Background Image on Blogs "Quilted" Page: 

tipp-s.jpg

サイバーセキュリティ上の課題は、容易に解決できるものではありません。ひとえに、あまりに複雑で規模も大きいからです。追いつ追われつの果てしないセキュリティ競争を背景に、過去 5 年から 10 年の間だけでも 100 億ドル台を軽く超える資金が費やされ、1,000 社以上の技術系スタートアップが誕生しました。ベンチャーキャピタル資金が次々とつぎ込まれ、予防、検出、インシデント対応、そして SecOps におけるイノベーションが絶えず出現しています。

シマンテックのようなサイバーセキュリティプラットフォーム企業も、イノベーションは展開しています。しかし、各社が集まった広大で創造的なコミュニティが、一丸となってサイバー犯罪に立ち向かうことにも、大きい意義があります。

こうしたエコシステム全体の協力態勢と創造性を強化するために、シマンテックは TIPP（Technology Integration Partner Program）という新しい構想を発表しました。小規模なスタートアップから歴史の長いセキュリティ会社まで、サイバー犯罪の根絶に協力していただけるサイバーセキュリティ企業を広く募っております。ご応募については、TechPartner@symantec.comまでご連絡ください。

パートナープログラムはすでに数多く存在しますが、シマンテックはパートナーシップをめぐる技術的な側面を重視することにしました。セキュリティに変化をもたらすうえで、それが唯一最も重要な側面だからです。実質的な効果をあげるには、業界全体でデータフィードの統合を目指す、保護プラットフォームを結合する、最新の検出スイートを相互に利用する、そしてワークフローを自動化して生産性を改善することが欠かせません。シマンテックのプラットフォームに合流してくださるテクノロジー系企業が増えるほど、TIPP で得られるメリットも多くなります。技術系ベンダーの方はぜひ、同プログラムについて、こちらをご覧ください。

シマンテックのお客様がこうした統合を活用したいとお考えになる理由は、以下のとおりでしょう。

• これまでのセキュリティ投資を活かす: Symantec SSL Visibility Appliance を使って SSL/TLS 暗号化トラフィックを検査するのが、いい例です。脅威やマルウェアを検出する高機能な既存の製品で利用できます。これがなければ、トラフィックの 70% 以上が検査されないままになってしまいます。

• セキュリティ態勢を強化し続ける: ProxySG/Content Analysis を使って、不正な可能性のある Web トラフィックを事前にフィルタにかけるのが典型です。サンドボックス処理など、徹底的な検査を実行でき、すでにインストールされているサンドボックス/ATP システムのパフォーマンスが大幅に向上します。

• 生産性の向上を図る: SOC チームが Splunk を使っている場合を考慮して、シマンテックは SEP/ATP/ProxySG、Security Analytics、WAF などからすべてのデータを 1 カ所に集約する、統一的なアプリケーションを開発しました。シマンテックのシステムに直接アクセスできるので、アナリストは早期に問題を見抜き、詳しい検証と調査を進めることができます。

シマンテックは当初より、世界中のセキュリティテクノロジー企業の広範なセキュリティセットとの統合を 100 以上も進めています。新しい会社と統合で更新を見つけるには、Symantec Connect をご利用になれます。

【参考訳】

Product donation is Symantec’s largest mechanism to support the nonprofit community and help nonprofits fulfill their missions. In partnership with TechSoup, each year we provide cybersecurity solutions to more than 25,000 organizations across 55 countries worldwide, allowing them to secure their most important data wherever it lives. Since launching the software donation program in 2002, Symantec has helped more than 93,000 nonprofits solve today’s biggest security challenges and protect against the ever-evolving threat landscape.

The Inland Empire, which encompasses 27,000 square miles in Southern California, has one of the highest rates of poverty in the U.S.’s twenty-five metropolitan areas: one in five people there live at the poverty level. Smooth Transition, Inc. is a nonprofit educational and vocational training organization, working to provide at-risk populations a gateway towards empowerment, educational and employment opportunities to lead a fulfilling, prosperous and purposeful life.

They began working to reach at-risk teens early, before they dropped out of high school or left the foster care system, and expanded their program to include all at-risk populations, including displaced adults, as a means to better help the community. Smooth Transition empowers underprivileged populations through life skills development, educational training, increasing levels of employability, and mentorship to prevent them from re-entering the foster and judicial system or repeating poverty and homelessness cycles.

The nonprofit provides Western Association of Schools and Colleges (WASC) accredited, flexible and relevant programs that are directly tied to career pathways and provide students with vocational certifications at low to no cost to them. Graduates of their programs not only have a high completion rate, as compared to other programs serving at-risk populations, but students also come away with significant increases in their perceived self-value and a decrease in perceived barriers to success.

