Articles on this Page
- 09/29/17--08:49: _Think First, Click ...
- 10/04/17--05:59: _Users encounter thr...
- 10/04/17--07:27: _Training the Next G...
- 10/04/17--10:25: _Don’t WannaCry? The...
- 10/04/17--12:48: _The Nature’s Bounty...
- 10/05/17--01:35: _メール経由の脅威は、他の感染経路と比べ...
- 10/05/17--09:55: _Ensuring the Succes...
- 10/05/17--17:44: _用户通过电邮遭遇网络威胁的频率是其他感...
- 10/06/17--07:01: _Latest Intelligence...
- 10/04/17--13:57: _When it Comes to Cy...
- 10/04/17--17:13: _How Hackers are Goi...
- 10/07/17--12:12: _Information for Rep...
- 10/09/17--20:52: _2017年9月最新情报
- 10/10/17--19:04: _2017 年 9 月の最新インテリジェンス
- 10/10/17--21:22: _Microsoft Patch Tue...
- 10/07/17--12:12: _Symantec SSL/TLSサーバ...
- 10/12/17--09:59: _Symantec Wins Box T...
- 10/12/17--17:38: _マイクロソフト月例パッチ（Micros...
- 10/12/17--17:41: _微软“周二补丁日” — 2017年10月
- 10/12/17--18:21: _A Safe and Secure S...
- 09/29/17--08:49: Think First, Click Later - and Other Safety Tips For the Internet
- 10/04/17--07:27: Training the Next Generation of Cyber Security Leaders
- 10/04/17--10:25: Don’t WannaCry? Then Start to Prepare Now
- 10/04/17--12:48: The Nature’s Bounty Co. Stops WannaCry Without a Tear
- A streamlined process for updating Windows 10, Windows 7 and 8.1, and Office 365—The built-in patch management solution detects newer Windows systems that require cumulative updates, feature updates, monthly quality roll-ups, or monthly security updates. It installs the updates and tracks the roll-out using compliance reports. Previously, you needed an experienced engineer to push out Windows updates, but with these tools almost anyone can push out patches.
- Peer-to-peer content distribution—To conserve network bandwidth, updates can be delivered using multicasting or peer-to-peer package downloads. Devices can download packages from other devices rather than from a local (or remote) notification server.
- Mac profile management—Version 8.1 adds profile management to its existing Mac management capabilities of deployment, inventory, patch management, and software delivery. With profile management, administrators can import configuration profiles, target specific devices, apply profiles, and report on compliance.
- Cloud-enabled management—An internet gateway in the demilitarized zone (DMZ) provides certificate-based trusted communication between client systems outside the firewall and the Symantec management server. Remote users who do not connect to the VPN nonetheless have continuous management services.
- 10/05/17--01:35: メール経由の脅威は、他の感染経路と比べて 2 倍にも
- Protecting key cloud and business application performance on the Internet and WAN.
- Gaining 360 degree network visibility while identifying efficiency and security gaps.
- Managing WiFi user experience including guarding against network abuse by aggressive applications and users.
- By Class–Policies can be applied to classes of applications, such as videos or games, to manage their bandwidth usage.
- By Application– Mission-critical applications, such as Office 365 or Oracle, can be prioritized above other traffic.
- By User or User Groups - PacketShaper integrates with Microsoft Active Directory, so specific user groups’ or individuals’ network traffic can be prioritized.
- Per Flow - Latency-sensitive applications can be protected and prioritized, such as VoIP or a live video streaming broadcast by the CEO.
- 10/05/17--17:44: 用户通过电邮遭遇网络威胁的频率是其他感染媒介的两倍
- 10/06/17--07:01: Latest Intelligence for September 2017
- 10/04/17--13:57: When it Comes to Cybersecurity We’re All on the Hook
- Equipment: It is in the employer’s best interests to provide the employee with suitable hardware, software and services so that employees can be productive. This would also include access to data throughout the employee’s tenure with the company.
Training: This is a frequently overlooked and under-invested area of employee enablement. to ensure the proper use of IT systems and data access, employees should receive adequate training about the terms of IT systems usage, application usage, and data lifecycle management as it pertains to their roles. Failure to do so can leave the organization vulnerable to insider threats in which an employee inappropriately uses IT systems and places the organization at significant business risk.
- Equipment: The employee is responsible for the safe handling of company IT assets. This should include - but is not limited to – the safe and secure transportation of equipment as required. Common sense should prevail, but sometimes employers need to weigh in with a slight nudge. For example, IT might remind workers not to leave their laptop computers in parked cars at shopping malls and other high-traffic areas. Instead, the company might issue requirements that employees either place their machines in locked compartments or carry them on their person.
- Data Lifecycle: The notion of data access, handling and lifecycle may seem very mundane. But in the absence of vigilance, the bad habits we learn in physical world get amplified – if not multiplied - in the digital realm. Take the notion of data access. The best practice is a concept known as least privilege (also known as Need to Know). Employees should be provided access to digital data so they can efficiently do their jobs. They should receive instruction governing the requirements involved in the secure creation, transmission and destruction of sensitive data. But don’t assume they will always understand the organization’s expectations or even know how to comply with accepted standards.
