Quantcast
Channel: Symantec Connect - ブログエントリ
Viewing all 5094 articles
Browse latest View live

Speed, Availability, and Security

0
0

Speed. Availability. Security. Name recognition. These are things everyone cares about, in any online industry. Whether you're selling shoes, running a charity, or operating a multi-national company with global online presence, it matters that your customers feel safe to interact online with you, and that they have a fast, efficient experience at your site to bring them back again.

Speed and availability are becoming two of the biggest challenges for hosting companies and SSL providers alike. Speed of OCSP lookup is important, to keep within acceptable guidelines of page load times. Symantec is constantly looking for ways to improve, and we invest in expanding our infrastructure to enhance speed and reliability. GlobalSign has advertised that they outsourced their OCSP lookup to CloudFlare. Now, there's nothing wrong with a company outsourcing services, if it helps operate more safely and efficiently.

Alas CloudFlare has had some significant recent outages, so while speedy they have failed now and again at availability. You can read their KB article here. And any certificate authority who thinks this level of service is acceptable clearly isn’t taking their customer’s security seriously enough.

Symantec has military-grade data centers protecting our SSL and PKI infrastructure, and  our validation edge infrastructure has delivered 100% uptime for many years. We have speed, availability, and security covered.


Are you looking to improve your current backup and archiving service levels ?

0
0

Here is an exclusive chance to socialize with experts (from Symantec, the Enterprise Strategy Group, and peers) on these topics over cocktails and hors d’oeuvres. You can also seek their inputs on how to improve your existing backup and archiving environments. Join Symantec Business Critical Services (BCS) Managed Services and executives from our backup and archiving teams for a relaxing evening of networking during Symantec Vision 2013. Start the conversation on improving service levels and capabilities over drinks and good food.

Shibuya PDR1_0.JPG

Where: Shibuya Specialty Dining @City Walk, MGM Grand
When : Tuesday, April 16
Time  : 4:30PM – 6:30 PM

 

Don’t miss this unique opportunity! RSVP ASAP here by April 10 as space is limited to ensure quality conversations.

 

Next Generation Security Management with SPC Mobile/Enterprise

0
0

Are you an IT Security Leader attending Vision? Sign up now to learn more about Symantec Protection Center (SPC) Mobile and Enterprise at Vision and learn how you can gain oversight and business-centric risk view of your security.

SPC Mobile is an exciting new iPad app for Security leaders that allows you to have oversight of your security program, drive action around key security initiatives and communicate security status in business terms to your stakeholders. 

Join our 1 hour session (ICB11) on Wed April 17 from 11-12PM to view a SPC demo and learn more:

ICB11 - Next Generation Security Management: Gain oversight and business-centric risk view of your security

Also join us for the hands on lab sessions to learn key use cases (ICL18) as well as how to install and configure SPC Mobile/Enterprise (ICL17):

ICL18: Security Management Case Study: Get the most from your security investments with SPC Mobile/Enterprise

ICL17: Gain strategic understanding of your IT environment with SPC Enterprise

Register for the session/labs using the registeration link below: 

http://bit.ly/14Ho9iP

We look forward to seeing you at Vision, Las Vegas.

Thanks

Shishir Agrawal

Sr. Product Marketing Manager, SPC

Calling all NetBackup customers, we’d love to get your feedback at Vision 2013

0
0

We have several user experience sessions between April 15th - 18th (PST) at Symantec Vision 2013 Las Vegas. Sign up to share your feedback with our Product and UX team. As thanks for your participation, and if permissible by your company policy, we will offer you a gift card redeemable at a host of online vendors. Please refer to the details below:

1.     NetBackup Storage Focus Group: Take part in a 90 minute Focus Group in which you will get to tell us how you want to see your storage overviews. We also want to know what information matters to you, so that we design keeping your needs in mind. For this focus group, we are looking for storage administrators who as part of their tasks manage or monitor storages in NetBackup. The session is scheduled for Monday 04.15 between 10:30-12pm and Tuesday 04.16 between 3:30-5pm.

2.     NetBackup SLP and A.I.R Monitoring and Management Focus Group: Participate in a User Experience Focus Group for Storage Lifecycle Policy (SLP) and Auto Image Replication (A.I.R) monitoring and management. If you use SLPs or A.I.R. and have encountered challenges managing them in their environment, this is your chance to interact and help us solve those issues. We will also discuss your monitoring and troubleshooting requirements. The session is scheduled for Monday 04.15 between 1:30-3pm and 5-6pm.

3.     NetBackup Licensing Focus Group: Participate in a User Experience Focus Group, where you can give us feedback on our new proposal for improving the NetBackup licensing. We will also discuss about your licensing requirements. We are looking for Backup administrators/architects interested in this topic. The session is scheduled for Wednesday, 4.17 from 2:30-4pm.

4.     1:1 Interviews: Join us for a short – 45 minutes interview to help us understand your daily tasks, role that you play in the backup/recovery domain. This is part of our team’s process to learn more about our users so that we design keeping you in mind . The insight gained from your interview will be extremely valuable to our understanding of your background, experience and expectations.  We invite you to be as open and honest as possible. Open slots are available on 4.16 and 4.18 from 9am-5pm. 

5.     Activity Monitor 1:1s: This is the chance to tell us the challenges you face while using ‘Activity Monitor’ in NetBackup.  Share your feedback on the new Activity Monitor design mockups in this 60 minute session with us. For this study, we are looking for NetBackup users who as part of their daily tasks examine jobs in NetBackup. Open slots are on Wednesday 4.17 from 7am to1 pm.

 

Interested?

