危機責任に対する GDPR の影響を考える
公然と隠れながら増え続ける PowerShell の脅威
続きを読む
Emotet が進化: オンラインバンキングを狙うトロイの木馬から、マルウェアの流通へ
続きを読む
Leafminer: 中東の各国を狙うサイバースパイ集団が活動中
コール最適化サービスを取り込んだ技術サポート詐欺
これからのプライバシー規制はどこへ向かうのか
MikroTik 社製ルーターの感染を究明
マイクロソフト月例パッチ(Microsoft Patch Tuesday)– 2018 年 8 月
改良された jRAT、解析回避の新たな手法を備えて登場
悪質なアドウェアを含む詐欺アプリを Google Play で確認
モバイルのプライバシー: アプリで使われる個人情報に注意
ボットネット Mirai の新しい亜種、オープンソースプロジェクトを利用してクロスプラットフォームで拡大
WMIC を悪用して悪質なファイルをダウンロードする攻撃が出現
Menaces mobiles
続きを読む
Le minacce per i dispositivi mobili
続きを読む
Mobile Threats
続きを読む
Las amenazas móviles
続きを読む
マイクロソフト月例パッチ(Microsoft Patch Tuesday)- 2018 年 9 月
Symantec Cloud Workload Protection and Intelligent Security Graph
Who hasn’t heard the phrase “the best thing since sliced bread”? For whatever reason, this phrase has become the universal benchmark for talking about the next best thing. Surprisingly, the phrase came about because the process of making, baking, and slicing bread used to be so manual that once these steps were automated, bread rapidly became a mass-market product for the American home.
So how does sliced bread relate to APIs? Although APIs have been around since the 70s, it wasn’t up until cloud computing that we really saw APIs take off. The ability to programmatically call a service, spin up new resources, and respond automatically to changing demands are the foundation for using Infrastructure as Code (IaC). No longer do you have to manually log into a product, click on some buttons, download data and then upload that data to another product. Instead with APIs customers can automate those steps, program every-day tasks, and deploy services that grow with the application. This is one of the reasons why Forbes called 2017 the “Year of the API Economy.”
However, there’s one big catch to this new world of APIs. Each service or product usually has their own schema for API calls and integrating disparate products can require A LOT of plumbing. Although Symantec strives to provide a full set of products for multiple security use cases, we recognize that many of our customers use homegrown solutions or products from different vendors alongside ours. We hear from a lot of customers just how hard they struggle to connect those products in a meaningful way. The result is often siloed security products that don’t enhance context or our customers’ security. That’s why when we heard about Microsoft’s Graph Security API, we saw a great opportunity to integrate and help our customers take full advantage of our APIs.
Microsoft Graph Security API
Microsoft Graph Security API (or Security API) is a new service that provides a unified rest API for integrating data and intelligence from Microsoft and other 3rd party products and services. Using the Security API, customers can connect multiple services or products and use unified API calls to access or act on security insights. Think of the new service as a federated API gateway where integrated products deliver security alerts that customers can use to automate responses across all products.
We love two things about the Security API: (1) unified schema, and (2) data security. By using a unified schema, customers now don’t have to worry about translating security alerts from one product to another. As part of the integration, the Security API establishes a schema that each vendor and product must follow to deliver alerts.
Requests for alerts are federated to each security product - no data is stored by the Security API. This, coupled with strict customer access controls, creates confidence that customers can benefit from greater integration across their security products while preserving customer privacy and data protection.
Symantec Cloud Workload Protection
For Microsoft Ignite 2018, we’ve developed a Proof of Concept (PoC) to show how we’re planning to integrate with the Security API. Using Symantec Cloud Workload Protection (CWP), customers get continuous visibility of workloads deployed across Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) and automatically protect applications hosted in the public cloud. Our PoC shows how customers can programmatically request results of anti-malware scans, updates to security policies, failed login attempts, and changes to the public cloud infrastructure monitored by CWP. With this information, customers can request more context on their public cloud infrastructure when they see suspicious behavior from other services or products or can automatically orchestrate remediations using API calls to CWP.
And these are just a couple of the ideas we’re evaluating as we look to bring more functionality for our customers. We will be demonstrating the PoC for these use cases and others at the Microsoft Ignite Conference. If you’re attending, come visit our booth (G1834 in the Expo Hall of the Orange County Convention Center) to see our demo and give us feedback on what else you’d like to see. Also keep watching our blogs to see when we’ll officially release CWP integration with the Security API. By leveraging CWP APIs and the Security API, you can easily automate your security response and create remediation playbooks that are the next best things since…well you know…sliced bread.