You can't miss the hype about blockchain technology particularly in regard to cryptocurrency and the preferred method of payment for hackers.

Some states have started to discuss adoption of blockchain technology in support of some state government services or investigating blockchains in state government with informal discussions.

What's the true value of blockchain to a State or an Organization?  Blockchains have the huge potential to affect the delivery of more efficient services at small upfront investments.  Because there's no centralized point of authority, the network is an open ledger in the cloud to put it simply. Think about a Microsoft Excel spreadsheet in the cloud in which everyone has a view of each other’s transactions therefore no 3rd party is required. These blockchains can be either public or private.

Clearly the financial economic value has been highlighted with cryptocurrency transactions (BITCOIN) where you can send any dollar amount from your virtual wallet to anyone in the world within minutes with a fraction of the cost of traditional methods along with unbreakable security. However, unlimited to financial transactions, it's endless of other legacy records management processes that this could be applied to.

For example: Think of the authentication, audit and accountability process involvement in maintaining your property files for your home, car and land titles. Blockchain would remove the risk of centralized systems managing the backend management processes since it would all be decentralized. Similar benefits with supply chain management processes as well:

Below is a more detailed list of benefits using blockchain in government taken from NASCIO and early stage recommendations to prepare your organization.

• Managing Property Deeds 

• Authenticating Academic Credentials

• Submitting Healthcare and Insurance Claimcs

• Evaluating and Managing Professional Licenses 

• Tax Calculations and Payment

• Administering Tickets, Fines, Citations including Payments and Processing

 • Managing, Updating and Transmitting Criminal Records

• Managing Birth and Death Certificates 

• Managing, Updating and Transmitting Healthcare Records

• Managing micro-grid transactions in the energy sector 

• Recording and reporting financial transactions, financial statements

• Managing lineage of patents, trademarks, reservations, domain names 

Early Stage Recommendations:

1.   Begin research of blockchain technology and economics now so states can begin to grow their knowledge.

2.   Given this basic knowledge, begin to explore some potential use cases to better understand how blockchains may disrupt or enable your organization.

3.   Consider developing a preliminary strategy on how you could adopt blockchain technology for future use.

4.   Create a state stakeholder group (from both business and technology)
to inform the preliminary strategy.

5.   Identify relevant use cases to harvest the benefits of blockchain technology for your organization.

Background Image on Blogs "Quilted" Page: 

WilliamsMartini.png

In a world where data drives just about everything, securing that data has become a top priority—and a top challenge—for organizations of all types. Few, however, face bigger security hurdles than Williams Martini Racing, one of the world’s leading Formula One racing teams. With competitors ready to do almost anything to gain an edge, industrial espionage is a very real concern. And when you consider that Williams’ data center goes where its drivers go—two racks of hardware travel to 21 countries per year and require 100 percent uptime once they arrive at the track—you begin to understand the magnitude of Williams’ security challenge. Here, Chief Information Officer Graeme Hackland of Williams Martini Racing reveals how the company is using Symantec™ technology to rise to that challenge—and maintain its Grands Prix–winning tradition—in the sport it has dominated for four decades.

Q: With a typical Formula One race weekend generating more than 140 GB in telemetry, video, and other race car analytics, can you describe the challenge of keeping all that data confidential while still making it 100 percent available for the split-second decision-making that ensures driver safety, facilitates compliance with motorsport regulations, and (ultimately) wins races?

Hackland: In Formula One, we’re always thinking about speed—speed of the car and speed of operations. This means that any endpoint security technology must have low overhead on all machines because nothing can slow things down trackside. A longer boot-up process causes real problems in a Formula One context. … If you get a blue screen, no one will wait until you’re ready—the race goes on.

Q: Because data collected at the track can directly impact midrace decisions and lead to the engineering tweaks that tip the scale to victory, how do you keep your competitors—who will do everything fromrecording car engine noise to determine gear ratios to mining data—from accessing the networks and devices that contain Williams’ all-important intellectual property (IP)?

Hackland: Moving to digital workflows has unquestionably led to much speedier processes—for example, allowing the race tyre engineer to record pressure and temperature at the track using a tablet. However, it also increases risk because that confidential information is now available to anyone who can access that tablet. As we transform ourselves, IT risk changes, which is why we’re working with Symantec to eradicate that risk.