- 10/04/17--17:13: How Hackers are Going Old School
- 10/07/17--12:12: Information for Replacement of Symantec SSL/TLS Certificates
Effective December 1, 2017, all Symantec SSL/TLS certificates must be issued from a new PKI infrastructure in order for such certificates to be trusted in Google Chrome.
On or around March 15, 2018 (Chrome 66 Beta), Google Chrome will show a warning for sites secured with SSL/TLS certificates issued before June 1, 2016.Your security is not at risk and data encryption will function normally, but your site visitors will be disrupted by a warning in Chrome.
On or around September 13, 2018 (Chrome 70 Beta), Google Chrome will show a warning for sites secured with SSL/TLS certificates issued by Symantec’s existing PKI infrastructure.Your security is not at risk and data encryption will function normally, but your site visitors will be disrupted by a warning in Chrome.
- Symantec Complete Website Security
- Symantec Managed PKI for SSL
- Symantec Trust Center or Symantec Trust Center Enterprise
- GeoTrust Security Center or Enterprise Security Center
- Thawte Certificate Center or Certificate Center Enterprise
- RapidSSL Security Center
- 10/09/17--20:52: 2017年9月最新情报
- 10/10/17--19:04: 2017 年 9 月の最新インテリジェンス
- 10/10/17--21:22: Microsoft Patch Tuesday – October 2017
- 10/07/17--12:12: Symantec SSL/TLSサーバ証明書の入れ替えに関する情報について
- 2017年12月1日より、Google Chromeに信頼されるために全てのSymantec SSL/TLSサーバ証明書は新たなPKI基盤より発行されなければなりません
- 2018年3月15日（Chrome 66 Beta、日程は前後する可能性があります）にGoogle Chromeは、2016年6月1日より前に発行されたSSL/TLSサーバ証明書が導入されたウェブサイトに対して警告を表示します。 ウェブサイトのセキュリティや暗号通信機能は従来通り機能しますが、Chromeを利用するサイト訪問者に対しては警告が表示されます。
- 更にGoogle Chrome は、2017年12月1日以降、全てのシマンテックグループの証明書を新たなインフラより発行することを求め、これ以前にシマンテックグループの現インフラより発行されたSSL/TLSサーバ証明書に対して、2018年9月13日（Chrome 70 Beta、日程は前後する可能性があります） 以降に警告を表示する、と宣言しています。ウェブサイトのセキュリティや暗号通信機能は従来通り機能しますが、Chromeを利用するサイト訪問者に対しては警告が表示されます
- 10/12/17--09:59: Symantec Wins Box Trust Partner of the Year
- 10/12/17--17:38: マイクロソフト月例パッチ（Microsoft Patch Tuesday）– 2017 年 10 月
- 10/12/17--17:41: 微软“周二补丁日” — 2017年10月
- 10/12/17--18:21: A Safe and Secure Shelter
- Safeguarding a Smooth Transition: Protecting an Inland Empire nonprofit providing relevant work skills to underprivileged populations
- A Safe Haven for Youth and Their Data: Norton Small Business protects sensitive information for youth-focused nonprofit
- Growing up Safe and Unafraid with Symantec: A spotlight on Military Veterans Against Child Abuse
- Planting the Seeds for a Safer Future: Symantec proudly supports the Fruit Tree Planting Foundation fulfill their mission
Whether a newbie or a seasoned internet user, anybody can become a victim of a scam targeting consumer or enterprise internet users. The question is why this remains a recurring security challenge.
My view: We are not being sufficiently vigilant when using internet services and too often fail to embrace best practices governing usage. A common analogy would be the attention we devote to hygiene to maintain our personal health. Our parents taught us to wash our hands, avoid touching our eyes and cover our mouth when coughing. We were also warned not to share food and drink, talk with strangers, or accept gifts from them.
Many of you may have heard the phrase, “If it’s too good to be true, it most likely is.” That proverb, implies that if someone you don’t know offers something of value, for little or no effort, be suspicious – both about the offer as well as the person making it.
When it comes to online safety, you can similarly protect yourself by being mindful about internet hygiene. Here are a few simple steps you can adopt to keep the bad guys at bay.
Wash your hands: Maintain your computer (laptop, desktop, mobile phone) in terms of operating system and application updates. Also install endpoint protection software and keep it updated as well.
Avoid touching your eyes: Don’t visit web sites of questionable content and integrity. Check your web browser. Make sure that the site address starts with https://. A check mark, or green banner indicates a trusted site.
Don’t share your food or drink: Think about who you share your documents with and how you are doing that. Pay attention to the sharing rights you enable when using file sync / share services (e.g. DropBox, Box, OneDrive, Google Drive, etc). Avoid using the full share to a public audience, as this will let anyone upload potentially harmful programs without your knowledge.
