- RSS Channel Showcase 6960494
- RSS Channel Showcase 9122487
- RSS Channel Showcase 4456063
- RSS Channel Showcase 2220730
Articles on this Page
- 07/11/17--21:45: _2017年6月最新情报
- 07/12/17--02:00: _Microsoft Patch Tue...
- 07/12/17--05:56: _Attackers are incre...
- 07/12/17--11:45: _DLP Enforce server ...
- 07/12/17--20:48: _网络攻击者日益加大对手头资源的利用
- 07/12/17--21:47: _現地調達型の攻撃、増加の傾向
- 07/13/17--09:56: _Integrations, Integ...
- 07/13/17--11:36: _STEM Mentoring Enco...
- 07/13/17--11:39: _CASB to the Rescue:...
- 07/13/17--16:34: _Symantec and Willia...
- 07/13/17--17:47: _微软“周二补丁日” — 2017年7月
- 07/13/17--21:22: _2017 年 6 月の最新インテリジェンス
- 07/13/17--22:48: _マイクロソフト月例パッチ（Micros...
- 07/14/17--11:43: _Symantec Puts Highe...
- 07/18/17--08:29: _Benefits of a Servi...
- 07/18/17--12:07: _Threat Isolation: W...
- 07/18/17--17:06: _Cloud Workload Prot...
- 07/18/17--14:47: _Time to Set Norms G...
- 07/19/17--08:10: _A Safe Haven for Yo...
- 07/20/17--22:37: _Third Party Revocat...
- 07/11/17--21:45: 2017年6月最新情报
- 07/12/17--02:00: Microsoft Patch Tuesday – July 2017
- 07/12/17--05:56: Attackers are increasingly living off the land
- 07/12/17--11:45: DLP Enforce server and Cloud DLP Detector
Log on to the Enforce Server as Administrator. Make sure you have installed license of “cloud prevent for email” on enforce server.
Go to System > Servers and Detectors. The Overview page appears.
Click Add Cloud Detector. The Add Cloud Detector screen appears. Click Browse in the Enrollment Bundle File field.
Provide location of enrollmentbundle.zip that you received from Symantec and Enter Detector name then click on Enroll Detector.
The status will show as Connected. The enforce server will deploy polices on cloud server.
The Email administrator need route outbound email from Office 365 to provide DLP hostname.
- 07/12/17--20:48: 网络攻击者日益加大对手头资源的利用
- 07/12/17--21:47: 現地調達型の攻撃、増加の傾向
- 07/13/17--09:56: Integrations, Integrations, Integrations…
- 07/13/17--11:36: STEM Mentoring Encourages UK Girls to Lead the Way
- 07/13/17--11:39: CASB to the Rescue: The Story of Data Exposure via AWS S3 Buckets
A misconfiguration resulted in leakage of close to 1.4 million private records containing customers’ medical data found exposed to the public via AWS S3 buckets
Highly classified defense data related to US military and National Geospatial-Intelligence Agency (NGA)was exposed via AWS S3 buckets
200 million US voters data was exposed to the Internet via AWS S3 buckets and this data could have been utilized by attackers for nefarious purposes.
How are data transactions monitored from the AWS S3 buckets and associated user accounts?
How often is this data accessed and by whom and from which location?
Are there any policies configured to determine whether data transactions hit the threshold or not?
How can you make sure that data governance and compliance controls are followed even if the cloud app[s] are approved?
Identity: To determine “Who” is performing data transactions in cloud apps
Timeline: To determine “When” data transactions are performed in cloud apps
Purpose: To determine “Why” data transactions are performed in cloud apps
Technique: To determine “Which” tactics are opted to perform data transactions in cloud apps
Movement: To determine “How” data transactions are performed in cloud apps
Classification: To determine “What” types of data transactions are performed in cloud apps
Discover Shadow Data / IT– apps and IT solutions used by employees without the company’s authorization.
Detect risky cloud app activities and users – zero in on threats without sifting through billions of data records. Symantec CloudSOC does this in a unique way by using advanced machine learning and data science to detect these activities.
Protect cloud apps– enforce policies across multiple cloud services at the same time. This allows you to prevent attacks and ensure corporate governance.
Perform post-incident investigations and forensic analysis – analyze all historical transactions for your cloud applications and services. This allows you to perform deep dive analysis for legal, compliance or HR initiatives, ensuring cloud-based data is no longer outside the sphere of enterprise analysis.
- 07/13/17--16:34: Symantec and Williams Martini Racing
- 07/13/17--17:47: 微软“周二补丁日” — 2017年7月
- 07/13/17--21:22: 2017 年 6 月の最新インテリジェンス
- 07/13/17--22:48: マイクロソフト月例パッチ（Microsoft Patch Tuesday）- 2017 年 7 月
- 07/14/17--11:43: Symantec Puts Higher Ed Cyber Skills to the Test
Walk in an adversary’s footsteps to understand motivations
Understand the five stages of a cyber-attack – Reconnaissance, Incursion, Discovery, Capture and Exfiltration
Develop and practice offensive skills to aid in defense
Apply knowledge and experience to real-world problems
Expand their security awareness and build cyber skills while earning Continuing Education Credits
- 07/18/17--08:29: Benefits of a Service Owner-led IT organization
Consistency: All service owners use common tools and processes to manage their services. For Symantec the tool of choice was ServiceNow as our ServiceExchange platform. ServiceNow provides a framework where:
- All IT services are published and available through a single portal and service catalog.
