Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels

Channel Catalog

    0 0

    Publish to Facebook: 
    Twitter カードのスタイル: 

    Symantec recently announced the completion of its acquisitions of both Skycure and Fireglass—two exciting new technologies that strengthen Symantec’s Integrated Cyber Defense Platform. Not only do these technologies extend protection for our customers, but we believe they will help you grow your business.


    Do not hesitate to initiate the sales motion. We can transact on both solutions today. Focus will be key: Skycure has great value for our existing SEP accounts—with Skycure as part of our portfolio, we now add security for mobile devices including iOS. This is a key competitive differentiator. Fireglass has great value for our ProxySG and Advance Secure Gateway installed base.

    We will be adding Skycure and Fireglass solutions to the Secure One partner program. Existing Skycure and Fireglass partners that are not already a Symantec partners are being assessed and mapped into Secure One. We’ll also be posting Secure One specific information on PartnerNet on both solutions, as soon as we have materials ready.

    SKYCURE—extending Mobile Threat Defense to Endpoint Security Offerings

    Skycure is a leading solution in the fast growing Mobile Threat Defense security category. The acquisition adds valuable new capabilities to our Endpoint Security offerings that can increase your customer’s protection, detection and response to advanced threats targeting mobile devices.

    Does your customer allow Bring Your Own Device (BYOD) or provide corporate managed mobile devices to its employees? If so, they should be aware that malware targeting mobile devices are growing at an alarming rate. According to Symantec’s ISTR 22 report, mobile malware detections doubled in 2016 to a total of 18.4 million and there were 606 new mobile vulnerabilities found in 2016 on both iOS and Android mobile operating systems.

    Skycure protects mobile devices from malware, OS/device vulnerabilities, application threats and network based attacks (e.g. man-in-the-middle attacks carried out via suspicious Wi-Fi networks). Existing management tools like Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) are not able to defend users against these types of threats.

    You can learn about the Skycure solution by attending any of the following free webinars:

    August 3rd, 1:00 pm Singapore / August 2nd 10:00 pm PST

    August 3rd, 9:00 am PST / 12:00 pm EST / 4:00 pm UTC

    August 9th, 10:00 am PST / 1:00 pm EST / 5:00 pm UTC

    FIREGLASS—extending Web and Email Isolation to Secure Web Gateway Offerings

    Fireglass is a leading solution in the fast-growing Web and Email Isolation security category. The product creates a secure execution environment between users and the web, sending only a safe visual stream to users’ devices and keeping web-borne threats from ever reaching the customer’s environment. Symantec Web Isolation gives the end-customers safe access to uncategorized websites and websites with inconclusive risk ratings, which their policies may be blocking today.  Many of our customers know that these types of policies result in over-blocking of web activity and create employee frustration, but they follow this approach to maintain a high security level.  The addition of Web Isolation to their Secure Web Gateway changes everything.  They now have a way to enable access to these sites without increasing the security risk to the business.

    This is powerful and impactful technology, which is why Gartner’s recent Strategic Planning Assumption for the category predicted that by 2021, 50% of enterprises would adopt browser isolation and, as a result, would experience a 70% reduction in attacks compromising end user systems.

    Current ProxySG and Advance Secure Gateway customers can benefit greatly from adding in Web and Email Isolation technology to their security toolbox.

    These are exciting times at Symantec and exciting times for any Symantec partner. As always, we appreciate your focus and dedication to our mutual business.

    0 0

    Publish to Facebook: 

    シマンテックは先日、Skycure と Fireglass の買収完了を発表しました。どちらも、シマンテックの Integrated Cyber Defense Platform を強化してくれる、注目の新技術です。お客様の保護が拡張されるだけでなく、ビジネスの成長にもお役に立つものと確信しております。


    セールスモーションは、いつでも自由に始めてください。Skycure も Fireglass も、今すぐお使いいただけます。大切なのはフォーカスです。Skycure は、シマンテックの既存の SEP アカウントに対して大きな効果を発揮します。Skycure がポートフォリオに追加されることで、iOS を含むモバイルデバイスのセキュリティが加わります。これは、競争上有利な差別化要因です。一方の Fireglass は、ProxySG と Advanced Secure Gateway のインストールベースに対して絶大な威力を発揮します。

    Skycure と Fireglass のソリューションは、Secure One パートナープログラムに追加されます。Skycure と Fireglass の既存のパートナー様が、まだシマンテックのパートナーになっていらっしゃらない場合は、評価と、Secure One への対応付けが進められているところです。Secure One 固有の情報は、準備できしだい、両ソリューションに関する PartnerNet でも公開します。

    Skycure - モバイルの脅威対策をエンドポイントセキュリティ製品に拡充

    Skycure は、モバイルの脅威対策という、成長の著しいセキュリティカテゴリをリードするソリューションです。今回の買収で、シマンテックのエンドポイントセキュリティ製品に貴重な新機能が追加され、モバイルデバイスを狙う高度な脅威に対して、お客様の保護と、検出ならびに対応が拡充されます。

    BYOD(個人所有デバイスの持ち込み)を許可していたり、会社管理のモバイルデバイスを従業員に貸与したりしている場合には、モバイルデバイスを標的とするマルウェアが驚異的な速度で増えていることに注意が必要です。シマンテックの『2017 年インターネットセキュリティ脅威レポート』によると、2016 年にはモバイルマルウェアの検出数が倍増して 1,840 万に達し、iOS と Android の両方で新しいモバイル脆弱性も 606 件発見されたといいます。

    Skycure は、マルウェアや OS/デバイスごとの脆弱性、アプリケーションの脅威、ネットワークベース攻撃(不審な Wi-Fi ネットワークを介して実行される中間者攻撃など)からモバイルデバイスを保護します。モバイルデバイス管理(MDM)やエンタープライズモビリティ管理(EMM)といった従来の管理ツールでは、この種の脅威からユーザーを保護することはできません。

    Skycure ソリューションについて詳しくは、以下のオンラインセミナーをご覧ください。

    8 月 3 日、午後 1:00 (シンガポール)/8 月 2 日、午後 10:00(PST)

    8 月 3 日、午後 9:00 (PST)/同午後 12:00(EST)/同午後 4:00(UTC)

    8 月 9 日、午後 10:00 (PST)/同午後 1:00(EST)/同午後 5:00(UTC)

    Fireglass - Web とメールのアイソレーションを Secure Web Gateway 製品に拡充

    Fireglass は、Web とメールのアイソレーションという、成長の著しいセキュリティカテゴリをリードするソリューションです。ユーザーと Web との間にセキュアな実行環境を構築し、ユーザーのデバイスには安全なビジュアルストリームだけを送信するので、Web 由来の脅威がお客様の環境に到達することはありません。Symantec Web Isolation を使えば、エンドユーザーは未分類の Web サイトや、リスク評価の定まっていない Web サイトにもアクセスできるようになります。現在、そうしたサイトへのアクセスはポリシーによって遮断されているかもしれませんが、Web 利用が過剰に制限され、従業員の不満の原因にもなっていることは、よく知られています。それでもエンドユーザーがポリシーに従っているのは、ひとえに高いセキュリティレベルを維持するためです。Web Isolation を Secure Web Gateway に追加すれば、何もかも一変し、未分類のサイトへもアクセスできるようになります。会社に対するセキュリティリスクが高くなる心配はありません。

    これが強力で、しかも影響力の大きい技術であることは、このカテゴリに関する Gartner の「戦略的プランニングの仮説事項(Strategic Planning Assumption)」にも表れています。2021 年までには、企業の 50% がブラウザ分離を採用するようになり、エンドユーザーのシステムに侵入する攻撃は 70% 減るだろうと予測されているのです。

    現在 ProxySG と Advanced Secure Gateway をお使いのお客様は、Web とメールのアイソレーション技術をセキュリティツールボックスに追加することで、大きいメリットを得られます。



    0 0

    Email malware rate continues to increase and WannaCry, Petya inspire other threats to add self-spreading components.


    0 0

    メールマルウェアの比率は上昇を続け、WannaCry と Petya に触発された他の脅威が自己拡散しています。


    0 0
  • 08/06/17--18:51: 2017年7月最新情报
  • 内含恶意软件的电邮比例继续上升,WannaCry和Petya激发其他恶意软件添加自我传播组件。


    0 0

    Publish to Facebook: 
    Twitter カードのスタイル: 

    Enterprise Security is a Top Concern

    According to the New York Times, cloud storage is “pretty good at keeping things safe online”, a perspective which many consumers and enterprises believe. However cloud storage is finding itself victim to attacks. For example, according to Phishlab’s 2017 Phishing Trends & Intelligence Report, most recent cyber attacks have been towards cloud storage providers such as Google and Dropbox.

    Businesses nowadays have a multitude of data, tools, and utilities residing on storage devices. Backed up and archived data may contain malware. Enterprise users frequently download or share data, which could be infected, or access websites infected by malware. Workers can and do store personal as well as corporate documents within enterprise cloud storage and NAS repositories, leading to unchecked potential for threats to propagate with the transport of files.