Don’t talk to strangers: Do not reuse username / passwords among different web sites. Use a password manager program to create and maintain unique passwords. If there is an option to also include “advanced” security settings such as two factor authentication, use that feature in addition to unique username / passwords
Don’t accept gifts from strangers: Email continues to be the most common way to trick users. Today’s malicious emails are cleverly crafted to look like messages from trusted senders. Avoid opening unsolicited emails, especially those containing a link to click on, or asking you to open an attached file. These may contain malicious instructions to re-direct you to a harmful website, or contain malicious instructions within the file that install ransomware (encrypting your computer, and asking you to pay a ransom to decrypt your system).
If it’s too good to be true, it most likely is: Email that arrives in your inbox carrying the announcement of an enticing offer for free stuff is most likely not genuine. It’s usually spam so delete the message without opening it. Remember this general rule of thumb: Your trusted service providers – whether it be your bank, your utility service providers, the government, Apple, Google, Symantec or others - will not send you unsolicited email asking you to take an action by clicking on a link. Rinse, wash, repeat.
The latest ISTR special report, Email Threats 2017, casts a light on a threat landscape where attackers are actively spreading malicious threats, BEC scams, and a variety of spam through email.
By Patrick Cohen, Vice President, Strategic Partnerships at NPower
In today’s economy, over 50% of all jobs in the U.S. require some degree of technical and digital skills, and this is expected to grow to 77% by 2020. Yet the job market is not keeping pace. Of the nearly 6 million jobs expected to require tech skills in the future, labor statistics project a candidate pool of only 3.2 million. Demand for cyber security experts has grown three times faster than other information technology jobs and in 2016, there were 1 million cyber security job openings.
Research shows a large percentage of these vacant cyber security positions could be filled by individuals without a college degree—creating a tremendous opportunity to train non-traditional candidates for these roles. The nonprofit I work for, NPower, offers training programs to help fill this skills gap with a diverse workforce prepared to help solve today’s cyber security challenges.
NPower first partnered with Symantec through employee volunteering in 2010. Since 2014, we have closely collaborated to offer the Symantec Cyber Career Connection (Symantec C3) program at NPower. Symantec C3, which is purposefully designed to produce entry-level cyber security professionals, combines rigorous classroom-based training that prepares students for key certifications, followed by substantive hands-on internships and job placement support. The 26-week Symantec C3 program at NPower is designed to train young adults and military veterans in computer sciences and cyber security fields, helping fill the critical cyber security roles needed today and in the future.
NPower offers several accelerated training programs. This includes the Symantec C3 program, which prepares students for cyber security careers in just six months. We focus on providing digital and professional skills, as well as on-the-job experiences to prepare our students to step into vacant cyber security positions. Our screening and vetting process begins before students are enrolled in the Symantec C3 program. We look for those with both a skill set and a passion for cyber security.
Students we enroll in Symantec C3 are typically alumni of our Technology Fundamentals course and have comparable technology-related experience. With that foundation, students are trained for three in-demand technical certifications that follow the ethical hacker curriculum. Coursework utilizes case studies and focuses on communication and writing to ensure our students graduate the program with solid knowledge and application of cyber security tools.
As with all of NPower’s workforce development programs, we are constantly enhancing the curriculum, which is informed and vetted by the marketplace with input from NPower’s corporate partners. Our students, including those in the Symantec C3 program, receive professional training during their three-month internship, a graduation requirement. NPower provides companies with workers that are trained in the technical skills they actually need, helping these companies source diverse, skilled talent. Consequently, we succeed in placing most of our alumni among our network of employer companies within one year after they graduate.
We have worked tirelessly to build our brand recognition and overcome rigid hiring practices, and the lack of time, investment or support for non-traditional hiring to place our students in internships and jobs. NPower partners with corporations from diverse industries (e.g., finance, pharmaceuticals, hospitality) and we are continually networking to expand our portfolio of internship hosts and employers. Due to these efforts, within one year of graduation more than 80% of NPower alumni are employed or continuing their education.
We have seen a steady increase in interest in hiring trained cyber security professionals from our employer network and with the Symantec C3 program, we are building a pipeline of junior cyber security talent. The feedback from the fifteen employers involved in the Symantec C3 program has been extremely positive. Our partners are excited about the talent we are bringing to them, as well as the work we are doing to address the cyber security skills gap.
NPower’s employer network offers real-world experience
With the evolving technology landscape, having a skilled cyber security workforce is important to companies in numerous industries. Diverse perspectives, backgrounds, and thoughts help better equip companies to meet the needs of their diverse customers, and recruiting from non-traditional sources that go beyond a university degree program, can help employers find talent. Given NPower’s record of success, leading employers including CBS, KPMG, NY Times, and Bank of America, have hosted Symantec C3 interns or provided job opportunities to Symantec C3 graduates.