- Service level agreements can be applied consistently and reporting is normalized for all, where actionable metrics drive conversations enabled through service dashboards.
- Assets are tracked within a single configuration management database (CMDB) and associated with services through relationships.
- The CMDB enables strong ITSM process adherence and an ability to measure cause and effect through incident, change and problem management in addition to other capabilities such as monitoring and alerting.
- Governance is built into the platform—approval, escalation, and non-compliance awareness.
- Provides a one-stop shop for consumers including non-IT services such as HR, Facilities, etc.
- Transparency: One of the keys of service adoption is to provide detail costing at the service level. This is achieved through a breakdown of costs (contracts, labor, software, and infrastructure) and association to defined services. Service level costing allows for streamlined planning and investment decisions based on value and return of services. These insights not only allow for IT decisions and tradeoffs, but also conversations with business partners on their plans and impacts to IT services.
Empowerment: Service owners own services end-to-end. They are the general managers of their services. This includes operations, strategy and roadmaps, business relationship, and vendor management. This level of ownership provides agility and efficiency through accountability and avoids responsibility conflicts as well as confusion regarding whom to contact.
- Enterprise advantage: As services mature, the ability to leverage becomes an enterprise asset and differentiator. Services can be quickly deployed across the organization, reducing duplication and waste. This really is an outcome of the managing operational excellence, allowing greater focus on value-add investments.
Service design: This is one of the most important steps in transitioning IT to being services-led. It is critical to start with a user-focused development of IT services, not the technology. By mapping to business capabilities, you will align to organizational goals and outcomes. At first, you will definitely struggle with granularity of services and end up with way too many. Over time, consolidate those that add no value reporting or managing as discrete services.
- Define employee roles and communicate responsibility: As you transition, spend time outlining the roles in the organization. Who will play the service owner, service category owner, and service executives? These roles define who has operational, strategic/portfolio and executive business accountability. Given the end-to-end nature of a services approach, scope of responsibility for the service owner/service category tends to expand. However, there is a philosophical mindset change here as ownership moves towards managing the technology. It requires an understanding of managing to business goals and outcomes.
Service maturity: Not all services are equal. Services will mature over time, typically from being developed as IT-centric to business-enabling to driving business advantage. At the same time, wise investment decisions across a service portfolio will also cap the desired maturity of a service.
- Quarterly service reviews: This is a key component in driving consistency, maturity and investments decisions. Through a standard pro-forma agenda, services are measured for costs, quality and performance—SLAs, availability, and user experience metrics. In addition, service reviews will cover an understanding of the service scope and landscape. For instance, do we have the right coverage and service architecture to help understand complexity and technical debt? Is our service roadmap aligned to business goals, and service risk?
- 07/18/17--12:07: Threat Isolation: Why You Can Now Browse Without Fear
- 07/18/17--17:06: Cloud Workload Protection、AWS マーケットプレイスで提供を開始
- 07/18/17--14:47: Time to Set Norms Governing Cyber War: Aspen Security Forum Preview
- 07/19/17--08:10: A Safe Haven for Youth and Their Data
- Growing up Safe and Unafraid with Symantec: A spotlight on Military Veterans Against Child Abuse
- Planting the Seeds for a Safer Future: Symantec proudly supports the Fruit Tree Planting Foundation fulfill their mission
- Cyber Security is Vital for Nonprofits Too: How Nonprofit CASA is Protecting Children’s Personal Information with Symantec
- Ambassadors of Safety: Kosch-Westerman Foundation and Symantec team up to protect the terminally ill
- Symantec Makes STEM Education Possible for The Einstein Project
- 07/20/17--22:37: Third Party Revocation Updates
This month the vendor has patched 54 vulnerabilities, 19 of which are rated Critical.
The use of fileless threats and dual-use tools by attackers is becoming more common.
Below steps to do intragetion between DLP Enforce server and Cloud DLP Detector
In June 2017, we officially announced the new Symantec Technology Integration Partner Program (#TIPP), bringing together the Blue Coat and Symantec worlds and creating the largest and broadest technology partner eco-system in cyber security.
In this blog, I wanted to share what this means for our customers as well as our technology partners and showcase a new tool we call the Integration Cyber Defense Map - Download the Map
Defending ourselves from cyber threats is hard. If you look at a typical enterprise, they will have acquired around 30-60 security vendors over the years, but unfortunately maybe only half of those would have been deployed. Why? Cyber-security requires discipline, a long-term viewpoint and for all these systems to work together to make operational sense. And that simply hasn’t happened. It’s a shame that many of these systems are just left on the shelf and not fully utilized.
