Background Image on Blogs "Quilted" Page: 

Globe Blog Image.jpg

Maintaining visibility of critical data and information is not an easy task – it’s difficult to know where every byte of data is located.  Business critical data such as intellectual property (IP) or even Personally Identifiable information (PII) is often shared across teams through a variety of channels (e.g. email, USB, on-premises, Box or other cloud storage systems) with little visibility and control.

Not sure if your data is truly secure? Here is a quick litmus test on your visibility and control:

1. Do you know who has access to your critical data when shared with:

   1. A trusted partner?

   2. A trusted vendor?

   3. A contractor using a BYO device?

2. Do you know if your trusted partner or vendors are sharing your data with other vendors?

3. If you ended your relationship with your contractor, partner or vendor, can you take back the data you shared with them?

If you answered no to the questions above, you’re not alone. In fact, according to a recent Symantec survey, nearly 1-in-3 Chief Information Security Officers believe data loss is the number one internal threat for businesses this year. *

In addition to potential loss of company IP, data loss could lead to a breach of regulatory compliance mandates such as the Global Data Privacy Regulations (GDPR) and the PCI Security Standards Council. Violations of those compliances can have an even more damaging effect as companies have suffered from fines up to 20 Million Euro, loss of market competitiveness, and brand damage because of data loss.

Integrated Security Is the Answer

Symantec’s Information Centric Security solution takes a new approach to data security – incorporating visibility, protection, and identity. Symantec Information Centric Security provides protection that follows sensitive data even if it resides in an unmanaged environment like cloud apps and “bring your own” mobile devices.

Symantec allows customers to track and control the entire lifecycle of any form of data by integrating industry leading DLP with CloudSOC CASB and cloud-based PGP Encryption with identity authorization. Data can now be automatically encrypted, tracked, and revoked for any user from anywhere and at any time.  No other vendor on the market offers this kind of visibility and control.

Traditional Data Solutions Don’t Offer True Protection

Other options for protecting information work well in limited situations but savvy users can often find ways around them.

• Traditional (On-Premises) DLP and User Tagging can identify critical content using advanced methods like machine learning and user data tagging, but protection stops once information is shared through sanctioned or unsanctioned apps to unmanaged devices.

• Traditional CASB is a powerful solution that becomes stronger when combined with DLP policies but it is not meant to block communication with third parties like partners, vendors and contractors under NDA leading to loss of visibility.

• Encryption can be a cumbersome process and user friction causes policies to be quickly abandoned. If the file is decrypted and subsequently shared with another vendor, there is no longer any protection or visibility on the file.

• Microsoft Digital Rights and Risk Management Services (DRM and RMS) does not address the broader market and struggles with deployment and usability issues. Because of its limitations to the Microsoft ecosystem, the industry hasn’t figured out how to solve for the problem of putting security policies on the data itself and ensuring that only the intended user can get access to it from any platform.

How is Symantec’s Information Centric Security Different?

Protecting information in an unmanaged environment is difficult. You have no control or visibility of the data’s location or what devices and users are accessing that data.   

The solution is the first to integrate industry-leading Symantec DLP, CASB, Encryption and Authentication in the following ways:

• Sensitive data is automatically discovered across every communication channels or manually classified by the users creating it.

• DLP can automatically identify and encrypt sensitive data reducing the likelihood of accidental data loss.

• CASB technology intercepts data moving to the cloud and extends DLP protection within such environments previously unmanaged.

• Symantec VIP provides Multi-Factor Authentication that integrates user authentication credentials with a decryption key to ensure only the intended user has access.

The integration does not stop with Symantec products, this solution is truly open and available for 3rd party integrations. Symantec will publish internet drafts and API extensions for third party developers and data centric vendors.

With Symantec Information Centric Security, your data is accurately captured, tracked and protected by a powerful policies engine that reduces the risk of human error with dynamic and intelligent protection that adjusts to the growing threat landscape learning to adapt to new risks over time.

For more information on how Symantec is integrating its leading security solutions to provide a new way of ensuring data and information stays protected, even when you can’t see it, pleaseCLICK HERE.

*According to a 2017 Symantec study among 1,100 Chief Information Security Officers on cloud security

Background Image on Blogs "Quilted" Page: 

Globe Blog Image.jpg

ファイル共有の用途が増えて、組織のクラウド導入は伸び続けており、採用されるクラウドアプリケーションも増えつつあります。2016 年の下半期には、シマンテックのお客様でも、クラウドでファイルを広く共有する割合が平均して以前より増加しました。それと同時に、データ共有に対する責任意識も強くなっています。調査によると、クラウドで広く共有されるファイルに機密文書やコンプライアンス関連のコンテンツが含まれる比率は、大幅に減っているといいます。企業が使うクラウドアプリケーションの数は増加傾向にあり、これには承認済みのアプリケーションも含まれますが、なかには未承認のアプリケーションもあります。こうした未承認のアプリケーションは、「シャドー IT」と呼ばれることが多くなりました。