Q: Can you talk a little bit more about how Williams is using Symantec technology to do this?

Hackland: It’s not enough to have just antivirus or intrusion prevention or even machine learning. We also need proactive detection for the latest threats (including ransomware), reputation analysis, behavior monitoring, and more. Through our partnership with Symantec, we’ve been able to embrace a new portfolio of technologies that encompasses all of these.

Q: Williams’ business does not end at the racetrack. In recent years, your affiliated company, Williams Advanced Engineering (WAE), has applied knowledge and skills gleaned from Formula One racing (around lightweight structure, aerodynamic flow, etc.) to clients in the aerospace, defense, sports science, and medical fields. How has Williams used Symantec technology to protect WAE customers’ data?

Hackland: Formula One data has a very short lifetime—three, four years, maybe. Williams Advanced Engineering presented us with a very different challenge in that we now have multiple customers in industries ranging from automotive to aerospace, healthcare, and more, and they don’t want their data leaking among project teams. This is one of the reasons we turned to Symantec. If we lose our customers’ intellectual property, our reputation—and therefore our business—will suffer.

Q: How critical is it to both Williams Martini Racing and Williams Advanced Engineering that your security infrastructure provides access to the world’s largest civilian threat intelligence network?

Hackland: One of the major advantages of our partnership with Symantec is access to knowledge of the ever-changing global threat landscape. If you stop thinking about threats, you’re going to be hit by something. Symantec Global Intelligence Network—part of our end-to-end Symantec security solution—ensures that this doesn’t happen by identifying threats globally and sharing that information with Symantec Endpoint Protection.

As for our Williams Advanced Engineering customers, we work on such sensitive projects that protecting customer data and IP is crucial. We’re often called upon to demonstrate that specific security requirements have been met in order to win our customers’ business—and our Symantec solutions enable us to do that.

Learn more about how Symantec protects Williams.

Make Even Smarter Cloud App Choices

Symantec CloudSOC Audit customers have been able to view and leverage the Business Readiness Ratings (BRR) of over 20K cloud apps and services. BRR, which is calculated individually for each app, is based on 120+ security attributes (compliance, MFA, access control, etc.), and is invaluable in helping you to select apps that meet your exact security requirements.

And now, with the addition of the Cloud App Threat Feed, you can also factor real-world vulnerabilities and exploits into an app's BRR rating, allowing you to identify and control apps that have recently been successfully attacked.

Screenshot #1: CloudSOC Audit Dashboard, showing Compromised Cloud Apps discovered

How it Works

In Audit BRR Profile preferences, you now have an option to “Adjust BRR based on compromises in the last 90 days”. By selecting this option, apps that are compromised will have additional threat intelligence factored into their BRR scores following the detection of an exploit, which include data theft/exfiltration attempts, account compromises, phishing attacks, and other malicious activity types. A 90-day term was selected to provide a window on the app threat that persists long enough to mitigate the risk but is terminated before the information becomes dated. 

In addition, you will be able to see an additional widget in your CloudSOC dashboard that shows a list of recently compromised cloud services.

Screenshot #2: CloudSOC Dashboard, showing Compromised Cloud Services Widget

How it will Improve Your Cloud Security

Immediately, this enhancement will enable you to dynamically account for real-time exploits not currently accounted for by the static BRR risk attributes, which are primarily focused on conformance to compliance standards and security functionality.

And coming soon, you will also be able to block access to these temporarily risky apps through setting policies in the CloudSOC Protect module that block apps with a low BRR score.  

Availability

Functionality will be available globally by July 13th.

“Symantec is leading innovative and impactful community engagement through corporate leadership, leveraging their own resources and core competencies to collaborate to build thriving communities while, at the same time, enabling their business to thrive.” - Barrie Hathaway, executive director of The Stride Center

Symantec partnered with The Stride Center in 2016 to excite, engage, and educate thirty low-income adults and to prepare them for well paying, high-demand careers in the cyber security field, through our Symantec Cyber Career Connection (Symantec C3) program.

One of these students, Lee Mark Poitier was pursuing a bachelor’s degree in Information Security at the University of Phoenix when he learned about Symantec C3, offered at the Stride Center, a nonprofit social enterprise that prepares low-income Bay Area adults to thrive in technology careers. Frustrated by his current career prospects, Lee’s friends and teachers recommended that he pursue certifications in order to land a job in cyber security. After completing Stride’s A+ program, an industry recognized IT technical support certification, Lee enrolled in Symantec C3 with a goal to work in the cyber security field.