One can argue whether deploying 10 vendors is better than 60, but in any case, it is critical that cyber security systems be able to share data and context about what they know, what has been blocked and why, what they have detected as suspicious and so on. The Symantec Integration Cyber Defense Platform together with TIPP sets up this framework
To help our customers understand how the Integrated Cyber Defense platform can help, we have created an interactive map of all internal and external partner technology integrations.
This showcases many hundreds of integrations across our entire product portfolio and how they map to our own 24 product areas as well as our 23 partner solution categories and our 100+ TIPP partners.
If you are a Symantec End Point or ProxySG customer, simply mouse-over that product to see all the current active partner solutions and then drill down to learn more. Alternatively, if you have deployed deception technologies, another EDR solution, simply mouse-over and find quickly which Symantec products work together. Access the Map Here.
We have a very strong pipeline of additional integrations for 2017 so this map will be updated frequently.
For our technology partners, we have also worked hard to make this the best program in the industry, with access to a rich set of APIs’, product support, demo licensing for engineering and certification, documentation as well as access to our community portal; Symantec Connect, with direct access to over 700,000 users.
Any customers and partners wanting to learn more about TIPP, click here. https://www.symantec.com/partners/programs/technology-integration-partners
“We are delighted to welcome (Symantec's) Darren Thomson to the TeenTech board. We’ve been very aware of how much support and how many opportunities Darren was personally providing for students - from mentoring to work experience. Darren brings great understanding of the real workforce needs of fast growing and fast changing tech companies, and we are looking forward to working with Darren as we head toward TeenTech's very special 10th anniversary year.” - Maggie Philbin, CEO and Co-founder of TeenTech
By Darren Thomson, EMEA CTO & Vice President, Technology Services
With mentoring support and industry encouragement, teenage girls in the UK are embracing STEM and shaping their futures.
One of my personal goals as a CTO at Symantec is to encourage more female youth to consider careers in Science Technology Engineering and Math (STEM) fields, including cyber security. As a volunteer mentor for the past two years, I have had the privilege of working with two high-school students, Lauren Shae and Lucy Rawlings through TeenTech, an award winning, industry-led initiative that engages young people aged 8-18 across the UK in STEM.
Above: TeenTech CEO and Co-founder Maggie Philbin, kicks off the 2017 TeenTech Awards.
TeenTech offers year-round mentors, live innovation events, and STEM workshops to introduce students to the wide range of STEM career possibilities. The organization also hosts the TeenTech Awards, an annual initiative that challenges young people to tackle key societal and environmental issues using the power of STEM. At the 2014 TeenTech Awards, my mentees Lauren and Lucy won the People’s Choice Award for their idea of an intelligent medical shuttle, which led to incredible opportunities for the girls. They went on to be crowned 2016’s ‘Teen Heroes of the Year’ by BBC Radio 1, met Prince Andrew, were invited to Buckingham Palace, and discussed racecar engineering dynamics with the Williams Formula One racing team. At just 17 years old, Laura has also been named one of the Top 50 Engineers Under 35 by The Women’s Engineering Society (WES).
Above: Students from Alexandra Park School accept the 2017 TeenTech Award for Safety & Security for their biometric bike lock that lets riders ‘stick’ their bike to any metal surface using electromagnets.
For my part, I’ve focused on connecting their awards win to future educational and career opportunities. With the support of TeenTech and Symantec, Lauren and Lucy have used the experience to choose universities, complete their A-levels, and think about their future careers. They have obtained real-world experience by generating thought-leadership content for Symantec, as well as helping with marketing at our customer-focused Spotlight event. Most importantly, they now serve as TeenTech Young Ambassadors in their community and at their all-female school, Alton Convent, demonstrating to others girls across the UK all that is possible when pursuing an interest in science and technology.
In England, students must choose their General Certificate of Secondary Education (GCSE) exam topics and at Alton Convent, the percentage of students choosing to take their GCSE in physics has increased from43% to 87.5% in the two years since Lauren and Lucy won the TeenTech Awards. While the school’s STEM curriculum has not changed, more girls are now studying physics at A-level than any other time in the school’s 200-year history.
While Lauren and Lucy have just finished their A-levels and are in the process of applying to university, their legacy is the real impact that continues to grow in the halls of Alton. As role models and ambassadors, they have helped change how their peers think about STEM, as well as how they think about their futures. For decades students were told that an interest in IT led simply to a career as programmer. Lauren, Lucy and TeenTech have helped open up the eyes of youth across the UK, showing the endless possibilities technology skills can provide, including a career as a racecar engineer. Lauren, Lucy and TeenTech have also shown girls across Europe that STEM is not a field “just for the boys”. For the second year running, girls led the charge at the 2017 TeenTech Awards, with females making up over 60% of the winners.
In my new role as a board member for TeenTech, I’m excited to further expand our mentoring and ambassador programs so more girls like Lauren and Lucy can embrace STEM and shape their futures. Empowering student mentors to share their inspiring STEM ideas and TeenTech experiences will encourage other female students to continue to buck gender stereotypes and embrace the diverse career opportunities offered in STEM fields. My work with TeenTech is directly tied to and supports Symantec’s goal to excite, engage, and educate one million students in STEM education by 2020.