    Global Data Storage is Exploding

    With the shift of IT infrastructure to off-premises, such as the cloud, and the growth of Big Data and its storage needs, the global data storage market is exploding. Widespread implementation of cloud-based CRM and ERP solutions are also driving the need for cloud storage. Total data center storage capacity will grow nearly 5-fold from 2015 to 2020, growing  at 40% CAGR.

    As enterprises move rapidly towards off-premises adoption, cloud data storage and also network attached storage (NAS), remains an indispensable IT need. This brings into question how safe is your cloud services and network attached storage?

    Introducing Symantec Protection Engine, 7.9

    What’s needed is a way to protect cloud storage and NAS, which provides security before, after, and during transfer of files to storage.

    Symantec Protection Engine (SPE) is comprised of two products:

    SPE for Cloud Services is a flexible and feature-rich client/server application that allows customers to incorporate malware and threat detection technologies into almost any storage service or application. Protection Engine for Cloud Services gives enterprises access to innovative security that ensures their cloud-based storage services remain free from malware, including scanning for malicious URLs.

    SPE for Network Attached Storage provides scalable, high-performance threat detection services to protect valuable data stored on network attached storage (NAS) devices. It delivers improved scanning performance and detection capabilities to protect against multi-blended threats.

    Protection Engine for Cloud Services and NAS Provides 3 Ways to Rethink the Security of your Cloud Services and Related Storage:

    1. Reduce Your Organizational Risk Profile

    For the success of your organization, preventing cloud-based applications and storage services from hosting and distributing malware becomes critical. This includes ensuring that employees are sharing information free of infections and malware. Protection Engine can track files globally and apply reputation intelligence for cloud services, hence fueling the intelligence required to reduce your organization’s risk profile, using definition based scanning.

    2. Enable Industry Leading Protection

    Protection Engine provides fast, scalable, and reliable anti-malware scanning with Symantec’s File Reputation Service. This service utilizes threat and reputation information from the Symantec Global Intelligence Network, which correlates data from more than 41.5 million attack sensors in 157 countries and over 13 billion web requests a day. Advanced machine learning provides best-in-class protection with low false positives.

    3. Utilize Broad Storage and Platform Support

    Protect a broad array of third-party applications and storage services with APIs for embeddable threat detection and anti-malware. Incorporate industry-leading malware and threat detection technologies into almost any business critical application, service, or device with the full client Software Development Kit (SDK) and native ICAP protocol support. Platform support spanning Microsoft Windows®, Red Hat® Enterprise Linux®, SUSE® Linux, and CentOS® ensures that customers can take advantage of market-leading malware detection wherever they need it.

    Strong security protects today’s businesses. To learn more about Symantec Protection Engine, visit here.  

    0 0
  • 08/07/17--16:35: Alert: Engine Release Issue
  • for Symantec Endpoint Protection 14, Symantec Endpoint Protection Small Business Edition and Norton
    Publish to Facebook: 
    Twitter カードのスタイル: 

    We are aware that some customers with Symantec Endpoint Protection 14, Symantec Endpoint Protection Small Business Edition and Norton products with Windows systems may be experiencing a hang at the Welcome or Logon screen, or display a black screen. This appears to be related to a new engine release that shipped on 2 August at 4:00pm Eastern US time.

    Please note that Symantec Endpoint Protection 12 customers do not appear to be affected. This AV engine/definition release was removed from our Symantec servers on 3 August 2017 at 7:30am Eastern US time.

    Check to See If You Are Affected

    Be sure that you have AV engine/definition updates numbered 20170803.006 or later.

    Any SEP customer who has downloaded and/or rolled out AV engine/definition updates numbered between 20170802.008 and 20170803.005 should take action immediately to ensure they update to the latest signatures, numbered 20170803.006 or later. This update removes the crash issue and does alter the functionality of SEP 12 otherwise. To help ensure customers remain protected, we will continue to ship definition updates on our regular schedules.

    Our teams are currently working on automated remediation for impacted machines as well as investigating root cause analysis of the issue.

    If You Are Affected

    For recovering an affected computer, you should reboot into safe mode and follow the solutions steps in the knowledge base articles for the products below.

    For more detailed information, please see the following Knowledge Base article: We will continue to provide updates to the Knowledge Base article as they become available.

    0 0

    Symantec Data Loss Prevention Cloud Service for Email のご活用事例です。
    Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 

    ECI Telecom は、クラウドサービスプロバイダーや公益事業者、戦略産業、データセンター事業者などを対象に、Elastic Network™ ソリューションを提供しているグローバルプロバイダーです。当社のソリューションポートフォリオは、キャリアクラスのパケットオプティカル伝送システム、SDN/NFV アプリケーション、エンドツーエンドのネットワーク管理、総合的なサイバーセキュリティソリューション、そして専門家向けプロフェッショナルサービスなどを網羅しています。

    2011 年、Microsoft® Office 365® が最初にリリースされた直後に、我々 ECI Telecom は、中核的なサービスの一部を最終的にクラウドに移行する計画に着手しました。Exchange® Online のメールシステムも、移行先のひとつです。理由は 2 つありました。クラウド対応テクノロジーの開発者として、クラウド経済の発展に取り組んでいたこと、そして当社のように人材が世界中に分散している場合には、クラウドのほうがシンプルで、効率よくサービスを提供できるということです。世界中すべてが最終的にはクラウドに移行することになると、心の底から確信しています。あとは時間の問題だけです。

    とは言っても、当社でも移行には最大の障害がひとつありました。Symantec™ Data Loss Prevention(DLP)をオンプレミスで配備して築き上げてきたデータの可視性とセキュリティを、手放したくなったのです。2010 年から 2016 年まで、Exchange がリリースされるたびに、当社は DLP 技術を使ってきました。これがあったからこそ、当社はトラフィックを徹底的に監視し、データポリシー上の問題をリアルタイムで検出して修復できたのです。データ漏えいの原因になることもありませんでした。

    しかし、2011 年にはまだ、オンプレミスで稼働する Data Loss Prevention ほど可視性とセキュリティが万全な代替サービスが、クラウドベースでは存在していませんでした。クラウド版の Exchange も試用しましたが、トラフィックが見えなくなる、動きが把握できない、データが保護されないなどのギャップがありました。

    それが一変したのは、シマンテックが業界をリードする*オンプレミスソフトウェアに基づくクラウドベースの新しい検出サービスとあわせて、Data Loss Prevention Cloud Service for Email のテストを始めたときのことでした。新しいサービスでは、従業員が Exchange Online や Gmail からメールで送信した重要なデータが、高精度のコンテンツ検出技術によって捕捉され、誤認識は最小限です。セキュリティポリシー違反があれば、メール通知を通じて従業員には自動的にアラートが届きます。問題のあるメッセージは遮断され、暗号化サービスにリダイレクトされて、安全に配信されます。

    Data Loss Prevention Cloud Service for Email は、Symantec Email Safeguard と最初から統合されています。Symantec Email Safeguard は実効性の高いメールセキュリティサービスで、マルウェア対策、スパム対策、データ保護、ポリシーベース暗号化機能の機能があります。手軽さとシンプルさは、完全ホスト型のサービスと何ら変わりません。ECI は早期からベータテストに参加し、完全製品版のユーザーとしては第 1 号となりました。

    このサービスを実装したとたん、目の前が大きく開けるような思いでした。中から外まで、何が起きているのか把握でき、データ保護と漏えい防止が可能になりました。私が実行したなかで、実装が最も単純だったサービスでもあります。なにしろ、シマンテック側と Microsoft 側で 1 つずつコネクタを定義するだけで、既存のポリシーはすべて再利用できたのですから。

    今や当社では、Symantec Data Loss Prevention Cloud Service for Email によって 2,000 を超える Exchange Online ユーザーが保護されています。リスクを理解し、効果的に管理するために必要な可視性も実現します。クラウド版のメールサービスを検討中であれば、ぜひとも、これと同じような DLP サービスもあわせて検討すべきです。

    ECI Telecom が Symantec Advanced Threat Protection を配備した経緯について詳しくは、こちらをご覧ください。


    * Forrester Wave™: Data Loss Prevention Suites, Q4 2016(2016 年第 4 四半期、データ漏えい防止スイートに関する Forrester Wave™)


    0 0

    This month the vendor has patched 48 vulnerabilities, 26 of which are rated Critical.


    0 0

    Girls Who Code Summer Immersion Program at Symantec works to increase diversity in tech
    Publish to Facebook: 

    At Symantec, we believe that together, we have the power to change the world and make it a better, safer place. Symantec is proud of our work with strategic community partners and the impact we’re having in our four philanthropic focus areas: education, diversity, online safety, and environmental responsibility.

    Today, we hear from our partner, Girls Who Code (GWC) on the work they do to close the gender gap in technology. GWC inspires, educates, and equips girls with the skills needed for tomorrow’s computing jobs. Through free after-school and summer programs, and with supportive peers and role models, GWC teaches girls to use computer science to become change agents in their communities.

    By Kelly Parisi, VP of Marketing & Communications at Girls Who Code and Francesca Garofani, Symantec Senior Human Resource Specialist 

    Featuring a Q&A with Eileen Brewer, Director, Enterprise Security at Symantec

    By 2020, there will be 1.4 million jobs available in computing related fields, and while U.S. college graduates are on track to fill 29% of those jobs, women are on track to fill just 3%.[1] Demand for computing skills are growing at three times the national average, but girls across the U.S. are being left behind. Today, women hold less than a quarter of all computing jobs, and that number is declining.[2]

    To close the gender gap in technology Girls Who Code is building the largest pipeline of future female engineers in the United States. Through their Clubs Program, 6-12th grade girls explore coding in a fun and friendly environment, hosted at schools, libraries, universities, community centers, faith-based organization, and non-profits. They also run a free seven-week summer immersion program for 10th-11th grade girls designed to teach girls computer science through real-world projects in art, storytelling, robotics, video games, website and apps. By partnering with top technology companies like Symantec, girls learn critical computing skills, while connecting with other young women and professionals in tech. This life-changing experience is made possible by partners like Symantec, who hosted their first ever program this summer. 

     Symantec’s Eileen Brewer, far right, hosts a hardware workshop for GWC students during their week learning about robotics and hardware.

    ABOUT The Symantec and Girls Who Code program:

    This July, Symantec’s Human Resources, Corporate Responsibility, and Government Affairs teams partnered with Girls Who Code on two coasts. In Herndon, Virginia, nineteen teenage girls from the GWC program spent an afternoon learning more about cyber security. In Mountain View, California, Symantec brought twenty 15-17 year old girls with little to no previous computer science education to their headquarters for seven weeks. The seven-week summer immersion program curriculum, created and run by GWC staff, introduced students to the basics of computer science in two languages (Scratch and Python), taught students to set up a personal portfolio web-page, and helped the girls create games and projects to support what they were learning. Girls also learned how to apply computer science through robotics and the Internet, learning basic electronics, how to wire and program a robot, and how the Internet actually works, with topics including databases, cookies, and security. The final week of advanced topics included using data frames to visualize real data, learning to program a simple search and sorting algorithm, and combining all that they learned to build the back-end of a social network. The program cultivated in the girls sharing their final project, a product they built themselves, with their class and Symantec employees during their graduation ceremony.Anne Wang, one of our students, left the program with not only the ability to code, but with a better understanding and appreciation of cyber security. Anne told the Symantec program managers, “Honestly, I really love it here. I’m grateful that I got a spot at Symantec. Before Girls Who Code, I didn’t really understand what security was, but I feel that listening to speakers and exploring the space here helped me understand that it is much more than protecting everyone from cyber warfare. There are a lot more aspects like encryption and algorithms, which I find so awesome.”

    Symantec provided guest speakers, engaging workshops, and fieldtrips to supplement the program curriculum and help connect GWC students with female engineers. One guest speaker, Eileen Brewer, a Director in Enterprise Security at Symantec, and a passionate advocate for women in technology, provided the students with a Hack-a-Server workshop to increase the girls’ confidence and interest in hardware technology. Through the hands-on workshop, students learned about component design, manufacturing and server labs, and discussed the various types of careers that could be held beyond software development. This workshop was key for girls in the immersion program interested in the tactical aspects of computer science.

    Julia Starr, Simran Kadadi, and Emma Kroger-Franklyn dissect a server at the Hack-a-Server workshop. As a result of the GWC at Symantec experience, Emma has regained confidence in her technology skills and is intrigued by cyber security, telling staff, “I feel like the Girls Who Code experience is very unique in the sense that you wouldn’t be able to obtain the same sense of community, or family, at a normal coding school. I’m glad I chose GWC at Symantec, because now I’m definitely intrigued by the field of security, and feel motivated by the speakers and faculty who work here. I was starting to lose faith in myself as a woman who wanted to enter the field of computer science, but I can definitely say that has changed.”

    After the Hack-a-Server workshop, Kelly spoke with Eileen Brewer to learn more about her journey to a career in technology, her thoughts on the impacts of women in technology, and how both Girls Who Code and Symantec’s CR Programs are helping close the gender gap in technology.

    A Q&A with Eileen Brewer, a Director in Enterprise Security at Symantec and a GWC at Symantec Speaker

    KP:  Eileen, you are one of the few women in your field. How did you decide tech was what you wanted to pursue in your career?

    EB: My older sister works in tech and kept telling me it was a great career path and that I would really like it. She helped me get my first job and she was right, I really love working in tech. Working in tech is getting to see new things before anyone else, it’s working with intelligent people and living in a valley where innovation is understood and supported.

    KP:  Wow, it sounds like both you and your sister are trailblazers in the technology space.  What advice do you have for young women getting in this field today? 

    EB: Technology is not just about software or making mobile apps. Working in technology means building better products, because everything we use or touch is being designed and manufactured through technology. Technology is used to design new fabrics, new cosmetics, new household appliances, new cars, new desks, and new security products. Being a part of designing new products is exciting; it opens our eyes to everything around us and encourages us to think about how things can be made better. Try taking an introductory class in computer science, design thinking, or basic programming. All of these courses will reduce the fear of the unknown and spark your interest in making something new for the world. We’re waiting for your next invention! 

    KP:  We know that women represent only 22% of the tech workforce, outside of job opportunities, why do you think it's important for women to be into this field today?

    EB: Women need to be involved in all types of product development because women are users of all types of products. Research has proven that by including women in the development process both the products and profits will improve.

    KP: What are the biggest barriers for women entering technology careers?  

    EB: Gaining more male allies. Men still hold the majority of decision-making positions so more work needs to be done across the industry to bring them into the conversation about the value of reducing the gender gap. The first to become allies are often fathers or husbands who see and hear what is happening to their daughters in a classroom or their wife at a new job. They start becoming allies by bringing awareness into their own work environments. We need their help in shifting the mindset of their peers. 

    KP: We are always so proud when companies like Symantec partner with GWC to help build the pipeline of women and tech.  How does this program fit into your larger goals and strategy of bringing more women to the field and table? 

    EB: When Symantec supports programs like the GWC immersion program, we are making a statement that the status quo will not do and that we need to help increase the amount of women applying for technology jobs. Symantec understands that by increasing the number of women in our product teams we will increase the quality and the profit of our products, and to do that we need more women applying to our jobs. To have more women applying for positions at Symantec we need to reach girls early, as many decide at a young age that technology is not for them due to peer pressure or a lack of information. Supporting camps like GWC increases the amount of girls who will take computer science courses in college. When these college girls are home for the summer and looking for internships they are going to remember their summer camp at Symantec and look to us for internships. When they graduate they will look to us again to start their careers.

    While the girls in Mountain View were dissecting servers, the girls in Virginia spent their afternoon playing a cyber version of Capture the Flag and spending one-on-one time learning from and connecting with female Symantec engineers. Following the activity the girls were able to ask a panel of four female Symantec employees about their work in different aspects of cyber security. This showed the girls the numerous and varying career options available, even within the cybersecurity field itself.  The day concluded with a tour of Symantec's Security Operation Center (SOC) and a briefing on the “life of an analyst”.

    Girls from GWC visit Symantec’s Herndon, VA office to learn more about a career in cyber security.

    Girls Who Code has grown from teaching 20 students in New York to code, to reaching 40,000 girls across the United States. With 93% of Summer Immersion Program participants reporting that because of the program, they now want to major in or are interested in computer science, GWC is not just aiming to close the gender gap in technology, we are actually doing it.

    For more details on our work at Girls Who Code, please visit our website. We also encourage you to learn more about Symantec’s deep commitment to and work increasing qualified and diverse STEM talent.

    0 0

    Part of Our Q2 Shady TLD Report
    Publish to Facebook: 

    [This is #21 in our on-going series on Shady TLDs. Links to the previous posts are found at the bottom of the page.]

    A Bit of History...

    Way back in the old days of the Web, when "all of the good domain names were taken" on .com, there was an initial expansion of new TLDs (including .info and .biz, which unfortunately ended up largely misused as junkyards for shady domains). One of the new TLDs in this group (back in 2004) was .Pro.

    .Pro was conceived of as what would now be called a "Premium TLD" -- that is, a .pro domain would cost more than a domain on a normal TLD like .com, because it would carry a certain cachet that a normal .com (or .info, or .biz) domain would not. (I remember looking into .pro domains a decade or so ago, and pricing was several hundred US$ a year, or roughly ten times the going rate of a .com domain.)

    .Pro domains were supposed to be reserved for "licensed professionals" (think doctors, lawyers, etc.). In fact, registrants were supposed to provide documentation about their licenses as part of the registration process. A few years later (2008), the list of eligible licensed professions was expanded (including Educators, Physical Therapists, CFAs, and many more).

    In this early era of .Pro domains, I don't remember encountering very many shady sites; it certainly wasn't on our radar in the same way that .info and .biz were...

    More recently (2015) however, .Pro dropped the "licensed professional" requirement, and I've seen .pro domains offered for less than $10 each. Consequently, as you might predict, this shift in .pro registrations is reflected in a higher rate of shady usage...

    2017 Q2 Top Ten List

    Because of .pro's interesting history, I had intended to profile it at some point. Especially when I saw it showing up fairly high in our "Shady TLD" list (it's currently at #40 as of the end of Q2, with 93.95% of its domains rated as shady in our main database.) That may sound like a lot (and it is), but it's not even close to cracking the Top Ten:

    Rank TLD Percentage of Shady Domains (All Time) *
    1 .country 99.95%
    2 .stream 99.70%
    3 .gdn 99.59%
    4 .download 99.49%
    5 .racing 99.29%
    6 .xin 99.22%
    7 .men 98.90%
    8 .kim 98.79%
    9 .science 98.72%
    10 .bid 98.71%

    * As of the end of June, 2017. Shady Percentage is a simple calculation: the ratio of "domains and subdomains ending in this TLD which are rated in our database with a 'shady' category, divided by the total number of database entries ending in this TLD". Shady categories include Suspicious, Spam, Scam, Phishing, Botnet, Malware, and Potentially Unwanted Software (PUS). Categories such as Porn, Piracy, and Placeholders (for example) are not counted as "shady" for this research; if they were, the percentages would be higher.

    Movement-wise, there were only minor changes from the Q1 list (.loan, .mom, and .online dropping out -- but just barely -- and .men, .science, and .bid moving in).

    Also of note, if you follow the TLD space, is that the total count of valid TLDs (according to ICANN's list) is at 1,547 as of today (Aug. 9th).


    As always, we caution against reading too much into the relative positions of TLDs on this list. Rankings are very fluid from quarter to quarter.

    Also, we are not advocating setting up policy to block all domains on all of these TLDs. Any such recommendation would come only after more research into a TLD. In particular, .xin is rather popular in China, as is .kim in South Korea, and it would not be wise to automatically block such domains if you do any business there. Also, several TLDs have percentages based on lower numbers of domains than some of the other TLDs in the list.

    In general, it's better to leave shady domain blocking up to the professionals...

    A Closer Look at the ".Pro-file"

    Pulling a recent week of worldwide WebPulse traffic to .pro sites showed the following category breakdown for the top 100 sites:

    Category Count / Percentage
    Suspicious 24
    Scam 2
    Malware 2
    Porn 12
    Piracy 5
    Placeholder 3
    WebAd 16
    Other legit/normal Category 36

    In other words, in recent traffic, only 28% of the Top 100 sites were "shady" by the strict methodology of counting only the security-related categories (in Red). If we add in the "arguably shady" categories (the ones in Yellow), then the shady percentage climbs to 48%.

    That means that over half of the Top 100 sites are arguably normal/legitimate sites (although, interestingly, exactly *none* of them appeared to belong to "licensed professionals").

    Conclusion: As with some of the other Shady TLDs we've profiled, we don't recommend a blanket block of all .pro traffic. It's a fairly popular TLD, especially in certain countries (like Russia), so you should leave decisions about which domains to block up to the ".pro-fessionals".



    P.S. For easy reference, here are the links to the earlier posts in our "Shady TLD" series:















    .accountant (and .realtor)






    0 0

    Cross Post Blogs: 
    Products and Solutions
    Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 
    Twitter カードのスタイル: 

    Welcome to the start of a regular dialogue I plan on having with you over the coming weeks and months.

    As the director of Symantec Labs, I’ve been privileged to work with as talented a team of engineers and computer scientists as I believe exists in this industry. They come to work each day dedicated and eager to invent the breakthrough technologies that will combat tomorrow’s big threats -- the Big Ideas that really make a difference to our customers, and that a company with the scale and portfolio of Symantec can deploy globally.

    For years, Symantec has said little about the innovations coming out of our labs, in fact it just might be one of the security industry’s best-kept secrets.  This lab is almost entirely unknown despite having been awarded hundreds of patents describing billions of dollars of technology protecting countless companies against trillions of dollars of damage.  I am going to change that and this is going to be my bully pulpit.

    Before filling you in on some of our recent news, I’d like to spend a few moments to describe the broader context of the work that we’re doing at the Labs.

    As Symantec CEO, Greg Clark notes, we have to set our ambitions high - nothing less, in fact, than a willingness to push the limits of what’s believed to be possible. So when it comes to cybersecurity, our approach has been to think large and to think long-term. As a result, we’ve developed a qualitative edge over the bad guys by tackling projects with long time horizons - sometimes a year or even a decade - in the future. 

    Symantec’s genuine commitment to research has paid dividends for our customers.  Some of the technologies produced by the lab not only came to market years ahead of our competitors, but are also responsible for more than half of the detections by Symantec products protecting customers on a daily basis.

    I think we’ve done a great job, but there’s little time to celebrate victories. Technology is constantly evolving and security practitioners have their hands full as their companies embrace cloud computing, mobile and the Internet of Things. The rapid cadence of change in the industry has also transformed security into something of a moving target. Just as one problem gets solved, it seems that new vulnerabilities pop up elsewhere as malicious hackers find new targets of opportunity to exploit.

    And so it’s up to us to equip our customers with the best tools possible to defend against potential threats in what’s become a veritable arms race with various threat actors.

    Security Reality Check

    I’m sure that defenders sometimes feel as if they were condemned to play a game of security whack-a-mole. As threats continue to appear on the landscape, it’s easy to lose track of the fact that real progress is being made.

    We naturally expect the world to be safe and secure and get alarmed when things go wrong. But for comparison’s sake, consider the history of car safety.

    In the early days of auto transportation, a passenger’s odds of surviving a crash while traveling faster than 30 miles-per-hour were quite low. Over the decades, however, subsequent safety improvements led to a remarkable increase in survivability rates. Cars are now equipped with passenger protections such as safety bumpers, roll cages, safety belts, safety glass, airbags and side-impact curtains. More recently, manufacturers have added a myriad of micro-electromechanical sensors to improve driver awareness, and even begin enabling self-driving cars.

    Cyber security is going through a similar transition, albeit with the obvious ups and downs.  However, recent breakthroughs in the lab enable unprecedented levels of security in not only desktop & datacenter systems, but also mobile, cloud, and Internet of Thing (IoT) systems, even including self-driving cars.

    Lab Highlights

    For its part, the Symantec Labs pipeline is chockablock with new technologies that are going to help ease the security burden. Here’s a sample of some of the areas that are getting my attention:


    We live in a world with literally trillions of security events each month. No company is rich enough to afford to hire trillions of security experts - even if they existed. The only way enterprises can keep up is through the deployment of a lot of automation and artificial intelligence (AI).

    For over a decade, Symantec Labs has been working in this realm, using AI to protect desktops, email, servers and networks. More recently, we’ve been able to double the effectiveness of human analysts to resolve highly severe security incidents. The next step is to fully automate that human security expert analysis for broad classes of customers. More about that another day coming soon.

    Crunching Data

    We’ve created a new security analytics capable of far more efficiently crunching thousands of times more data per enterprise than the industry’s mostly manual approaches today.  This new capacity promises to be a game-changer. Instead of trying to bring all of the data back to a central server for reasoning, we’re now far better pushing questions out to the data and getting the systems to reason smartly and assess what is normal, what is suspicious, and what is anomalous.

    So rather than force humans to sift through all of this information manually, hunting for the proverbial needle in the haystack, the system can take on the task and highlight anything that it finds suspicious.

    In practice, that kind of distributed anomaly detection harnesses thousands of times more compute power and can solve security problems much, much faster than we can today - and with much less manual hunting.  I’m sure we will always need as many security experts as we can train. But this advance is akin to giving them a bionics injection to keep up with the threats.

    User Behavior Analytics

    One of the big security threats facing enterprises comes from malicious insiders, a threat that the Harvard Business School describes as both massive and growing. Our researchers have made big strides in the pursuit of new technologies that can catch insiders exfiltrating sensitive information. They actually came up with a system that watched how employees at partner companies were doing their jobs.

    Instead of programming the system so it knew what the jobs entailed, we just let it learn from everybody’s normal day routines. We tested a lot of different algorithms and focused on access patterns. So if employees began doing something other than their job, alarm bells would go off and the system flagged suspicious or anomalous behavior.

    I’m pleased to report that the system successfully uncovered potentially actionable behavior that would have otherwise easily gotten lost in the noise as thousands of employees went about their day.

    Internet of Things

    In hot areas like IoT, Symantec Labs is a major contributor to new industry standards, helping protect billions of IOT devices. We’re also working on making it easier to build security into IoT systems so that enterprise users can be secure. The problem with IoT is that many devices get built by companies that give short shrift to security design. That complicates the challenge for CSOs and other security executives. No matter how easy we make it to build security into these devices after deployment, they’ll always need more protection.

    But the Labs has also been researching new ways to provide better security from the network to better protect these vulnerable devices. Security is always strongest when you have both strong end points and strong network security protecting those endpoints. That's why we are focused on further improving IoT capabilities for network hardware in collaboration with our partners. This progress comes atop helping embed security into over a billion smart, connected IoT devices, and helping protect nearly everything from the latest connected and self driving cars, to Automatic Teller Machines (ATM’s) that we’ve all used, and safely trusted for years.

    Endpoint Protection

    The computing world has become increasingly mobile and a lot of computing has shifted away from traditional laptops and desktops onto cloud-driven tablets and smartphones. That changes the historical notion of network security and the perimeter. Of course, where you have an enterprise network you need to protect that network but a lot of these enterprise devices are computing in ways that are directly connected to the internet. Those devices need to connect back through cloud-driven security architectures.

    Symantec has responded by building and buying great technologies such as our cloud access security broker (CASB), and Web Security Service, where each user device basically connects to a security gateway in the cloud that protects them from any threats lurking out there.  Continuing to invest in these great new technologies, the insider threat detection work mentioned above is a great collaboration between the CASB team and Symantec Labs.

    These are a few of the things that are top-of-mind with me these days. Post a comment in the talkback section below and let me know about the security issues you find most important.  I look forward to hearing from you. 

    0 0

    今月は、48 個のパッチがリリースされており、そのうち 26 件が「緊急」レベルです。


    0 0



    0 0

    Publish to Facebook: 


    選択肢は慎重に選ぶことが肝要です。データ侵害があったときの経済的な影響の深刻さはよく耳にしますが、ブランドに対する影響も忘れてはなりません。Ponemon の調査によると、ひとたびデータ侵害が起きた場合、その被害を受けた企業は平均株価が 5% 下落し、7% の顧客を失うといいます。そして、その企業との関係を打ち切る消費者は 27% にも及びます。


    Advanced Threat Protection: プロキシが次世代ファイアウォールにまさる理由

    次世代ファイアウォール(NGFW)は、企業のセキュリティ環境に定着しました。たとえば、IP アドレスや位置情報に基づいて、特定のプロトコル上で望ましくないネットワーク通信を防ぐ効果があります。組織内からインターネットへの通信を複数のチャネルで制御し、封鎖することも可能です。パフォーマンスに大きい影響が出てもかまわないのであれば、ストリームベースの単純なマルウェアスキャンにまでこの機能を拡張してもいいでしょう。しかし、Web トラフィックを保全し、高度な攻撃、ゼロデイ脆弱性、そして高機能なマルウェアから組織を保護するとなれば、プロキシアーキテクチャにまさるものはありません。

    マルウェアを撃退するうえで、NGFW よりプロキシのほうが効果的な理由を具体的に挙げてみましょう。

    完全なファイルの再構築で、脅威の正体を明らかにできる。NGFW はストリームベースなので、回避型のマルウェアに対しては無防備です。一方、プロキシはセッションとその内容をまるまる再構築してからユーザーに届けます。この方式で通信とファイルを再構築すれば、有害かどうかを判定してから最終的な宛先に送信することができます。


    暗号化されたトラフィックを安全かつスケーラブルに取り扱える。組織の多くでは、暗号化されたデータがネットワークトラフィックの 60 ~ 70% を占めています。そのデータを、攻撃者が悪質な活動の隠れ蓑として利用することも増えてきました。効果的に脅威を防止するには、トラフィックを解析・検査できるようにセキュリティツールで可視化しなければなりませんが、同時にプライバシーポリシーの義務にも従う必要があります。

    最近になって、複数の暗号化トラフィック検査ツールについて、暗号化されたトラフィックの遮断効果を比較した学術論文が発表されました。NGFW をはじめとするストリームベースのツールも対象でしたが、その論文によると、ほぼすべてのツールでセキュリティが低下し、深刻な脆弱性まで発生しているものがあると報告されています。ほかのツールが軒並み「C」または「F」評価を受けているなか、Symantec ProxySGだけが「A」評価でした。

    プロキシのほうが遮断が強力。セッションの完全な停止、復号、検査となれば、プロキシの圧勝です。Tolly の新しいレポートでは、Symantec Secure Web Gateway と代表的な NGFW ソリューションを比較したうえで、Web セキュリティに関してはプロキシアーキテクチャがいかに有効か明らかにされています。フィッシング、悪質な URL、流行している既知のマルウェア群を比較したマルウェアテストで、Symantec Secure Web Gateway は主な NGFW を文句なしに圧倒しました。

    Tolly のレポートでは、Symantec SecureWeb Gateway について次のように報告されています。

    • テストした脅威の全体にわたって高い検出率
    • 業界最大のリアルタイムインテリジェンスからデータがフィードされる、優れたマルウェアデータベース
    • 比類ない検出機能で回避技術にも対応
    • マルウェア対策エンジンとサンドボックス処理技術の追加オプション

    図 1: Tolly レポートより。Symantec Secure Web Gateway は、代表的な NGFW ソリューションと比べ、テストした脅威の全範囲で高い検出率を記録。

    プロキシアーキテクチャ = 高い保護性能

    シマンテックのプロキシアーキテクチャ 次世代ファイアウォール


    • トラフィックの停止
    • マルチベンダーに開かれたエコシステム


    • シングルベンダー
    • 検出の回避が容易
    インラインのデータ漏えい防止機能の追加が容易 停止してインラインのデータ漏えい防止機能を追加することはできない(プロキシが必要)
    SSL 復号は主な暗号に対応 暗号のサポートは限定的で、パフォーマンスも 60% 低下
    市場屈指のクラウドアクセスセキュリティブローカー(CASB)で制御 API 保護のみ。インライン CASB 機能なし
    ハードウェア不要のクラウドサービスで、移動中のユーザーもオフィス全体もサポート 移動中のユーザーを保護するには、顧客がホストする/所有するファイアウォールへの VPN バックホールが必要


    • 侵害指標(IoC)の検証、ブラックリスティング、修復

    ProxySG、Content Analysis、サンドボックスで強力な保護を実現

    プロキシアーキテクチャの利点を基盤に、シマンテックは多層型アプローチを通じた Advanced Threat Protection を実現しています。抽出したコンテンツを ProxySG と Symantec Messaging Gatewayから Symantec Content & Malware Analysisに送信し、Web トラフィックやメールトラフィックで悪質な活動を効率的に発見できるアプローチです。評価サービス、デュアルマルウェア対策エンジン、静的コード分析を利用し、その後に残った「真に不明の」ファイルだけがサンドボックスに送られて、完全な発動をテストされます。

    シマンテックをご利用のお客様が、このアプローチで確実に得られるメリットを示したのが、図 2 です。この例のお客様は、1 日で 6,300 万件の Web 要求を受信しています。シマンテックのテクノロジーによる多段階プロセスでその要求をすべて解析した結果、本当に継続調査を必要とする実質的なアラートは、わずか 3 つにまで絞り込まれています。Symantec Content Analysis の最新リリースについて詳しくは、こちらのブログ記事をご覧ください。

    図 2:たった 1 日で 6,300 万件もの Web 要求を受信した顧客の例。実際の調査に値する要求はごくわずか。ProxySG、Content Analysis、マルウェア解析のサンドボックスを組み合わせた結果、セキュリティチームによる確認が必要なインシデントは、3 件にまで絞り込まれている。


    クラウドに移行する際には、考慮すべき点がいくつもあるでしょう。全面移行か移行しないか、あるいはセキュリティについて要求水準を下げるか、といったことです。それだけでなく、生産性とパフォーマンスの維持にも配慮しなければなりません。IT 管理者とセキュリティアナリストが苦労して続けてきた、既存のスキルやプロセス、ポリシー、統合への投資をムダにしたくないからです。


    クラウド + オンプレミスで進めるセキュリティ上のメリットを活用するかどうか  

    シマンテックは、企業を万全に保護する優れたソリューションを用意しており、オンプレミスでもハイブリッドでも、さらには全面的なクラウド型でもお選びいただけます。エンタープライズクラスの Advanced Threat Protection をオンプレミスにも期待できるとなれば、クラウド移行時にセキュリティに対する要求水準を下げる必要はありません。シマンテック製品には、次のような機能があります。

    • 柔軟なポリシーの適用 - 妥当な利用方法とリスク緩和
    • オンプレミスのアプライアンスとクラウドの間で共有さるユニバーサルなポリシー
    • 市場をリードする URL 分類(カテゴリ分け)
    • 高いパフォーマンス/スループット
    • 認証
    • SSL 復号
    • シャドー IT の可視化と制御
    • 民間としては業界最大の脅威インテリジェンスネットワーク
    • 複数のマルウェアスキャンエンジン
    • 双方向(VM とエミュレーション)のサンドボックス処理
    • 総合的なレポート機能と可視性


    シマンテックは、世界有数の信頼性を誇るセキュリティベンダーです。安全な Web ゲートウェイ、データ漏えい防止、クラウドアクセスセキュリティブローカー(CASB)、電子メール、エンドポイントセキュリティ、暗号化されたトラフィック管理など、多岐にわたるセキュリティ分野で業界をリードしています。

    セキュリティプロバイダの大半は、個別のセキュリティソリューションしか提供していませんが、クラウドには統合されたセキュリティの新しいモデルが必要です。Symantec Cloud Security Platform では、独自の機能で安全にクラウドに移行できる一方、クラウドも従来のオンプレミス環境も統一できるため、シームレスなセキュリティが実現します。 

    シマンテックの最高執行責任者(COO)を務める Mike Fey は、こう語っています。「質・量ともに分野をリードするセキュリティポートフォリオと、民間としては世界有数のサイバーインテリジェンスネットワーク。この両方を有するシマンテックは、クラウド時代の大きい課題に対処しうる、業界唯一のサイバーセキュリティプロバイダです。お客様がクラウドのメリットを最大限に活用しながら重要な情報を安全に保護できる環境づくりをお手伝いしています」

    図 3: Symantec Global Intelligence Network が、エンドポイント、メール、Web トラフィックのすべてを比類ないレベルで可視化し、回避型の高度な標的型攻撃も検出して遮断。

    シマンテックが誇る脅威インテリジェンスは、強大な Global Intelligence Networkによって支えられ、統合型のサイバー防御を通じて、卓越した可視性と保護を発揮します。クラウドで利用できる膨大な計算能力を活用して、37 億行を超える遠隔測定結果を解析しており、これほど広く深い脅威インテリジェンスはほかに類を見ません。

    選択は思いのまま: オンプレミスでもクラウドでも、その中間でも


    • プロキシ/Web セキュリティサービス
    • 情報の保護
    • CASB
    • クラウドワークロード保護(IaaS)
    • サンドボックス処理
    • エンドポイント保護
    • 電子メール
    • ID 保護


    • 組織全体にオンプレミス型を選ぶ場合は、ProxySG + Content Analysis + マルウェア解析の専用サンドボックスをご検討ください。
    • 主な拠点やユーザーを対象にハイブリッド型を選ぶ場合は、ProxySG + Content Analysis と、クラウド支援型のサンドボックスをご検討ください。遠隔の拠点やユーザーが対象であれば、Web Security Services + マルウェア解析のサンドボックスがお勧めです。
    • 組織全体をクラウドに移行する場合は、Web Security Services + マルウェア解析のサンドボックスをお選びください。

    こうしたソリューションを管理するとなると、IT チームの生産性に対する影響が気になるかもしれません。Symantec Universal Policy を利用すれば、ポリシーの設定と管理を 1 カ所で行い、データセンター、遠隔拠点や各支社、モバイルユーザーまでを対象にすることができます。Universal Policy には、マルウェアスキャンのポリシー管理、 URL とリスクのスコアリング、SSL 復号、認証といった機能があり、一元管理が容易です。こうした機能によって、クラウドへの移行はかつてないほどシームレスに円滑に、安全になります。

    クラウドへの移行が、組織に大きいメリットをもたらすことは間違いありません。それでも、IT のクラウド戦略全体と、業務上の至上課題に応じて、万全な形でその移行を進めたいと考えるのは当然でしょう。ご安心ください。移行のどんな段階も、Symantec がお手伝いします。


    0 0
  • 08/16/17--06:21: Breaking In!
  • The fundamental steps to launching a cyber security career
    Publish to Facebook: 

    By Jonathan Omansky, Senior Director, Development, Security Technology & Response Team

    Symantec’s Jonathan Omansky provides a simple set of steps to launch a career in cyber security and to address the critical shortage of qualified cyber security professionals.

    “HELP WANTED!” signs are hanging outside windows of almost every private, public, and governmental organization directly or indirectly connected to the cyber security space. If you’ve spent any time looking at this field as a potential career choice or read one of the thousands of articles, blogs, studies, think tank reports, and “expert” advice columns then you know the message is quite clear: WE NEED PEOPLE!!

    Today, there are hundreds of thousands of cyber security positions that remain vacant around the world. As global consumer demand for automated, connected, and intelligent products and services grows, the risks and resulting reality of an increase in cyber attacks expands, and we will in turn see an even greater demand for people. This simple supply and demand equation is part of what the tech industry is now calling the fourth industrial revolution.

    The prospect of filling all of these positions is slim at best, and it’s time to focus on what we can actually do about the growing skills gap. I’ve observed a lot of experts recommending advice:  pursue a degree, hurry to complete any number of (a growing list of) certifications, learn to code in this language, learn to script in that one. While these are all cogent recommendations to consider if you have the financial means, competency, and time, this advice doesn’t provide the fundamental steps to launching a cyber security career. Research shows a large percentage of vacant cyber security positions could be filled by individuals without a college degree—creating a tremendous opportunity to train and prepare non-traditional candidates for these roles.

    I coach, guide, and mentor young students and re-trainees including high school students, inner-city youth, veterans, and believe it or not, elementary school aged kids. While what follows may be common sense to some, the eager minds I know aspiring to cyber security careers need a much simpler set of baseline steps to get started. I’ve used the below strategies with the students I mentor and have seen real results in the form of numerous permanent job placements. I hope sharing this set of simple approaches helps others; we need to attract as many people as we can into cyber security to keep the world safe from ever-evolving digital threats.

    Below you’ll find six simple steps to launch a career in cyber security and in this editorial, I’ll cover the first step, defining your career focus, in detail.

    1. Define your career focus
    2. Research, learn, and assess
    3. Read and write
    4. Formulate a view of the attack 
    5. Make friends, make lots of different friends
    6. Don’t be afraid to be wrong

    #1. Define your career focus

    The very first thing I hear from folks trying to break into the field, is “There’s sooo much to consider, where do I start?” Well, it all starts with making a choice. The choice here is similar to those in medicine, law, auto mechanics, or construction, where you must choose where to focus your time and training. There is an array of disciplines under the cyber security umbrella, some are moderately technical and others require a more advanced technical skill set. This choice is an individual one: get to know the industry, where it is and where it’s going, define the skills you have, decide where you want to go, and think about what interests you.

    You may be interested in network analysis, file reversing, email analytics, incident response, data mining, or one of numerous other areas. Each and every one of these areas has its own aspect of cyber threats attached to it. As such, each area has its own unique set of tools and an established baseline of knowledge that must be learned. Understanding this baseline, the analytical processes and procedures, communication protocols used, the file structures employed, the network architecture, and the programming and/or scripting language(s), is essential to establishing your career.

    Jonathan Omansky visits with Symantec Cyber Career Connection (Symantec C3) graduates from the Stride Center, a Symantec education and training partner that prepares low-income Bay Area adults to thrive in technology careers. 

    When I began my career in network security, we weren’t using a hammer and chisel to establish a TCP handshake, but it wasn’t much more advanced. My learning was relegated to books, RFCs, and manual pages and I discovered very quickly the skills I needed to be effective. I needed to understand how networks communicated, how computers “talked” to each other using protocols spanning the TCP/IP stack and its difference between UDP. I invested countless hours reading about the structure of core protocols – the languages of the Internet - such as HTTP (web), SMTP (mail), FTP, POP, IMAP, IP, and many more. In order to identify an attack, you need to know the language of how it operates. I watched these protocols in action using tools such as Ethereal, Wireshark, and TCPDump, finding sample network traffic files of attacks and figuring out how they were successful. Before long, I understood the basics of how a network attack is performed and could identify patterns that stood out as anomalies. I eventually turned those patterns into IDS/IPS rules, which enabled users to prevent future attacks based off of similar patterns.

    In the early days of my career, there were only a few hundred total people in this field, which made it hard to find someone to learn from or chat up over lunch. These days, there are a huge number of social media based learning and networking opportunities that make defining your career focus easier. You can use these tutorials, webinars, videos, and blogs to learn more about the industry, and once you’ve chosen your desired area of focus, take advantage of these tools to ramp up your knowledge and skills. 

    The approach I’ve described above is a short and simple way to begin learning basic network security concepts. My goal is not to replace the wide array of freely available online and written content that breaks down technical topics, but to provide a very basic roadmap of how to get started. I find as I speak to aspiring candidates, that this is needed just as much as a deep-dive in technical data.

    In short, pick an area, layout your roadmap of learning, and start with one tool, one protocol, or one file structure. Continue to build on that, and you’ll see just how accessible this space really is.

    Follow our CR in Action blog for more on how to launch a cyber security career. Interested in a career in cyber security? Learn more about the Symantec Cyber Career Connection (Symantec C3), which provides a mix of targeted classroom education, non-technical skills development, and cyber security internships to position students to fill in-demand cyber security jobs.

    0 0

    These mistakes can be costly !
    Publish to Facebook: 

    The exposure of sensitive or compliance related documents in the cloud has become one of the primary data security threats that organizations face today. Leakage of these documents, intentional or otherwise, can be potentially disastrous for an organization and result in compliance fines, mitigation costs, and loss of customer trust. The problem is not specific to a single cloud app provider but can occur when using any file sharing app. Whether an exposure happens to just a handful of documents or millions, the damage can be severe. For instance, the loss of a single document containing a confidential business strategy can provide a significant edge to the competition, resulting in lost business opportunities and potential revenue.

    Recently, the Symantec Cloud Threat Labs team discovered a number of invoice documents that were exposed via AWS S3 buckets. Due to responsible disclosure and ethical guidelines, we are not divulging the names of the involved businesses. These documents were publicly available and could be easily accessed and downloaded using a web browser. In an earlier blog, we discussed how globally accessible AWS buckets could lead to data exposure involving sensitive documents if not audited completely.

    This incident highlights the importance of securing data in AWS buckets by restricting privileges.  Considering the competitive nature of service providers, disclosure of invoices could be very damaging to an organization if discovered by external parties. For example, one of the invoice documents reveals information about a firm’s consulting services, associated costs, and its Tax Identification Number (TIN) as shown below:

    Figure 1: Invoice disclosing business consulting charges

    Figure 2: Invoice disclosing service and product  costs

    Figure 3: Invoice disclosing professional fees charged for a specific engagement

    Figure 4: Invoice disclosing supply chain and delivery costs


    If documents like the ones above were exposed, the results could be devastating from a business perspective. The potential repercussions of this exposure are clear, and below we list only a few that can damage the business and benefit the competition (or attackers):

    • Glean more information about the different types of services being offered.

    • Understand the different types of fees being charged by the company for specific services.

    • Collect sensitive information such as Tax Identification Number (TIN).

    • Understand the revenue generation model being followed by the company.

    • Underbid the company on RFPs to win projects.

    Considering the above case studies, there are several points to ponder:

    • Are the documents being exposed by the business firms’ clients by mistake?

    • Are the documents being exposed by a malicious insider who wants to make the sensitive information public?

    • What would be the impact on the business if the documents were exposed and accessed by competitors?

    • Do the involved parties have a Cloud Access Security Broker (CASB) solution to monitor the activities in the cloud, analyze exposed content, and alert or remediate a business-sensitive exposure?

     As discussed earlier, exposure of sensitive documents in the cloud can have a substantial impact on the businesses irrespective of the sources and causes of the exposure. Considering the case discussed here, it shows how crucial it has become for an organizations to deploy to uncover and classify sensitive corporate data and then enable the organization to set policies around its use and sharing.


    0 0

    新しく登場する Symantec Information Centric Security では、いつでもどこからでも、データの暗号化、追跡、呼び出しが自動的に行われます。
    Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 

    重要なデータや情報の可視性を維持するのは、容易なことではありません。ひとつひとつのデータがどこにあるのか、把握するのもひと苦労です。ビジネスに欠かせないデータ、たとえば知的財産(IP)や、ときには個人情報(PII)さえ、さまざまなチャネル(メールや USB で、オンプレミスで、あるいは Box などのクラウドストレージシステム)を通じてチーム間で共有されることが多く、そこには可視性も管理性もほとんどありません。


    1. 次のように共有するとき、誰が重要なデータにアクセスできるか判断できるか

      1. 信頼しているパートナーと共有するとき

      2. 信頼しているベンダーと共有するとき

      3. BYO デバイスを使う請負業者と共有するとき

    2. 信頼しているパートナーやベンダーが他のベンダーと情報を共有しているかどうかを判定できるか

    3. 請負業者、パートナー、ベンダーとの契約が終了するとき、共有していたデータは取り戻せるか

    こうした質問に対する答えが「いいえ」だとしても、異常なことではありません。それどころか、シマンテックが実施した最近の調査によると、最高情報セキュリティ責任者(CISO)のうち 3 人に 1 人近くが、今年の事業における内部的な脅威の筆頭にデータ漏えいをあげているほどです。*

    データ漏えいが起これば、企業の IP が失われるだけでなく、EU の一般データ保護規則(GDPR)や PCI Security Standards Council といった規制順守義務に違反する恐れもあります。違反ということになれば、実質的な被害はさらに深刻になりかねません。最大 2,000 万ユーロの科料を支払わなければならないうえ、市場競争力が落ち、データ漏えいによるブランド評価も損なわれるからです。


    シマンテックの Information Centric Security(情報中心のセキュリティ)ソリューションは、可視性、保護、ID 管理を取り込んで、データセキュリティに対する新しいアプローチを採用しています。Symantec Information Centric Security では、クラウドアプリケーションや、持ち込まれる「個人所有」モバイルデバイスなど、管理対象外の環境にある場合も含めて、機密性の高いデータが保護されます。

    お客様は、どんな形のデータについても、そのライフサイクル全体で追跡と管理性が可能になります。業界をリードする DLP(データ漏えい防止)と CloudSOC CASB、クラウドベースの PGP 暗号化が ID 認証と統合されているからです。どんなユーザーについても、いつでもどこでも、データの暗号化、追跡、呼び出しが自動的に行われるようになります。セキュリティ市場で、ここまでの可視性と管理性を実現しているベンダーはほかにありません。



    • 従来型(オンプレミス)の DLP とユーザーのタグ付け。機械学習や、ユーザーによるデータのタグ付けといった高度な手法によって、重要なコンテンツを識別できます。しかし、認可または無認可アプリケーションを通じて、ひとたび管理対象外のデバイスに情報が共有されてしまえば、保護はそこまでです。

    • 従来型の CASB は強力なソリューションであり、DLP ポリシーと組み合わせればさらに強力になります。しかし、NDA を結んだパートナー、ベンダー、請負業者のような第三者との通信を遮断することは想定されていないため、可視性が失われます。

    • 暗号化は、手間のかかるプロセスであり、ユーザーとの間に摩擦が生じれば、ポリシーはあっさり無視されるようになります。復号されたファイルが他のベンダーに共有されてしまえば、そのファイルに関しては保護も可視性もなくなります。
    • DRM(Microsoft Digital Rights)と RMS(Risk Management Services)は、一定より広い市場に対応せず、配備とユーザビリティの問題が障壁になっています。Microsoft のエコシステムに限定されるため、データ自体にセキュリティポリシーを適用し、所定のユーザーのみ任意のプラットフォームからアクセスできるようにするにはどうするかという問題を、業界は解決するに至っていません。

    Symantec Information Centric Security は、どこが違うのか


    Symantec Information Centric Security は、業界をリードするシマンテックの DLP、CASB、暗号化と認証を以下のような形で統合する業界初のソリューションです。

    • 機密性の高いデータは、あらゆる通信チャネルで自動的に検出されるか、データを作成したユーザーによって手動で分類されます。

    • DLP が機密性の高いデータを自動的に識別して暗号化するため、不慮のデータ漏えいが起こる可能性は低くなります。

    • CASB 技術がクラウドに移動中のデータを捕捉するので、これまでは管理の届かなかったその環境にまで DLP による保護が拡大されます。

    • Symantec VIP の多要素認証機能によって、ユーザー認証の資格情報と復号鍵が統合されるため、アクセスは間違いなく所定のユーザーに限定されます。

    統合は、シマンテック製品だけにとどまりません。Symantec Information Centric Security は真にオープンであり、サードパーティ製品の統合にも利用できます。サードパーティの開発者とデータ中心型ベンダーに向けて、シマンテックはインターネットドラフトと API 拡張を公開する予定です。

    Symantec Information Centric Security では、強力なポリシーによってデータが高精度で捕捉され、追跡、保護されます。そのため、マルウェア環境の進化に順応し、時間とともに新しいリスクにも適応する動的でインテリジェントな保護によって、人的エラーが緩和されます。

    2017 年 6 月 22 日には、Forrester のシニアアナリスト Heidi Shey 氏を迎えたオンラインセミナーを開催します。データと情報の安全を確保する新しい方策として、シマンテックがいかにして、その代表的なセキュリティソリューションを統合しつつあるかをお話しする予定です。ぜひご参加ください。登録はこちらから

                                                                 ICS Training_0.png


    * 1,000 人の CISO を対象に、クラウドセキュリティについてシマンテックが実施した 2017 年の調査より


    0 0

    Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 
    Twitter カードのスタイル: 


    ProxySG is a Symantec Secure Web Gateway (SWG) that can serve as a forward or reverse proxy. In both deployment modes, it leverages its extremely-efficient caching capabilities to improve a customer’s Internet experience. In forward proxy mode, the customer is typically an enterprise with employees enjoying faster speeds accessing the Internet due to the proximity of caching resources. Note that in this mode there is a possibility of additional upstream caching devices (think Content Delivery Network, Reverse Proxies, Load Balancers etc.). In reverse proxy mode, ProxySG is deployed in front of the Origin Content Server (OCS) and typically is the last caching device on the way to the web server.

    Recently, an interesting research appeared online called “Web Cache Deception.” The original research dates back to February 2017, but it gained additional publicity when Omer Gil has presented it at Black Hat USA this July. In parallel, a more detailed white paper was published here. The research represents a new vector of attack that leverages the discrepancies between caching behavior on a caching device and resource retrieval behavior on the web server serving the resource behind the caching device.


    This simple attack exploits sometimes-undefined behavior upon requesting a non-existent but cacheable resource from OCS. Depending on the web framework and server configuration, the OCS might fall back to the last known resource while retrieving the page. The researcher provides several specific examples of this behavior in PHP, Django and ASP.NET. The focus of this article is ProxySG caching behavior, rather than OCS, therefore we will use the simplest example of PHP page for demonstration purposes.

    When accessing the most basic authenticated PHP page:

    Upon successful authentication, the default PHP/Apache configuration on Ubuntu 12.04 returns status 200 and serves the content of secret_w_auth.php:

    For simplicity, we will leave the query string and request/response headers aside for now.

    On the caching side, seeing status 200 and not 404, the caching device assumes nonexistent.css was served and caches the resource under the requested URL. This is an example of impedance mismatch, this time between the logic at the middlebox (caching engine) and the endpoint (OCS). This is because the caching device does not always know what web servers / web frameworks reside upstream and, arguably, it shouldn’t know. The researcher provides several examples of caching devices that make the attack possible (Cloudflare, IIS ARR and NGINX). In addition, there were several publications from affected CDN vendors (see References section). In the next section, we will explore ProxySG caching behavior in the context of this attack in both forward proxy and reverse proxy modes.

    ProxySG Caching Logic

    ProxySG by default is very careful when caching an object. Out-of-the-box configuration obeys all the accepted cache controls, such as Cache-Control headers and expiration timestamps. In addition, additional factors affect the default caching behavior, such as existence of cookies and authentication header. The rule of thumb is not to cache private or user-specific information.

    Caching Authenticated Data

    Taking a closer look at the previous example, the GET request will carry the Authentication header:

    ProxySG has a feature to cache authenticated data which is turned on by default. This feature can be controlled via configuration. All the factors that can affect the HTTP request or response cacheability (such as Cache-Control etc.) in a non-authenticated flow apply when authenticated data is cached. In addition, the authenticated cached data is marked with “authenticated” flag when it is stored on the disk, which indicates that future requests for such content will always require clients to authenticate to the server before the cached content is served. Note that a similar flow applies to other authentication methods; HTTP basic authentication is only chosen here for the sake of simplicity.

    In these cases, ProxySG always issues a GET request with an “If-Modified-Since” header to verify that the client has provided valid authentication credentials to the origin server even when the cached authenticated data has not yet expired. Therefore, it is not possible for an unauthenticated user to access the cached authenticated data, which the server would not have served if the user tried to directly access it without authentication. In the case where the cached object is fresh and the origin server allows access to the object, the origin server can reply back to the proxy with a 304 (instead of 200) response, saving the server-side bandwidth.

    Caching Unauthenticated Data

    For unauthenticated cached objects, ProxySG would not contact the origin server if the object is still fresh in cache. So, the deception is certainly possible, but there’s no harm in this because the server would have served the same content to all users even when no caching was involved.

    This brings us to cookie-based authentication and the original Paypal vulnerability from the aforementioned white paper. Following is the request-response flow visiting the most basic PHP web page that uses custom authentication login form and standard session management support:

    The initial login page would redirect authenticated user to the next page containing private information. The PHP session module takes care of session management and embeds cookie value in HTTP requests as seen in the screenshot. Because presence of cookie in the request/response is considered to be associated with the presence of private information, one of the default ProxySG caching behaviors is to bypass caching for these transactions. So, the exploit is not possible with out-of-the-box config.

    To override this default behavior, the ProxySG administrator would have to consciously use dangerous force_cache(personal_pages) policy gesture (marked “for advanced users only” in the ProxySG CPL reference). This would open up the possibility of the exploit discussed above and thus should be used very cautiously and avoided if unsure.

    Like in many other web applications, the authentication state for Paypal session is stored in cookies that will be present even when retrieving However, a caching middlebox would have to disregard the presence of cookies in both HTTP requests and HTTP responses for this exploit to be successful.


    From the very beginning, caching controls were developed by the Internet community to standardize caching behavior across various devices on the web. As such, following the RFCs and common recommendations on the way to and from the OCS inherently minimizes the infamous impedance mismatch. In addition, smart middleboxes can look for other signs of user-specific content such as “Authentication”, “Cookie”, or “Vary” headers to protect against serving private information when an origin server fails to set the standard cache controls correctly. ProxySG administrators should not need to do much when using the ProxySG with recommended or default settings. However, caching overrides such as force_cache() should be used with extreme caution.

    ProxySG also provides additional controls to identify content that may vary per user or which should only be served after verifying server authentication. The ProxySG’s Content Policy Language (CPL) provides the cookie_sensitive() and ua_sensitive() properties to modify caching behavior by declaring that the requested object varies based on cookie values or user agent respectively. It also provides the check_authorization() property to identify content subject to authentication when standard authentication headers are not used.









    0 0

    Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 
    Twitter カードのスタイル: 

    When your mobile phone gets hacked, attackers can do a lot more than rifle through your hard drive. 

    Not only can they take control of the device’s camera to watch you, they can use your mic to monitor all of your conversations. What’s more, they can also access the location-based services your phone uses to locate you. That leaves cyber stalkers free to track your every movement - by foot, car, train or plane.

    While this might sound like a page from a dystopian potboiler, it’s hardly the stuff of fiction. Last year, Berkeley PhD candidate Bill Marczakrevealed just how easily spyware can now strip iPhone users of their anonymity. In a world where repressive governments can hack their citizens’ phones, that’s bad news in bells for critics, who face their regime’s wrath for transmitting the wrong tweet or clicking on the wrong link.

    Porous Digital Castles

    Smart phone insecurity is just one part of a much bigger story that I want to focus on: In an increasingly digitized world, our privacy has become an open book.

    Your home may still be your castle, but it’s anything from being a digitally safe bastion. Some TV’s have been discovered to have digital ears that listen to what goes on around them. Hackers are now able to remotely compromise baby monitors and other popular home audio devices. Home security cameras have been similarly hacked so that criminals can view video feeds from the home. Digital door locks and garage doors are also vulnerable to cyber criminals who can manipulate the systems to gain entry.  

    The reality of the connected world is that it’s easy to digitally follow us around. Consider the fact that your smart phone often interacts with countless beacons and base stations. If any of them get hacked, they can relay proximity information to aggregation servers and interlopers who can track your location.

    Actually, even without getting hacked, many of them aggregate the information and then sell it to the lowest bidder. And as more cars evolve into the equivalent of big computers on wheels, many have been misconfigured by manufacturers to reveal their latitude and longitude when pinged over the internet, even without requiring decent authentication.

    Other common devices -  discoverable through services like Shodan - are similarly vulnerable to hacks. When the Mirai botnet struck last year, for example, it made headlines by infecting millions of devices to bring down big chunks of the cloud. Yet the infection proliferated precisely because so many of the “smart” things were built by makers who embedded passwords such as “1234” for remote access, typically without even telling the buyer that their device would have such an obvious remote login.

    There are other ways our traditional notion of privacy is being put in jeopardy.  Simply scanning a QR code opens a link that doesn’t only reveal your location to merchants. With or without QR codes, cookies, trackers, and device profiling through “ad networks” also expose other kinds of valuable private information, such as personal interests, other web pages you’ve visited and potentially your location-based history - including your home address, along with political leaning, religious affiliations, and even sometimes likely income brackets.

    What to Do

    So how can we protect ourselves from the myriad threats to our privacy? Fortunately, lots of new digital security products are coming to market that can help. 

    At Symantec Labs, we’re doing research to broaden such protection from the traditional security coverage, to include better privacy protection, creating the ability for people to more effectively limit data collection to data they choose to share.   

    For instance, two years ago we were among the first to show how Machine Learning could be used to identify the HTTP requests carrying sensitive information to third-party trackers with very high accuracy.    

    More recently we demonstrated a new technique for a 90% reduction in spyware getting access to privacy sensitive sensors on Android smart phones.   

    Of course, many security scanning and prevention services in the market focus on blocking “security” threats, not blocking all “privacy” threats, but we’re looking to change that.  Both network and device protections can do far more to protect people’s privacy, and enable people to have genuine anonymity when they need it. In short, on the one hand, “there could be a better app for that,” and we’re working on that.   

    On the other hand, you can’t always install an app. For that, we’re working to make the network based privacy protections better so that as long as your devices are tied to a cloud-based protection service like Symantec’s Web Security Service (WSS), such cloud-based services could be protecting you not only against security threats, but also protecting you against privacy threats. That includes surveillance by ad networks, atop the geo-location threats, and atop the “server to client” attacks which have already unmasked the anonymity of people arrested or disappeared for doing no more than exercising their moral obligation to question authority. 

    In the meantime, smart phone users can take advantage of security solutions include offerings like Norton Mobile Security, SkyCure, WSS and more. Some car makers are beginning to protect their fleets of cars with services like WSS to build better building security into the car from the beginning. Smart city and smart building infrastructure can borrow a page from the car makers, using services like WSS or security gateway hardware such as ProxySG.   

    Clearly, our increasingly connected world is creating amazing new opportunities. This world wide web and emerging internet of things are powerful tools that put the world at our fingertips. But we’re also going to need good tools to deal with the thorny privacy threats that inevitably will arise. Otherwise, the absence of adequate protections will put every aspect of our lives on display for thieves, stalkers, bullies, and tyrants.