In 2016, Smooth Transition served roughly 2,800 people with just four full-time staff members. Many of their programs are computer-based and require that their computer labs serve multiple uses and multiple users. One of their board members manages their IT needs on a volunteer basis and he recommended Symantec’s Norton Small Business, which they’ve been using on their systems since the organization was founded in 2009.

Symantec’s donation of anti-virus protection—through TechSoup—has enabled the nonprofit to safely use their computer labs and has increased the number of programs and services they can offer to their students. According to Dr. Robin Goins, President and Executive Director of Smooth Transition, “The donations we receive are the foundation of our success, and we cannot express enough the generational and community impact the Symantec donations provide us. Smooth Transition is an appreciative recipient of the donations we received from Symantec and look forward to providing even more impactful community programs as a result.”

Goins goes on to describe how their testing centers are networked, with students taking roughly 250,000 different kinds of exams. She worried that without security in the testing centers, the student tests would be disrupted, causing a very serious problem. “If we have things disrupting our classes it costs us money. It also costs students the ability to complete their work. Having viruses attack us would be catastrophic for us.” Goins points out that Norton Small Business also helps protect confidential information. “As a school, we’re required to protect the identity of our students and a lot of their demographic information,” she said.

Smooth Transition will continue to work tirelessly throughout the Inland Empire to provide flexible training and resources for those who don’t fit the traditional education model. Though they face many challenges in providing their students with the real, relevant work tools and skills, they are relieved knowing that their systems and data are protected.

Learn more about some of the many nonprofits utilizing Symantec products through Symantec’s partnership with TechSoup:

• A Safe Haven for Youth and Their Data: Norton Small Business protects sensitive information for youth-focused nonprofit
• Growing up Safe and Unafraid with Symantec: A spotlight on Military Veterans Against Child Abuse
• Planting the Seeds for a Safer Future: Symantec proudly supports the Fruit Tree Planting Foundation fulfill their mission
• Cyber Security is Vital for Nonprofits Too: How Nonprofit CASA is Protecting Children’s Personal Information with Symantec

Boasting a client-supported portfolio of more than 50,000 locations across all 50 states, Ferrandino & Son is the nation’s leading service supply chain management company. Maintaining and administering their far-flung and diverse operations necessitates the collection, processing, and storage of sensitive client and corporate data, including both financial and personally identifiable information (PII).

Seeking cost savings, easy scalability, and simplification of their data centers, Ferrandino & Son decided to outsource the majority of their IT infrastructure, including their production database server farm and content delivery servers, to Amazon Web Services (AWS). Officially launching in 2006, AWS now leads the infrastructure-as-a-service (IaaS) marketplace, providing on-demand compute, storage, and networking services to more than one million active customers across 16 geographic regions around the world.

Acutely aware that they would share responsibility for security with AWS, Ferrandino & Son’s IT department searched for a solution that would provide strong protection for their AWS assets without diminishing the scalability and flexibility needed for organizational success. “We required a security solution that would allow us to manage security policy for all of our AWS instances from a single console, and provide real-time file integrity monitoring (RT-FIM) to alert our security personnel immediately to any unauthorized attempts at changing critical system settings”, said Steve Vollrath, VP IT Service Management with Ferrandino & Son.

After vetting several security providers and performing trials, Ferrandino & Son chose Symantec Cloud Workload Protection (CWP). “We really liked CWP’s ability to discover and visualize the security postures of all of our AWS instances from a single pane-of-glass”, said Vollrath, adding that “CWP’s extensive library of built-in policies and automatic policy recommendations saved us a lot time in securing our AWS environment.”

Available as a SaaS solution on AWS Marketplace, CWP automates security for public cloud workloads, enabling business agility, risk reduction, and cost savings for organizations. CWP provides robust security for AWS instances with unique application isolation and protection, intrusion detection/prevention, and real-time file integrity monitoring (RT-FIM). Cloud-native integration with AWS allows DevOps teams to build security directly into application deployment workflows, while support for Docker enables secure container deployment. Threat intelligence from the Symantec Global Intelligence Network (GIN) protects workloads against the latest global attacks and vulnerabilities.

Symantec is an AWS Advanced Technology Partner. Click on the following links to learn more about Symantec Hybrid Cloud Security solutions and additional Symantec security solutions available on AWS Marketplace. 

Certificate Authority Authorization checking: what is it, and why should you care?

The Public Key Infrastructure (PKI) ecosystem relies on root certificates issued by various certification authorities (CAs) like Symantec. This is what browsers use to decide which websites can be trusted, and which ones are not trusted.