データ共有は増加、漏えいは減少

2016 年の後半、シマンテックのお客様がクラウドのファイル共有アプリケーションで広く共有していたのは、全ファイルの 25% でした。このうち、重要なデータを含む比率は、過去最低の 3% にまで下がっています。「広く共有」として分類されるのは、公共で共有、全社で共有、あるいは外部の第三者に共有されるファイルです。過去には、広く共有されるファイルのうち 10% 以上に重要データが含まれていることも珍しくありませんでした。

コンプライアンスデータとメールのリスク

もちろん、危険な状況がなくなったわけではありません。クラウドのファイルにコンプライアンスデータが含まれている比率は、以前より下がったように見えます。しかし、保護すべき健康情報（PHI）、個人情報（PII）、ペイメントカード情報（PCI）がクラウドにアップされる率は増えており、漏えいの危険性があるからです。

ファイル共有アプリケーションで、データ漏えいの危険性が最も高いのは PHI データを含むファイルで（82%）、PII が 43%、PCI が 42% と続いています。メールのリスク率は、ファイル共有のリスク率より高いのが普通です。メールと添付ファイルの 27% が広く共有されており、そのうち 8% にコンプライアンス関連データが含まれています。

シャドー IT の利用は増加

企業で使われているクラウドアプリケーションの数は、IT の専門家が把握しているよりも多い場合がほとんどです。シャドー IT 検出の研究によれば、組織で使われているクラウドアプリケーションは平均て 928 種類にものぼるといいます。2016 年前半と比べると、10% の増加です。

研究結果

2016 年下半期を対象とした『Shadow Data Report（シャドーデータレポート）』には、クラウドの採用、使用状況、クラウドの脅威に関する最新の知見が掲載されています。クラウドアプリケーションの導入と、クラウドセキュリティの実装については、格好の指針となるでしょう。このレポートに掲載されている結果は、20,000 種のクラウドアプリケーション、1 億 7,500 万件のクラウドドキュメント、13 億通のメールについて、メタデータ解析を匿名化した情報に基づいています。

『2H 2016 Shadow Data Report（2016 年下半期シャドーデータレポート）』（英語）全編は、こちらからダウンロードできます。

【参考訳】

At Symantec, we bring together our people, passions and powerful technology to support social and environmental priorities and make the world a better, safer place. Our impact as a business can be measured in many ways from providing world-leading cyber security products that reduce risks and operating costs for our customers, to providing an inclusive and engaging place to work for our employees, to exciting, engaging and educating hundreds of thousands of students around the world in STEM subjects, to providing opportunities for underserved populations to develop skills and forge successful careers.

Today we focus on the impact of our business as a member of the community in more than 35 countries worldwide. Throughout the year, passionate employees across our community relations committees, employee resource groups (ERGs) and Green Teams, provide hands-on support as well as financial contributions to the communities in which we live and work, while also growing our social responsibility, leadership and collaboration skills.

From ensuring the security of social entrepreneurs in Latin America to planting gardens for children in need to increasing youth’s knowledge of online safety, we provide a snapshot of the many ways we are using our diverse resources to build safe and vibrant communities.

Symantec’s Cape Town Charity and Symantec Womens Action Network (SWAN) committees, and Symantec Green Team, join forces to assist with the creation of vegetable gardens for homes serving children in need.

Transforming Cape Town Communities

Mitchels Plein, approximately 32 Kilometers from the City of Cape Town, is one of the poorest areas in all of South Africa, with some of the highest levels of crime and violence. These factors have plagued the region with high unemployment, and many children who are left without adult family to care for them in a safe and healthy way.

Established in 2008, the Baitul Ansaar Child Care Centre was developed to serve as a vital temporary safe center for children of this region, with the mission to “to cultivate change in the lives of our children, and to be a part of the transformation of [the] community.”

The Center cares for approximately 40 orphaned, abandoned, abused or destitute children, primarily under the age of five. As part of the center’s in-house initiative, the 100 Homes Project, Symantec joined a network of 100 local homeowners and organizations to drive improvements in the community.

This June, Symantec’s Cape Town Charity committee, SWAN committee and Green Team joined forces to volunteer for over 50 hours in total to assist with the creation of two vegetable gardens for the center. The gardens will be used not only by the center, but also by the community who is also planning to launch a skill building program.

Providing Cybersecurity Expertise to Support Latin America’s Social Entrepreneurs

Symantec volunteers offered a full-day training to Sustainable Fishery Trade to improve the security and development of the organization’s trade application supporting sustainable, fair and traceable local seafood production.