Lee’s passion for cyber security stems from his desire to help others. “I have always been inspired to help people have peace of mind that the confidentiality and integrity of their information systems will not be undermined,” he said. With hard work, dedication, and a commitment to continuous learning, Lee graduated from Symantec C3 in 2016 and was offered a job as a Security Operations Center Analyst at Work Day, a finance-focused enterprise software company. To him, the fast-paced and continually evolving Symantec C3 program has helped him stay ahead of new and emerging cyber security threats. “This experience also taught me to be a lifelong learner, and that if I want something badly enough, anything is achievable with a supportive team,” he told Stride after completing Symantec C3.

On June 23rd, the next cohort of Stride Center graduates, including those completing the Symantec C3 program, joined the nearly 2,500 graduates that Stride has already placed in IT internships and jobs. At the graduation, Stride recognized Symantec Corporation with their 2017 Civic Leader Award, for addressing the dual challenges of closing the cyber security workforce gap as well as the widening income gap.

The Stride Center’s 2017 Graduates, pictured above, leave the program as certified IT professionals positioned to earn $15-$25/hour in entry-level IT professions.

With every new digital device, connected car and mobile wallet, attacks on cyber security are increasing and the need for cyber security professionals is now greater than ever. Simultaneously, the income gap continues to widen and too many people do not have a pathway into a viable career. There is a vibrant community of underrepresented young adults—including people of color, women, and veterans—that could fill at least 60,000 of the available cyber security positions if properly trained. Working with non-profit training partners across the globe, including the Stride Center, Symantec C3, is a collaborative effort to address just this. Through a mix of targeted classroom education and soft skills development, followed by cyber security internships with leading employers, Symantec C3 positions students to fill in-demand cyber security jobs.

We are honored to receive the Stride Center’s 2017 Civic Leader Award. This award, which recognizes companies contributing to community well-being through shared business strategies, acknowledges the work that Symantec has done to train the next generation of cyber security workers and close the widening income gap. We are proud that to date Symantec C3 has achieved an 81 percent graduation rate, with 72 percent of graduates placed in full-time positions or accepted into a four-year college program. We are also proud that we can work to close the cyber security workforce gap by emphasizing diversity. Sixty-three percent of our graduates are people of color and 25 percent of our graduates are female.

Symantec’s Debra McLaughlin (front left) and Jaime Barclay (far right) accept The Strice Center 2017 Civic Leader Award at the awards ceremony.

Symantec C3 reflects Symantec’s long-term commitment to keeping the world safe from ever-evolving digital threats. And we need your help. While our training partners provide the technical certifications and training, nothing compares to real-world experience. Our students are currently working in top companies, including TD Ameritrade, Morgan Stanley, Gap Inc., and Salesforce, and you can help by providing internship opportunities at your organization so that more students, like Lee Mark Poitier, can grow their skills through practical application and on-the-job training. Learn more and get involved by visiting our website.

Background Image on Blogs "Quilted" Page: 

global_technology_0.jpg

I’m sure you’ve read by now that we have agreed to acquire Fireglass—the leader in the fast-growing Threat Isolation security category.  The acquisition, which is expected to close in this Fall, adds valuable new capabilities to our Secure Web Gateway and Email Gateway offerings that increase your customer’s protection against web-borne threats.

What Does Fireglass Do?

Fireglass’s core technology, delivered as a cloud-service or on-prem, intercepts and executes web requests in an isolated secured environment.  It gives users safe access to uncategorized and potentially risky websites, without risk of malware infection to the operating system since these types of website interactions are simply isolated from the user’s browser.  The experience for users is seamless as they will interact with websites just as they would normally while the isolation process happens in the background when interactions occur with unknown or risky web locations.   All the user simply sees is the website they were expecting and with any risky content isolated from their browser. 

Did you know that according to Gartner’s recent Strategic Planning Assumption predicted that by 2021, 50% of enterprises will adopt browser isolation and, as a result, will experience a 70% reduction in attacks compromising end user systems? Any CISO in any size company would love to see that level of protection in his or her own organization.

Where is the Opportunity for Partners?