Rodrigo Sinchi, one of the Symantec C3 students from NPower’s first class was thrilled to be a part of the program and to land a cyber security internship at a financial institution. “The Symantec C3 program at NPower has helped me strengthen my technical and professional skills by giving me the right technical training to establish a career in information security - with additional support around workplace readiness. I can now use these skills throughout my career. For example, while interning, I learned to adapt to the culture of the firm and learned how to quickly be a supportive part to the Vulnerabilities and Threat Management team. With my training at NPower and my hands on experience, I could not have had a better experience entering the information security field,” he said.
At NPower we are never satisfied with our results - we can always do more. The gap in skilled cyber security professionals continues to grow, and we are hoping to scale the Symantec C3 program to broaden its scope and impact. Symantec C3 training partners, like NPower, provide the technical certifications and training, but nothing compares to real-world experience. You can help by providing internship opportunities at your company in which program participants will grow their skills through practical application and on-the-job training. We are creating the workforce of tomorrow and helping to close the cyber security gap; we hope you’ll join us.
 US Bureau of Labor Statistics
 US Bureau of Labor Statistics
Wannacry and other ransomware attacks are likely to get more frequent and more potent as cybercriminals seek new ways to deliver their payloads.
The WannaCry ransomware attack made a big splash earlier this year and then retreated from the headlines. But don’t mistake that with the all-clear sign. If you have been taking a well-earned summer vacation, you might have missed some WannaCry-related items:
· The accidental hero who stopped WannaCry by hitting its kill switch, UK citizen Marcus Hutchins, was arrested in the U. S. where he was wanted for creating the earlier Kronos exploit used against banks.
· The bitcoin wallets that had received over $143,000 in WannaCry ransom were emptied.
· New malware in the form of the so-called “NotPetya” disabled systems worldwide, taking advantage of the same Eternal Blue hacking tool allegedly developed originally by the National Security Agency that was used in the WannaCry attacks.
· WannaCry re-emerged in August when LG Electronics confirmed it was found on a self-service kiosk in South Korea, causing systems to be shut down.
WannaCry originally struck on May 12, infecting more than 300,000 Windows systems. Eternal Blue was released online in April by the mysterious group of hackers that call themselves the Shadow Brokers. Petya, which was first discovered in March 2016, hit in a new variant, also called NotPetya, on June 27, spreading over Windows SMB. Although victims were asked to send $300 in Bitcoin to get a decryption key, the payment system failed and the main impact of the malware was the destruction of data.
Compared to previous major ransomware attacks, the amount of money cybercriminals collected from WannaCry was not high. That’s little cause for celebration. WannaCry would have been far more devastating had it been better written, according to Vikram Thakur, technical director, Symantec security response.
What’s more, WannaCry exposed sloppy cybersecurity practices. Victims had either neglected to perform regular patching or used obsolete operating systems. The UK National Health Service, for example, thought it would save money by continuing to run an older operating system like Windows XP; it learned otherwise when WannaCry wreaked havoc with their system and forced the cancellation of thousands of operations and patient appointments.
Ransomware Delivery Dangers
WannaCry used a network worm to spread rapidly this time around, but security experts envision other ransomware scenarios that will feature the use of Internet of Things (IoT) devices - with potentially devastating effect.
Consider a scenario in which ransomware corrupts sensors that shut down an auto assembly line. How much would a car company need to pay to get its operations back up and running? Or think about how much a major retailer would need to pay to resume the operation of their point-of-sale systems during the holidays. And what about a hospital full of sensors and connected medical equipment where patients could be held hostage until ransomware is paid.
Many of today’s IoT sensors are not built with security in mind and cannot be patched or updated. This is a well-known problem and it’s still waiting to get addressed. But the world of IoT is young and there is time to get it right -- if warning shots like WannaCry are heeded.
In the meantime, organizations should prepare to defend against ransomware being delivered the old-fashioned way.
“Email is the biggest vector that we see today spreading ransomware and it’s our belief that it will be the most frequent mode of delivery,” said Thakur.
Indeed, Symantec’s April 2017 Internet Security Threat Report (ISTR) revealed that one in131 emails sent last year were malicious, the highest rate in five years. Often aided by the use of spam botnets, ransomware-laden emails overwhelmed some organizations through their sheer volume. And attackers demanded more from victims, with the average ransom demand in 2016 rising to $1,077, up from $294 a year earlier. Also in 2016, the number of new ransomware families more than tripled to 101, and Symantec logged a 36 percent increase in ransomware infections.
Thakur advises using security software and, of course, keeping your systems updated, patched, and backed up.
Malware lurking on backups is another worry. Symantec has identified several cases of ransomware that encrypts computers as well as backup drives. Thakur recommends checking to make sure your backed-up data is good, a step that many small and mid-sized businesses often ignore.
“When SMBs go back to their data, they find a disk is corrupt and they’ve lost more data than they thought,” Thakur said, adding that users ought to download files regularly to check their integrity.
To be on the safe side, Thakur recommends periodically disconnecting backup drives to prevent the likelihood of malware spreading.