Up to now, any CA can issue a TLS certificate for any domain. That’s how the system works, and it’s good in the sense that it gives website owners and operators options to change CAs at their discretion. The downside to this is that certificate issuance can happen without the knowledge of website operators, either by mistake or intentionally by malicious actors.

A number of technologies have been created in an attempt to highlight instances of “unknown” issuance, such as Certificate Transparency. These have been effective in making the internet a safer, more trustworthy place but they are reactionary measures – only .allowing website operators to address the issue after it’s happened.

But is it possible to prevent certificates from being mistakenly or inappropriately issued? Yes. Enter: Certification Authority Authorization (CAA).

CAA prevents unknown certificate issuance by:

1.Allowing domain owners to specify which CAs are authorized to issue certificates for their domains; and

2.Giving CAs the ability to check this authorization before issuing a certificate.

In this article, we’ll explain how CAA works, and why making CAA checking mandatory is a good move for both customers and CAs.

What is Certification Authority Authorization?

A Certification Authority Authorization (CAA) record is a DNS Resource Record which allows a domain owner to specify which CAs are authorized to issue certificates for their domain(s) and, by implication, which aren’t.

The idea is that a CA will check the CAA record(s) for a domain before issuing a certificate. If it finds that a domain has no CAA record, then it’s free to issue a certificate for it if all other authentication checks succeed. However, if it does encounter one or more CAA records, then the CA can only issue a certificate if it’s named in one of the records, indicating that it is authorized to issue a certificate for that domain. The whole process is designed to prevent CAs from unauthorized certificate issuance requests by unauthorized parties or bad actors.

Sounds great. Why isn’t everyone doing this?

Symantec has been checking CAA records for years, but it’s not a common practice. There are two reasons why CAA checking isn’t widely practiced:

1.Many domains don’t have a CAA Resource Record; and

2.Checking CAA records is not mandatory.

Because it may take some work to create a CAA record, it’s a matter of customers or website operators consciously opting-in, not opting-out. Many domain owners use a DNS hosting provider and CAA is not yet supported in some DNS implementations.

This is why CAA records are expected to be used by most high-value domains. These enterprises keep CAA records for their domains because they limit inappropriate (or malicious) certificate requests, and makes it easier to enforce company policies i.e. only using a particular set of CAs.

The limitations of CAA checking

Of course, CAA checking has its limitations.

First, a newly-issued CAA record does not invalidate any previously-issued certificates that may have been issued by a different CA than the one named by the domain owner. Second, it doesn’t flag whether a certificate presented by a web server is a legitimate certificate for that domain.

Furthermore, in order for CAA checking to be effective, all CAs need to be doing it; it doesn’t work if only one or two CAs are checking CAA records as matter of process. CAA checking must be widely adopted if it is to serve its purpose, but the good news is that more than ninety percent of CAs (who are members of the CA/Browser Forum) are in favor of it.

The times are changing: CAA checking will become mandatory

In February 2017, the CA/Browser Forum passed a ballot (on which Symantec voted in favor) requiring all CAs (even those who aren’t a member of the Forum) to check for a CAA record as part of the certificate issuance process for each domain. In accordance with RFC 6844, CAs can no longer issue a certificate for a domain unless:

1.The CA does not find any CAA records for the domain

2.The certificate request is consistent with the applicable CAA Resource Record(s)

The rule is effective as of 8 September 2017. You can read the ballot in full here.

A good outcome for all companies

Mandatory CAA record checking requires CAs to abide by the rules set out in specific CAA records, giving domain owners more control over certificate issuance. This makes it easier for companies (especially larger ones) to enforce a certificate issuance policy across business units. With CAA records applicable to every domain, a company can specify a set number of CAs, knowing no other CA can issue a certificate to its domains.  This will help reduce the risks of certificate issuance by unauthorized CAs and help create a more secure and transparent online ecosystem.

For more information on CAA with Symantec Certificates go to Symantec Knowledge Center

Background Image on Blogs "Quilted" Page: 

labs-quilt-image.jpg

Few areas hold as much promise in the battle against cyberthreats as Artificial Intelligence (AI). 

AI technology can detect and learn patterns to help identify anomalies, analyzing and making sense of massive amounts of data - structured data, words, statistics - far faster than any human. But this is no longer just a vague promise about a distant tomorrow. 

We’ve long integrated AI into our technologies to help organizations detect network attacks and fight forays by spammers and phishers. We’ve now developed a way to use AI to help double the effectiveness of the expert analysts who work the front lines in Security Operations Centers (SOC’s). 

Breakthroughs like these reverberate through the security industry for years.

AI and Machine Learning

Customers had asked us to analyze a staggering amount of data – literally, trillions of events per month. With that much data, we first leveraged “supervised” machine learning to create a system that could predict - and then mimic - when expert analysts would label an incident as a “high” or a “low priority.”  