As I move into my board role to help TeenTech with more organizational strategy, I am proud of the others on Symantec’s technical teams who have stepped in to mentor, find ambassadors and help with TeenTech logistics. As an example, as a sponsor of 2017’s TeenTech Awards, Symantec employees Clive Finlay and Heather Bentley sat on the panel of judges and heard finalists from the UK, Spain, Finland and Hungary, share their ideas including a hand-held cancer detector, floating cities, and wearable devices that detect UV rays. I am proud of what Symantec, TeenTech, and Lauren and Lucy have already accomplished in engaging youth to pursue STEM careers and look forward to scaling the TeenTech program to inspire more young people to use technology to solve our world’s greatest challenges and create the future.
Authors: Aditya K Sood and Rehan Jalil
In recent years, the community has encountered a number of data exposure incidents in the cloud that could have resulted in significant security breaches, and thereby incurring financial losses to the organizations. One of the repetitive patterns of unauthorized data exposure is the availability of sensitive data through AWS S3 buckets. These data exposure incidents could be a result of erroneous approach by the employee, infrastructure misconfiguration, malicious insider attack or targeted attack by a remote adversary. In all cases, the sensitive data is found to be exposed on the Internet through AWS S3 buckets.
A number of serious data exposure incidents are highlighted below:
The incidents listed above are some of the critical ones in the recent times. Untracked cloud data movement and misconfigurations are playing crucial role in exfiltrating enterprise data from the cloud.
AWS S3 Buckets: Threat Model
Let’s quickly take a look at Simple Storage Solution (S3), which is heavily used by cloud companies for data storage. Generally, the buckets are deployed using S3 which are logical units for data storage in AWS. There is no limit on the number of objects that can be stored in the associated S3 bucket. The buckets hold the storage objects as primary data and associated meta data. The data transactions occur by moving data in and out of the system.
The question that comes to play is, how is this storage secured? AWS provides mechanism to restrict access by defining privileges using AWS policy generator by defining bucket policy. However, with the use of Identity Access Management (IAM) user policy in conjunction with bucket policy, explicit access controls can be deployed to restrict access to authorized users only. This security mechanism needs to be implemented at an infrastructure and application level.
AWS S3 buckets can be either public or private. If the bucket is private, the remote user will encounter “Access Denied,” otherwise a number of objects will be revealed if the buckets are public. A definitive S3 URL pattern exists that can be used to detect the access right on the buckets. More importantly, the critical point is that, AWS controls follow shared responsibility model in which it is expected that the customers should configure and deploy available security controls as per the configured network. The data exposure via AWS S3 buckets can be considered as a deviation in the secure deployment of shared security controls.
That being said, the adversaries can deploy different techniques to detect publicly exposed AWS S3 buckets. Figures shown below highlights how the S3 buckets (storage instances) can be detected in an automated manner:
The records (as example shown above) are found to be publicly exposed on the web and an attacker could have accessed the data using AWS S3 bucket fingerprinting techniques such as URL fuzzing or search engine dorking as shown above. It can be also seen that a number of buckets are throwing “Access Denied” notifications which means these buckets are not publicly available.
Data exposures via AWS S3 buckets raise a very practical problem that organizations are facing, which is how to secure data in the cloud.Considering the security incident above, apart from strong security access controls, additional questions need to be answered:
Cloud App Visibility Parameters
One of the most important considerations is to have visibility into data that is being uploaded and downloaded to cloud apps. The challenge of attaining visibility into data transactions in cloud apps is becoming a persistent problem in enterprises. As a result of this, data transactions in cloud apps are executing under a non-transparent hood and the associated transactions are not visible to enterprises. To unveil security risks associated with shadow data residing in cloud apps, extensive visibility is desired considering the following parameters:
These are also called “Visibility Parameters.” Detection and monitoring of “Shadow Data” transmission from an enterprise to a public cloud is only possible with a Cloud Access Security Broker (CASB) like Symantec CloudSOC in place. For strengthening the security posture of cloud apps in enterprises, granular visibility into identity, timeline, purpose, technique and movement of data is needed.
A few quick tips to secure cloud apps are discussed below:
In the hyper-competitive world of Formula One™ racing, information is now every bit as critical to a team’s success as the condition of their vehicles or the skill of their drivers.
Consider this: Williams Martini builds as many as 300 sensors into its cars, which collect 1,000 channels of information every second the vehicles are on the track. That adds up to about 80 gigabytes per race that get fed into a constantly updated computer model.
So when the Williams team arrives at a new Formula One circuit, their engineers haul with them a two-rack data center that they erect for the duration of the race.
These "pop-up" data centers are perhaps the team's most important piece of equipment. They host the engineering systems and analytics that process real-time data streams from the cars' onboard sensors to deliver the final fraction of horsepower, tire life, and speed.