What do sustainable fishing and cybersecurity have in common? A lot. Just like most businesses, success for Sustainable Fishery Trade, a social enterprise located in Peru supporting a fair and sustainable seafood trade, is based on trust between their customers (restaurants, food providers) and their business (including the fisherman who source their product). Ensuring the quality, traceability and secure payment of seafood are vital to their mission to promote fair value creation along the entire seafood value chain and to improve the health and livelihoods of our oceans and the communities that depend on them.

Sustainable Fishery Trade applies a 100% traceable business model driven by research and technological innovation that acknowledges the critical role that fisherman themselves play in seafood trade. Programs range from promoting gender diversity to providing access to key trade tools to financial education and resources for fisherman.

Through NESsT, a catalyst for social enterprises in emerging markets, Sustainable Fishery Trade was connected with three Symantec volunteers this Spring for a full-day training to support development of their trade application.  Through the engagement, the business learned optimal programming approaches, and how to ensure the app is safe, secure and functional for both the business, fisherman and clients.

Providing Warsaw Children with a Vital Lens for Online Safety

Symantec’s Warsaw office offers its first online safety workshop for children in the region, leveraging Symantec EMEA’s recently developed online safety toolkit.

Symantec’s Warsaw office continued its support of local orphanage Dom Dziecka by providing its first online safety workshop for children in the region. The session utilized a new online safety toolkit created by Symantec to enable Symantec employees, and members of the community, to provide online safety training. The event was a great success and increased childrens’ ability to utilize technology and the internet in the safest ways possible and highlighted how their everyday actions can easily expose them to risks online.

We believe every individual can make a difference and together our actions empower each other and communities in new and innovative ways. This is just a snapshot of the numerous opportunities we develop to serve our ongoing mission to make a positive impact and difference in the world.

Background Image on Blogs "Quilted" Page: 

Tunnel%20Data.jpg

By Naveen Palavalli, Director of Product & GTM Strategy

In just the last year, we saw more than 1 million new malware variants introduced per day and the number of ransomware families tripled (ISTR22). The average ransom amount paid spiked 266 percent to $1,077. Those kind of stark numbers provide a glimpse of the herculean task that security professionals face on a daily basis. As organizations struggle to deal with the rising security demands associated with complex networks and myriad, ever-mutating external threats, it's imperative to ensure that the right endpoint security solution is in place.

In a recent blog, Gartner’s Avivah Litan advises customers to “Use a layered endpoint security approach that includes application whitelisting and blacklisting, and other controls that come bundled with most EPP platforms”.

I couldn’t agree more. Enterprises need complete endpoint security that provides full cycle protection that includes protection, detection and response specifically designed to handle a rapidly shifting security environment. The consequences for operating with more limited protection have never been clearer.

To help ensure your organization is fully protected from today's most serious threats, here is a list of the most essential technologies for complete endpoint security.

1.Total security spanning the entire attack chain

Infections are simply one link in a larger chain leading to a network breach. The best endpoint security systems fuse next generation technologies with proven ones to offer protection from threats regardless of how or where they appear. Only by taking a more holistic approach can businesses ensure they receive the best possible protection. The most powerful endpoint security offerings possess deep capabilities at all the relevant stages: incursion, infection, exfiltration, remediation, etc. Let's take a closer look at some of the core features to look for at each of these stages:

The Incursion. 

1. Protection from email borne threats: Recent research shows that 1 in 131 emails contain malware including ransomware (ISTR22). You need endpoint protection that scans every email attachment to protect you from stealthy attacks.
2. Protection from malicious web downloads: 76% of the websites scanned have vulnerabilities (ISTR22) that can be exploited by attackers to serve malware. Intrusion Prevention technology that analyzes all incoming and outgoing traffic and offers browser protection can block such threats before they can be executed on the endpoint. 
3. Powerful endpoint protection should also allow easy Application and Device Control so that you can enforce over which devices can upload or download information and access hardware or have registry access

The Infection.

Along with providing these essential protection at the incursion level, the best endpoint solutions offer advanced functionality and protection from every type of attack technique. Some of these recommended features include:

1. Advanced Machine Learning. By analyzing trillions of examples of good and bad files contained in a global intelligence network, advanced machine learning is a signature-less technology that can block new malware variants at the pre-execution.
2. Exploit Prevention. Almost every week you hear about a new 0-day vulnerability discovered in popular software like browsers and productivity software. IT organizations cannot keep up with testing and applying patches fast enough which leaves a vulnerable attack surface on these software that are exploited by attackers, many a times with memory based attacks. Exploit prevention technology protects against such 0-day vulnerabilities and memory based attacks
3. File reputation analysis based on artificial intelligence with a global reach. The most advanced analysis examines billions of correlated linkages from users, websites, and files to identify and defend against rapidly-mutating malware. By analyzing key attributes (such as the origin point of a file download and the number of times it has been downloaded), the most advanced reputation analysis can assess risks and assign a reputation score before a file arrives at the endpoint.
4. High-speed emulation at the endpoint acts like a light and fast ephemeral sandbox allowing for the detection of polymorphic or mutating malware
5. Behavioral monitoring. Should a threat make it this far along the chain, behavioral monitoring can tap into the power of machine learning to monitor a wide variety of file behaviors to determine any risk and block it. Again a great defense against ransomware and stealthy attacks such as malicious PowerShell scripts. Research shows that 95% of the analyzed PowerShell (ISTR22) scripts last year were malicious.