Next Step:  Please contact me at Muzayun_Mukhtar@symantec.com with the studies you are interested to participate in.

Looking forward to meeting you at Vision!

Muzayun

パワーアップして新たな商機を模索する Shylock

0
0

Shylockは、オンラインバンキングを狙うきわめて高度なトロイの木馬であり(以前の記事を参照)、今も金融詐欺の脅威の分野では無視できない存在です。2011 年に控え目に登場して以来、その感染数は英国、イタリア、米国で増え続けていますが、標的となる金融機関の数も同様に増加しています。現在は、英国を中心として 60 以上の金融機関が標的となっています。

Shylock の主な目的は、標的となる金融機関の Web サイトのリストを作成して、MITB(Man-in-the-Browser)攻撃を仕掛けることです。この攻撃を利用してユーザーの個人情報を盗み出し、ソーシャルエンジニアリング手法によってユーザーを誘導して、狙った金融機関で不正な取引を実行させます。

 

追加モジュール
最近この Shylock が、機能を拡張するために追加のモジュールをダウンロードし、実行するようになりました。以下のモジュールが開発され、Shylock によってダウンロードされています。

  • Archiver(録画されたビデオファイルをリモートサーバーにアップロードする前に圧縮する)
  • BackSocks(侵入先のコンピュータをプロキシサーバーとして機能させる)
  • DiskSpread(接続されたリムーバブルドライブを介して Shylock を拡散する)
  • Ftpgrabber(さまざまなアプリケーションから保存されたパスワードの収集を可能にする)
  • MsgSpread(Shylock を Skype のインスタントメッセージ経由で拡散させる)
  • VNC(攻撃者が侵入先コンピュータにリモートデスクトップ接続できるようにする)

 

インフラ
Shylock は堅ろうなインフラを採用しています。トラフィック量の多い時間帯の冗長化と負荷分散が有効になっているので、サーバーは着信接続の数に応じて侵入先のコンピュータを別のサーバーにリダイレクトします。

Shylock で利用されている最初のレベルのサーバーは特定されており、次の 3 つのグループに分類されます。

  1. 中央のコマンド & コントロール(C&C)サーバー(ボットネットの制御と保守に使われる)
  2. VNC と BackSocks のサーバー(トランザクション中のリモート制御を可能にする)
  3. JavaScript サーバー(MITB 攻撃でリモートの Web インジェクションを実行する)

Server_image.png

図 1. Shylock のインフラで使われているサーバーのグループ

これらは、メインコンポーネントの制御に利用されているプロキシサーバーです。これらのサーバーの主な目的は、更新した以下の設定ファイルやモジュールを侵入先のコンピュータに提供して、Shylock の感染数を維持することにあります。

  • バイナリファイル
  • hijackcfg モジュール
  • httpinject モジュール

侵入先のコンピュータで、新たに追加されたモジュールが実行されると、レポートログが C&C サーバーに送信されます。ログは暗号化通信を使って適切なサーバーにリダイレクトされ、サーバーは相互に Secure Socket Layer(SSL)として機能します。各サーバーは、相互の通信に以下のプロトコルを利用します。

  • 「Debian 6」("OpenSSH 5.5p1 Debian 6+squeeze1 (protocol 2.0)")としてフィンガープリントが設定されている SSH
  • CentOS("Server: Apache/2.2.15 (CentOS)")を含む HTTPS 応答

現在は、5 つの中央 C&C サーバーが Shylock ボットネットを制御しています。これらのサーバーは、ドイツと米国の複数のホスティングプロバイダに置かれています。

 

標的変化を示すグラフ
Shylock は当初、英国内のコンピュータを主な標的としていましたが、今では他の国や地域にも広がっています。その一方、なかには標的として狙われなくなってきた金融機関もあります。セキュリティ対策が向上したため、あるいは高価値の業務用顧客を持っていないためと考えられ、Shylock はもっと見返りの大きそうな金融機関に的を絞り直しつつあります。

first_graph.png

図 2. Shylock に感染したコンピュータ数(2011 年~ 2013 年)

second_graph.png

図 3.標的となる業種

Shylock の新しい攻撃は今後も続くものと予測され、シマンテックは Shylock の活動を引き続き監視していきます。

シマンテックの保護対策

いつものことですが、基本的なセキュリティ対策(ベストプラクティス)に従って、ソフトウェアの最新パッチがインストールされていることを確認してください。また、最新のシマンテック製品とウイルス定義をお使いいただくことで、これらの脅威から保護することができます。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Join Us at the Vision After Hours Events

0
0
After you fill your brain with valuable technical information and insights during the day, prepare to get your game on after hours—with a full roster of chances to play smart, win big, and enjoy hours of non-stop fun in the process.

 

LET THE GAMES BEGIN AT THE MONDAY NIGHT KICK-OFF

Marquee Ballroom, Monday, April 15, 4:30 pm - 6:30 pm
The fun starts Monday evening—as we officially kick off the conference and welcome you to Vision. It’s the perfect opportunity to relax, check out the games in our Internet Lounge, and chat with Vision sponsors, industry experts, and your fellow attendees. We’ll also have people standing by to tell you more about all of the other games, events, and activities taking place throughout the week, including the Cyber Readiness Challenge hacker game and our Ultimate Fan Mobile App game. And since it’s Vegas, you may even learn how you can improve your odds of winning all kinds of fabulous cash and prizes—including our Ultimate Fan grand prize drawing.