Security practitioners should brace for the likelihood that email delivery of ransomware will continue - and likely get more sophisticated and dangerous.
“Every - and I mean every - firm will be on the receiving end of a ransomware attack,” said security expert Ben Rothke.
Challenges clearly await but basic measures can go a long way toward keeping organizations safe. The key is to avoid being a victim by applying both a defense in depth approach with constant vigilance, just as you would against all other advanced security threats.
And just in case, make sure that your backups are in good shape.
At The Nature’s Bounty Co. we focus on endpoint security. Vulnerable end user systems can cause real operational and economic damage to a company like ours. We’re a global market leader in natural wellness products such as vitamins, nutritional supplements, sports and active nutrition, and ethical beauty products.
One of the biggest challenges we faced as an IT organization was deploying software updates to everyone in the company. We're headquartered in Ronkonkoma, New York, but have employed a global workforce of more than 11,000 associates.
Almost everyone has a laptop, and many people work from home. We have associates that may never come into an office, so they never hit our network. This was presenting us with the problem of getting patches and other software deployments out to our users in a timely fashion.
That’s why we recently upgraded The Nature’s Bounty Co. to version 8.1 of Symantec™ IT Management Suite.
IT Management Suite 8.1 includes new patch distribution and asset management features that address all our issues and help us fight ransomware:
Just as we finished the 8.1 upgrade, the WannaCry ransomware attack hit, which is reported to have infected more than 230,000 systems in 150 countries in its first day. We had been taking a slow-and-steady approach to getting everyone patched, and had just finished the IT department pilot, when management told us, "Patch everyone NOW!"
With bandwidth throttling and peer-to-peer capabilities, I was comfortable saying, "Here's the patch, everybody. Go get it." I knew it wasn't going to flood our network.
Now that my IT Management Suite reporting tools are up to date, I'm able to easily provide to my Information Security Management Team not only details about which devices are in our environment, but a list of which devices have a specifically named infected file present ... and it only takes five minutes!
The only way to prepare for an attack like WannaCry is to stay ahead of the curve with your patching. You have to have a plan and you have to have the right tools. Symantec IT Management Suite has given us those tools.
最新の ISTR 特別レポート「Email Threats 2017（メール経由の脅威、2017 年版）」では、悪質なマルウェア、BEC 詐欺、各種スパムがメールで横行している実態が明らかにされています。
In today’s business world, cloud computing and the Internet are synonymous with efficiency, flexibility, and mobility. It is unimaginable to operate a business today without heavy dependencies on Internet or cloud services. The question is: how do you ensure a balance in your network performance of critical cloud applications, such as Office 365 or SalesForce, against other bandwidth-hungry applications like YouTube or Facebook? Utilizing the right technology with application level visibility and granular control is the key. Symantec PacketShaper offers 360 degree visibility into network traffic, and it provides powerful Quality of Service (QoS) controls to manage and prioritize application traffic.
PacketShaper is part of Symantec’s Network Performance & Optimization solutions, and it’s a key component of Symantec’s vision for the Cloud Generation. Read on to learn more about the capabilities of the new Symantec PacketShaper S-Series, and how PacketShaper can help your organization improve application performance and user experience including:
Get an Accurate Picture of Your Network Traffic
In order to optimize your network traffic, you must have comprehensive visibility. PacketShaper identifies and categorizes network traffic on all ports and protocols. Unlike port-based, simple QoS services available from some network switch manufacturers, PacketShaper offers Layer 7 awareness and categorizes traffic at the application level. In addition to its ability to classify one thousand of the most popular business and consumer apps from its onboard app library, it also integrates with the Symantec Global Intelligence Network (GIN) to classify thousands of cloud and web apps and millions of websites.
PacketShaper can also identify SSL, or encrypted traffic. When combined with the Symantec Encrypted Traffic Management solution, PacketShaper can effectively classify and manage encrypted traffic to further improve network efficiency.
Manage Bandwidth with Simple and Powerful QoS Tools
In addition to identifying and classifying network traffic, PacketShaper’s powerful QoS tools provide inbound and outbound flow control to protect preferred application and web traffic. PacketShaper prioritizes and guarantees bandwidth for important applications, such as Office 365, to ensure acceptable performance levels while minimizing the impact of non-essential, disruptive and less desirable traffic like social media or games.
With its unique feature called Dynamic Partitions, PacketShaper can distribute available network bandwidth among active users to guarantee fair and equal access for everyone. This feature is very useful in protecting the user experience in a shared network environment, such as a WiFi network, to ensure that a user watching a YouTube video or doing an iOS update doesn’t negatively impact the user experience of others.
PacketShaper enables fine-tuned network traffic management with granular controls to best meet your business needs. Administrators can configure and apply QoS policies to control network traffic at various levels. For example:
TCP Rate Control
A unique patented PacketShaper feature is TCP Rate Control, an advanced congestion-avoidance mechanism. TCP Rate Control improves the user experience for content transmitted over the Internet, such as video and voice, by eliminating jitters introduced by packet drops and re-transmission when bandwidth is overflown. It also prevents traffic from being sent at rates higher than the receiving server, which greatly reduces queuing in router buffers and improves overall efficiency.