Smart organizations will also pay attention to the lateral movement of malware within an organization and anti-exfiltration capabilities of their endpoint solution. Intrusion prevention, firewall policies and behavioral monitoring also come into play here, and these features should be present in any advanced endpoint platform. These technologies were particularly effective in preventing propagation of the recent WannaCry ransomware.

2.Powerful Incident Investigation and Response

Most organizations understand that a determined attacker will get through. However what they crave for is powerful detection capabilities to identify the breach as soon as possible and a very easy to use workflow for incident investigation and response. Industry analysts have begun to call this Endpoint Detection and Response (EDR). Advanced EDR solutions help isolate the endpoint as you investigate the breach, contain the spread of the malware through blacklisting and allow easy remediation by deleting the malware restoring the endpoint to a pre-infection state

Overall, the most effective endpoint security offers deep protection across each level of the attack chain, detection and response. As the old saying goes, security is only as strong as its weakest link, making a comprehensive approach essential.

3.Performance and scale backed by advanced functionality

As detailed above, a fully-protected attack chain is of critical importance. Yet the value of high performance shouldn't be understated. The best endpoint security should be optimized to prevent user and network slowdowns. It should also scale as your enterprise grows

4.Low Total Cost of Ownership

Finally, a single agent that combines the technologies normally available only through the use of multiple agents (machine learning, exploit prevention, EDR, etc.) is highly desirable. Organizations using a single agent can reduce the burden on IT by consolidating their management and maintenance of multiple agents -- while receiving the added benefit of lowering the total cost of ownership.

5.Seamless integration for orchestrated remediation

The most advanced endpoint solutions make easy integration a priority via an open API system, so organizations can leverage their existing security infrastructure like network security, IT ticketing systems and SIEMs.

The takeaway

All endpoint security solutions are not created equal. The best, most advanced offerings have three core elements: Total protection, detection and response across the attack chain, high performance and scale without sacrificing efficacy, and seamless integration with existing infrastructure.

Ideally, these three components should arrive in a single, comprehensive yet lightweight package, as the effort of managing multiple agents lowers efficiency and increases costs. Organizations that seek these features when considering a new endpoint security solution will, without question, receive the highest level of protection for their investment.

Background Image on Blogs "Quilted" Page: 

iStock-508836384.jpg

As you may know, we recently added the ability to import a CSV or XLSX file of users to Endpoint Cloud for user enrollment.

This leaves on-premises AD admins with the task of building that file, so I did some looking and found a very nice example Powershell script for pulling AD users to a CSV.

https://gallery.technet.microsoft.com/scriptcenter/Powershell-script-to-5edcdaea

Of course, I had to modify the Path (in two places), destination server, and OU to pull data from. (Since we're using the built-in "Users" OU, I had to use CN= instead of OU=).

I also had to change what fields were pulled, as well as the names of them. Here's what my fields looked like:

$AllADUsers |
Select-Object @{Label = "Email";Expression = {$_.Mail}},
@{Label = "FirstName";Expression = {$_.GivenName}},
@{Label = "LastName";Expression = {$_.Surname}},
@{Label = "Phone";Expression = {$_.telephoneNumber}}|

From there, I just copy pasted my users into the CSV that I downloaded from the portal and imported it, success!

Background Image on Blogs "Quilted" Page: 

it-showcase-symlogo.jpg

Introduction: CIO Sheila Jordan

As promised, here is the fourth blog in our IT Showcase series that chronicles our IT transformation over the past three years. Today’s topic is our infrastructure journey to hybrid cloud, authored by Chandra Ranganathan, our vice president with global responsibility for network and infrastructure services across the company. I hope you find it to be a worthwhile read—we welcome your feedback!

Journey to a Hybrid Cloud

Nearly every CIO I know has debated whether to move all or part of their IT workloads to the public cloud. There are many advantages: Public clouds enable companies to shift capital to operational expenses, and offer greater elasticity and economies of scale.  But it isn’t always a clear cut decision. A company’s specific business or industry can often dictate the strategy and approach.

At Symantec IT, our journey to the cloud started in 2014. While a move to the public cloud was always part of our roadmap, we ultimately chose a hybrid cloud strategy that would support our business, protect our data, and increase efficiencies.

The results have been transformative for our IT infrastructure. We’re not only more agile, more secure and able to provide a much better customer experience, but we’ve also been able to reduce our operating expenses by more than 55%.

