web proxy, DLP, SSL visibility/inspection, encryption, automated audit & compliance reporting, multi-factor authentication (MFA), cloud access security broker (CASB), and cloud based e-mail security infrastructure are all likely candidates for finishing out a robust cyber security build that meets the spirit and the guidance found within the NIST CSF.
As a cybersecurity leader, Symantec recommends a comprehensive cybersecurity program be put in place to meet your organization’s cyber defense needs. Your goal should be to fully protect your people, data, and devices from both external and internal attacks and data loss. Many Symantec solutions are currently capable of feeding directly into such a programmatic approach. As your business selects various products to achieve specialized cyber objectives and to build out or enhance your DPA strategy, our team is willing to help. Click here when you are ready to work with our specialists.
In the meantime, for more information on anything you've read as part of this series on Canada's Digital Privacy Act, please visit our webpage that has links for a white paper, a webcast and infographic on the topic.
リリースから 4 カ月。Symantec Endpoint Protection（SEP）14については、お客様やパートナー様からも、市場調査企業、研究所からも肯定的なレビューが続いています。
弊社 CEO の Greg Clark が収支報告のなかで述べたように、SEP 14 は「好調な出だし」を見せており、顧客とパートナーがエンドポイントセキュリティに関するシマンテックの統一的なアプローチを支持してくださるおかげで、「新しい利益と販路が加速する」と予測されています。エンドポイントで高度な脅威からユーザーを守ろうとするとき、固有の機能をはたす専用のエージェントをいくつも用意する必要はもうありません。SEP 14 なら、軽量なエージェント 1 つだけで予防・検出・対応が可能になり、それが複数のデバイスや OS 上で動作します。
どの反響を見ても、弊社の達成感はひとしおです。シマンテックは、進化し続ける脅威に備えるかたわら、製品のパフォーマンスを改善し、他の保護技術（ATP: Endpoint や Secure Web Gateway など）との融合を推し進めるべく、膨大なイノベーションを投入してきたからです。調査会社による評価やテスト結果を、もう少し詳しくご紹介しておきましょう。
Gartner は、「実行能力（ability to execute）」と「ビジョンの完全性（completeness of vision）」の両方で、「リーダー」に位置付けられました。Gartner は、エンドポイント市場が「再び激化し」ていると述べ、「急速に進むイノベーションを考えると、EPP の管理者は現実的な範囲で可及的速やかに最新版にアップグレードすべきである」と指摘しています。重要な新機能を取り込みつつ効果的な保護をめざすために、既存のベンダーについて「設定ポリシーの総点検」を実施するよう推奨して、Gartner はこう続けます。「EPP の購入に際しては、メモリ攻撃に対する保護、スクリプト解析、侵害の動作指標を重視しているベンダーを選定する必要がある。最終的には、攻撃者が駆使する手法（ツールや戦術、技術など）の手がかりとなる動作の検出に主眼を置くベンダーが、最も効果をあげるはずである」。また、EPP ベンダーが EDR（エンドポイントにおける検出および対応）機能も追加していると指摘。「EDR 機能の統合で、マルウェア検出をすり抜けられた場合でも早期警告が可能になり、アラートの調査と回復に用いる貴重なツールが得られる」と記しています。
AV-TEST の Best Protection Award 2016（2017 年 2 月）
シマンテックは、AV-Test による 2016 年度「Best Protection Award」を受賞しました。これでシマンテックは、法人ユーザーとコンシューマーユーザーの両部門で 2 年連続「Best Protection」に輝くという初記録を樹立したことになります。AV-TEST の結論はこうです。「シマンテックの Endpoint Protection は、1 年間を通じ 6 つの認証テストすべてにおいて、ほぼ 100% のマルウェア検出を記録。法人ユーザー向けに、業界平均水準を上回る強力な保護を実現している」（AV-TEST は、公開試験と受託試験をどちらも実施しているため、ベンダーの発表については必ず細部までお読みになることをお勧めします。シマンテックは公開テストに参加していますが、テストは完全に AV-TEST 主導で行われており、テスト手法についてベンダーの介入はいっさいありません。そうした条件のもと、エンドユーザーの行動とユーザーが遭遇する攻撃をシミュレートする現実的なテストで、シマンテックは常に競合製品を超える結果を残しています）