They also transmit vast amounts of information generated by Williams’ race cars’ sensors. Beamed back to the company’s Grove headquarters in Oxfordshire, UK, this telemetry data is fed into a computer model that is updated in real time and allows strategists to model the data and make mid-race decisions based on their analysis of this rich trove of information. For example, race tire engineers can deploy tablet computers to record wheel pressure and temperature readings at the track using a tablet and send that message back to Williams’ HQ for closer analysis.
"Speed and performance during a Grand Prix weekend is critical, no matter what you're doing, whether you're preparing the tyres - and it used to be done on a piece of paper, and it's now done on a tablet - whether you're sitting on the pit wall making strategy calls, making decisions about when to bring a driver in or what configuration to send the car out for qualifying," said Chief Information Officer Graeme Hackland.
All of those decisions need to be made in near real-time with the right data.
"And so that local processing power that we put on the laptops and devices that people use and the virtual service is absolutely critical to what they do so that they can get the answer back as quickly as possible," Hackland added.
But these systems must function securely and flawlessly in crunch situations. Like other businesses operating in the digital age, however, Williams officials also contend with myriad security risks.
Digital’s Double-Edged Sword
In a sport where a split-second difference determines a team’s finish in a race, closely-held information offers an inviting target for rival teams, track insiders, or any of 250,000 fans who crowd the stands during a major race.
Williams’ challenge is to maintain the availability of a full complement of data center services in real-time conditions where 100 percent uptime is an absolute necessity. As Williams has gone more digital and mobile, more endpoints mean more potential points of entry to defend. Unpatched vulnerabilities can expose applications and data to unauthorized access and theft. DDoS attacks can overwhelm key systems, rendering them unresponsive. Botnet infestations can siphon off compute cycles and degrade service quality.
As all industries are increasing their cyber security awareness, the pinnacle of motor sport is no different. With that in mind, Symantec last year carried out a penetration test following the British Grand Prix. Symantec demonstrated how an attacker could easily breach the wireless networks used by a pit crew to hack into an unprotected system and steal data.
This is the double-edged nature of digitization. For Hackland and his team, the challenge was to reduce security risks to that computing environment while making sure that the company’s data remained safe and was available on demand.
"You've got a racing car that's generating 1,000 channels of data as it drives around every second. All of that data needs to be sent back to the UK in real time, used by engineers on their laptops in between races so that they can prepare. So there's a very obvious intellectual property challenge in F1, which Symantec are helping us with - protecting our endpoints, protecting the data center that travels around the world," Hackland said.
"And what Symantec have allowed us to do is to make sure that we have in place all of the tools and technology that we can say to our customers: Your data is safe with us."
Nowadays when Williams engineers turn up at a racetrack and erect a data network within the pit lane, they are protected from malware infection or interception when they connect to the Wi-Fi network from their laptops with the help of technologies such as Symantec Endpoint Protection and Symantec Endpoint Encryption.
"Through our partnership with Symantec, we’ve been able to embrace a new portfolio of technologies that encompasses all of these," according to Hackland, whose Williams Martini teams have traveled with their pop-up data centers to competitions in 21 countries on six continents in the last year.
6 月には、Mac を狙ってビットコインをマイニングする特定のマルウェアが増加し、Petya が大流行しました。フィッシングメールも、3 カ月連続の増加となっています。
今月は、54 個のパッチがリリースされており、そのうち 19 件が「緊急」レベルです。
From students and faculty to alumni and staff, higher education institutes hold a wealth of personally identifiable information (PII) that hackers want to steal. Since 2005, higher education institutions have been the victim of more than 500 breaches involving nearly 13 million known records, according to University Business.
As hackers continue to target higher education institutions they need to be prepared to fend off the attacks and protect the PII of those inside their university.
This fall Symantec will put cybersecurity teams from higher education institutes to test with the October Higher Ed Cybersecurity Competition. Held Oct. 19-20, the competition will put university security teams from around the country in a live cyber-attack simulation that is inspired by real-life security issues.
The competition will help higher education cybersecurity leaders understand the vulnerabilities of today’s global threat landscape, help them gain critical security intelligence and put their skills to the test in a high-pressure environment. That way when a real breach happens the cybersecurity teams will have practiced some of these scenarios.
Participating teams will:
The winning institutions will be recognized on-site at an exclusive event at the 2017 EDUCAUSE Annual Conference in Philadelphia. The EDUCAUSE Annual Conference brings together information technology leaders from higher education institutions from around the world to discover best practices and solutions to challenges universities face. By honoring them at this event, Symantec wants to showcase the winners’ skills, dedication and knowledge before industry experts and education technology peers.
Each institution can have up to three teams of four participate by registering here with the event code: highed17. Participants must work as IT faculty. Symantec will provide detailed instructions for preparation after a team registers.
Welcome to our sixth installment of the IT Showcase! In this chapter, Mannie Heer discusses the value and importance of a service-led IT function. As always, we welcome your comments.
Symantec IT’s embrace of a services-led model has been very exciting and rewarding. It has also transformed how we empower and hold accountable our service owners, the tools we use, our nomenclature, our daily interactions within IT, how we measure ourselves and how we collaborate with our business partners.
Prior to moving to a services model, Symantec IT operations and IT service management (ITSM) functions were outsourced. There was little understanding of performance and costs down to a service level. In fact, with the absence of services, functions were grouped at aggregate levels aligned to applications systems and that caused duplication, inefficiency and inconsistency.
Benefits for moving to a services-led approach:
Key considerations when moving to a service model:
Where are we going next?
The services journey defined in the framework we’ve described here is never ending. We continue to refine, improve, mature and manage the lifecycle of services from inception through retirement. Likewise, our service management framework continues to evolve and add tools. Going forward, we are looking at tackling mechanisms to better measure customer satisfaction, user experience and deeper benchmarking.
The battle between malicious hackers and enterprise security practitioners has become an ever escalating arms race.
Organizations would invest in ant-virus, anti-spam, and host intrusion prevention services to bolster their security. And it would work - for a time. Attackers reacted by upping their game and started to make progress again. Then, advanced malware sandboxes came along to catch more sophisticated attacks.
Before long, however, bad actors found new ways to slip their malware past even the most sophisticated network defenses, confounding beleaguered defenders with advanced persistent attacks, spear phishing and other exploits.
And now cybercriminals have started to use encrypted channels, multi-vector and multi-phased attacks.
The arms race script will repeat and change in ways we can’t know today. But we’re looking to drive innovation in a different way – for the good guys.
Turning Point in the Malware Battle
The advent of web and email isolation technology provides enterprises with a powerful tool to seal off their networks from infection, approaching security in a dramatically different way.
The technology works by positioning itself between the users and the internet so that potentially malicious content gets executed in a secure, containerized environment, “isolating” the user from all code and content, good or bad. It works in the background, so there’s no impact on user experience. They can interact with the website or the email content as if the isolation process was not even occurring.
Early adopters in the healthcare, finance, government and telecommunications sectors are already deploying the technology to combat malware-laden threats arriving over the internet. But it is still early in what’s shaping up to be a major transition in the way security organizations fight malware. Indeed, Gartner, which included web isolation as one of the 10 most important technologies in the information security field, expects about 50% of enterprises will adopt isolation technology by 2021.
Since most attacks begin with malware delivered either through email, URL links or malicious websites carried over the internet, the very act of moving the browsing process directly from the end-user’s device and isolating it in a network container eliminates the threat of a potential infection.
“This is a fundamentally different approach where malware can't get to the users any longer,” said Mark Urban, Symantec’s VP of Product Strategy and Operations. “I think this can be a game-changing technology.”
It’s also why Symantec last week announced an agreement to acquire Israel-based Fireglass, whose leading edge technology creates virtualized websites that let users browse content without having to fear that viruses might infect their devices and corporate networks.
Fireglass's isolation technology deploys virtual containers which process web browsing sessions remotely. It delivers the end user a “visual stream” that is completely safe from malware. By placing traffic in a cloud or on-prem isolation container, no ransomware or other malicious content and malware can wind up infecting endpoints or systems.
“There’s no ability for code or content to reach users,” Urban noted. “It’s just a visual stream. Users can see it, click it, and interact with it just like normal. But nothing actually gets downloaded into their computer or executed into a browser except the visual image, which is harmless. All the HTML, Java, CSS – all the code – gets executed in a safe virtual container. In some ways, it’s the ultimate protection because bad stuff can’t reach the end user.”
The computing architecture in web and email isolation serves as a proxy that essentially isolates the users and devices inside the enterprise and carefully manages their connections to the outside world. It applies different technologies that analyze information and content to ensure that malware can’t get into the network.
“There is no silver bullet. But having a multi-layer approach to detection – with anti-virus scanning , advanced malware sandboxes, and behavioral analytics – is critically important,” Urban said. “ And isolation technology adds the latest high-impact capabilities to the mix, allowing employees to interact with higher-risk sites and emails which in a safe and secure manner.”
Isolation offers organizations a way to strike a balance between IT’s desire to keep their computing environment safe and employees, who need to access information over the public internet. Millions of hosts - domains, subdomains, or IP addresses - pop up every day and many have life spans of less than 24 hours. Many organizations choose to set their Secure Web Gateways to block users from going to types of uncategorized sites because of the risk they represent, even though many are legitimate destinations for business purposes.
“The age-old challenge for security organizations is to find the right balance between keeping users happy and keeping their computing environment safe,” according to Urban.
“In a perfect world, these organizations would block everything that’s even a little bit risky, and users would be OK.” he continued, “but in the real world, users do complain and security has to strike a balance between risk and access.” With web and email isolation, Urban added, users can get to the information they need and the business is protected from any threats lurking in the shadows. “The isolation path gives them a lot more flexibility,” he said.
What Does Fireglass Do?
The core technology can be delivered on-premises or as a cloud-service. It intercepts and executes web requests in a remote secured environment and will offer users safe access to uncategorized websites, without risk of malware infection, since each website interaction is isolated from the network. The same isolation benefits hold true for files delivered from the web - users access files through isolation instead of downloading them to their machines.
Businesses can then let their users interact with these sites and documents to accomplish their tasks, knowing that any malware introduced via these sessions will remain isolated from their network and not infect their environment.
The upshot: A more open environment, happier users and better threat prevention. Now that’s a winning combination.
2006 年に始まった Amazon Web Services（AWS）は、売上（年間ランレート）が 140 億ドルに達するほどの巨人に成長し、16 の地域の企業に IaaS（Infrastructure as a Service）を提供するようになっています。本日より、他の Symantec セキュリティソリューションと並んで、Symantec Cloud Workload Protection（CWP）も AWS マーケットプレイスからご利用いただけるようになりました。
CWP の特長をご紹介します。CWP は、シマンテックで初めて、AWS マーケットプレイスから直接ご購入いただけるようになった SaaS ソリューションです。CWP と AWS のインフラご利用料金は 1 カ月ごとにまとめて請求されます。
Symantec Cloud Workload Protectionは、パブリッククラウドのワークロードに関するセキュリティを自動化するので、ビジネスの俊敏性が向上し、リスク低減とコスト削減が実現するとともに、DevOps が容易になって管理負担も小さくなります。迅速な検出と可視化、AWS ワークロードの柔軟な保護によって、セキュリティポリシーの適用が自動化され、アプリケーションが未知のエクスプロイトから保護されます。
CWP で AWS インスタンスを強固に保護する仕組みが、アプリケーションの保護、侵入検知/防止、リアルタイムのファイル整合性監視（RT-FIM）機能です。クラウドネイティブで統合されているため、DevOps で直接、アプリケーション保護を配布ワークフローに組み込むことができます。また、Docker がサポートされており、AWS 上でコンテナを安全に配布することも可能です。さらには、Symantec Global Intelligence Network（GIN）の情報を利用して、世界規模の最新の攻撃や脆弱性からもワークロードが保護されます。
CWP には、パブリッククラウドの様子を見たいだけのお客様でも、全面移行をお考えのお客様でも利用できる安全な移行パスが用意されています。これも、Data Center Security製品ラインによって、オンプレミスとプライベートクラウドのワークロードを保護してきた 14 年以上の経験があればこそです。AWS によって、IT インフラやデータセンターの購入・管理負担から解放されることのメリットは大きく、さらに費用対効果の高い OpEx モデルへも移行することができます。シマンテックは、AWS との提携を心から歓迎しています。今後も、お客様へのサービスの提供を続けながら、オンプレミスでも、パブリッククラウドへの移行途中でも、お客様のビジネスを安全に保護していく所存です。
As they do each year, this week many of the best and the brightest minds from government, academia and the private sector will gather in the shadow of the Colorado Rockies to consider critical questions touching on national and homeland security at the Aspen Security Forum.
This year,the discussion will increasingly focus around the more urgent threat that cyber warfare now poses to global security. However, one of the panelists in the debate says that it’s time to entirely reframe a conversation that, unfortunately still remains mired in the past.
“When it comes to cyber security and cyber war, we keep getting bogged down with people thinking, `Oh this is so new and different’ that it becomes difficult to move on to more substantive conversations about what norms should govern national cyber security,” said Jeff Greene, the Senior Director, Global Government Affairs & Policy at Symantec. “It makes it hard to move the conversation forward.”
Instead, Greene, who worked on cyber security and Homeland Defense issues for the U.S. Senate before joining Symantec, says that it’s time to shift the conversation to how we can establish norms of behavior before things get out of hand. For instance, should attacks that cause physical damage to critical infrastructure such as a nation’s water, power, or transportation networks be considered acts of war? Is it an act of war if a nation conducts cyber reconnaissance on the same critical systems? Is it an attack to hide malware on such a system that a government could later use to cripple it? And what is a proportional response to these types of activities?
Norms do require monitoring, which is often cited as a reason why treaties governing cyber activity are not feasible. But according to Greene, the Cold War offers a partial answer. “Some ask how it is possible to enforce norms or treaties because code can be hidden in a way that a nuclear missile can not. But the in the 1950s and 1960s the Soviets could hide nuclear missiles, because we didn’t have the capacity to surveil the entire Soviet Union. We didn't always know where the Soviets could be hiding missiles, yet we still engaged in diplomacy. There’s a parallel there that we shouldn’t quickly dismiss.”
Greene pointed to the Oct. 2015 agreement worked out between President Obama and President Xi Jinping of China, when the two nations pledged to crack down on cyber espionage and the theft of intellectual property as a possible blueprint for future action.
“It has had a significant impact, at least for the time being,” Greene said, adding that nations have more to gain than to lose by trying to lay down norms of behavior around cyberwar. “Norms allow us – or the international community – to call out a country when it crosses a red line.”
What’s more, he added, the technical challenges involved with enforcement may in time be overcome.
“Just because verification is difficult now doesn’t mean this will always be true,” he said. Looking again to the Cold War, he noted that our ability to detect Soviet missiles improved dramatically by the time the Soviet Union fell. He also added that detection is not just about “finding snippets of code hidden in some random server somewhere. Building cyber weapons requires an infrastructure, development, testing, and a deployment effort that is far more detectable than a code hidden on flash drive. So we shouldn’t write off the possibility of coming to norms even if it’s not going to be easy.”
Breaking with the Past?
One big challenge is that when it comes to government secrecy old habits linger.
“The shroud of secrecy around offensive cyber capabilities makes the conversation very difficult to have because we largely don’t even acknowledge what we could do - and neither do other countries,” Greene said.
“I’m not saying we should put it all on the table, but everyone knows that the U.S. and other countries have offensive capabilities. So if we were to say, `Look, we have the capacity, if forced, to cause damage to infrastructure in other countries, as we know other countries do,’ that would really only be acknowledging the obvious. But what it would do is further the conversation because it’s extraordinarily difficult to have norms conversations or to talk about the scope of cyber war if you’re unwilling even to talk about what is possible.” He noted that during the Cold War, the U.S. and the Soviet Union made no secret of the existence of their nuclear arsenals, which allowed policymakers, academics, and politicians to debate – and develop – strategy and policy.
“At a very general level, we need to lift the secrecy,” Greene continued. “Until we and other nations acknowledge the general capabilities that we have offensively, we will continue to struggle to make progress on norms because we’re talking about building rules around something that’s completely undefined.”
This summer, children everywhere will take part in summer camps and other recreational programs. For many in Los Alamitos, CA, these opportunities would not be possible without the support of The YouthCenter, a nonprofit that delivers engaging youth programs and one that uses Symantec software to ensure all information is secure and protected from cyber threats.
Above: Youth Center counselors and campers celebrate a dodge ball win
As the saying goes, “It takes a village.” For The Youth Center, this “village” includes 3 full time employees, 45 part-time employees and more than 500 volunteers who work together as a team to transform children's lives one family at a time through collaborative social, educational and recreational programs.
This summer, The Youth Center is offering action-packed camps for many families that would otherwise struggle to find a fun, safe environment for their kids to enjoy the summer. The days are filled with puppy parties, karaoke, talent shows, contests and field trips, keeping kids on the go, with affordable camp tuition and scholarships available.
Engaging, entertaining, educating and exercising are just what The Youth Center does—year round. In fact, since the nonprofit opened it’s doors in 1952, The Youth Center has served more than 100,000 local Los Alamitos families—offering numerous programs beyond camp such as after school care, music lessons and leadership academies, as well as a powerful program called Every 15 Minutes, that highlights the dangers of drunk driving.
Above: With affordable tuition and a scholarship program, The Youth Center provides a fun, safe environment for kids across Los Alamitos.
For The Youth Center, the village extends beyond their employees and volunteers to a network of collaborators that include school districts, police and sheriff departments, medical centers, city officials, music studios and more, all offering their support and services in various ways. At the same time, the nonprofit has no IT professionals on their staff, and therefore relies on qualified volunteers, as well as Norton Small Business from Symantec, to protect their networks and safeguard sensitive information such rosters, contact information, and photos, against viruses, spyware, malware and other online threats.
After experiencing the results of a bad virus attack a few years ago, The Youth Center knew they needed help. As a small nonprofit it was hard to afford the time spent and financial resources that went into dealing with the virus. According to Julie Rubin, The Youth Center Office Manager, “Suffering through the process of virus recovery was difficult and time-consuming. I cannot tell you how much we appreciate having the Norton license. For us, as a smaller non-profit serving thousands in the community every year, every dime we can save goes ten-fold into programs for the kids. You not only protect our systems, but you directly help us save money that we can put towards our youth programs. Norton gives us peace of mind and saves us every day and we thank everyone at Norton for making such a wonderful product.”
Norton gives The Youth Center confidence that their systems are safe, enabling the small nonprofit to focus its time and financial resources on fulfilling its mission: to transform children's lives one family at a time.
Product donation is Symantec’s largest mechanism to support the nonprofit community and help nonprofits fulfill their missions. In partnership with TechSoup, each year we provide cybersecurity solutions to more than 25,000 organizations across 55 countries worldwide, allowing them to secure their most important data wherever it lives. Since launching the software donation program in 2002, Symantec has helped more than 93,000 nonprofits solve today’s biggest security challenges and protect against the ever-evolving threat landscape.
Learn more about some of the many nonprofits utilizing Symantec products through Symantec’s partnership with TechSoup:
We’ve been made aware of two issues in our processing of 3rd party revocation requests. Thanks to findings by security researcher Hanno Böck, we are updating our processes to prevent this from reoccurring.
First, a gap was identified in the public and private key matching process where keys are verified during the revocation request procedure. We performed a modulus comparison, a necessary part of this verification process, but it was incomplete as other parameters in the keys were not checked. Once we became aware of this, we immediately corrected the procedure. We are not aware of any instances where there was customer impact as a result of this process gap other than the test scenario run by the reporting researcher.
Secondly, we are reviewing how we communicate with customers during the 3rd party revocation request process to be more consistent and transparent with certificate owners.
We take these findings seriously and always appreciate opportunities to improve our CA operations.