Our hybrid cloud strategy involved a four-pronged approach. Here’s how we carried it out:

• Private Cloud: First we built a software-defined data center (called Next Generation Secure Data Center), setting up a virtualized, automated, and ‘converged’ infrastructure with software-defined compute, storage and network capabilities. Orchestration was enabled through a single pane-of-glass cloud management platform providing self-service IaaS capabilities. We also implemented best-of-breed core and enabling tools to provide real-time lifecycle management of infrastructure, including a shared DevOps stack with federated and role-based access.
• Repatriation:  In parallel, we moved the entire infrastructure ecosystem in-house from an outsourced managed services model. In its place, we set up a hybrid support mechanism that included third-party vendor support for operations in a managed-capacity model.
• Legacy workload migration:  We migrated legacy workloads to the private cloud, leveraging the cloud’s multi-tenancy capabilities for a major spin-off. We also expedited the migration of over 150+ legacy Symantec apps within one year, in the process rationalizing 55% of our applications and decommissioning 38% of our servers.
• Extension to public cloud: We kicked off our move to the public cloud by completing a public versus private cloud economics and ROI analysis, a  workload segmentation exercise and vendor capabilities evaluation assessment. Based on the outcome, we selected Microsoft Azure as our public cloud partner for most of our Consumer product and Enterprise IT workloads. In the last six months, we have designed and deployed core services across four Azure regions, and migrated 55 critical external-facing applications to the platform. We also set up real-time dashboards to track and report financial, operational and security metrics to govern adoption and utilization.

Experience is the best teacher so let me share some of what we learned along the way:

• Not all applications are equal. Assess your applications based on technical, security, compliance, financial and legal criteria to create a “heat map” framework reflecting best fit and ease of migration to public cloud.

• One size may not fit all. Try to understand the capabilities and limitations of public cloud vendors. For instance, we found that one vendor was stronger when it came to enterprise IT, e-business and consumer product workloads. Another  was a better fit when it came to enterprise security cloud products.  So diversify. Also, a multi-public cloud provider strategy prevents vendor lock-in and fosters more competitive pricing.

• “Lift and shift” alone will not help realize benefits.  If private cloud efficiencies have already been realized, you need to re-engineer and ‘cloudify’ applications to further optimize public cloud cost.

• Validate your cloud provider’s claims. Don’t leave yourself vulnerable to surprises and have a backup plan to address capability gaps in your public cloud provider’s offerings.

• Partner and collaborate with key business stakeholders for requirements, design and delivery. Spend time on initial planning and analysis (economics comparison, capabilities assessment, workload segmentation, application prioritization, architecture, etc.).

• Define roles and responsibilities across IT and business units, and adopt  federated role-based access where needed. Leverage a third party migration partner (as needed), and where possible, technical resources from the provider as extended members of your team.

• Plan for the evolution of your team, moving them from a siloed mindset to become cloud specialists with the skills and mindset to deliver ‘infrastructure as code.’ Establish a services-based model, DevOps culture and flexible architecture.

• Know that cloud will disrupt your teams—so be sure to communicate, communicate, communicate.

Finally, companies need a governance mechanism to ensure all parts of their business are following the correct cloud process. At Symantec, we launched and now operate a cross-functional Cloud Council that’s responsible for cloud adoption and optimization. The council is co-chaired by IT, Security and Engineering leadership supported by extended stakeholders and provides technical, security and financial governance.

These efforts have paid off with benefits to both the top and bottom lines:

• Reduced compute and storage provision time from months to hours—and in some cases, minutes—while the implementation of automation and self-serve capabilities have resulted in significantly improved customer experience and speed-to-innovate.

• Reduced critical infrastructure incidents by 90% while improving the availability and utilization of the resources at all layers of the IaaS stack.

• Automated and enhanced infrastructure lifecycle management including discovery, mapping, provisioning, monitoring and analytics, incident and problem management, asset and configuration management and reporting.

• Moving to the new system has led to significant consolidation and more efficient use of resources. We have been able to reduce the number of labs by 46% across 19 Symantec sites, and consolidate regional infrastructure from over 45 sites down to 10. We’ve also increased storage utilization to over 80%, optimized our backup ecosystem by 40%and consolidated primary data center space by nearly 60%.

• Reduced overall operating expenses by by combining our private cloud, legacy migrations and repatriation efforts.

This is part of an ongoing transformation process and we’ll doubtless learn more in coming months and years. Cloud is obviously a topic of great interest to me and I am eager to hear more about your cloud journey!

It’s not easy for a bank to protect itself against cyber crime. And it’s much harder when there are hackers who make it their mission to take the bank down. To win, the bank needs some seriously strong security.

In 2012, Spain’s economy was in deep recession. The European Union came to the rescue with more than US$100 billion. But there were conditions: one of them—Spain had to set up a “bad bank,” a bank that would help restore the health of the nation’s ailing private banks by taking on their soured real estate assets.