NSS Labs の Advanced Endpoint Protection Test（2017 年 2 月）
NSS Labs は、同研究所として初となる Advanced Endpoint Protection のベンチマークで、セキュリティ効果 98.7% というスコアを記録したシマンテック製品を「Recommended」と評価しました。これは、従来のウイルス対策やファイアウォール機能を大きく上回る、高度なエンドポイントセキュリティの効果を測る新形式のテストです。シマンテックの SEP 14 製品と、ATP: Endpoint（エンドポイント検出・対応の製品）があわせて評価されました。他のベンダーと違って、シマンテック製品はセキュリティ回避の手口を 100% 検出します。これは重要な評価基準です。NSS Labs のテスト結果については他のベンダーによっても論じられており、弊社の主張にも難点はあるかもしれませんが、これは総合的な予防・検出・対応という市場の変化を反映した意欲的なテスト方法だとシマンテックは考えています。
IDC: 2015 年度 Worldwide Endpoint Security Market Shares（2016 年 11 月）
IDC のアナリストによると、シマンテックは 2015 年、85 億ドルと言われるエンドポイントセキュリティ市場を 27.6% というシェアでリードしていました。法人向けでも（42 億ドルのうち 18.2%）、コンシューマー向けでも（43 億ドルのうち $4.2）、エンドポイントセキュリティ市場で優位に立っています。シマンテックは、法人向けエンドポイントセキュリティの下位部門についても、5 部門のうち 4 部門で 1 位または 2 位の市場シェアを獲得しました。アクセスおよび情報保護で 23.0%（1 位）、マルウェア対策で 21.6%（1 位）、サーバーセキュリティで 26.3%（2 位）、セキュリティスイートベンダーで 17.8%（2 位）という成績です。また、Blue Coat の買収について IDC はこう指摘しています。「Blue Coat のクラウドおよび Web セキュリティゲートウェイと、ネットワークパケット記録およびセキュリティ解析プラットフォームとの間で、シマンテックのエンドポイント保護の紐帯が強化されることになる」
Forrester は、シマンテックをトップ 3 ベンダーのひとつと位置付け、こう結論しています。「シマンテックの製品は、市場でも際立って完全なエンドポイントセキュリティスイートである。同社は、予防・検出・修復の多様な機能をカバーする潤沢なエンドポイントセキュリティ技術を擁している。導入したポートフォリオを十全に利用できれば、ほぼいかなる面で想定される攻撃も網羅される」。シマンテックが「侵入後の高度な検出技術」の開発も続けており、エンドポイント保護と他のシマンテックおよび Blue Coat 製品との統合を拡大している点も強みだ、と Forrester は付け加えています。
Radicati Group: Endpoint Security – Market Quadrant 2016（2016 年 11 月）
Radicati は、同社が決定する「Top Players」カテゴリの最高ランクにシマンテック製品を位置付け、「人工知能と高度なマシンラーニングを駆使した多層保護」のアプローチを特に評価しました。同社のレポートは、SEP 14 が物理マシンと仮想マシンのどちらに対しても「多機能」であると述べ、「管理コンソールで実現されている詳細度と柔軟性は、市場のどのソリューションよりも高い水準だ」と指摘しています。また、「エンドポイントセキュリティプラットフォームの多機能さを踏まえれば」、シマンテックの価格は競争力が高い、という評価も見逃せません。
エンドポイントは、高度な脅威からユーザーを守る主戦場になりつつあります。シマンテックは、その責任を真摯に受け止め、エンドポイントのイノベーションと統合をめぐる最前線に身を投じています。Gartner のマジッククアドラントで 15 年連続「リーダー」に位置付けられるなど、シマンテックは、長年にわたり称賛を受けてきましたが、その名誉に甘んじることも、ましてや慎重策に出ることもありません。これからも、皆さまの声を聞きながら、エンドポイントセキュリティを統合型サイバー防衛の礎石とし、ユーザーの皆さまとそのデータ、メッセージをいかなる場所でも保護していく所存です。
# # #
詳しくは、「Gartner Magic Quadrant for Endpoint Protection Platforms（ガートナー: エンドポイント保護プラットフォームに関するマジッククアドラント）」と「Forrester Wave on Endpoint Security Suites（エンドポイントセキュリティスイートに関する Forrester Wave）」をお読みください。
Emails claim to be from HSBC and ask recipients to install fake Rapport security software.
It's a kind of update for the discussion ITMS 7.6 HF7 to 8.0 upgrade time
The one reason for the long ITMS upgrade time might be the running Workflow "Task Tray tool" application. So, if you are going to perform an upgrade or HF install and see "little green man" icon in the tray-bar -- it would be good to close it before the upgrade (and close all other running workflow applications, if any).