There is a very big opportunity to sell Fireglass along with ProxySG and Web Security Service as a cross-sell.  Fireglass adds a significant layer of protection beyond the powerful resources of ProxySG and Web Security Service.

On their own, both our Secure Web Gateway and Mail Security solutions provide excellent protections against advanced threats. Content Analysis and Malware Analysis scan files within proxy deployments as well as for Secure Mail Gateway (introduced last quarter). Both the cloud-delivered Web Security Service and Email.cloud Security have options for advanced malware sandboxing in the cloud as well. Tied together with our unmatched Global Intelligence Network (GIN), we have an excellent portfolio to protect organizations from threats. 

Millions of hosts (Domains, Subdomains, or IP Addresses) pop up every day and many of these have lifespans of less than 24 hours.  Many organizations choose to set Secure Web Gateway policies to block users from going to uncategorized sites because of the risk they represent, even though many may be legitimate destinations for business purposes. 

With the integration between our Web and Mail Security with Fireglass, organizations will be able to set policies to send any traffic deemed risky or uncategorized by Global Intelligence Network down a Threat Isolation path.  Businesses can let their users interact with these sites to accomplish their tasks, knowing that any malware introduced via these sessions will remain isolated from their network and not infect their network environment. What makes Fireglass unique is the Fireglass True Isolation™ technology that delivers 100% visual stream. This is critical because competitors use only a document object model (DOM) which still sends rendering information such as CSS, fonts, and other HTML elements. These elements bypass isolation and can still be exploited for vulnerabilities—but not with Fireglass. This new capability results in a productivity boost for customers without incurring any additional risk.

With this acquisition, Symantec aims to further strengthen our Integrated Cyber Defense Platform and dramatically extend our leadership in Secure Web Gateway and Email protection delivered both on premise and in the cloud.

If you have proxy refresh opportunities in your pipeline, consider adding Fireglass to help increase your deal size and give your SWG customers even more protection. Any customer with on-prem proxy deployments will benefit greatly as Fireglass integrates with on-prem proxies right now.

We will communicate timelines for use of Threat Isolation with Web Security Service (WSS) and Email.cloud security at a later time.   Customers already testing Isolation and in final negotiation/procurement process should conduct business as usual with Fireglass.

Where can I learn more?

We encourage you to join one of the live webinars below where you can learn more about this incredible technology and why we are so excited about what it means for the future of advanced threat protection.

Webinars on “Integrating Threat Isolation with Secure Web Gateway and Secure Mail Gateway”:

July 11th 11 am EDT / 8 am PDT / 3pm UTC

https://www.symantec.com/about/webcasts?commid=269353&mkt_tok=70138000001QM33AAG

July 13 2 pm Tokyo  / July 12th 1 am EDT / 5 am UTC

https://www.symantec.com/about/webcasts?commid=269361&mkt_tok=70138000001QM38AAG

July 14th 12 Noon EDT / 9 am PDT / 4 pm UTC

https://www.symantec.com/about/webcasts?commid=269363&mkt_tok=70138000001QM3DAAW

July 19th 1 pm EDT / 10 am PDT / 5 pm UTC
https://www.symantec.com/about/webcasts?commid=269365&mkt_tok=70138000001QM3IAAW

Additional Resources:

Click Here to download the Fireglass Field Datasheet

Click Here to download the Fireglass Sales Presentation

Click Here to download the Fireglass Threat Isolation Demo

Below steps to do intragetion between DLP Enforce server and Cloud DLP Detector

Steps:

1. Log on to the Enforce Server as Administrator. Make sure you have installed license of “cloud prevent for email” on enforce server.

2. Go to System > Servers and Detectors. The Overview page appears. 

3. Click Add Cloud Detector. The Add Cloud Detector screen appears. Click Browse in the Enrollment Bundle File field. 

4. Provide location of enrollmentbundle.zip that you received from Symantec and Enter Detector name then click on Enroll Detector.

5. The status will show as Connected. The enforce server will deploy polices on cloud server.

6. The Email administrator need route outbound email from Office 365 to provide DLP hostname.

Background Image on Blogs "Quilted" Page: 

tipp-s.jpg

In June 2017, we officially announced the new Symantec Technology Integration Partner Program (#TIPP), bringing together the Blue Coat and Symantec worlds and creating the largest and broadest technology partner eco-system in cyber security.