 

2ND ANNUAL SYMANTEC WOMEN OF TECHNOLOGY RECEPTION

Patio of the Talent Pool, Monday, April 15, 6:30 pm - 7:30 pm
Women Technologists, join us for the second annual Symantec Women of Technology Reception during Vision! This is a great opportunity to interact with Symantec executives, meet with your peers in the industry, and get to know some of the outstanding technologists you’ll be interacting with throughout the week. Join us on the patio of the Talent Pool Monday, April 15th, from 6:30-7:30 PM for cocktails, light refreshments, and a relaxing evening of networking.
Please RSVP to Donna_Davis1@symantec.com by April 8th.

 

GET YOUR GAME ON AT THE “MEET YOUR MATCH” PARTY & USER GROUP CHALLENGE

Marquee Ballroom, Tuesday, April 16, 6:00 pm - 8:00 pm
Games are afoot at the Vision Partner Expo party on Tuesday evening. First, find the sponsor partner delegate with your matching badge number and bring them to the Expo Hall information counter. If you’re one of the first three pairs to check in, you’ll split a $500 prize.If not, you’ll still qualify for other great prizes and earn extra Ultimate Fan contest points. Next, revisit your misspent youth by playing your favorite vintage arcade games and driving an award-winning robot. Finally, stick around to cheer your Symantec User Group friends as they compete in a no-holds-barred, Minute-to-Win-It style competition for the coveted Symantec User Group Challenge trophy.

 

LIVE LARGE AT THE PRE-PARTY RECEPTION

Marquee Ballroom, Wednesday, April 17, 6:00 pm - 8:00 pm
Mingle with the stars, experience a little “comic relief”, and test your movie trivia knowledge at a fabulous pre-party with plenty of gourmet food, drinks, and fun atmosphere. Make sure you take time to tweet or text photos with your favorite slapstick celebrity look-a-likes, sample the selection of fine beer and wine, try a “comedy cocktail,” and prepare for the non-stop laughter and music to come in the feature presentation.
 

Vision Conference Party

Get ready to tickle your funny bone and bang your drum at this year’s bigger-than-ever Vision conference party, which is co-sponsored by HP.
  • The party starts early at a glamorous Hollywood style pre-party in the Expo Hall, where can mingle with the stars, sample some fabulous gourmet food and drink, snap photos with celebrity look alikes, and win fabulous prizes with your movie trivia knowledge.
  • After the pre-party, walk over to the Grand Garden Arena for an exclusive live performance by Grammy nominated comedian Jim Gaffigan, star of platinum selling TV and recorded specials, Beyond The Pale, King Baby, Mr. Universe and author of the book, “Dad is Fat,” which will be released on May 7.
  • Finish the evening off with a bang by grabbing a pair of drumsticks and playing along with Recycled Percussion, an innovative percussion group that was discovered on NBC's America's Got Talent and is now one of hottest shows in Las Vegas.
With all this world-class food, fun, and entertainment, it’s an evening you won’t forget. So get in the game and join us on Wednesday evening for a hilarious, high-energy evening of comedy and music.
 

Meet Mr. Universe

With his clever, quiet style, Jim Gaffigan has become one of the top five, most successful touring comedians in the country today. His CDs and DVDs have achieved platinum sales, he has made an unprecedented number of appearances on “Letterman,” “Conan,” and other popular late night TV shows. His latest special, Mr. Universe, was nominated for a Grammy in the Best Comedy Album category. Jim's first book “Dad is Fat” will be released by Crown Publishing on May 7.

 

Put more Junk into Your Rock

Since 1995, Recycled Percussion has been perfecting and refining its own brand of “junk rock,” which combines recycled objects and rock instruments into a uniquely high-energy blend of rock, funk, and pop. Recycled Percussion performs more than 250 shows a year around the world, they recently became the highest placed non-singing act to ever compete on America’s Got Talent, and they currently star in one of the hottest shows on the Las Vegas strip.

 

 

How to successfully protect the transfer of sensitive data

0
0

More and more business is being conducted on the internet these days, with even the smallest of businesses likely to have some kind of web presence.

The web is a great arena for businesses, especially smaller outfits, to operate in. The costs are low and it’s relatively easy to build up a strong online presence.

But conducting business online does have its dangers, especially given the number of threats posed by cyber criminals these days.

This is most important when it comes to transferring sensitive data across the web. Whether it’s sending contracts or receipts via email, or transferring sensitive financial information, protecting data that is being sent via the web is vital. So, what can you do to protect it?

Email

Email is almost as old as the internet itself, and for a long time the security features on email services were rather outdated and easy to penetrate.

Things have improved dramatically over the years, but there are still measures you can take to boost email security if you are sending sensitive information in this way.

When you come to log in to your web based email, make sure it is via an HTTPS address which shows that your email account is encrypted and, therefore, secure.

It is also a good idea to encrypt an email itself, to ensure it is protected when it is being sent. This can be done through methods such as PGP encryption or a Symantec Digital ID for Secure Email, which gives you an encryption key for an email.

File transfer

Email can be a safe and secure way of transferring sensitive data, but most email services limit the size of files you are allowed to send.

If you need to send larger documents and files, many people use File Transfer Protocol, or FTP. This is a system for transferring large files simply and quickly, but is not all that secure.

FTP is notoriously easy to intercept and read. Additional security features are needed if you plan on transferring sensitive information in this way.

You can couple FTP with an SSL Certificate to add a solid layer of security and turn this into a very safe way of transferring large files.

This is sometimes known as FTPS, and creates a secure connection from a server or computer so you can transfer sensitive data quickly and easily.

An alternative to FTP is to use a file sharing service – many are free but if you need additional space and bandwidth then this is available at a particular price.

SSL Certificates

If you regularly transfer a significant amount of sensitive data as part of your business, it could be worth investing in an SSL Certificate to secure a file transfer portal.