So Spain set up Sareb—and Sareb set out on its mission of absorbing toxic real estate loans and properties from banks on the brink of failure because of collapsing property prices. Sareb took on almost 200,000 assets worth more than US$54 billion. Next step: Triage the assets and sell the salvageable ones back into the market.

All good, right? Not quite. Some Spanish citizens were angry at the bailout of failing banks. And hackers, always on the lookout for a target, put Sareb in their crosshairs. They launched a major zero-day attack and a CryptoLocker ransomware attack. They even created a malicious app called Sareb Go (after Pokemon Go), in which hackers tried to take Sareb assets by force.

Sareb had almost no security shield—no firewalls, no data-loss prevention, no threat protection. It needed a strong security infrastructure—and because it was on a strict schedule to liquidate assets, it needed it fast.

So Sareb went straight to the top. It called on Symantec and implementation partner Hewlett Packard Enterprise (HPE), and together they deployed a bulletproof solution for endpoint and email gateways.

Mission accomplished. Sareb can now uncover and investigate any suspicious events, search for particular indicators of compromise, get deep threat visibility, and remediate every attack artifact across all endpoints.

And Sareb can always call on Symantec and HPE experts for help. “You can own a Ferrari and it’s a great car,” says Gabriel Moline, corporate security manager at Sareb. “But if you don’t know how to drive it properly, what’s the use of having it? With Symantec and HPE, I have a high-end race car that I can expertly drive.”

Explore more … read the entire case study.

Background Image on Blogs "Quilted" Page: 

tipp-s.jpg

The cyber security problem is hard to solve due to its sheer complexity and size. The constant cat and mouse security game has driven spending well over the $10B mark and created 1,000+ new technology startups in just the last 5-10 years alone. Venture Capital money continues to pour in and new innovations in prevention, detection, incident response and SecOps occur at a regular heartbeat.

Cyber security platform companies like Symantec are also innovating, but it’s important to recognize the importance what a vast and very creative community of companies can bring to the table in the fight against cybercrime.

To accelerate the collaboration and creativity across this eco-system, Symantec is announcing a new initiative called the Technology Integration Partner Program or TIPP for short. We’re openly inviting any cyber security company from small startups to well established security companies to join with us to put a big dent in cybercrime. Click here to apply: TechPartner@symantec.com

While many partner programs exist today, we have decided to focus on the technical integration aspect of partnership. This is the single most important aspect of making a difference in security. By working to integrate our data feeds, linking together our defensive platforms, leveraging each other’s advanced detection suites, automating workflows to increase productivity, only then can we make a real impact. The more technology companies want to integrate with our platform, the more they will be rewarded within TIPP. Technology vendors can read more about the program here:  CLICK HERE

Our customers will want to hardness these integrations for the following reasons:  

• Enhance current security investments: A good example is utilizing the Symantec SSL Visibility Appliance to inspect SSL/TLS encrypted traffic that can be used by existing advanced threat or malware detection products. Without this, >70% of traffic would never be inspected.

• Maintain a stronger security posture: A good example is utilizing the ProxySG/Content Analysis to pre-filter all potential bad web traffic before it must be sent for deeper level inspection, such as sandboxing. This dramatically improves the performance of the current installed sandbox/ATP systems.

• Improve productivity: If the SOC team uses Splunk, Symantec has built a unified App to consolidate all data into one place from SEP/ATP/ProxySG, Security Analytics, WAF and more. This helps the analyst find a problem fast with direct access to Symantec systems to further validate or investigate.

We’re launching with over 100 integrations out of the gate with the broadest set of security technology companies around the planet. Customers will be able to find updates on new companies and integrations within Symantec Connect.

Symantec’s Volunteer of the Quarter initiative highlights and rewards those employees who dedicate their time and talents to those in need. We have a long and proud history of encouraging our employees to volunteer. While the driving force of our efforts is largely altruistic, there is even more to volunteering than giving back to our communities. Volunteering makes our company a better place to work, so employees are helping both Symantec and the organizations they volunteer for.

Today we highlight our Volunteers of the Quarter: Tony Cook and Chris Naunton, Application Support, Melbourne, Australia for their contributions to Code Club Australia, a nationwide network of free, volunteer-led, after-school coding clubs for children aged 9-11, with 50,000 members and 1,500 clubs across Australia. Code Club Australia is part of Code Club International, an international network of 10,000+ Code Clubs across 10 countries.

Building a love for coding? That might sound funny to some, but to those of us passionate about technology and programming, we understand. People of our generation who wanted to learn programming, had to do so from books. Today, the opportunities for students to build technology skills from a young age is just growing. We see this first hand through our work with Symantec and the growing industry need and desire to engage students in STEM. For example, when we were growing up, a programming club at school was not common.  We would have been overjoyed at the opportunity to build applications and games alongside our peers, learning from and inspired by their work. 