In this blog, I wanted to share what this means for our customers as well as our technology partners and showcase a new tool we call the Integration Cyber Defense Map  - Download the Map 

Defending ourselves from cyber threats is hard. If you look at a typical enterprise, they will have acquired around 30-60 security vendors over the years, but unfortunately maybe only half of those would have been deployed. Why? Cyber-security requires discipline, a long-term viewpoint and for all these systems to work together to make operational sense. And that simply hasn’t happened. It’s a shame that many of these systems are just left on the shelf and not fully utilized.

One can argue whether deploying 10 vendors is better than 60, but in any case, it is critical that cyber security systems be able to share data and context about what they know, what has been blocked and why, what they have detected as suspicious and so on. The Symantec Integration Cyber Defense Platform together with TIPP sets up this framework

To help our customers understand how the Integrated Cyber Defense platform can help, we have created an interactive map of all internal and external partner technology integrations.

This showcases many hundreds of integrations across our entire product portfolio and how they map to our own 24 product areas as well as our 23 partner solution categories and our 100+ TIPP partners.

If you are a Symantec End Point or ProxySG customer, simply mouse-over that product to see all the current active partner solutions and then drill down to learn more. Alternatively, if you have deployed deception technologies, another EDR solution, simply mouse-over and find quickly which Symantec products work together. Access the Map Here.

We have a very strong pipeline of additional integrations for 2017 so this map will be updated frequently.

For our technology partners, we have also worked hard to make this the best program in the industry, with access to a rich set of APIs’, product support, demo licensing for engineering and certification, documentation as well as access to our community portal; Symantec Connect, with direct access to over 700,000 users.

Any customers and partners wanting to learn more about TIPP, click here. https://www.symantec.com/partners/programs/technology-integration-partners

“We are delighted to welcome (Symantec's) Darren Thomson to the TeenTech board. We’ve been very aware of how much support and how many opportunities Darren was personally providing for students - from mentoring to work experience. Darren brings great understanding of the real workforce needs of fast growing and fast changing tech companies, and we are looking forward to working with Darren as we head toward TeenTech's very special 10th anniversary year.” - Maggie Philbin, CEO and Co-founder of TeenTech

By Darren Thomson, EMEA CTO & Vice President, Technology Services

With mentoring support and industry encouragement, teenage girls in the UK are embracing STEM and shaping their futures.

One of my personal goals as a CTO at Symantec is to encourage more female youth to consider careers in Science Technology Engineering and Math (STEM) fields, including cyber security. As a volunteer mentor for the past two years, I have had the privilege of working with two high-school students, Lauren Shae and Lucy Rawlings through TeenTech, an award winning, industry-led initiative that engages young people aged 8-18 across the UK in STEM.

Above: TeenTech CEO and Co-founder Maggie Philbin, kicks off the 2017 TeenTech Awards.

TeenTech offers year-round mentors, live innovation events, and STEM workshops to introduce students to the wide range of STEM career possibilities. The organization also hosts the TeenTech Awards, an annual initiative that challenges young people to tackle key societal and environmental issues using the power of STEM. At the 2014 TeenTech Awards, my mentees Lauren and Lucy won the People’s Choice Award for their idea of an intelligent medical shuttle, which led to incredible opportunities for the girls. They went on to be crowned 2016’s ‘Teen Heroes of the Year’ by BBC Radio 1, met Prince Andrew, were invited to Buckingham Palace, and discussed racecar engineering dynamics with the Williams Formula One racing team. At just 17 years old, Laura has also been named one of the Top 50 Engineers Under 35 by The Women’s Engineering Society (WES).

Above: Students from Alexandra Park School accept the 2017 TeenTech Award for Safety & Security for their biometric bike lock that lets riders ‘stick’ their bike to any metal surface using electromagnets.

For my part, I’ve focused on connecting their awards win to future educational and career opportunities. With the support of TeenTech and Symantec, Lauren and Lucy have used the experience to choose universities, complete their A-levels, and think about their future careers. They have obtained real-world experience by generating thought-leadership content for Symantec, as well as helping with marketing at our customer-focused Spotlight event. Most importantly, they now serve as TeenTech Young Ambassadors in their community and at their all-female school, Alton Convent, demonstrating to others girls across the UK all that is possible when pursuing an interest in science and technology.