We then used “unsupervised” machine learning to better cluster incidents into buckets so that “sampling” of similar incidents could work more effectively.That helps analysts more accurately identify any new clusters emerging which might qualify as “blind spots.”  

In addition, my lab colleagues invented techniques to get 10 times faster compute performance for fixed infrastructure that has to regularly run big workloads. We also tackled the hard math, going back to the raw data to find 40% moreof the “low and slow” attacks that sophisticated attackers design to evade the rule-based workflows found in most security operations centers. 

Some of this was the result of applying the right AI and Machine Learning (ML) techniques to solve security problems.  All the while, to really succeed, in some areas we had to push the limits of AI beyond what anyone had previously accomplished, defining new techniques that could apply to security as well as to other challenges beyond the field of computer security.  

How We Did It

For instance, image recognition typically works in a few dimensions such as x and y to represent horizontal and vertical,plus, of course color, and perhaps “time” for object recognition in video.  By contrast, security data often has far more dimensions.  

There are sender and destination addresses, ports - and specific protocols recognized on those ports – in addition to countless indicators of concern in the content of those protocols. They all often change over time, with mappings between internet addresses, domain names, and geographic locations. 

Moreover, ports and protocols don’t work like a simple Euclidean or Cartesian system. In an image map, for example, distances are as easy as a2 + b2 = c2.  Instead, in the Internet’s address space, there is a nonlinear difference between adjacent numbers like 443 and 444.  This means we had to help push the limits of AI to define new AI techniques for doing ML in systems with far more arbitrary distance functions. 

Humans can label images of cars and dogs to train AI systems to recognize everyday images, such as cars and dogs. But attackers don’t make it easy for defenders to recognize and label all of the possible attacks they need to include in training the system. 

This meant that we had to help push the limits of AI in defining new AI techniques for doing ML with only “Positive and Unlabeled” data, that is, data that lacks clear negative labels. 

Of course, none of our customers have to know anything about AI to benefit from the great results of such research.  Customers get the benefit of such experience “behind the scenes” when they use Norton, or Symantec Endpoint Protection, or our emailprotection.  They get such benefits “behind the scenes” when they sign up for our Managed Security Services (MSS), ourDLP, or our Web Security Service (WSS).  

In our Managed Security Services, we’ve used such advances to double the number of high-severity incidents resolved by human security analysts - without actually needing to increase the number of analysts.  This does not spell the end of human security experts. Just the opposite, in fact; it’s the equivalent of a bionic infusion that will help even the odds with the bad guys. 

About a decade ago, we were the first to bring reputation-based security to market, tracking reputations for nearly every bit of executable code on the planet. For a decade that turned the table on our adversaries as they had to prove somehow that their code was safe to run. That shift is a huge part of why massive ransomware outbreaks like Wannacry, which wreaked so much havoc around the world, impacted far, far fewer of our customers.In the years since, we’ve used such advances to increase the effectiveness of file-reputation by roughly 60%. 

Now, we’re applying these AI and Machine Learning techniques toward making the cloud safer. 

In short, think of this as the equivalent of putting the expertise of hundreds of security experts into a single system with a vast cumulative experience far beyond that of any single expert. This has tremendous potential for helping turn the tide. In an escalating cybersecurity war of attrition, companies often face off against large, well-resourced attackers with access to millions of compromised machines.  

We may not be able to provide them with legions of analysts. But we can offer up a “virtual” army, armed with leading edge AI technology that’s already handling trillions of security events per month.

By Delphine Millot, MPA, VP and Head of International Public Affairs at Grayling

As a member of the UN Global Compact, Symantec was included in a new report by DNV GL highlighting companies pioneering progress towards the Sustainable Development Goals (SDGs). Symantec was praised for its outstanding work towards gender equality (SDG #5) through unique efforts to recruit women to Symantec’s board of directors and women-specific education programs in cyber security.

The clock started ticking 18 months ago to start delivering on the 2030 Global Sustainable Development Agenda. Efforts are based on the so-named SDGs, a list of 17 goals and 169 targets covering the economic, social and environmental dimensions of sustainable development embraced by the 193 member governments of the United Nations.

Governments are calling out businesses directly to play an active role in achieving the SDGs, as their success relies heavily on action and collaboration by all actors. None of the SDGs will be met without increased efforts from all sectors, and the trend on several goals, such as climate change and inequality, is actually going backwards. This is where business can make an impact – as a capable actor with the resources needed to deliver the SDGs alongside governments.