While the cybersecurity community is still waiting for the delayed Executive Order on Cybersecurity, it seems highly likely that Federal Agencies will be required to use the NIST Cybersecurity Framework (CSF) to help manage Risk. If it bears out, this would be a very positive step toward improving the cybersecurity posture of the Federal Government. The CSF will enhance FISMA and assist agencies to identify gaps in in cyber readiness that are not easily identified by the current process. By focusing on the five core functions of Identify, Protect, Detect, Respond and Recover federal agencies will gain a clearer view into their strengths and weaknesses.
Symantec has been a strong supporter of the CSF since it was a draft document, and was intimately involved in the effort to develop the Executive Order that spurred its creation. We participated in all of the Industry Workshops – presenting at one – and submitted formal and informal comments throughout the development process. Since it was released, we have been regular speakers on the CSF at conferences and panel discussions, interviewed for articles, published white papers and hosted numerous webinars to educate people on the CSF. The combination of our CSF expertise and our world-class Cybersecurity Solutions make Symantec uniquely qualified to help our Federal clients transition to the CSF.
So how can we help?
We KNOW the CSF and can help educate our clients. We speak the language of both FISMA and CSF – and can translate from one to the other. And most importantly we have mapped our solutions to the 98 Subcategories of the CSF. So if you already use Symantec Solutions we can help you understand where they fit in the CSF. If you need to fill gaps in the CSF we can recommend a solution to meet your needs.
Remember, as the anticipation and speculation continue Symantec is there to be your Trusted Advisor as you start your transition to incorporate the CSF.
Minnesota Gov. Mark Dayton has called for approximately $74 million to help improve the state’s cybersecurity systems, in part because of the age of a number of computer systems still in use.
Minnesota, like many states and federal agencies, rely on technologies that are more than 30 years old. This reliance on legacy systems is not only expensive – when something breaks, the state or agency usually must bring in an expert to fix – but also harder to secure.
The state’s computers house the private data of 5.5 million Minnesotans and connect every city and county in the state. Administration officials say a major cyberattack could jeopardize public safety and cause significant disruption.
“We can’t be wrong once,” Minnesota IT Commissioner Thomas Baden said. “Thirty-five thousand users. All the cities, all the state, 35 end points. We can’t be wrong once.”
This reliance on legacy systems is all too common. Last year, then U.S. CIO Tony Scott said that legacy systems gobble up about 80 percent of the more than $80 billion federal IT budget. That’s an astounding number that Scott, before he left office, tried to begin to correct, and a number that the Trump administration must take seriously.
For state’s like Minnesota, the steps to change can be long and expensive. As Baden said, cybersecurity remains a top priority as state’s cannot allow citizen information to get stolen. States must leverage cybersecurity solutions that can help better protect citizen information.
There have been great advances in cloud security, so moving to a cloud computing environment carries minimal risk, but the rewards can be huge in terms of modernization and cost savings. Following the federal government’s focus on “cloud first,” states can benefit greatly from migrating to the cloud to help eliminate the reliance on this legacy infrastructure. The longer states rely on legacy systems, the longer these challenges will exist.
Kudos to Minnesota for identifying the need for improved cybersecurity and a strong desire to keep information safe. That is the most important thing. Minnesota is not alone in facing these challenges, or in their desire to counteract the effects of the legacy sprawl. Taking a proactive stance on cybersecurity and actually doing something about legacy technology should be a model for all states.
For governments that find themselves in a similar situation it is time to act. Legacy systems will only continue to grow older. We’ve seen a tipping point in technology in recent years, making it easier than ever before to bring in new systems through the cloud that are not only cheaper, but more effective. With the right cyber tools, governments can confidently take advantage of these platforms – and the benefits in which they provide – to drive greater efficiencies.
Visit this webpage for more information on how cloud security can drive positive results for your agency’s operations.
マルウェアの新しい亜種の出現数が、2016 年 10 月以来の最多を記録しました。一方シマンテックは、Shamoon を利用する攻撃者が広範囲で活動していることを確認しています。
送信元を HSBC に偽装し、偽の Rapport セキュリティソフトウェアをインストールさせようとするメールが出回っています。
This month the vendor is releasing 18 bulletins, nine of which are rated Critical.
今月は、18 個のセキュリティ情報がリリースされており、そのうち 9 件が「緊急」レベルです。