In England, students must choose their General Certificate of Secondary Education (GCSE) exam topics and at Alton Convent, the percentage of students choosing to take their GCSE in physics has increased from43% to 87.5% in the two years since Lauren and Lucy won the TeenTech Awards. While the school’s STEM curriculum has not changed, more girls are now studying physics at A-level than any other time in the school’s 200-year history.

While Lauren and Lucy have just finished their A-levels and are in the process of applying to university, their legacy is the real impact that continues to grow in the halls of Alton. As role models and ambassadors, they have helped change how their peers think about STEM, as well as how they think about their futures. For decades students were told that an interest in IT led simply to a career as programmer. Lauren, Lucy and TeenTech have helped open up the eyes of youth across the UK, showing the endless possibilities technology skills can provide, including a career as a racecar engineer. Lauren, Lucy and TeenTech have also shown girls across Europe that STEM is not a field “just for the boys”. For the second year running, girls led the charge at the 2017 TeenTech Awards, with females making up over 60% of the winners.

In my new role as a board member for TeenTech, I’m excited to further expand our mentoring and ambassador programs so more girls like Lauren and Lucy can embrace STEM and shape their futures. Empowering student mentors to share their inspiring STEM ideas and TeenTech experiences will encourage other female students to continue to buck gender stereotypes and embrace the diverse career opportunities offered in STEM fields. My work with TeenTech is directly tied to and supports Symantec’s goal to excite, engage, and educate one million students in STEM education by 2020.

As I move into my board role to help TeenTech with more organizational strategy, I am proud of the others on Symantec’s technical teams who have stepped in to mentor, find ambassadors and help with TeenTech logistics. As an example, as a sponsor of 2017’s TeenTech Awards, Symantec employees Clive Finlay and Heather Bentley sat on the panel of judges and heard finalists from the UK, Spain, Finland and Hungary, share their ideas including a hand-held cancer detector, floating cities, and wearable devices that detect UV rays. I am proud of what Symantec, TeenTech, and Lauren and Lucy have already accomplished in engaging youth to pursue STEM careers and look forward to scaling the TeenTech program to inspire more young people to use technology to solve our world’s greatest challenges and create the future.  

Authors: Aditya K Sood and Rehan Jalil

Overview

In recent years, the community has encountered a number of data exposure incidents in the cloud that could have resulted in significant security breaches, and thereby incurring financial losses to the organizations. One of the repetitive patterns of unauthorized data exposure is the availability of sensitive data through AWS S3 buckets. These data exposure incidents could be a result of erroneous approach by the employee, infrastructure misconfiguration, malicious insider attack or targeted attack by a remote adversary. In all cases, the sensitive data is found to be exposed on the Internet through AWS S3 buckets.  

A number of serious data exposure incidents are highlighted below:

• A misconfiguration resulted in leakage of close to 1.4 million private records containing customers’ medical data found exposed to the public via AWS S3 buckets

• Highly classified defense data related to US military and National Geospatial-Intelligence Agency (NGA)was exposed via AWS S3 buckets

• 200 million US voters data was exposed to the Internet via AWS S3 buckets and this data could have been utilized by attackers for nefarious purposes.

The incidents listed above are some of the critical ones in the recent times. Untracked cloud data movement and misconfigurations are playing crucial role in exfiltrating enterprise data from the cloud.

AWS S3 Buckets: Threat Model

Let’s quickly take a look at Simple Storage Solution (S3), which is heavily used by cloud companies for data storage. Generally, the buckets are deployed using S3 which are logical units for data storage in AWS. There is no limit on the number of objects that can be stored in the associated S3 bucket. The buckets hold the storage objects as primary data and associated meta data. The data transactions occur by moving data in and out of the system.

The question that comes to play is, how is this storage secured? AWS provides mechanism to restrict access by defining privileges using AWS policy generator by defining bucket policy. However, with the use of Identity Access Management (IAM) user policy in conjunction with bucket policy, explicit access controls can be deployed to restrict access to authorized users only. This security mechanism needs to be implemented at an infrastructure and application level.

AWS S3 buckets can be either public or private. If the bucket is private, the remote user will encounter “Access Denied,” otherwise a number of objects will be revealed if the buckets are public. A definitive S3 URL pattern exists that can be used to detect the access right on the buckets.  More importantly, the critical point is that, AWS controls follow shared responsibility model in which it is expected that the customers should configure and deploy available security controls as per the configured network. The data exposure via AWS S3 buckets can be considered as a deviation in the secure deployment of shared security controls.