This works by bringing the transfer of sensitive data under one secure SSL Certificate on your server, giving added security and simplicity.

There are lots of solutions when it comes to file transfer online…perhaps the most important thing to remember is that you need to ensure that the service you chose is secure and is ideally encrypted.

Über den sicheren Versand von sensiblen Daten

0
0

Immer mehr Geschäfte werden heutzutage über das Internet abgewickelt, denn auch die kleinsten Betriebe verfügen oft über eine Form von Webpräsenz.

Das Internet ist ein großartiger Ort für Betriebe, insbesondere für kleinere Niederlassungen, um hier Geschäfte zu machen. Die Kosten sind niedrig und es ist recht einfach, eine starke Webpräsenz aufzubauen.

Business im Internet zu machen birgt jedoch auch Gefahren – besonders in Bezug auf die Anzahl der Bedrohungen, dieInternetkriminelle heutzutage darstellen.

Dies im Hinterkopf zu behalten ist besonders wichtig, wenn sie sensible Daten durch das Web schicken. Ob es sich da um Verträge oder Quittungen in einer Email handelt oder um sensible finanzielle Informationen ist egal – auf den Schutz der Daten kommt es an. Aber wie?

Email

Emails sind fast so alt wie das Internet; die Sicherheitseinstellungen der Email-Dienste waren jedoch lange Zeit veraltet und einfach zu knacken.

Die Dinge mögen sich zwar über die Jahre gewandelt haben, es gibt aber immer noch Maßnahmen, um die Sicherheit Ihres Emailverkehrs bei sensiblen Daten anzuheben.

Wenn Sie sich online in Ihr Email-Account einloggen, dann achten Sie darauf, dass dies durch eine HTTPS Adresse geschieht. Dies zeigt, dass Ihr Account verschlüsselt und damit sicher ist.

Es ist ebenfalls eine gute Idee, eine Email beim Absenden selbst zu verschlüsseln. Die Möglichkeiten sind vielfältig wie z.B. PGP Verschlüsselungen oder Symantec Digital ID for Secure Email. Diese Methoden funktionieren mit einem Kodierungsschlüssel für Ihre Emails.

Dateiübertragungen

Emails können ein sicherer Weg sein, sensible Daten zu übertragen. Die meisten Email-Anbieter limitieren jedoch die Dateigröße, die Sie schicken können.

Wenn Sie größere Dokumente oder Dateien absenden wollen, dann haben Sie vielleicht schon von File Transfer Protocol oder FTP gehört (auf deutsch „Dateiübertragungs-Protokoll“). Dies ist eine Methode, große Dateien einfach und schnell per Email zu verschicken. Sicherheitstechnisch gibt es jedoch Tücken.

Es ist nämlich sehr einfach, FTP zu knacken und zu lesen. Zusätzliche Sicherheitsmaßnahmen sind geboten, wenn Sie auf diesem Wege sensible Daten übertragen möchten.

Eine Möglichkeit ist die Verbindung von FTP mit einem SSL Zertifikat. Auf diesem Weg fügen Sie eine weitere Sicherheitsebene hinzu, was die Dateiübertragung sicher macht.

Diese Methode ist als FTPS geläufig und sie schafft von Ihrem Server oder Computer aus eine sichere Verbindung, damit Sie sensible Daten schnell und einfach verschicken können.

Eine Alternative zu FTP ist die Nutzung eines File-Sharing-Dienstes – viele sind zunächst kostenlos, nur wenn Sie zusätzlichen Speicherplatz oder mehr Bandbreite benötigen, dann wird dies kostenpflichtig.

SSL Zertifikate

Wenn Sie regelmäßig eine nicht unbedeutende Menge an sensiblen Daten für Ihre Arbeit verschicken, dann könnte es sich lohnen, sich ein SSL Zertifikat anzuschaffen, um Ihr Datenübertragungssystem zu schützen.

Dies funktioniert, indem Sie die Übertragung von sensiblen Daten unter ein SSL Zertifikat auf Ihrem Server stellen. Dies erhöht Ihre Sicherheit und vereinfacht Sicherheitsprozesse.

Es gibt viele Lösungen für die Datenübertragung im Netz. Die Einfachste ist aber vielleicht immer noch, die Wahl eines sicheren und am besten verschlüsselten Email-Dienstes.


Comment sécuriserle transfert des données sensibles

0
0

De plus en plus d’affaires sont menées sur internet aujourd’hui. Même les plus petites entreprises avec une présence web s’y trouvent.

L’internet est un endroit fantastique pour des entreprises, particulièrement pour celles de petite taille. Les coûts impliqués sont assez bas et il est relativement facile de se construire une forte présence en ligne.

Mais mener des affaires en ligne n'est pas sans danger, surtout au vu des menaces nombreuses que posent les cybercriminels aujourd’hui. 

Cet aspect est important par rapport au transferten ligne des données sensibles. Quece soit des contrats ou des reçusque vous envoyiez par mail ou même des informations financières sensibles, la protection des données envoyées en ligne est indispensable. Que pouvez-vous faire pour les protéger ?

Email

L’email a presque le même âge que l’internet mais pendant longtemps le système desécurité des services de courrier électronique était plutôt démodé et facile à infiltrer.

Depuis, il y avait des améliorations dans ce domaine mais il existe toujours des mesures pour augmenter la protection de vos emails si vous envoyez des informations sensibles sur le web.

En vous connectant sur votre compte mail, rassurez-vous que l’adresse commence par HTTPS. Cela vous indique non seulement que votre compte mailest chiffrémais aussi qu’il est sûr.