Monitor Network Performance and Bandwidth Efficiency
The PacketShaper dashboard gives you a quick view of key network statistics, including network utilization rate and efficiency, and a clear understanding of which users and apps are consuming the most bandwidth at any given moment. You can also use the included PacketShaper On-Box Reports to get current and historical data on key network performance metrics.
Advanced NetX Central Reporting
With Symantec’s technology partner NetDialog, we have recently introduced a central reporting solution: NetX for the PacketShaper S-Series. NetX gives you extended reporting and analytical capabilities ranging from hybrid networking statistics to root cause analysis. You can customize and schedule your reports in multiple ways to analyze critical business information, and you can perform interactive drill-down analysis with just a few clicks. With the insights provided by NetX, you can control application performance, manage network efficiency, and identify potential performance and security gaps for your WAN and Internet links.
You can protect application performance and the user experience while ensuring your bandwidth investment is properly utilized. Take the next step to gain comprehensive network traffic visibility and control with Symantec PacketShaper. Learn more about PacketShaper
September saw Symantec uncover new activity by the Dragonfly group, and the start of several new Locky spam campaigns.
Your employer has the sole responsibility to provide a safe and secure office environment - especially when it comes to cybersecurity.
More than ever, cybersecurity in the workplace needs to be a shared responsibility.
Let’s also recognize that the value that an organization places upon cybersecurity reflects the culture of the organization. A Federal Reserve Bank employee entrusted with the job of securing gold assets is clearly going to be more accustomed to a highly structured, controlled work place environment where security is paramount. By contrast, someone flipping hamburgers at a fast food restaurant will probably be more focused on the time it takes to turn out a non-harmful meal. But no matter the profession, there’s a common nexus that should bind employee and employer together in furthering a culture of cybersecurity in the work place.
So, what are these implied responsibilities? Let’s take a closer look.
It’s hard to underscore how important it is to put these concepts into practice in a consistent way across the organization. The goal should be to foster a culture where employees don’t view security as an imposition handed down by management. Rather, it should become an ingrained habit that’s part of their daily routines.
Because they believe in it.
When it comes to malicious emails, the good news is that the bad news isn’t worse.
If you’re like most of us, you probably feel as if you’re drowning in unwanted email. That’s probably true: Symantec’s latest Internet Security Threat Report found that about 53 percent of all email is spam. What’s worse, a lot of it seems to be designed to trick you into clicking on things that you really shouldn’t click on.
But although it turns out that there’s more and more email carrying actual malware payloads, there’s actually less e-mail that tries to steal your login information.
Although both types of email work the same way – a recipient has to be fooled into clicking on something -- it’s useful to separate those two things out.
Payload-bearing emails carry attachments – typically a Microsoft Word document – that contains a macro that downloads malware. By default, Word’s macro function is turned off, so the payload has to persuade or trick the user into changing that, said Kevin Haley, a director in Symantec’s Security Technology and Response Group.
“What somebody figured out in 2016 and everyone quickly copied, was the fact that you could fool the user into enabling the macro,” Haley said. “You can convince them that in order to read this document, that has to be enabled, and so they will then go and enable the macros themselves. And, once that macro support is enabled, the malware gets launched and they have essentially been a partner in infecting themselves.”
Those infections are now mostly ransomware, which locks your computer until you pay the bad guys. That kind of email is increasing: from 1 out of every 244 emails in 2014, to 1 out of every 131 in 2016.
Malicious emails are becoming more common, said Haley, because “it is cheap and it is effective. You can go and even hire somebody to send massive runs of email out for you. These guys don't care whether it's an ad for Viagra or a piece of malware. You just hand it off to somebody who has servers in place and then go.”
And it’s lucrative. Haley said the typical ransomware payoff was $1000 in 2016, up from $300 in 2015. Moreover, Haley said, a survey showed that 34 percent of people would pay if they got infected.
The other kind of bad-acting email is “phishing,” email that tries to collect your login credentials. Those emails typically mimic security alerts from a financial institution or from Google. They are much less common and are becoming rarer still, dropping from 1 out of every 965 emails in 2014 to 1 out of every 2596 in 2016.
There may be fewer of them, Haley said, but they’re getting more sophisticated. “The old school [tipoff] is if you see a typo, or if you see bad English, [you know] that's a phishing attack. It just doesn't happen anymore. Not only are spell checkers universal, but for the most part these guys are just copying text or images from legitimate emails, or from websites. They're not writing the stuff themselves; they're using the existing stuff that the people they're imitating have written.”
Perhaps the best-known recent successful phish was of John Podesta, chair of the Democratic National Committee, who was fooled last year into giving up his Gmail credentials; the contents of his emails were published during the weeks before the last presidential election.