Keen to expand and support any opportunites for the next generation to learn to code, we proposed the running of a Code Club to a local school, Mentone Primary, and the principal was delighted to accept.  We leveraged the resources and support of Code Club Australia, whose mission is to give every child the skills, confidence and opportunity to change their world. They are doing this via the transformational power of programming. We volunteer one hour per week, where we teach a group of grade 4 and 5 students about programming.

Our Mentone Primary School Code Club began in February and will continue throughout the 2017 school year. Each class involves hands-on coding by the students leveraging Scratch, a visual programming platform developed by the Massachusets Institute of Technology (MIT) for the purpose of teaching coding to children. Chris and I lead the class as students work through each programming project, often building a game. We answer questions and help diagnose bugs. Once they’re proficient in Scratch, students will tackle the “real” coding languages HTML/CSS and Python.

Click here to learn more about how Code Club is making a difference in Australia and around the world to #getkidscoding.

The passion, frustration, and excitement of the students we work with shows us how impactful the program really is. Programmers don’t usually cry over their code, but that is what happens when a student accidently deletes code that has taken 10 minutes to write and they are not able to recover it. Helping students navigate the challenges and accomplishments of project development is a skill they can apply in any field. 

Applying our professional skills is the easy part – we are both programmers with many years of experience in several languages. The new skills we develop are more challenging and ultimately the most rewarding part. Managing and engaging a class of fifteen 10-12 year olds, each with a laptop, certainly requires skills that we don’t normally use in our day jobs.

Additionally, the chance to meet new people and pass on our skills and experience is something we both highly value. When parents tell us Code Club is their child’s favorite part of the week, we couldn’t feel more gratified. It’s inspiring to see first hand that kids are building a love for coding. Most importantly, they begin to see learning as fun and understand its importance and applicability, an invaluable experience for any student.  

It is very easy to be absorbed by our own world. However, volunteering expands this lens, it exposes you to the world of others that is often very different to your own. And the potential impact you can make both working and volunteering is likely to be greater than spending those hours in your day job alone. 

There are many things to like in the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure that President Trump recently issued, but chief among them was the direction for federal agencies to follow the risk assessment standards established by the National Institute of Standards and Technology (NIST).

At its core, the NIST Cybersecurity Framework (CSF) is a leading guide to help organizations – both public and private – effectively manage their risk. The NIST CSF has been proven to be an effective cyber baseline for organizations in the private sector, and is being deployed widely across a number of industries to shape cybersecurity strategies, including healthcare, financial services, critical infrastructure and, yes, even Symantec. By requiring agencies to follow the NIST CSF and submit a report based on their findings, the Trump administration is building off the positive work already done to improve cybersecurity – and pushing it forward.

The Cybersecurity Executive Order is something the Trump administration has discussed since its first days in office. In addition to the focus on the NIST CSF, it includes a number of other major initiatives such as:

• Placing the responsibility for cybersecurity risk on the heads of federal agencies
• Calling for a report on cybersecurity concerns facing critical infrastructure to be drafted within six months
• Mandating government agencies, especially those in the civilian sector, consider opportunities to share cyber technology when feasible, a shared services approach to cyber

This all represents a positive first step from the Trump administration in terms of its cyber stance. Instead of “throwing the baby out with the bathwater” so to speak, the new leadership has embraced and built upon previous initiatives.

That said, this is still only one step in the process. Cybersecurity breaches continue to dominate the headlines. Just two days after Trump issued the Executive Order, the WannaCry ransomware attack hit computers all over the world. While the attack’s damage to federal systems seems to have been limited, it was a stark reminder of the impact cyber threats can have on a global basis.

The United States government remains the focal point for attacks. Some begin with simple vulnerabilities, such as taking advantage of poor cyber hygiene, while others are more sophisticated. All of them present a danger to federal agencies, national security and the public at large.

The Executive Order and its focus on the NIST CSF is a fantastic start to help agencies navigate the challenges ahead. Anything that supports improved cybersecurity will ultimately help in the long run (increasing budgets for cyber related programs would also help…immensely). It’s how agencies actually interpret the Executive Order and the NIST CSF and move forward with implementation that is the key next step. This cannot be about adding – or bolting on – point security products that do not interoperate with one another in a panic mode approach. Agencies need to develop a comprehensive cyber strategy that includes more integrated capabilities, including solutions that are built to work together, and align with each functional area in the NIST CSF.

We applaud the Cybersecurity Executive Order and its initial intentions. This presents agencies with an opportunity to re-imagine their current security programs and take significant steps to ensure those programs are hardened. The cyber battle is never over, but a focus on adhering to the NIST CSF within the Executive Order is a good “stake in the ground.”

Despite increased spending on IT, our annual Internet Security Threat Report found that healthcare contributed to the second highest number of security incidents in the services sector in 2016.  Rich in personally-identifiable information, healthcare data is a highly attractive target for cyber attackers, and the results of a successful attack can be dire – including risk to patient care.