Pour se rassurer même plus, il est également une bonne idée dechiffrer un mail avant de l’envoyer. Dans ce cas des méthodes comme PGP encryption ou Symantec Digital ID for Secure Email vous fournissent une clé de chiffrement pour vos emails.

Transfert de fichiers

L’émail peut être un moyen sûr pour transférer vos données sensibles mais la plupart des services de courrier électronique limite la taille des fichiers que vous pouvez envoyer.

Pour un document ou un fichier plus large beaucoup de gens utilisent File Transfer Protocol ou FTP (en français « protocole de transfert de fichiers »). Il s’agit d’un système qui permet d’envoyer rapidement et facilement des larges fichiers. Pourtant, il ne vous protège pas si bien.

Il est très facile d’intercepter et de lire des FTP. Des mesures de sécurité supplémentaires sont nécessairessi vous voulez envoyer des informations sensibles avec cette méthode.

En utilisant un FTP en même temps qu’un certificat SSL, vous pouvez améliorer votre niveau de protection et transférer vos fichiers larges sans risque.

Ceci est parfois appelé FTPS. Ce système crée une connexion sûre depuis un serveur ou un ordinateur pour que vous puissiez transférer rapidement et facilement des données sensibles.

Les réseaux de partage de fichiers (file sharing services) représentent une alternative au FTP – beaucoup d’eux sont gratuits au début mais si vous avez besoin de plus d’espace et de plus de bande passante il faut investir quelques euros.

Certificats SSL

Si vous transférezrégulièrementdes larges quantités d’informations sensibles dans le cadre de votre business, un certificat SSL pour sécuriser un portail de transfert de fichier pourrait être un bon investissement

En mettant le transfert des informations sensibles sous un certificat SSL sur votre serveur, vous améliorez votre niveau de sécurité et de simplicité.

Il existe de nombreuses solutions pour le transfert de fichiers en ligne...mais peut-être que la chose la plus importante c’est le choix d’un service sûr et chiffré.

Earth Day Series - Celebrating Our Progress

0
0

At Symantec, we regard environmental stewardship as both an imperative of responsible operation, and an opportunity to improve our business performance. We therefore have prioritized where we can have the biggest impacts and track key indicators to monitor these impacts throughout our value chain. The pillars of our environmental strategy include data center considerations, conservation efforts, software packaging and delivery mechanisms, and transportation alternatives.

 Environmental pillars.gif

In honor of Earth Day this month, we will highlight accomplishments that demonstrate the progress we are making across these focus areas. From green building to climate change advocacy to our Green Teams and grass roots community initiatives, we are proud of the progress we’re making and look forward to celebrating this with you - our community - over the next month.

Stay tuned for our Earth Day Series!

 

Lora Phillips is Symantec's Senior Manager, Global Corporate Responsibility.

Time to take the gloves off!!!

0
0

Recently, there have been a string of high profile compromises attacking both could based services, a cloud based note taking site, a fast food companies Twitter account, as well as corporations and individuals.  A well known technology writer had his digital life taken over, abused and somewhat deleted add to this the hacking of cloud company’s’ CEO personal and business accounts.  This led me to think how can we as a security community do a better job?    When I was a CISO a good portion of the end user awareness training was focused on life outside the office, my theory was being safe at home leads to be safe in the office but now thinking about this now leads me to ask myself a question.   Does our end-user education go far enough or reach deeply enough into out users digital lives?  I think the answer to that question is an overwhelming NO and it’s time to take the gloves off!
 
We live in a time where work and personal lives are intermingled; to attract the best talent we must allow access to social networks from corporate devices and access to corporate information from personal devices. Allowing users to have the freedom to work as they see necessary.  I am not only speaking about the millennials we all hear about who work differently but also management and executive management who now have their own online personas.  They are being encouraged to develop these personas where they are now part of the company brand with very little oversight.
 
When discussing end-user awareness training with companies I always encourage them to take the next step and test their employees using email phishing campaigns and as well as other social engineering techniques.  Web based training and lectures don’t work well enogh.  Companies need to send targeted phishing attacks to their employees that provide immediate feedback.
 
When testing users we shouldn’t stop at just their corporate accounts we must phishing their personal accounts too this includes Facebook, Twitter, Gmail etc. the attackers have crossed that line we as responsible corporate citizens must as well.  This is a two way street if users want access to these services utilizing corporate or shared resources they must consent.  Don’t be the next hamburger chain to lose control of their twitter account.

Are we witnessing the transformation from Target to Integrated PBBAs?

0
0

I drove past my local, soon to be former, Blockbuster store this weekend. Everything is now 80% off, including the store fixtures. It is the last one to go as there used to be three (3) Blockbusters in a two mile radius of my house. In its day, Blockbuster ruled the video rental business. However, consumer demand changed, new companies emerged to meet those changing demands, Blockbuster was not able to change, and today Blockbuster is offering 80% off store fixtures. 

I believe a similar transformation is occurring in the purpose-built backup appliance (PBBA) market. Last week, IDC released their latest PBBA report, Worldwide Purpose-Built Backup Appliance (PBBA) Market Fourth Quarter 2012

In the IDC Q4 2012 report, they reported Symantec had 4Q12/4Q11 Revenue Growth of 190.8%.  To put it into perspective, the next closest OEM was Quantum at 21.2% and EMC in third with 7.0% growth. While EMC led the market with 66.5% share, Symantec moved into the Number 2 position with 11.8%, passing IBM at 8.4%. 

A Different View - Again

As I did in my previous blog, IDC Purpose-Built Backup Appliance Report: a different view, I took a deeper view of the latest IDC numbers. 

The question I wanted to answer, while the PBBA market is growing, who is driving this growth?  