If the global goals need business, the opposite is also true: business needs the global goals. The Business & Sustainable Development Commission found that achieving the SDGs could be worth at least US$12 trillion a year in market value by 2030 and create 380 million jobs in the process. Recognizing and capitalizing on the connections between social, environmental and economic progress has the power to unleash the next wave of global growth and redefine capitalism.

A strategic approach to Corporate responsibility (CR) allows a company like Symantec to be pro-active, develop consistent CR initiatives and build a business model that can be sustained and bring shareholder value over the long term. Such an integrated approach brings credibility and authenticity to a CR program, which in turn enhances transparency and facilitates stakeholders’ engagement.

In this context, companies can use the SDGs as an overarching framework to shape, steer, communicate and report their CR strategies, goals and activities.

Symantec and the Global Goals

Management approach

Symantec looks at the SDGs as an opportunity to align core business activities and innovation efforts with society's needs. From a business perspective, this allows Symantec to reap the early benefits of high-integrity branding with their consumers, investors, employees and the marketplace. The SDGs therefore offer Symantec a pathway to attract talent, unlock new markets and develop new products and services to empower in-need customers on issues such as cyber security.  

Symantec is a great example of a company that has integrated sustainable development into every aspect of its business. Symantec’s approach to corporate responsibility is set by the highest levels of management, who receive regular progress briefings on the company’s programs, including quarterly updates on diversity, ethics, environmental performance and community investment.

Symantec also defined specific, measurable and time-bound key performance indicators (KPIs) as the basis for driving, monitoring, and communicating progress on the SDGs. An example is Symantec's commitment to increasing the diversity of its workforce at all levels of the company by 15% by 2020.

Finally, Symantec reports annually on their corporate responsibility, including diversity metrics, goals and efforts. The CR reports are used as a tool to stimulate accountability and trust through integrated performance management.

Progress on the SDGs

SDG #4: Quality Education

SDG #4 is focused on providing inclusive, equitable, and quality education. The talent gap in cyber security is expected to grow to a staggering 1.5 million by 2020 and there is a vibrant community of underrepresented young adults - including people of color, women, and veterans - that could fill at least 60,000 of these positions if properly trained. Symantec has invested more than six million dollars to engage and educate 745,446 students in STEM (Science, Technology, Engineering and Mathematics) education. Through education, mentorship, volunteering and partnering with leading STEM advocates, Symantec hopes to change the status quo, close the gender and diversity gap in STEM and build a robust talent pipeline. The Symantec Cyber Career Connection (Symantec C3) program was designed to do just this, providing a pathway for underrepresented young adults and veterans to receive targeted education, training, and certifications that position them to fill in-demand cyber security jobs and enter long-term careers.

SDG #5: Gender Equality

Around the world, women are underrepresented in the field of technology. As a result, women are missing out on this promising career path, and the field is missing out on their contributions. Symantec is committed to gender equality and the advancement of women in technology. To this end, they have created a goal to increase the percentage of women globally by 2020 and a sub-goal to increase the percentage of women in leadership (Director-level and above) to 30% by 2020.

Symantec is a founding signatory of the Women’s Empowerment Principles (WEP), a partnership initiative of UN Women and UN Global Compact (UNGC) considered globally as the recognized principles and standards for women’s equality. And, through partners like The Anita Borg Institute and TechWomen, Symantec provides stand out females across the world mentorship, professional training and networking to prepare them for a promising future in cyber security.

SDG #13: Climate Action

Planetary warming continued in 2016, setting a new record of about 1.1 degrees Centigrade above the preindustrial period, according to the World Meteorological Organization. Stronger efforts are needed to build resilience and limit climate-related hazards and natural disasters. Symantec integrates environmental stewardship into their operational, product, and supply chain strategies. A sharp focus on environmental performance supports their business objectives and, at the same time, contributes to the urgent action needed to combat global climate change. Symantec took an important step regarding its energy and greenhouse gas (GHG) reductions by establishing a new goal to reduce the company’s GHG emissions by 30 percent by 2025. 

Sustaining efforts over the long run

They key to achieving the Sustainable Development Goals will be sustaining efforts over the long run – and corporations, governments, and nonprofits must all work together to achieve real impact. A business survey undertaken in May 2017 shows that business expects the United Nations and governments to incentivize companies to drive positive change. One incentive, publicly recognizing individual companies’ efforts, is important in two different ways. First, this positive recognition rewards companies’ innovative efforts and makes their stakeholders aware of these efforts. Perhaps even more importantly, this public reporting also disseminates best practices across a wide range of stakeholders. This sharing of best practices, and the ways in which corporations, governments and nonprofits are finding ways to lead in there own ways, is critical to making sure we deliver on the Global Goals by the 2030 deadline and beyond.