Over the last year, I’ve had the pleasure of working with 20 other healthcare subject matter experts as a member of the Healthcare Industry Cybersecurity (HCIC) Task Force.  Assembled by the Department of Health and Human Services (HHS) as required by the Cybersecurity Information Sharing Act of 2015 Section 405, the Task Force examined the current cyber threat landscape and reviewed input from experts inside and outside the healthcare industry to develop specific recommendations and best practices.  On June 2, we released our Congressional report, outlining six imperatives for the healthcare industry:

• Define and streamline leadership, governance, and expectations for healthcare industry cybersecurity.  The Task Force recommends the creation of a “cybersecurity leader” role within HHS to coordinate activities and serve as a single focal point for industry engagement across regulatory and voluntary cybersecurity programs.  Other recommendations address leadership, accountability and governance structures for industry organizations and government

• Increase security and resilience of medical devices and health IT.  This imperative addresses the Cybersecurity Information Sharing Act’s mandate to review the unique cybersecurity challenges of medical devices and electronic health records.  We recommend a combination of regulatory, accreditation, information sharing, and voluntary development and adoption of standards to promote system security from product design and development through end of life

• Develop the healthcare workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities.  This section addresses the workforce challenges that healthcare faces around health IT in general and cybersecurity, specifically particularly among small, rural and other organizations that lack the resources it takes to address these issues.  Recommendations include steps to enhance cybersecurity leadership, workforce development, and leveraging shared services

• Increase healthcare industry readiness through improved cybersecurity awareness and education.  This imperative focuses on raising awareness among corporate leadership, educating employees on the importance of cybersecurity, and empowering patients to make better choices related to their personal health information security.  The Task Force recommends that HHS work with government and industry partners to promote cybersecurity awareness across healthcare

• Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure.  Healthcare has a significant problem of intellectual property theft related to clinical trials, drug and device development, big data applications, and general healthcare business operations.  We recommend activities to increase the industry’s understanding of the scope of the problem and the various risks of ongoing intellectual property loss

• Improve information sharing of industry threats, risks, and mitigations. Recommendations under this imperative focus on the sharing of cyber threat information among government and industry stakeholders.  The Task Force recommends the establishment of cyber threat information sharing systems in healthcare, with a focus on ensuring that actionable information reaches small and rural organizations[1]

As evidenced in recent security reports by Symantec and HIMSS Analytics, healthcare needs to revamp its cybersecurity practices to protect its highly-valuable information.  Though it won’t be an easy path forward to address these challenges, it is essential that providers prioritize deploying holistic cybersecurity solutions and processes to better protect their data, and most importantly, their patients.  Read the full HCIC Task Force report here.

Cloud Security continues to drive the Secure Web Gateway market

The Secure Web Gateway (SWG) market continues to grow in 2017, due to the growth of cloud-based SWG services and the focus on SWGs as security solutions, according to a new report from Gartner.

The cloud-based SWG business has grown at a recent five year CAGR of 35% and the entire SWG market is estimated at $1.5billion according to Gartner.

Symantec is Named a Leader in Secure Web Gateways*

Evaluating 11 vendors across competitive buying criteria, Gartner named Symantec as a Leader in the Magic Quadrant for Secure Web Gateways.

Here are a few reasons why the world’s largest brands choose Symantec to protect their cloud web access:

• We provide the strongest proxy in the market in terms of breadth of protocols and the number of advanced features, including multiple authentication and directory integration options.
• We offer the most comprehensive, integrated security solution– including integrations with DLP, Endpoint, CASB, encrypted traffic management and advanced threat prevention solutions.
• We make it easy to manage and deploy SWG with a powerful central management console and flexible deployment options ranging from on-premises, virtual and cloud service, including hybrid solutions.

Next for Symantec: Tighter Integrations and Greater Threat Protection 

Over the past ten months, since the acquisition of Blue Coat Systems we’ve already introduced a number of integrations with complementary Symantec security solutions including DLP, Endpoint, and Messaging security.  We’ve also announced data sharing in our cloud intelligence, the Global Intelligence Network, resulting in blocking over 4.1 million additional threats a day for our customers. 

Our engineers are hard at work building the next series of integrations of Symantec products. We believe the future of data security lies in bringing multiple disciplines together: secure web gateways, data loss prevention, endpoint security, cloud security, identity management and encryption. By integrating these traditionally separate security technologies, we can deliver simplified cloud and information-centric security with improved threat prevention to our customers.

Thank You to Our Customers and Partners!

We’re honored to be recognized by Gartner for our continued leadership in SWGs. It is a testament to our commitment to security innovation and to the loyalty of our customers and partners. Here’s to ten more years of continued success!

To read the entire Gartner Magic Quadrant report, click HERE.

*Previously listed as Blue Coat Systems in prior Gartner Magic Quadrant SWG reports.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.