That being said, the adversaries can deploy different techniques to detect publicly exposed AWS S3 buckets. Figures shown below highlights how the S3 buckets (storage instances) can be detected in an automated manner:

The records (as example shown above) are found to be publicly exposed on the web and an attacker could have accessed the data using AWS S3 bucket fingerprinting techniques such as URL fuzzing or search engine dorking as shown above.  It can be also seen that a number of buckets are throwing “Access Denied” notifications which means these buckets are not publicly available.

Data exposures via AWS S3 buckets raise a very practical problem that organizations are facing, which  is how to secure data in the cloud.Considering the security incident above, apart from strong security access controls, additional questions need to be answered:

• How are data transactions monitored from the AWS S3 buckets and associated user accounts?

• How often is this data accessed and by whom and from which location?

• Are there any policies configured to determine whether data transactions hit the threshold or not?

• How can you make sure that data governance and compliance controls are followed even if the cloud app[s] are approved?

Cloud App Visibility Parameters

One of the most important considerations is to have visibility into data that is being uploaded and downloaded to cloud apps. The challenge of attaining visibility into data transactions in cloud apps is becoming a persistent problem in enterprises. As a result of this,  data transactions in cloud apps are executing under a non-transparent hood and the associated transactions are not visible to enterprises. To unveil security risks associated with shadow data residing in cloud apps, extensive visibility is desired considering the following parameters:

• Identity:  To determine “Who” is performing data transactions in cloud apps

• Timeline: To determine “When” data transactions are performed in cloud apps

• Purpose: To determine “Why” data transactions are performed in cloud apps

• Technique: To determine “Which” tactics are opted to perform data transactions in cloud apps

• Movement: To determine “How” data transactions are performed in cloud apps

• Classification: To determine “What” types of data transactions are performed in cloud apps

These are also called “Visibility Parameters.” Detection and monitoring of “Shadow Data” transmission from an enterprise to a public cloud is only possible with a Cloud Access Security Broker (CASB) like Symantec CloudSOC in place. For strengthening the security posture of cloud apps in enterprises, granular visibility into identity, timeline, purpose, technique and movement of data is needed. 

A few quick tips to secure cloud apps are discussed below:

• Discover Shadow Data / IT– apps and IT solutions used by employees without the company’s authorization.

• Detect risky cloud app activities and users – zero in on threats without sifting through billions of data records. Symantec CloudSOC does this in a unique way by using advanced machine learning and data science to detect these activities.

• Protect cloud apps– enforce policies across multiple cloud services at the same time. This allows you to prevent attacks and ensure corporate governance.

• Perform post-incident investigations and forensic analysis – analyze all historical transactions for your cloud applications and services. This allows you to perform deep dive analysis for legal, compliance or HR initiatives, ensuring cloud-based data is no longer outside the sphere of enterprise analysis.

Background Image on Blogs "Quilted" Page: 

WilliamsMartiniPopUpDC.jpg

In the hyper-competitive world of Formula One™ racing, information is now every bit as critical to a team’s success as the condition of their vehicles or the skill of their drivers.

Consider this: Williams Martini builds as many as 300 sensors into its cars, which collect 1,000 channels of information every second the vehicles are on the track. That adds up to about 80 gigabytes per race that get fed into a constantly updated computer model.

So when the Williams team arrives at a new Formula One circuit, their engineers haul with them a two-rack data center that they erect for the duration of the race.

These "pop-up" data centers are perhaps the team's most important piece of equipment. They host the engineering systems and analytics that process real-time data streams from the cars' onboard sensors to deliver the final fraction of horsepower, tire life, and speed.

They also transmit vast amounts of information generated by Williams’ race cars’ sensors. Beamed back to the company’s Grove headquarters in Oxfordshire, UK, this telemetry data is fed into a computer model that is updated in real time and allows strategists to model the data and make mid-race decisions based on their analysis of this rich trove of information. For example, race tire engineers can deploy tablet computers to record wheel pressure and temperature readings at the track using a tablet and send that message back to Williams’ HQ for closer analysis.

"Speed and performance during a Grand Prix weekend is critical, no matter what you're doing, whether you're preparing the tyres - and it used to be done on a piece of paper, and it's now done on a tablet - whether you're sitting on the pit wall making strategy calls, making decisions about when to bring a driver in or what configuration to send the car out for qualifying," said Chief Information Officer Graeme Hackland.  