Currently a Vice President at leading communications agency Grayling, Delphine Millot has twelve years of international experience in corporate reputation and public policy. Based in New York City, she heads Grayling’s International Public Affairs Practice, supporting a wide range of clients on their global communications strategies and advocacy campaigns. Before re-joining Grayling in 2015, Delphine led the business expansion in Africa, Middle East and Europe of a US trading firm, before joining a food start-up working with international hotel groups, restaurant chains and universities to lead the way towards health and environmental stewardship. Delphine completed her Masters of Public Administration (MPA) at Columbia’s University School of International and Public Affairs, with a specialization in sustainability management. 

This Saturday, September 9th, Europe celebrates its third annual European Battery Recycling Day. This day, organized by Eucobat, a European association working to ensure that all waste batteries are collected and recycled in an ecologically sound way, works to raise the awareness of consumers and businesses on the importance of collecting spent batteries for recycling.

In France, nearly 45,000 students will participate in a large collection of batteries through organized events throughout the country. More than 1.3 billion batteries are sold each year in France, but after they are used, many end up in the trash. To avoid the risk of pollution and recover the metals in battery, Corepile is organizing Battery Recycling Day in France, while Stibat runs efforts in the Netherlands. There will be more than 24,000 places, including supermarkets, drug stores, and primary schools, in the Netherlands where people can drop off used batteries. 

As we use more and more electronic products, batteries are now indispensable in our daily lives. As the number of batteries used each year grows, as does the need for battery recycling. Batteries require a special recycling process due to the substances found inside, some of which are harmful to the environment. Often, these substances can be reused, another benefit for the planet.

At Symantec we are doing our part by meeting all applicable legal and regulatory requirements related to batteries. Amongst several European Directives that apply to Symantec hardware products, there are two, the European Batteries Directive and the Waste Electrical and Electronic Equipment (WEEE) Directive, that require manufacturers or importers to deal with batteries specifically. These requirements include:

1. Regularly reporting the type and quantity of batteries placed on the different national markets within the European Union and European Economic Area.
    
2. Designing products that meet certain design requirements. For example, internal batteries cannot be soldered permanently onto the circuit board and the appliance has to be labeled with a special logo making it clear that it is not suitable for general waste (see image below).

Symantec itself offers its professional customers across the globe an option to return their used appliances. Symantec then determines if and what components of a returned appliance can be reused and refurbished or must be responsibly recycled. Customers in many European countries can also use the EARN network, which Symantec supports, to have their old appliances recycled in a responsible manner.

Symantec has partnered with Thinkstep on battery compliance to manage our reporting obligations through their EC4P program. Thinkstep, which provides sustainability software, data and consulting services, helps businesses drive operational excellence, product innovation, brand value, and regulatory compliance. Through the EC4P program, Symantec reports to one entity and Thinkstep helps ensure that we meet the national battery and WEEE laws in many European countries, and more around the world. EC4P experts help Symantec stay up-to-date with changing regulations and help us implement cost-effective and reliable compliance arrangements in each country.

We hope you’ll join the efforts on European Battery Recycling Day! Several Symantec sites across the globe – including Cape Town, Dublin, Dubai, Paris, and Warsaw -  are facilitating a battery recycling effort for employees. Contact your facilities team to see if your site is participating. 

We will also continue to provide products and services that meet and exceed international standards, including those related to battery recycling, to do our part for the planet. For questions, information or documentation on any aspect of Symantec's products or supply chain please contact cr_compliance@symantec.com.

Overview

Volume 22 of the MicrosoftSecurity Intelligence Report includes some interesting insights regarding attacks on cloud apps, including the highlights below:

• Microsoft reported a 300% increase in the company’s cloud-based user accounts being attacked year-over-year as of 1Q2017 vs. 1Q2016

• The number of account sign-ins attempted from malicious IP addresses increased by 44% year-over-year in 1Q, and over two-thirds of incoming attacks on Azure services in 1Q came from IP addresses in China and the US.

• Ransomware encounter rates are the highest in Europe vs. rest of the world in 1Q2017.

These findings highlight the need to stay vigilant in pursuing comprehensive security solutions for your cloud activity. As you’re well aware, bad guys will follow the money; so when  sensitive corporate content moves to the cloud, attacks will follow. Microsoft’s research findings seem to confirm this adage.

Here we will demonstrate how Symantec CloudSOC helps subvert the cloud attacks highlighted in the recent Microsoft report.  Let’s take a look into the threats and supported detection controls provided by CloudSOC.

Ransomware Infections

Recently, hackers have begun using cloud apps to distribute ransomware to end-users. Two attack variations have been encountered. First, ransomware is uploaded to the cloud storage app and a direct URL is distributed to end-users for download. Second, the malware specific URL (referencing the ransomware uploaded to the cloud) is used in conjunction with additional malicious code (iframe code, JavaScript, etc.) to trigger stealth drive-by download attacks. The Cloud Threat Labs research team has previously covered the spreading of petya ransomware via dropboxand cerber ransomware via Office 365.

Symantec CloudSOC has built-in capabilities to detect threats in  files uploaded  to  cloud storage apps. The detection mechanism scans the files to unveil malicious code that may exist within. For example, when a user uploads a file to the cloud app, it is scanned for potential threats and an associated report is shown in CloudSOC. The administrator can configure additional policies to restrict the sharing of the malicious file with other users and prevent the distribution of malware. In addition, the end-user has an associated threat score profile that highlights the risk associated with the end-user who uploaded the malicious file to the cloud app. The malicious file can be ransomware or an other type of malware, but at the end, the malicious files will be flagged. As a result of successful detection of ransomware, the infections can be controlled or prevented upfront.  CloudSOC is equipped with a content inspection feature that detects the malicious files and alerts upfront.

Brute-force Attacks and Account Takeovers

Cloud apps are being used by hackers to take over user accounts. One of the primary attack vectors is the brute-force / dictionary attack in which multiple login requests are sent over a period of time with different sets of credentials.  The attack is driven with a motivation to hijack the user account by launching a robust automated attack. The attackers can use the intelligence from the previous set of attacks.

To deploy detection controls upfront, CloudSOC provides an inherent capability to configure alerts for detecting automated attacks launched against Office 365 accounts. The alerts will trigger when thresholds are hit. Importantly, administrators can configure the settings as the screenshot below  using organizationally approved policies.

Account Access from Suspicious IPs / Locations

As highlighted in the Microsoft Threat Research report, Office 365 was frequently accessed from malicious IPs over a period of time. This could reflect the two scenarios: First, the attacker has compromised a users’ credentials and then used them to access the application. Second, the attacker was trying to obtain the users’ credentials by launching automated attacks in a distributed manner from wide variety of IP addresses belonging to different geographic locations on the Internet.  It is very important and essential part of the threat intelligence process to determine how, when, and from where users’ accounts are accessed. CloudSOC provides detection control to define alert settings for checking account access from the suspicious locations.

Apart from detecting the threats above, Symantec CloudSOC has the most robust solution for protecting Microsoft environments, including:

• Support for both API and Gateway for complete coverage of both corporate and personal accounts, in-line detection/prevention, and cloud-to-cloud protection.
• Comprehensive coverage of the Office 365 suite:not just OneDrive, but also Exchange Email, Sharepoint Sites, Yammer, and other key components of the O365 ecosystem.
• Monitoring and protection of Azure environments (IaaS), including auditing of administrative user activity and policy enforcement.
• Robust Cloud DLP to analyze and restrict uploading, downloading, and sharing of sensitive content.
• Advanced user behavior analytics that analyzes each and every user account to accurately detect suspicious activity, and trigger actions such as alert, quarantine or block.
• Compliance reporting and monitoring for Microsoft environments to ensure users are appropriately leveraging cloud apps and services.
• Extensive integrations with core security technologies, such as Symantec DLP, Symantec ATP, Symantec ICE, Symantec ProxySG/WSS, Symantec VIP, Symantec Endpoint Protection (SEP), and Symantec MSS to ensure comprehensive coverage for cloud content.

Symantec is proud to have been once again named a Sustainability Leader on both the Dow Jones Sustainability (DJSI) World and DJSI North America indices along with just six other software technology companies. This is our eleventh consecutive year listed on the North America Index and our tenth consecutive year on the World Index.

The DJSI series, launched in 1999, is the longest running, and one of the most prestigious, global sustainability benchmarks, and evaluates the financial performance of the leading sustainability-driven companies worldwide. The index represents the top 10 percent of the largest 2,500 companies in the S&P Global BMI based on an analysis of long-term economic, environmental, and social factors.

The Industry Overview report, released today, includes a focus on sustainability-related software solutions that help create more efficient business processes and facilitate risk measurement and management. Other critical issues listed for the industry include ensuring data security, managing, training and developing highly qualified employees, customer loyalty and retention, and energy use.

“Symantec is honored to be included on the Dow Jones Sustainability Indices for our eleventh consecutive year,” said Cecily Joseph, Symantec’s Vice President of Corporate Responsibility. “This independent ranking recognizes our sustainability performance, strong governance policies, and commitment to keeping the world’s information safe. We all have a lot to be proud of today.”

Later this month, Symantec will release our tenth annual Corporate Responsibility (CR) Report. Stay tuned for updates on or CR progress, including:

• How we’re supporting the UN Sustainable Development Goals;
• Highlights of our efforts to grow and support a diverse cyber security workforce by educating one million students in STEM;
• Progress towards our goal of reducing our Greenhouse gas (GHG) emissions by 30 percent by 2025;
• Our robust commitment to community impact, including our volunteering efforts, partnerships with nonprofits around the globe, and our product donation program.

One of the ongoing discussion points about the healthcare industry’s acceptance of the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) has centered on the difference between a framework and compliance.

After all, healthcare organizations already follow a number of regulations, most notably the Health Insurance Portability and Accountability Act of 1996, better known as HIPAA. During Symantec’s most recent webinar for the series, “Demystifying the NIST CSF for Healthcare,” Axel Wirth compared the CSF with HIPAA.

“HIPAA defines the what, but not the how,” he said. “Think of HIPAA as what you need to accomplish, but not how you get there.”

As any successful cybersecurity professional will tell you – the devil is in the details. An organization could be deemed “successful” if they’ve avoided a large data breach, but that doesn’t mean their systems meet proper benchmarks. Instead, healthcare organizations should use the NIST CSF as the roadmap to creating a more risk-adverse enterprise.

That is true for the DETECT function of the NIST CSF, which was the main subject of our most recent webinar. The DETECT function looks at three main areas:

• Anomalies and events
• Continuous monitoring
• Detection processes

The goal of this function is to be able to tell when events happen, as well as to gain insights into them. For detecting anomalies and events, the DETECT function helps organizations gauge how they can understand their attack targets, the overall impact of an event and if they have established alert thresholds.

Continuous monitoring has become one of the most effective cybersecurity practices. The DETECT function of the NIST CSF looks at how individual networks are monitored, including the personnel activity and the physical environment the data is hosted in, along with things like new malicious code and even potential cybersecurity events. The detection processes focus on the governance structure in place to make sure the processes are well defined, comply with all requirements and are tested for accuracy.

The NIST CSF comes down to looking at where an organization is, where they want to be, what gaps currently exist and what needs to be done to fix them. It is a great mechanism to identify an organization’s security baseline and provides a path to ensure steps are taken to strengthen the security posture. When dealing with personal patient information, this is of utmost importance to the healthcare community.

To view the webinar in its entirety, click here. And join us on September 12 for the next webinar in our series as we’ll explore the RESPOND function of the NIST CSF, including what tools and processes healthcare organizations need in order to minimize impact during a cyber incident.

President Trump has requested $228 million from Congress for an information technology modernization fund that agencies could use to upgrade high-priority legacy systems. The idea builds off a similar plan from the last year of the Obama administration, but takes a more cautious approach.

The Obama plan called for a more aggressive spend, requesting more than $3 billion per year. The Trump administration plan takes a more “wait and see” approach, using the $228 million as essentially a pilot program to see how such a fund would work.

“We understand that $228 million is obviously small in proportion to the $90 billion we spend each year on technology, but given the central board will have a bird’s eye view on agency needs, it will fund the highest priorities,” an Office of Management and Budget (OMB) official told Federal News Radio in May.

The fund is a step in the right direction if it can make it through Congress. There is no shortage of stories from government agencies running mission-critical programs on legacy systems – some more than 40 years old. The Trump administration sees the need to fix these, so even though the plan calls for less funding than originally hoped, it could be the start of a major breakthrough. This funding – and focus – can also help to lock-down these systems.

Building-in Security

Legacy systems bring with them a host of challenges. They are expensive to operate, can be difficult to find people knowledgeable with how to use them and the systems themselves cannot communicate easily with modern technology. These are all important, but more than anything else, legacy systems lack security.

As federal agencies use the new modernization fund to bring older systems up-to-speed, they need to keep the security component top of mind. Security needs to be built into these systems from the beginning. Too often federal agencies have fallen into the trap of finding a system that fills a need and trying to bolt-on products in an attempt to secure it later. This leads to larger problems down the road and results in significantly more complex environments – as well as much higher costs over the life of the system.

The right system for any agency must first be secure. The security program needs to provide low levels of risk, meet compliance and framework standards and be able to communicate/integrate with other tools and technologies.

In a way, legacy systems have taken the eyes away from government technology leaders by limiting their visibility into the system itself. In order to be effective, federal technology leaders need this visibility into the security of their systems. Modern systems can offer this capability, but only if constructed correctly, from the ground up, as agencies deliver on their modernization efforts.

It is wonderful that the administration will provide a way for federal agencies to begin improving legacy systems. Now it is up to the agencies to make sure the modern systems that are brought in fix the problems legacy systems created in the first place, including security vulnerabilities and a lack of agency control.

Stay tuned for future content on this blog around how agencies can modernize their security programs as they modernize their legacy environments.