So, if phishing attacks are lucrative, why aren’t they increasing? Because, Haley said, all the good stuff’s already been stolen.
“Part of the reason that phishing attacks have gone down is that there have been so many login and passwords stolen in data breaches,” Haley said. “It is so cheap to buy that information in the underground economy that I don't need to go to all the trouble to phish for it. The guys who are doing it have gotten better and better, but since there's less need to do it, there are less people doing it. They're all either buying their login and passwords online, or they're off doing ransomware.”
How to defend against attacks? Haley says that Symantec’s mail servers now put the flag [ext] in the subject line of all emails coming from outside the company to help guard against spoofed email addresses. But overall, the old rules still apply: consider all attachments to be suspect. Don’t enable Microsoft Office macros. Never click on a link in an email; go directly to the site yourself.
Because you are not paranoid: they really are out to get you.
Recently, Symantec announced that DigiCert, a leading provider of scalable identity and encryption solutions for the enterprise, will acquire Symantec's Website Security and related PKI solutions. This announcement comes at a time when it’s absolutely critical that businesses are safeguarded from the advanced cyber security threats infiltrating the web.
Through this acquisition, customers will benefit from a company that is solely focused on delivering the leading identity and encryption solutions they require as well as an enhanced technology platform, unparalleled support and market-leading innovations. Symantec Website Security and DigiCert share a strong commitment to customer service, and ensuring continuity for our customers and their businesses is a top priority.
In response to browser concerns and in preparation for this transition, Symantec Website Security is focused on maintaining your business continuity and avoiding any compatibility issues with regards to the proposed schedule by Google Chrome and Mozilla. As such, we are proactively reaching out to any customers who may be impacted.
Google Proposal Background
On July 27, 2017, Google posted a time-sensitive plan regarding Symantec-issued TLS server certificates. There are critical dates that will impact your operations:
On August 1, 2017, Mozilla stated that it intends to follow the timeline proposed by Google and Google reconfirmed the plan above in its most recent post on September 11, 2017.
Action to Take Now
With these dates in mind, we are evaluating all certificates to ensure that your business will remain uninterrupted and will comply with the browser requirements. By December 1, 2017, our Certificate Authority partner, DigiCert, will begin to provide operations on our behalf that satisfy all of the requirements of Google and Mozilla.
For those customers with certificates issued prior to June 1, 2016, we are recommending they be replaced by March 15, 2018. We have begun outreach to affected customers and will work directly with them to make the transition as seamless as possible.
For more information on how to find certificates purchased directly from Symantec that you can replace now, please refer to the appropriate KB Article:
For customers who did not purchase certificates directly from Symantec, please work with your Symantec Website Security Partner to arrange replacement.
For those customers who leverage Symantec Complete Website Security, Symantec Trust Center Enterprise, Thawte Certificate Center Enterprise, and GeoTrust Enterprise Security Center, DigiCert will be starting its pre-authentication efforts soon so that come December 1, 2017, any enterprise certificates (new as well as those needing replacement) will be instantly issued. This pre-authentication effort will be done at no additional cost to you.
Certificates That Should be Reissued Later
Some customers will have certificates that should be reissued by DigiCert once it begins operations on our behalf. As we assess the implications of Google’s proposal and upcoming dates, we do not believe you need to take action on additional certificates until that time. DigiCert will begin to provide authentication services on Symantec’s behalf by December 1, 2017, which will provide time for you to reissue and prevent any potential Chrome disruption to your customers before September 2018. DigiCert will be conducting the full validation at this stage, and upon replacement, certificates will enjoy their full validity within the guidelines of the CA/B Forum.
We will provide a progress update as soon as we have more information, and specific recommendations on the best timing to reissue your remaining certificates.
For customer support, please visit https://go.symantec.com/contact.
Symantec Website Security
9 月には、Dragonfly グループの新たな活動が明らかになり、複数の Locky スパム攻撃も新たに始まりました。
This month the vendor has patched 62 vulnerabilities, 27 of which are rated Critical.
マネージドPKI for SSLをご利用中のお客様が、どのように再発行をすべき証明書を見つけるかについては以下のKBをご確認ください。
マネージドPKI for SSLやコンプリート・ウェブサイトセキュリティ（CWS）をご利用中のエンタープライズのお客様は、2017年12月1日時点で全ての新規申請や再発行申請を含めたいかなる証明書申請も即時発行が可能な状態を維持するために、近日中にDigiCert社による先行再認証業務を開始いたします。この先行再認証業務についてお客様の追加費用負担は必要ございません。
Symantec just won the Box Technology Partner of the Year award in the category of Trust and Security. We've had a great year working with Box on technology integrations and go to market activities. Box is an Elite Partner of Symantec for good reason.