The answer:  Symantec is driving the PBBA market growth!  By nearly double of its closest competitor. 

IDC graph.JPG

From Q4’11 to Q4’12, the PBBA market grew by $108.4M.  Of this amount, Symantec accounted for $66.5M or 61.3% of the total PPBA growth. 

Look at the other names on the chart above; all established and long-standing storage or backup companies. But why are they stagnant or losing market share in an industry that is growing 19.4% CAGR?  That is what got me thinking about the transformation of the PBBA market, and video rentals. 

Symantec’s growth is significant for two reasons and explains why the game is changing: 

  1. Customers are looking for simplification and tighter integration within their environment. Many of the OEMs only offer a deduplication appliance, or point solution, which requires a third-party backup application (many are dependent on NetBackup software) for the backup data management and movement.
    • Symantec has already helped with the integration piece for software and storage appliances with our OpenStorage (OST) program. To date, we have 13 partners participating in the program.    However, customers wanted more capability, automation, and of course, simplicity.
    • Deduplication only appliances add cost and complexity, when companies can least afford it.  For example, most deduplication (target) appliances do not offer client side deduplication. Rather, the entire data set must be sent over the network to where it is deduped and stored.  This makes it more expensive to move the data and impacts network performance.
  2. Symantec offers Integrated Backup Appliances. Symantec NetBackup 5200 series appliances seamlessly incorporate the server, storage, OS and most importantly the backup software into one appliance. And we are leveraging other Symantec components; Critical Server Protection (CSP), Storage Foundation – and adding more capabilities like WAN optimization to deliver even greater protection, availability, and performance.  Our purpose-built integrated backup appliance provides the simplicity, and reduces the CapEx and OpEx that companies are demanding. 

Conclusion

If you are considering a backup appliance, I encourage you to make an informed decision. As part of your evaluation process understand the differences between an Integrated versus Target backup appliances.  The differences are important not only from a technology perspective, but for delivering business value. 

Lastly, consider Symantec. We are introducing our third generation of our integrated backup appliances and it is based on industry leading NetBackup software. Symantec is driving the growth in the PBBA market with its Integrated Backup appliances because it is delivering what the market requires.    

By the Numbers (or extra credit for showing my work)

Having three children, and having spent many evenings helping with math homework, I understand the importance of showing your work.  Here is my work… 

IDC reports on the Worldwide PBBA factory revenue numbers.  It is important to understand that they also report and breakdown the numbers several different ways.  For example: 

  • Hosted System:  Open Systems or Mainframe.  IDC press release is based on Hosted System revenue. 
  • Revenue:  Factory or Customer.  IDC press release is Factory. 

For my analysis I used Open Systems and Factory revenue, and based on 4Q12/4Q11 growth. 

IDC PBBA Market Share Analysis -  Open Systems (Factory Revenue)
Vendor2012 - Q42011 - Q4Industry $ GrowthIndustry %  Growth
 EMC  $        545.2  $        510.6  $           34.6 31.9%
 Symantec  $        101.3  $           34.8  $           66.5 61.2%
 IBM  $           27.9  $           27.7  $             0.2 0.2%
 HP  $           27.4  $           32.9  $           (5.5)-5.1%
 Quantum  $           20.6  $           17.0  $             3.6 3.3%
 Fujitsu  $           11.6  $             8.9  $             2.7 2.5%
 Sepaton  $             9.5  $             9.8  $           (0.3)-0.3%
 ExaGrid  $             9.3  $             6.4  $             2.8 2.6%
 Dell  $             8.8  $             5.0  $             3.8 3.5%
 Other  $           12.0  $           11.8  $             0.2 0.2%
 Total  $        773.7  $        665.0  $        108.6 100.0%

 Source: 

  • IDC Worldwide Quarterly Purpose Built Backup Appliance Tracker – 2012 Q4, Publication Date: 3/21/2013.

Open IOC

0
0

 

Introduction

OpenIOC establishes a standard for recording, defining and sharing information both internally and externally in a machine readable format [1].

OpenIOC allows a forensic investigator to describe IOC (Indicators of Compromise) in a format that is standardized and can be interpreted by other investigators of machines in a consistent manner. IOC are mainly artifacts of an intrusion that can be identified on a host or a network.

OpenIOC specifies a base format and is extensible to accommodate different types of IOC or ‘Indicators’. Mandiant currently supports over 500 types[5] of indicators that can be gathered in an enterprise. More indicators can be easily defined and added on the fly.

Querying

  • OpenIOC supports simple and advanced queries on IOCs like
  • Looking for a specific file hash
  • Specific entry in Memory or Windows Registry
  • Queries that apply across families of malware/authors/exploit etc.
  • Ability to include whitelists that would allow investigators or collectors to compare with the whitelist to detect outliers.
  • Combination of the above.

OpenIOC in Security

The preferred way of using this standard in a security lifecycle is to utilize OpenIOC to describe the attack methodology. In doing so, the emphasis is placed on highlighting the commonalities in the attack strategy than individual artifacts of compromise. [1]

A high level description of how OpenIOC fits into a security lifecycle is shown below:

OpenIOC.png

As we see above, IOCs can be used to spread information about a compromise and its fingerprints to other devices to be able to identify similar signatures. The process is refined over time to reduce false positives.

There are 3 main attributes to writing a good IOC:

  • Reduce False positives
  • Must not be expensive to evaluate for the investigator or the machine to look for these fingerprints.
  • Must be expensive for the attacker to evade the Indicators to carry out the attack.  The attacker would have to change attack strategy, tools and processes significantly to evade previous attack methodology.

 

Example

Below is a screenshot for the Zues botnet [3] as described in OpenIOC using Mandiant’s OpenIOC Editor:

zues.png
Sample IOC for Windows[4]

Windows.png

Resources

[1] OpenIOC WhitePaper, http://openioc.org/resources/An_Introduction_to_OpenIOC.pdf

[2] OpenIOC, http://www.openioc.org/

[3] OpenIOC spec for Zues, http://openioc.org/iocs/6d2a1b03-b216-4cd8-9a9e-8827af6ebf93.ioc

[4] Sample OpenIOC spec for Windows, http://openioc.org/iocs/c32ab7b5-49c8-40cc-8a12-ef5c3ba91311.ioc

[5] Supported Indicator Terms, http://openioc.org/terms/Current.iocterms

 

Latest Symantec Endpoint Protection Released - SEP 12.1 RU2 MP1

0
0

 

Hello,

Symantec Endpoint Protection 12.1. RU2 MP1 is Released Today as on 8th April 2013.

You may find the Latest Release of Symantec Endpoint Protection 12.1.RU2 from: https://fileconnect.symantec.com/

SEP 12.1.2_MP1.JPG

 

This build's version is: 12.1.2100.2093.

Migration paths

Symantec Endpoint Protection 12.1.2100.2093 (RU2 MP1) can migrate seamlessly over the following:

  • Symantec Endpoint Protection 12.1.2015.2015 (RU2)

This Symantec Release build contains:

  • 18 top impacting fixes.
  • 25 internal defect fixes
  • Security updates for JRE
     

KnowledgeBase Articles:

Release Notes and System Requirements for all versions of Symantec Endpoint Protection and Symantec Network Access Control

http://www.symantec.com/docs/TECH163829

New fixes and features in Symantec Endpoint Protection 12.1 Release Update 2 Maintenance Patch 1

http://www.symantec.com/docs/TECH204685

Upgrading or migrating to Symantec Endpoint Protection 12.1.2100 (RU2 MP1)

http://www.symantec.com/docs/TECH204449

Symantec Endpoint Protection 12.1 RU2 MP1 Client-only patches

http://www.symantec.com/docs/TECH204859

Get Exactly the Information You Need at Vision 2013 Las Vegas

0
0

Screen Shot 2013-04-08 at 7.28.01 AM.png

You can find exactly the information you're looking for at Vision 2013 by registering for 1:1 meetings with experts and taking advantage of the self-paced labs.

Expert 1:1 Meetings
Register to take advantage of live 30-minute one-on-one discussions with product managers, developers and other Symantec experts at Vision 2013. To check availability and schedule Expert 1:1 meetings, log into our dedicated meeting scheduling tool online or check with the Expert 1:1 Reservations Desk onsite when you arrive in Las Vegas. The Expert 1:1 Meetings and Onsite Reservations Desk will be located in room 120 of the MGM Conference Center (1st Floor), and there will be plenty of representatives on-hand to help you book appointments and find your expert when you arrive for your meeting.

Book one-on-one meetings directly through the main Vision Session Scheduler tool.

Self-Paced Labs
Our popular self-paced labs are back—even bigger and better than before. These self-guided, hands-on labs give you a unique opportunity to learn and explore Symantec technology at your own pace and on your own schedule. With these flexible self-paced labs, you can simply drop by whenever you’re free and explore the latest Symantec products and solutions first-hand. Detailed activities and recommendations developed by our lab instructors will help keep you on track.


NetBackup Appliances and Intel welcome you to Vision 2013!

0
0

NetBackup and NetBackup Appliances welcome you to Symantec Vision 2013! 

NetBackup Appliances are redefining the world of purpose-built backup appliances (PBBA), especially with our Integrated PBBA, the NetBackup 5200 series. While at Vision, it is a great opportunity to learn about NetBackup Appliances and how they are solving today’s business challenges; from reducing the Total Cost of Ownership, simplifying your environment, to improving Service Levels. We have some great product announcements as well as demos on what NetBackup Appliances can do for you.

A great learning opportunity is the NetBackup Appliances breakout sessions. As you may know, Symantec and Intel worked together to build hardware for the award winning NetBackup 5200 Series Backup Appliances and NetBackup 5000 Series Deduplication Appliances. Our friends at Intel are giving away one (1) high performance solid state drive (SSD) at each of the following breakout sessions on NetBackup Appliances! Be sure to attend to be eligible:

 

Title

Date & Time

Session ID

Room Number

What’s New with NetBackup Appliances

04/15/13 3:30PM

IA B41

RM 311

What’s New with NetBackup Appliances

04/17/13 1:15AM

IA B41

RM 310

NetBackup Appliances: A Technical Deep Dive

04/17/13 3:45PM

IA B44

RM 115

2U_5230.jpg

For more information on Symantec Vision 2013: http://www.symantec.com/vision 

We look forward to seeing you in Las Vegas! 

Repair Browser and network settings changed by Malware

0
0

Anvi Browser Repair Tool is a free and portable tool for Windows created to repair browser settings and networking settings changed by rogueware or malwares.

This is not an antivirus but help you to restore some important configurations and settings ( for example , homepage, safe startup items, DNS settings, Title Bar, BHO plug-in, etc ) after an virus attack.
 
System Requirements

Operating Systems :

  • Microsoft Windows XP (32-bit and 64-bit) with SP2/SP3 or Home/Professional/Media Center
  • Microsoft Windows Vista (32-bit and 64-bit) Starter/Home Basic/Home Premium/Business /Ultimate
  • Microsoft Windows (32-bit and 64-bit) Starter/ Home Basic/Home Premium/Professional/Ultimate

Hardware Requirements :

  • 300 MHz processor or faster processor
  • 128 MB of RAM
  • 50 MB of free hard disk space

License : Free

Reference : AnviSoft - Anvi Browser Repair Tool V1.0 Free  

Download : http://download.cnet.com/Anvi-Browser-Repair-Tool/...

Link : Anvi Browser Repair Tool  

Smart tool to selectively Backup and Restore Registry Keys

0
0

SMARegisTry Backup is a simple open source tool for backing up and restoring only selected Registry keys. The program has a basic interface that allows you to browse the registry and create, load, save lists of registry keys you'd like to backup.
Helpful when you have to export a specific key or keys all at once and restore later in a new installation or to repair keys in a existing computer infected by a virus.

OS supported : Windows XP, Windows XP x64, Windows Vista x86 / x64, Windows 7 x86 / x64, Windows Server 2003, and all versions of Windows Server 2008

Requirements : .NET Framework 2.0 or higher

License : Free

Reference : SMARegisTry Backup   
Author:  Eric Arnol-Martin

Download : download.cnet.com/SMARegisTry-Backup

New Release: Symantec Operations Readiness Tool 3.8.1

0
0

On February 20, 2013, Symantec completed another release of Symantec Operations Readiness Tool (SORT)! With SORT’s focus of improving the total customer experience for Storage Foundation and NetBackup customers, we’ve added the following Storage Foundation High Availability Solutions features and improvements to the website:

  • A new section available only in the SORT I&U Checklist report titled, 'NetBackup Planned Future OS/Platform Feature/Functionality Technology Improvement and Discontinuation Notification'. This section will alert our customers to future proliferation and platform end of life information.
  • Inclusion of the latest NetBackup, PureDisk, NetBackup Appliance, PureDisk Appliance and OpsCenter hot fix information
  • Support for NetBackup & OpsCenter 7.5.0.5 maintenance release

Visit SORT at http://sort.symantec.com to see why thousands of Symantec customers continue to gain value from the site.

Microsoft Patch Tuesday – April 2013

0
0

Hello, welcome to this month's blog on the Microsoft patch release. This month the vendor is releasing nine bulletins covering a total of 14 vulnerabilities. Four of this month's issues are rated ’Critical’.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Apr

The following is a breakdown of the issues being addressed this month:

  1. MS13-028 Cumulative Security Update for Internet Explorer (2817183)

    Internet Explorer Use After Free Vulnerability (CVE-2013-1303) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

    Internet Explorer Use After Free Vulnerability (CVE-2013-1304) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

  2. MS13-029 Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)

    RDP ActiveX Control Remote Code Execution Vulnerability (CVE-2013-1296) MS Rating: Critical

    A remote code execution vulnerability exists when the Remote Desktop ActiveX control, mstscax.dll, attempts to access an object in memory that has been deleted. An attacker could exploit the vulnerability by convincing the user to visit a specially crafted webpage. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

  3. MS13-036 Vulnerabilities in Kernel-Mode Driver Could Allow Elevation Of Privilege (2829996)

    Win32k Font Parsing Vulnerability (CVE-2013-1291) MS Rating: Moderate

    A denial of service vulnerability exists when Windows fails to handle a specially crafted font file. The vulnerability could cause the computer to stop responding and restart.

    Win32k Race Condition Vulnerability (CVE-2013-1283) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

    Win32k Race Condition Vulnerability (CVE-2013-1292) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

    NTFS NULL Pointer Dereference Vulnerability (CVE-2013-1293) MS Rating: Moderate

    An elevation of privilege vulnerability exists when the NTFS kernel-mode driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create new accounts with full administrative rights.

  4. MS13-031 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2813170)

    Kernel Race Condition Vulnerability (CVE-2013-1294) MS Rating: Critical

    An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

    Kernel Race Condition Vulnerability (CVE-2013-1284) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could gain elevated privileges and read arbitrary amounts of kernel memory.

  5. MS13-032 Vulnerability in Active Directory Could Lead to Denial of Service (2830914)

    Memory Consumption Vulnerability (CVE-2013-1282) MS Rating: Important

    A denial of service vulnerability exists in implementations of Active Directory that could cause the service to stop responding. The vulnerability is caused when the LDAP service fails to handle a specially crafted query.

  6. MS13-033 Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2820917)

    CSRSS Memory Corruption Vulnerability (CVE-2013-1295) MS Rating: Important

    An elevation of privilege vulnerability exists when the Windows CSRSS improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the local system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

  7. MS13-034 Vulnerability in Microsoft Antimalware Client Could Allow Elevation of Privilege (2823482)

    Microsoft Antimalware Improper Pathname Vulnerability (CVE-2013-0078) MS Rating: Important

    This is an elevation of privilege vulnerability. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take complete control of the system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. An attacker must have valid logon credentials to exploit this vulnerability. The vulnerability could not be exploited by anonymous users.

  8. MS13-035 Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2821818)

    HTML Sanitization Vulnerability (CVE-2013-1289) MS Rating: Important

    An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. An attacker who successfully exploited this vulnerability could perform cross-site scripting attacks on affected systems and run script in the security context of the current user.

  9. MS13-030 Vulnerability in SharePoint Could Allow Information Disclosure (2827663)

    Incorrect Access Rights Information Disclosure Vulnerability (CVE-2013-1290) MS Rating: Important

    An information disclosure vulnerability exists in the way that SharePoint Server enforces access controls on specific SharePoint Lists.

More information on the vulnerabilities being addressed this month is available at Symantec's free SecurityFocus portal and to our customers through the DeepSight Threat Management System.

Viewing all 5094 articles
Browse latest View live




Latest Images