All of those decisions need to be made in near real-time with the right data.

"And so that local processing power that we put on the laptops and devices that people use and the virtual service is absolutely critical to what they do so that they can get the answer back as quickly as possible," Hackland added.

But these systems must function securely and flawlessly in crunch situations. Like other businesses operating in the digital age, however, Williams officials also contend with myriad security risks.

Digital’s Double-Edged Sword

In a sport where a split-second difference determines a team’s finish in a race, closely-held information offers an inviting target for rival teams, track insiders, or any of 250,000 fans who crowd the stands during a major race.

Williams’ challenge is to maintain the availability of a full complement of data center services in real-time conditions where 100 percent uptime is an absolute necessity. As Williams has gone more digital and mobile, more endpoints mean more potential points of entry to defend. Unpatched vulnerabilities can expose applications and data to unauthorized access and theft. DDoS attacks can overwhelm key systems, rendering them unresponsive. Botnet infestations can siphon off compute cycles and degrade service quality.

As all industries are increasing their cyber security awareness, the pinnacle of motor sport is no different. With that in mind, Symantec last year carried out a penetration test following the British Grand Prix. Symantec demonstrated how an attacker could easily breach the wireless networks used by a pit crew to hack into an unprotected system and steal data.

This is the double-edged nature of digitization. For Hackland and his team, the challenge was to reduce security risks to that computing environment while making sure that the company’s data remained safe and was available on demand.

"You've got a racing car that's generating 1,000 channels of data as it drives around every second. All of that data needs to be sent back to the UK in real time, used by engineers on their laptops in between races so that they can prepare. So there's a very obvious intellectual property challenge in F1, which Symantec are helping us with - protecting our endpoints, protecting the data center that travels around the world," Hackland said.

"And what Symantec have allowed us to do is to make sure that we have in place all of the tools and technology that we can say to our customers: Your data is safe with us."

Nowadays when Williams engineers turn up at a racetrack and erect a data network within the pit lane, they are protected from malware infection or interception when they connect to the Wi-Fi network from their laptops with the help of technologies such as Symantec Endpoint Protection and Symantec Endpoint Encryption.

"Through our partnership with Symantec, we’ve been able to embrace a new portfolio of technologies that encompasses all of these," according to Hackland, whose Williams Martini teams have traveled with their pop-up data centers to competitions in 21 countries on six continents in the last year.

Learn more about how Symantec protects Williams

Background Image on Blogs "Quilted" Page: 

commandcenter.jpg

From students and faculty to alumni and staff, higher education institutes hold a wealth of personally identifiable information (PII) that hackers want to steal. Since 2005, higher education institutions have been the victim of more than 500 breaches involving nearly 13 million known records, according to University Business.

As hackers continue to target higher education institutions they need to be prepared to fend off the attacks and protect the PII of those inside their university.

This fall Symantec will put cybersecurity teams from higher education institutes to test with the October Higher Ed Cybersecurity Competition. Held Oct. 19-20, the competition will put university security teams from around the country in a live cyber-attack simulation that is inspired by real-life security issues.

The competition will help higher education cybersecurity leaders understand the vulnerabilities of today’s global threat landscape, help them gain critical security intelligence and put their skills to the test in a high-pressure environment. That way when a real breach happens the cybersecurity teams will have practiced some of these scenarios.

Participating teams will:

• Walk in an adversary’s footsteps to understand motivations

• Understand the five stages of a cyber-attack – Reconnaissance, Incursion, Discovery, Capture and Exfiltration

• Develop and practice offensive skills to aid in defense

• Apply knowledge and experience to real-world problems

• Expand their security awareness and build cyber skills while earning Continuing Education Credits

The winning institutions will be recognized on-site at an exclusive event at the 2017 EDUCAUSE Annual Conference in Philadelphia. The EDUCAUSE Annual Conference brings together information technology leaders from higher education institutions from around the world to discover best practices and solutions to challenges universities face. By honoring them at this event, Symantec wants to showcase the winners’ skills, dedication and knowledge before industry experts and education technology peers.

Each institution can have up to three teams of four participate by registering here with the event code: highed17. Participants must work as IT faculty. Symantec will provide detailed instructions for preparation after a team registers.