Our CloudSOC Cloud Access Security Broker (CASB) and Data Loss Protection (DLP) solutions have included Box integration for some time and this year we expanded our integrations and partnership activities even further. Most recently we added integration with Box Data Governance to offer more visibility and policy enforcement options for governing sensitive content in Box so our shared customers can automatically identify, classify and enforce policy controls over sensitive data with native Box classifications using the industry-leading Symantec CloudSOC CASB and Symantec DLP. You can get more details on this recent integration in our Symantec + Box blog post here.
By partnering with Box on an integrated solution, we can offer our shared customers the advantages of the native Box platform security capabilities with the automated policy controls and visibility of Symantec CloudSOC CASB and fine-tuned enterprise-wide content policies of Symantec DLP. Here's a recent blog post from Box on our expanded partnership around content security.
Thank you Box! You are a great partner to work with, both from a technology integration perspective and as an organization of good people. We look forward to continuing our excellent relationship with you in the year to come.
今月は、62 個のパッチがリリースされており、そのうち 27 件が「緊急」レベルです。
Product donation is Symantec’s largest mechanism to support the nonprofit community and help nonprofits fulfill their missions. In partnership with TechSoup, each year we provide cybersecurity solutions to more than 25,000 organizations across 55 countries worldwide, allowing them to secure their most important data wherever it lives. Since launching the software donation program in 2002, Symantec has helped more than 93,000 nonprofits solve today’s biggest security challenges and protect against the ever-evolving threat landscape.
Founded in 1976, Citizens Against Physical and Sexual Abuse (CAPSA), works to provide safe, caring, and confidential shelter, advocacy, and support for victims of physical and emotional domestic violence and sexual assault; and to reduce incidents of abuse through prevention education. Serving a small community in Northern Utah, the organization is up against significant odds—nationally one in four women, and one in seven men, will experience domestic violence in their lifetimes.
CAPSA is an organization that continually has more needs than resources in trying to help those suffering from abuse. Even with limited resources and funding, the nonprofit is able to provide advocacy, counseling, safety planning, and both temporary and long-term shelter for almost 1,000 people each year. The group also educates thousands of youth a year, channeling tens of thousands of volunteer hours towards this cause.
Data security is critical for CASPA
With this type of work, CAPSA has some demanding computer, network, and information system challenges and needs. According to James Boyd, CAPSA’s Development Director, “The feeling of safety and security is something we’re trying to provide our clients. We’re dealing with people who sometimes come in afraid for their lives, afraid someone will find out their location. In fact, the Center for Disease Control and Prevention put out a study that indicates when someone leaves an abusive relationship, the chances of being killed increases significantly. We have a safe and secure shelter, we teach people safety planning, and as an organization, we need to know our data is secure. Maintaining the security and safety of our confidential and sensitive data is a big part of what we need, and a big part of what we need to be able to provide our clients.”
James went on to describe how a data security breach would affect the grants that sustain the organization financially. “If our data was breached, I’m confident that most, if not all, of our grants would pull out. That would mean immediately losing services for clients—thousands of people each year wouldn’t get support or services they need,” he said.
CAPSA began using Symantec's Endpoint Protection (SEP) for small businesses a couple of years ago after experiencing considerable downtime as workstations became compromised. Due to limited funds, in the past they used free or trial versions of anti-virus software, and were continually hit with malware attacks. Their email accounts were hacked, sending out private information and spam emails, negatively affecting their reputation, and more importantly, putting lives in danger.
Their part-time information systems manager David Sullivan spent multiple days after each attack reinstalling a clean version of the operating system and software. This tedious and time-consuming process also left employees without their computers for several days. David then started looking for a solution that would protect their confidential information, keep the organization running smoothly, and could be both deployed and maintained easily.
David chose SEP, through Symantec’s software donation partnership with TechSoup. “Symantec’s Endpoint Protection has done a superb job of keeping our sensitive and confidential information safe, preventing malware and other issues that cause down time in our computers and systems. The ease in which I was able to deploy SEP, and the way it can be centrally managed through an online portal has been wonderful. It has helped our staff stay focused on the individuals and families they support, and has helped me focus on providing the information systems improvements that help them best do their jobs.”
Saving lives one-by-one
James also estimates that through SEP, each year the organization saves $1,000—which directly equals sheltering one more individual per year. That one person is someone like the young mother who walked through the snow and slush barefooted with her two children last winter to escape abuse. “Luckily she ran into a stranger who knew about us and was able to get her to CAPSA. We helped her work to overcome barriers that often times cause people to go back to violent situations. We helped her get a job, helped her get housing, and gave her and her older child therapy. She’s now living in a CAPSA-owned house and she’s doing well. To see that whole cycle is amazing,” says James.
Domestic violence happens more than we realize: according to CAPSA half of all homicides in the U.S. are domestic violence related. In Utah, CAPSA relies on Symantec to keep their systems and their clients’ information secure, while the organization and its volunteers work tirelessly on their mission of providing safe, caring, and confidential shelter for victims of abuse, ultimately saving people’s lives.
Learn more about some of the many nonprofits utilizing Symantec products through Symantec’s partnership with TechSoup: