Are you the publisher? Claim or contact us about this channel

Embed this content in your HTML


Report adult content:

click to rate:

Account: (login)

More Channels

Channel Catalog

    0 0

    A layered approach to endpoint security
    Cross Post Blogs: 
    Thought Leadership
    Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 
    Twitter カードのスタイル: 

    By Naveen Palavalli, Director of Product & GTM Strategy

    In just the last year, we saw more than 1 million new malware variants introduced per day and the number of ransomware families tripled (ISTR22). The average ransom amount paid spiked 266 percent to $1,077. Those kind of stark numbers provide a glimpse of the herculean task that security professionals face on a daily basis. As organizations struggle to deal with the rising security demands associated with complex networks and myriad, ever-mutating external threats, it's imperative to ensure that the right endpoint security solution is in place.

    In a recent blog, Gartner’s Avivah Litan advises customers to “Use a layered endpoint security approach that includes application whitelisting and blacklisting, and other controls that come bundled with most EPP platforms”.

    I couldn’t agree more. Enterprises need complete endpoint security that provides full cycle protection that includes protection, detection and response specifically designed to handle a rapidly shifting security environment. The consequences for operating with more limited protection have never been clearer.

    To help ensure your organization is fully protected from today's most serious threats, here is a list of the most essential technologies for complete endpoint security.

    1.Total security spanning the entire attack chain

    Infections are simply one link in a larger chain leading to a network breach. The best endpoint security systems fuse next generation technologies with proven ones to offer protection from threats regardless of how or where they appear. Only by taking a more holistic approach can businesses ensure they receive the best possible protection. The most powerful endpoint security offerings possess deep capabilities at all the relevant stages: incursion, infection, exfiltration, remediation, etc. Let's take a closer look at some of the core features to look for at each of these stages:

    The Incursion. 

    1. Protection from email borne threats: Recent research shows that 1 in 131 emails contain malware including ransomware (ISTR22). You need endpoint protection that scans every email attachment to protect you from stealthy attacks.
    2. Protection from malicious web downloads: 76% of the websites scanned have vulnerabilities (ISTR22) that can be exploited by attackers to serve malware. Intrusion Prevention technology that analyzes all incoming and outgoing traffic and offers browser protection can block such threats before they can be executed on the endpoint. 
    3. Powerful endpoint protection should also allow easy Application and Device Control so that you can enforce over which devices can upload or download information and access hardware or have registry access

    The Infection.

    Along with providing these essential protection at the incursion level, the best endpoint solutions offer advanced functionality and protection from every type of attack technique. Some of these recommended features include:

    1. Advanced Machine Learning. By analyzing trillions of examples of good and bad files contained in a global intelligence network, advanced machine learning is a signature-less technology that can block new malware variants at the pre-execution.
    2. Exploit Prevention. Almost every week you hear about a new 0-day vulnerability discovered in popular software like browsers and productivity software. IT organizations cannot keep up with testing and applying patches fast enough which leaves a vulnerable attack surface on these software that are exploited by attackers, many a times with memory based attacks. Exploit prevention technology protects against such 0-day vulnerabilities and memory based attacks
    3. File reputation analysis based on artificial intelligence with a global reach. The most advanced analysis examines billions of correlated linkages from users, websites, and files to identify and defend against rapidly-mutating malware. By analyzing key attributes (such as the origin point of a file download and the number of times it has been downloaded), the most advanced reputation analysis can assess risks and assign a reputation score before a file arrives at the endpoint.
    4. High-speed emulation at the endpoint acts like a light and fast ephemeral sandbox allowing for the detection of polymorphic or mutating malware
    5. Behavioral monitoring. Should a threat make it this far along the chain, behavioral monitoring can tap into the power of machine learning to monitor a wide variety of file behaviors to determine any risk and block it. Again a great defense against ransomware and stealthy attacks such as malicious PowerShell scripts. Research shows that 95% of the analyzed PowerShell (ISTR22) scripts last year were malicious.

    Smart organizations will also pay attention to the lateral movement of malware within an organization and anti-exfiltration capabilities of their endpoint solution. Intrusion prevention, firewall policies and behavioral monitoring also come into play here, and these features should be present in any advanced endpoint platform. These technologies were particularly effective in preventing propagation of the recent WannaCry ransomware.

    2.Powerful Incident Investigation and Response

    Most organizations understand that a determined attacker will get through. However what they crave for is powerful detection capabilities to identify the breach as soon as possible and a very easy to use workflow for incident investigation and response. Industry analysts have begun to call this Endpoint Detection and Response (EDR). Advanced EDR solutions help isolate the endpoint as you investigate the breach, contain the spread of the malware through blacklisting and allow easy remediation by deleting the malware restoring the endpoint to a pre-infection state

    Overall, the most effective endpoint security offers deep protection across each level of the attack chain, detection and response. As the old saying goes, security is only as strong as its weakest link, making a comprehensive approach essential.

    3.Performance and scale backed by advanced functionality

    As detailed above, a fully-protected attack chain is of critical importance. Yet the value of high performance shouldn't be understated. The best endpoint security should be optimized to prevent user and network slowdowns. It should also scale as your enterprise grows

    4.Low Total Cost of Ownership

    Finally, a single agent that combines the technologies normally available only through the use of multiple agents (machine learning, exploit prevention, EDR, etc.) is highly desirable. Organizations using a single agent can reduce the burden on IT by consolidating their management and maintenance of multiple agents -- while receiving the added benefit of lowering the total cost of ownership.

    5.Seamless integration for orchestrated remediation

    The most advanced endpoint solutions make easy integration a priority via an open API system, so organizations can leverage their existing security infrastructure like network security, IT ticketing systems and SIEMs.

    The takeaway

    All endpoint security solutions are not created equal. The best, most advanced offerings have three core elements: Total protection, detection and response across the attack chain, high performance and scale without sacrificing efficacy, and seamless integration with existing infrastructure.

    Ideally, these three components should arrive in a single, comprehensive yet lightweight package, as the effort of managing multiple agents lowers efficiency and increases costs. Organizations that seek these features when considering a new endpoint security solution will, without question, receive the highest level of protection for their investment.

    Gartner 2017 Magic Quadrant.jpg

    0 0

    A useful application of PowerShell
    Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 

    As you may know, we recently added the ability to import a CSV or XLSX file of users to Endpoint Cloud for user enrollment.

    This leaves on-premises AD admins with the task of building that file, so I did some looking and found a very nice example Powershell script for pulling AD users to a CSV.

    Of course, I had to modify the Path (in two places), destination server, and OU to pull data from. (Since we're using the built-in "Users" OU, I had to use CN= instead of OU=).

    I also had to change what fields were pulled, as well as the names of them. Here's what my fields looked like:

    $AllADUsers |
    Select-Object @{Label = "Email";Expression = {$_.Mail}},
    @{Label = "FirstName";Expression = {$_.GivenName}},
    @{Label = "LastName";Expression = {$_.Surname}},
    @{Label = "Phone";Expression = {$_.telephoneNumber}}|

    From there, I just copy pasted my users into the CSV that I downloaded from the portal and imported it, success!

    0 0

    The WannaCry outbreak dominated the news cycle, while the phishing rate reached a high for 2017.


    0 0

    Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 
    Twitter カードのスタイル: 

    Introduction: CIO Sheila Jordan

    As promised, here is the fourth blog in our IT Showcase series that chronicles our IT transformation over the past three years. Today’s topic is our infrastructure journey to hybrid cloud, authored by Chandra Ranganathan, our vice president with global responsibility for network and infrastructure services across the company. I hope you find it to be a worthwhile read—we welcome your feedback!

    Journey to a Hybrid Cloud

    Nearly every CIO I know has debated whether to move all or part of their IT workloads to the public cloud. There are many advantages: Public clouds enable companies to shift capital to operational expenses, and offer greater elasticity and economies of scale.  But it isn’t always a clear cut decision. A company’s specific business or industry can often dictate the strategy and approach.

    At Symantec IT, our journey to the cloud started in 2014. While a move to the public cloud was always part of our roadmap, we ultimately chose a hybrid cloud strategy that would support our business, protect our data, and increase efficiencies.

    The results have been transformative for our IT infrastructure. We’re not only more agile, more secure and able to provide a much better customer experience, but we’ve also been able to reduce our operating expenses by more than 55%.

    Our hybrid cloud strategy involved a four-pronged approach. Here’s how we carried it out:

    • Private Cloud: First we built a software-defined data center (called Next Generation Secure Data Center), setting up a virtualized, automated, and ‘converged’ infrastructure with software-defined compute, storage and network capabilities. Orchestration was enabled through a single pane-of-glass cloud management platform providing self-service IaaS capabilities. We also implemented best-of-breed core and enabling tools to provide real-time lifecycle management of infrastructure, including a shared DevOps stack with federated and role-based access.
    • Repatriation:  In parallel, we moved the entire infrastructure ecosystem in-house from an outsourced managed services model. In its place, we set up a hybrid support mechanism that included third-party vendor support for operations in a managed-capacity model.
    • Legacy workload migration:  We migrated legacy workloads to the private cloud, leveraging the cloud’s multi-tenancy capabilities for a major spin-off. We also expedited the migration of over 150+ legacy Symantec apps within one year, in the process rationalizing 55% of our applications and decommissioning 38% of our servers.
    • Extension to public cloud: We kicked off our move to the public cloud by completing a public versus private cloud economics and ROI analysis, a  workload segmentation exercise and vendor capabilities evaluation assessment. Based on the outcome, we selected Microsoft Azure as our public cloud partner for most of our Consumer product and Enterprise IT workloads. In the last six months, we have designed and deployed core services across four Azure regions, and migrated 55 critical external-facing applications to the platform. We also set up real-time dashboards to track and report financial, operational and security metrics to govern adoption and utilization.

    Experience is the best teacher so let me share some of what we learned along the way:

    • Not all applications are equal. Assess your applications based on technical, security, compliance, financial and legal criteria to create a “heat map” framework reflecting best fit and ease of migration to public cloud.

    • One size may not fit all. Try to understand the capabilities and limitations of public cloud vendors. For instance, we found that one vendor was stronger when it came to enterprise IT, e-business and consumer product workloads. Another  was a better fit when it came to enterprise security cloud products.  So diversify. Also, a multi-public cloud provider strategy prevents vendor lock-in and fosters more competitive pricing.

    • “Lift and shift” alone will not help realize benefits.  If private cloud efficiencies have already been realized, you need to re-engineer and ‘cloudify’ applications to further optimize public cloud cost.

    • Validate your cloud provider’s claims. Don’t leave yourself vulnerable to surprises and have a backup plan to address capability gaps in your public cloud provider’s offerings.

    • Partner and collaborate with key business stakeholders for requirements, design and delivery. Spend time on initial planning and analysis (economics comparison, capabilities assessment, workload segmentation, application prioritization, architecture, etc.).

    • Define roles and responsibilities across IT and business units, and adopt  federated role-based access where needed. Leverage a third party migration partner (as needed), and where possible, technical resources from the provider as extended members of your team.

    • Plan for the evolution of your team, moving them from a siloed mindset to become cloud specialists with the skills and mindset to deliver ‘infrastructure as code.’ Establish a services-based model, DevOps culture and flexible architecture.

    • Know that cloud will disrupt your teams—so be sure to communicate, communicate, communicate.

    Finally, companies need a governance mechanism to ensure all parts of their business are following the correct cloud process. At Symantec, we launched and now operate a cross-functional Cloud Council that’s responsible for cloud adoption and optimization. The council is co-chaired by IT, Security and Engineering leadership supported by extended stakeholders and provides technical, security and financial governance.

    These efforts have paid off with benefits to both the top and bottom lines:

    • Reduced compute and storage provision time from months to hours—and in some cases, minutes—while the implementation of automation and self-serve capabilities have resulted in significantly improved customer experience and speed-to-innovate.

    • Reduced critical infrastructure incidents by 90% while improving the availability and utilization of the resources at all layers of the IaaS stack.

    • Automated and enhanced infrastructure lifecycle management including discovery, mapping, provisioning, monitoring and analytics, incident and problem management, asset and configuration management and reporting.

    • Moving to the new system has led to significant consolidation and more efficient use of resources. We have been able to reduce the number of labs by 46% across 19 Symantec sites, and consolidate regional infrastructure from over 45 sites down to 10. We’ve also increased storage utilization to over 80%, optimized our backup ecosystem by 40%and consolidated primary data center space by nearly 60%.

    • Reduced overall operating expenses by by combining our private cloud, legacy migrations and repatriation efforts.

    This is part of an ongoing transformation process and we’ll doubtless learn more in coming months and years. Cloud is obviously a topic of great interest to me and I am eager to hear more about your cloud journey!


    0 0

    Publish to Facebook: 
    Twitter カードのスタイル: 

    It’s not easy for a bank to protect itself against cyber crime. And it’s much harder when there are hackers who make it their mission to take the bank down. To win, the bank needs some seriously strong security.

    In 2012, Spain’s economy was in deep recession. The European Union came to the rescue with more than US$100 billion. But there were conditions: one of them—Spain had to set up a “bad bank,” a bank that would help restore the health of the nation’s ailing private banks by taking on their soured real estate assets.

    So Spain set up Sareb—and Sareb set out on its mission of absorbing toxic real estate loans and properties from banks on the brink of failure because of collapsing property prices. Sareb took on almost 200,000 assets worth more than US$54 billion. Next step: Triage the assets and sell the salvageable ones back into the market.

    All good, right? Not quite. Some Spanish citizens were angry at the bailout of failing banks. And hackers, always on the lookout for a target, put Sareb in their crosshairs. They launched a major zero-day attack and a CryptoLocker ransomware attack. They even created a malicious app called Sareb Go (after Pokemon Go), in which hackers tried to take Sareb assets by force.

    Sareb had almost no security shield—no firewalls, no data-loss prevention, no threat protection. It needed a strong security infrastructure—and because it was on a strict schedule to liquidate assets, it needed it fast.

    So Sareb went straight to the top. It called on Symantec and implementation partner Hewlett Packard Enterprise (HPE), and together they deployed a bulletproof solution for endpoint and email gateways.

    Mission accomplished. Sareb can now uncover and investigate any suspicious events, search for particular indicators of compromise, get deep threat visibility, and remediate every attack artifact across all endpoints.

    And Sareb can always call on Symantec and HPE experts for help. “You can own a Ferrari and it’s a great car,” says Gabriel Moline, corporate security manager at Sareb. “But if you don’t know how to drive it properly, what’s the use of having it? With Symantec and HPE, I have a high-end race car that I can expertly drive.”

    Explore more … read the entire case study.

    0 0

    Cross Post Blogs: 
    Products and Solutions
    Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 
    Twitter カードのスタイル: 

    The cyber security problem is hard to solve due to its sheer complexity and size. The constant cat and mouse security game has driven spending well over the $10B mark and created 1,000+ new technology startups in just the last 5-10 years alone. Venture Capital money continues to pour in and new innovations in prevention, detection, incident response and SecOps occur at a regular heartbeat.

    Cyber security platform companies like Symantec are also innovating, but it’s important to recognize the importance what a vast and very creative community of companies can bring to the table in the fight against cybercrime.

    To accelerate the collaboration and creativity across this eco-system, Symantec is announcing a new initiative called the Technology Integration Partner Program or TIPP for short. We’re openly inviting any cyber security company from small startups to well established security companies to join with us to put a big dent in cybercrime. Click here to apply:

    While many partner programs exist today, we have decided to focus on the technical integration aspect of partnership. This is the single most important aspect of making a difference in security. By working to integrate our data feeds, linking together our defensive platforms, leveraging each other’s advanced detection suites, automating workflows to increase productivity, only then can we make a real impact. The more technology companies want to integrate with our platform, the more they will be rewarded within TIPP. Technology vendors can read more about the program here:  CLICK HERE

                                                                TIPP blog_0.jpg

    Our customers will want to hardness these integrations for the following reasons:  

    • Enhance current security investments: A good example is utilizing the Symantec SSL Visibility Appliance to inspect SSL/TLS encrypted traffic that can be used by existing advanced threat or malware detection products. Without this, >70% of traffic would never be inspected.

    • Maintain a stronger security posture: A good example is utilizing the ProxySG/Content Analysis to pre-filter all potential bad web traffic before it must be sent for deeper level inspection, such as sandboxing. This dramatically improves the performance of the current installed sandbox/ATP systems.

    • Improve productivity: If the SOC team uses Splunk, Symantec has built a unified App to consolidate all data into one place from SEP/ATP/ProxySG, Security Analytics, WAF and more. This helps the analyst find a problem fast with direct access to Symantec systems to further validate or investigate.

    We’re launching with over 100 integrations out of the gate with the broadest set of security technology companies around the planet. Customers will be able to find updates on new companies and integrations within Symantec Connect.

    0 0
  • 06/13/17--21:48: 2017年5月最新情报
  • WannaCry病毒爆发长期占据新闻头条,网络钓鱼电邮比例达到2017年最高点。


    0 0

    This month the vendor has released 94 vulnerabilities, 18 of which are rated Critical.


    0 0

    Building a Next Gen Love for Coding
    Publish to Facebook: 

    Symantec’s Volunteer of the Quarter initiative highlights and rewards those employees who dedicate their time and talents to those in need. We have a long and proud history of encouraging our employees to volunteer. While the driving force of our efforts is largely altruistic, there is even more to volunteering than giving back to our communities. Volunteering makes our company a better place to work, so employees are helping both Symantec and the organizations they volunteer for.


    Today we highlight our Volunteers of the Quarter: Tony Cook and Chris Naunton, Application Support, Melbourne, Australia for their contributions to Code Club Australia, a nationwide network of free, volunteer-led, after-school coding clubs for children aged 9-11, with 50,000 members and 1,500 clubs across Australia. Code Club Australia is part of Code Club International, an international network of 10,000+ Code Clubs across 10 countries.

    Building a love for coding? That might sound funny to some, but to those of us passionate about technology and programming, we understand. People of our generation who wanted to learn programming, had to do so from books. Today, the opportunities for students to build technology skills from a young age is just growing. We see this first hand through our work with Symantec and the growing industry need and desire to engage students in STEM. For example, when we were growing up, a programming club at school was not common.  We would have been overjoyed at the opportunity to build applications and games alongside our peers, learning from and inspired by their work. 

    Keen to expand and support any opportunites for the next generation to learn to code, we proposed the running of a Code Club to a local school, Mentone Primary, and the principal was delighted to accept.  We leveraged the resources and support of Code Club Australia, whose mission is to give every child the skills, confidence and opportunity to change their world. They are doing this via the transformational power of programming. We volunteer one hour per week, where we teach a group of grade 4 and 5 students about programming.

    Our Mentone Primary School Code Club began in February and will continue throughout the 2017 school year. Each class involves hands-on coding by the students leveraging Scratch, a visual programming platform developed by the Massachusets Institute of Technology (MIT) for the purpose of teaching coding to children. Chris and I lead the class as students work through each programming project, often building a game. We answer questions and help diagnose bugs. Once they’re proficient in Scratch, students will tackle the “real” coding languages HTML/CSS and Python.

    Screen Shot 2017-06-13 at 11.25.06 AM[1].png

    Click here to learn more about how Code Club is making a difference in Australia and around the world to #getkidscoding.

    The passion, frustration, and excitement of the students we work with shows us how impactful the program really is. Programmers don’t usually cry over their code, but that is what happens when a student accidently deletes code that has taken 10 minutes to write and they are not able to recover it. Helping students navigate the challenges and accomplishments of project development is a skill they can apply in any field. 

    Applying our professional skills is the easy part – we are both programmers with many years of experience in several languages. The new skills we develop are more challenging and ultimately the most rewarding part. Managing and engaging a class of fifteen 10-12 year olds, each with a laptop, certainly requires skills that we don’t normally use in our day jobs.

    Additionally, the chance to meet new people and pass on our skills and experience is something we both highly value. When parents tell us Code Club is their child’s favorite part of the week, we couldn’t feel more gratified. It’s inspiring to see first hand that kids are building a love for coding. Most importantly, they begin to see learning as fun and understand its importance and applicability, an invaluable experience for any student.  

    It is very easy to be absorbed by our own world. However, volunteering expands this lens, it exposes you to the world of others that is often very different to your own. And the potential impact you can make both working and volunteering is likely to be greater than spending those hours in your day job alone. 


    0 0

    Publish to Facebook: 
    Twitter カードのスタイル: 

    There are many things to like in the Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure that President Trump recently issued, but chief among them was the direction for federal agencies to follow the risk assessment standards established by the National Institute of Standards and Technology (NIST).

    At its core, the NIST Cybersecurity Framework (CSF) is a leading guide to help organizations – both public and private – effectively manage their risk. The NIST CSF has been proven to be an effective cyber baseline for organizations in the private sector, and is being deployed widely across a number of industries to shape cybersecurity strategies, including healthcare, financial services, critical infrastructure and, yes, even Symantec. By requiring agencies to follow the NIST CSF and submit a report based on their findings, the Trump administration is building off the positive work already done to improve cybersecurity – and pushing it forward.

    The Cybersecurity Executive Order is something the Trump administration has discussed since its first days in office. In addition to the focus on the NIST CSF, it includes a number of other major initiatives such as:

    • Placing the responsibility for cybersecurity risk on the heads of federal agencies
    • Calling for a report on cybersecurity concerns facing critical infrastructure to be drafted within six months
    • Mandating government agencies, especially those in the civilian sector, consider opportunities to share cyber technology when feasible, a shared services approach to cyber

    This all represents a positive first step from the Trump administration in terms of its cyber stance. Instead of “throwing the baby out with the bathwater” so to speak, the new leadership has embraced and built upon previous initiatives.

    That said, this is still only one step in the process. Cybersecurity breaches continue to dominate the headlines. Just two days after Trump issued the Executive Order, the WannaCry ransomware attack hit computers all over the world. While the attack’s damage to federal systems seems to have been limited, it was a stark reminder of the impact cyber threats can have on a global basis.

    The United States government remains the focal point for attacks. Some begin with simple vulnerabilities, such as taking advantage of poor cyber hygiene, while others are more sophisticated. All of them present a danger to federal agencies, national security and the public at large.

    The Executive Order and its focus on the NIST CSF is a fantastic start to help agencies navigate the challenges ahead. Anything that supports improved cybersecurity will ultimately help in the long run (increasing budgets for cyber related programs would also help…immensely). It’s how agencies actually interpret the Executive Order and the NIST CSF and move forward with implementation that is the key next step. This cannot be about adding – or bolting on – point security products that do not interoperate with one another in a panic mode approach. Agencies need to develop a comprehensive cyber strategy that includes more integrated capabilities, including solutions that are built to work together, and align with each functional area in the NIST CSF.

    We applaud the Cybersecurity Executive Order and its initial intentions. This presents agencies with an opportunity to re-imagine their current security programs and take significant steps to ensure those programs are hardened. The cyber battle is never over, but a focus on adhering to the NIST CSF within the Executive Order is a good “stake in the ground.”

    0 0

    Publish to Facebook: 
    Twitter カードのスタイル: 

    Despite increased spending on IT, our annual Internet Security Threat Report found that healthcare contributed to the second highest number of security incidents in the services sector in 2016.  Rich in personally-identifiable information, healthcare data is a highly attractive target for cyber attackers, and the results of a successful attack can be dire – including risk to patient care.

    Over the last year, I’ve had the pleasure of working with 20 other healthcare subject matter experts as a member of the Healthcare Industry Cybersecurity (HCIC) Task Force.  Assembled by the Department of Health and Human Services (HHS) as required by the Cybersecurity Information Sharing Act of 2015 Section 405, the Task Force examined the current cyber threat landscape and reviewed input from experts inside and outside the healthcare industry to develop specific recommendations and best practices.  On June 2, we released our Congressional report, outlining six imperatives for the healthcare industry:

    • Define and streamline leadership, governance, and expectations for healthcare industry cybersecurity.  The Task Force recommends the creation of a “cybersecurity leader” role within HHS to coordinate activities and serve as a single focal point for industry engagement across regulatory and voluntary cybersecurity programs.  Other recommendations address leadership, accountability and governance structures for industry organizations and government
    • Increase security and resilience of medical devices and health IT.  This imperative addresses the Cybersecurity Information Sharing Act’s mandate to review the unique cybersecurity challenges of medical devices and electronic health records.  We recommend a combination of regulatory, accreditation, information sharing, and voluntary development and adoption of standards to promote system security from product design and development through end of life
    • Develop the healthcare workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities.  This section addresses the workforce challenges that healthcare faces around health IT in general and cybersecurity, specifically particularly among small, rural and other organizations that lack the resources it takes to address these issues.  Recommendations include steps to enhance cybersecurity leadership, workforce development, and leveraging shared services
    • Increase healthcare industry readiness through improved cybersecurity awareness and education.  This imperative focuses on raising awareness among corporate leadership, educating employees on the importance of cybersecurity, and empowering patients to make better choices related to their personal health information security.  The Task Force recommends that HHS work with government and industry partners to promote cybersecurity awareness across healthcare
    • Identify mechanisms to protect research and development efforts and intellectual property from attacks or exposure.  Healthcare has a significant problem of intellectual property theft related to clinical trials, drug and device development, big data applications, and general healthcare business operations.  We recommend activities to increase the industry’s understanding of the scope of the problem and the various risks of ongoing intellectual property loss
    • Improve information sharing of industry threats, risks, and mitigations. Recommendations under this imperative focus on the sharing of cyber threat information among government and industry stakeholders.  The Task Force recommends the establishment of cyber threat information sharing systems in healthcare, with a focus on ensuring that actionable information reaches small and rural organizations[1]

    As evidenced in recent security reports by Symantec and HIMSS Analytics, healthcare needs to revamp its cybersecurity practices to protect its highly-valuable information.  Though it won’t be an easy path forward to address these challenges, it is essential that providers prioritize deploying holistic cybersecurity solutions and processes to better protect their data, and most importantly, their patients.  Read the full HCIC Task Force report here.


    [1] Healthcare Industry Cybersecurity Task Force Report, 2017.

    0 0

    Cloud Security continues to drive the Secure Web Gateway market
    Publish to Facebook: 
    Twitter カードのスタイル: 

    Cloud Security continues to drive the Secure Web Gateway market

    The Secure Web Gateway (SWG) market continues to grow in 2017, due to the growth of cloud-based SWG services and the focus on SWGs as security solutions, according to a new report from Gartner.

    The cloud-based SWG business has grown at a recent five year CAGR of 35% and the entire SWG market is estimated at $1.5billion according to Gartner.

    Symantec is Named a Leader in Secure Web Gateways*

    Evaluating 11 vendors across competitive buying criteria, Gartner named Symantec as a Leader in the Magic Quadrant for Secure Web Gateways.

    Here are a few reasons why the world’s largest brands choose Symantec to protect their cloud web access:

    • We provide the strongest proxy in the market in terms of breadth of protocols and the number of advanced features, including multiple authentication and directory integration options.
    • We offer the most comprehensive, integrated security solution– including integrations with DLP, Endpoint, CASB, encrypted traffic management and advanced threat prevention solutions.
    • We make it easy to manage and deploy SWG with a powerful central management console and flexible deployment options ranging from on-premises, virtual and cloud service, including hybrid solutions.

    Next for Symantec: Tighter Integrations and Greater Threat Protection 

    Over the past ten months, since the acquisition of Blue Coat Systems we’ve already introduced a number of integrations with complementary Symantec security solutions including DLP, Endpoint, and Messaging security.  We’ve also announced data sharing in our cloud intelligence, the Global Intelligence Network, resulting in blocking over 4.1 million additional threats a day for our customers. 

    Our engineers are hard at work building the next series of integrations of Symantec products. We believe the future of data security lies in bringing multiple disciplines together: secure web gateways, data loss prevention, endpoint security, cloud security, identity management and encryption. By integrating these traditionally separate security technologies, we can deliver simplified cloud and information-centric security with improved threat prevention to our customers.

    Thank You to Our Customers and Partners!

    We’re honored to be recognized by Gartner for our continued leadership in SWGs. It is a testament to our commitment to security innovation and to the loyalty of our customers and partners. Here’s to ten more years of continued success!

    To read the entire Gartner Magic Quadrant report, click HERE.

    *Previously listed as Blue Coat Systems in prior Gartner Magic Quadrant SWG reports.

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

    0 0



    0 0

    WannaCry の突発的な流行がニュース見出しを賑わせた一方、フィッシングの比率も 2017 年に入ってからの最高値を記録しました。


    0 0

    今月は、94 個のセキュリティ情報がリリースされており、そのうち 18 件が「緊急」レベルです。


    0 0

    An integrated approach to fighting stealthy attacks
    Background Image on Blogs "Quilted" Page: 
    Publish to Facebook: 

    Email security remains more of a challenge than ever for organizations. Not only is email still the preferred mode of attack, but clever cohorts of malicious actors are improvising to develop new evasions of traditional email security defenses.

    How secure is your email? Here’s what you need to know:

    • The data paint a troubling picture of the threat landscape with the incidence of malware-laden emails attaining a new high. One out of every 131 emails nowadays is malicious (ISTR 22). In comparison, 5 years ago, it was 1 out of 244.
    • The WannaCry ransomware attack wreaked havoc recently. While it did not spread through email, most other ransomware attacks do. In fact, the number of ransomware “families” tripled and attacks increased by 36% last year (ISTR 22).
    • Attackers are always improvising and they are launching successful attacks through email scams like targeted spear phishing and Business Email Compromise (BEC), that exploit social engineering methods. According to the Federal Bureau of Investigation, total exposed dollars globally was more than $5 billion last year due to BEC scams while phishing attacks grew by 55% (ISTR 22).

    Shortcomings of traditional email security tools

    The “traditional” email security tools that companies still use to deal with newer, more advanced threats aren’t working.

    • Basic email security solutions use signature based methods which cannot keep up with the more than one million new malware variants we saw every day last year (ISTR 22).
    • While some security solutions profess to use a sandbox, they are limited to virtual machine detonation, which are easily evaded by “VM-aware” malware. Last year about 20% of the malware was “VM-aware”.
    • Increasingly, sophisticated attackers are “living off the land” meaning they employ macros or other scripts to pull off their attacks. Active content in attachments like Microsoft Office documents are not inspected by basic email security solutions, which leave organizations vulnerable to stealthy attacks.
    • Traditional email security solutions do not export the Indicators of Compromise (IoC) gleaned from analyzing malicious emails. That means security teams cannot perform security analytics on these IoCs.
    • Point solution email security vendor products do not integrate with the rest of the security infrastructure like proxies and endpoint security, slowing down the ability of security teams to respond.

    In this ongoing battle of wits with the bad guys, security practitioners need to augment their traditional approach to email protection with newer multi-layered detection methods, such as machine learning, predictive and behavior analysis, and sandboxing. And they need to arm themselves with email security solutions that will stop advanced threats in their tracksotherwise they remain dangerously vulnerable to data breaches.

    Symantec’s One-Two Punch

    When it comes to advanced threat protection, Symantec can help with content and malware analysis tools that block targeted attacks and offer the threat intelligence security teams will need to direct their rapid response operations.  Our new combined solution consists of Symantec Messaging Gateway and Content & Malware Analysis.

    • Symantec Messaging Gateway: This on-premises messaging security solution delivers inbound and outbound messaging security, advanced threat protection, real-time anti-spam and anti-malware protection, and data loss prevention in a single platform.
    • Symantec Content & Malware Analysis: An advanced content filtering and malware analysis platform that supplies your defenses with multiple layers of scanning, static file code analysis, and dynamic sandboxing and validation to detect and block unknown threats.

    This one-two punch protects the perimeter with the sort of on-premises email security that will stop the new and more sophisticated threats that I referenced earlier. We can block even the stealthiest threats using sandbox detonation of suspicious files and URLs and evaluate their behavior, uncovering advanced threats that would otherwise evade detection.

    An additional customer benefit: the trove of threat intelligence that Symantec gleans each day from its Global Intelligence Network – the largest in the industry. We have visibility into more than 175 million endpoints and 57 million attack sensors in 157 countries and that gives us unrivaled insight into the constellation of emerging threats. Combine that with the advanced threat technologies we offer and security teams are going to be better equipped than ever to combat emerging threats and targeted attacks.

    Let’s take a deeper technical dive:

    Key capabilities:

    • Prevent new and sophisticated email threats such as Business Email Compromise, spear phishing and ransomware with multi-layered detection technologies such as advanced heuristics, machine learning, and behavior analysis.
    • Get the strongest protection against spear phishing through deep inspection of potentially malicious URLs before an email is delivered.
    • Help protect against targeted attacks and zero day malware by removing active, potentially malicious content from Microsoft Office and PDF attachments. The clean document is reconstructed, reattached to the email, and sent to its destination.
    • Block stealthy advanced attacks with powerful virtual and OS emulation sandboxing that is customizable to reflect your actual environment and capture more malicious behavior than other sandbox solutions.
    • Get in-depth insights into targeted and advanced attack campaigns with rich threat analysis on every malicious email entering your organization, including data points such as URL information, file hashes, threat risk scores and targeted attack information
    • Quickly correlate and respond to threats by exporting rich threat intelligence to your Security Operations Center via integration with third-party Security Information and Event Management (SIEM) systems
    • Prevent leakage of sensitive information and meet your compliance and privacy requirements with built-in granular content filtering, integration with market-leading Symantec Data Loss Prevention (DLP) and policy-based encryption controls that block, quarantine, or encrypt sensitive emails.
    • Additional integrations with Symantec Endpoint Protection and Symantec ProxySG, to analyze, stop and remediate across network, endpoint and messaging channels.

    Join us for a webinar on June 29, 2017, to learn how the combined solution addresses today’s advanced email threats: CLICK HERE TO REGISTER


    Learn more about

    0 0

    Part 1: How to Secure Home DVR Cameras
    Publish to Facebook: 
    Twitter カードのスタイル: 

    Security conscious people want to protect their assets as best they can at a price that doesn't break the bank. Some are reluctant to add video cameras to their home because so many camera providers require a connection to "the cloud". Who would seriously want a stranger to have access to their home cameras? Some security conscious folks have opted to purchase cheaper, non-cloud dependent DVR camera systems but are reluctant to place a NAT forward on their firewall because, as we know from experience, any device placed on the open internet long enough will eventually be found, scanned and compromised. That six digit pin code on the cheap DVR camera system will be brute forced in short order. So what to do? In this post I hope to address the needs of a particular type of security conscious individual that has these requirements:

    1.Ability to have a home/business Camera DVR system that does not send content to a cloud provider.

    2.Ability to leverage cheaper home/business camera DVR systems.

    3.Ability to view DVR cameras over an encrypted internet channel.

    4.Ability to hide the location of the DVR system from prying eyes.

    5.Ability to view cameras from a Windows client, Macintosh client and Android Phone. (Sorry Apple fans, Apple phones won’t currently work with my solution below because they don’t officially allow TOR proxy on their phones.)

    Many folks I speak to want to access their cameras remotely, but don’t want others to pry into their privacy. A VPN on the home gateway has been one possible solution in the past, but it has its own set of drawbacks. Instructions to setup VPN gateways are easily found online for many different VPN hardware providers. My single biggest concern with VPN hardware providers, is what happens when the firmware becomes outdated and the hardware manufacturer won't update it in a timely manner or not at all. When a manufacturer will no longer update the firmware, folks are left with only one option, buy a newer device. There is also the hassle of setting up VPN credentials and having to login to a VPN just to look at your cameras, which can become tiresome over time.

    A better solution is to setup your DVR as a destination point using TOR as a Hidden Services proxy with an authentication cookie.  What is TOR hidden service?  What is an authentication cookie? For details see for an explanation of how TOR works and how it is normally used. For an explanation of TOR Hidden Services see: . A lesser known feature of TOR hidden services allows for an extra layer of security to make hidden services inaccessible unless the client has a special piece of information. See: and look at HiddenServiceAuthorizeClient section.

    At a high level, TOR tries to mask your physical location and make you as anonymous as possible. When someone wants to host a service privately, a TOR hidden service allows for a TCP/UDP port to be served on the TOR network. For example, a journalist may setup a file transfer service to anonymously transfer information out of an oppressive regime. With a normal TOR hidden service, TOR will not completely mask your physical location from a highly dedicated adversary, since an addressable onion site and open port can be probed and your TCP/UDP service may eventually be compromised with clues to your physical location.  But a little feature in TOR hidden services allows users to make their hidden service discoverable only to clients which possess an authentication cookie. This authentication cookie is provided during the TOR hidden service address lookup request; a TOR client will not be able to rendezvous with the hidden service without the cookie. By utilizing TOR hidden services and an authentication cookie, the authorized user will be the only person who will find and access the camera on the TOR network. Here is how it works at a high level with details below.

    1. A user configures their camera DVR behind their firewall as usual with an ip address, for example The user performs the normal DVR setup and shares the DVR port on their local area network on port 8181. This camera DVR becomes accessible to computers in the home network on

    2. Next, a machine on the local area network is used to host a TOR proxy, let's call it TORVR. Let's use a raspberry pi in this example. A raspberry pi would have TOR installed and a TOR hidden service configuration is added that points incoming traffic requesting port 8181 to forward traffic to port 8181 on ip address

    3. The configuration on the TORVR computer would specify a secret TOR hidden address and cookie. When TOR is launched on the TOR proxy, it will automatically create the onion address/cookie pair information.

    4. The client that will be accessing the cameras must also have TOR installed with an edit made to its torrc configuration file to include the cookie associated with the TORVR's onion address.

    5. When the TOR client opens a browser connection to the TORVR site, for example http://abcdefghijklmnop.onion:8181, the TOR client takes care of finding the site by providing the cookie during TOR hidden service lookup. The Tor browser will provide anonymized traffic access to the user’s home cameras without revealing to any intermediaries where your home base is located. This location anonymity is very useful when you are in another country or at a security conference and don't want folks to sniff your traffic and easily find out whereabouts your home is.  Remember that the only reason your TOR hidden site was able to be connected to was because you had the authentication cookie. Anyone else trying to access http://abcdefghijklmnop.onion:8181 would not be able to find the onion site, let alone connect to it on port 8181. Other users without the authentication cookie for your TOR specific onion hidden service will be unable to find your host. If the address can't be found and the port can't be probed for either pin brute forcing or vulnerability scanning, then your cameras are yours alone to use.

    6. Last thing, when TOR software gets upgraded, you can upgrade. You are not dependent on one hardware manufacturer. No need to keep upgrading hardware unnecessarily.


    How to technically configure a TOR Hidden Service with Authentication Cookie requirement on a Raspberry Pi

    The Raspberry Pi will act as a TOR hidden service proxy. This configuration will setup a port 8181 forward to the internal DVR IP and port number.

    1. Setup a raspberry pi computer with your favorite Raspberry pi distribution. Doesn't really matter which one. This has been tested on Raspberry Pi 2, 3 and Zero W, as well as Ubuntu on AMD64 system.

    2. Install TOR on your raspberry pi

         a.apt-get install tor

    3. Edit file /etc/tor/torrc

         a.Add "HiddenServiceDir /home/debian-tor/hidden_service/"  and save  # This specifies that the tor keys will be stored in /home/debian-tor/keydir

         b.Add "HiddenServicePort 8181" and save  # This assumes your internal DVR system is on and using port 8181

         c.Add "HiddenServiceAuthorizeClient stealth user1" and save # this will specify that TOR should create a private cookie so that only those who possess the cookie will be able to find and interact with the TORDVR Hidden Service.

    4. Added lines should look like this:

         HiddenServiceDir /home/debian-tor/hidden_service/

         HiddenServicePort 8181

         HiddenServiceAuthorizeClient stealth user1

    5. On the Raspberry pi start tor

         a.sudo service tor start

    6. Look in the /home/debian-tor/hidden_service/ directory and you will find a file named hostname

    7. Copy the contents of hostname for use in your tor client torrc file.

         a.The content in file /home/debian-tor/hidden_service/hostname will look similar to this:

              i. abcdefghijklmnop.onion  a+abcdefg+123456789abcd # client: user1

    8. See TOR browser configuration instructions below.

    How to configure your Microsoft Windows based TOR Browser to see your TORDVR Hidden Service with an Authentication Cookie

    1.Tor browser will need to be configured to pass the cookie specified in line 6.a.i above abcdefghijklmnop.onion  a+abcdefg+123456789abcd

    2.Go to the location where you placed your Windows Tor Browser folder and navigate to:

         a.Go to directory: \Tor Browser\Browser\TorBrowser\Data\Tor


    3.Edit torrc file

         a.Add "HidServAuth abcdefghijklmnop.onion  a+abcdefg+123456789abcd" and save # do not include the quotes.


    4. Run Tor Browser and type http://abcdefghijklmnop.onion:8181 to see your DVRs web camera on your internal computer


    How to configure your Android Device to access your TORDVR Onion Address

    1.Go to Google Play Store and install Orbot: Proxy for Tor


    2.Open Orbot:Proxy for Tor


    3.Click settings button on top right hand side.


    4.Click on Hidden Services


    5.Click on Client Cookies


    6.Click Bottom right hand button to add a client cookie


    7.Enter values for the onion site "abcdefghijklmnop.onion" and client cookie "a+abcdefg+123456789abcd". Omit the quotes. Click Save


    8.Your Orbot app should look like this:


    9.Restart Orbot for the changes to take effect.

    10.Click on Orfox


    11.Browse to http://abcdefghijklmnop.onion:8181


    Congratulations! You can now access your camera over an encrypted network from anywhere with strong authentication.

    So now you have access to your home private IP based DVR system without the use of NAT on your gateway firewall and without exposing the port to the entire internet 24/7. The port 8181 is not capable of being probed, so no random scan will find your cameras open to the internet. I've included this detailed post for cameras, but there are plenty of other great uses for TOR. I've used this hidden service for other services I don't want to leave open to the general internet. What will you come up with? Share on this post. Stay tuned for my next post on using TOR to enhance security of other home devices and services.

    0 0

    Method to block the emails going outside the organization in case of email outbreak. Organizations want to block the emails going out to avoid blacklisting the domain on ISP as a result of outbreak
    Publish to Facebook: 

    Problem Statement:

    Organizations wants to block the outbound emails which is going outside the organization when outbreak is triggered and allowing inbound email. This is required to avoid blacklisting the email domain on ISP due to email outbreak with same subject or attachment.

    As SMSMSE has limitation to bifurcate the email message recipients as external and internal and block outgoing only; to resolve this problem we can leverage exchange transport rule capability in addition with SMSMSE outbreak management and Content Filter Rule.

    Steps to apply the solution:

    When an outbreak is triggered; for e.g. same attachment name; the attachment name would be updated in match list “Outbreak Triggered Attachment Names”.

    1. Here we have enabled the Outbreak rule to update the match list1.png
    2. Enable CF rule “Quarantine Triggered Attachment Names” for outbound emails only;2.png
    3. Select Action as “Log Only” with “Add X-header(s)” as shown below;3.png

    Now we have to create the Exchange Transport Rule to block the outbound emails (Emails going out to internet) using above X-Header value

    4. Open Exchange Management Shell and run the following command.

    New-TransportRule -Name SMSMSEOutbreakManagement -SentToScope:NotInOrganization -HeaderContainsMessageHeader "X-SymOutbreak" -HeaderContainsWords "Outbreak" -RejectMessageReasonText "Rejected as a result of outbreak"

    The Rule would look like in below image in Exchange Control Panel


    Now the entire system is ready to handle the Outbreak and in turn block the emails with outbreak terms going outside the organization.

    The NDR email is sent to sender user when an outgoing email is sent with Outbreak triggered term.


    Here we have no limitation of having internal and external recipients in To field. Exchange will take care of blocking only external recipients using Exchange transport rule which we created in step 4.

    Work Flow:

    For e.g. an Outbreak is configured for Same Attachment Name.

    1. An outbreak is triggered for same attachment name
    2. As configured Outbreak manager would update the match list “Outbreak Triggered Attachment Names”
    3. For further email sent to outside recipient with the same attachment name the CF rule “Quarantine Triggered Attachment Names” would add the X-Header “X-SymOutbreak: Outbreak”
    4. The Exchange transport rule “SMSMSEOutbreakManagement” would block the emails going to external world.

    For Subject use “Quarantine Triggered Subjects” CF rule with similar configuration as “Quarantine Triggered Attachment Names”



    0 0

    Publish to Facebook: 
    Twitter カードのスタイル: 

    As reported yesterday and subsequently grabbing headlines across news outlets, a cyber risk analyst discovered extensive personal information, including political preferences, on more than 198 million US citizens hosted on a publicly-accessible cloud server. The server had no security or password requirements and the data was available to anyone who found the URL. 

    Public cloud services provide extensive security for their infrastructure but the organizations who use these platforms are responsible for securing access to their accounts and data. In this case a data firm contracted by a political party didn’t have basic security protections in place after a security settings update on June 1, which resulted in the exposure of deeply personal information on over 60% of the US population. The data was discovered on June 12 and the server was secured June 14.

    Cloud services are an excellent business resource. They are flexible, scalable, and inherently great for enabling collaboration. Putting data into the cloud and allowing open access to anyone with the right URL happens. Users may do it on purpose, assuming these links won’t be found by anyone other than the recipient of the URL – a method of ‘security by obscurity’. It can be a simple mistake; users may not realize they are exposing data publicly because they are not familiar with the settings in a particular cloud platform. Even sophisticated users can make mistakes; for example, security settings are often ‘inherited’ within file sharing structures and a change in security settings in one place can cascade into unintended changes in other areas.

    However it happens, exposing sensitive data via public URLs creates a high risk situation for an organization because anyone who finds the URL can access the data. The incident in the news this week is just one example of many.

    A Cloud Access Security Broker (CASB) that can monitor, secure and control use of cloud applications could have prevented this mistake. Such a CASB could have: identified that this data was Personally Identifiable Information (PII), one of the most confidential and regulated data types; identified that this confidential data was exposed to public view; automatically prevented users from uploading PII data into a publicly accessible folder; and alerted the administrator of the cloud service that users were storing PII data in it.

    The critical need to prevent and remediate these types of data exposures is motivating organizations to adopt CASB at a rapid pace. Gartner predicts CASB will grow five times faster than the overall information security market from 2015 to 2020.* And it is growing even faster than that at Symantec, which is why we are investing so much into developing our CloudSOC CASB solutions for both SaaS and IaaS and integrating those solutions with our extended family of enterprise security products such as DLP and encryption. The cloud is driving collaboration and innovation at a furious pace and security that can both protect and enable use of the cloud has become a critical requirement.  

    Learn more about CloudSOC to make sure your organization doesn’t make the same mistake.

    * Gartner. Forecast Snapshot: Cloud Access Security Broker, Worldwide, 2017. 16 March 2017

    Click to Tweet: 
    CASB Can Prevent Incidents Like the Massive US Voter Data Exposure #CASB #CloudSOC #databreach

    0 0

    Symantec Recognized As a National Leader in Community Impact by the Civic 50
    Publish to Facebook: 

    For the third consecutive year, Symantec has been recognized by Points of Light, the world’s largest organization dedicated to volunteer service, as one of the most community-minded companies in the United States. The Civic 50 provides a national standard for superior corporate citizenship and showcases how companies can use their time, skills and other resources to improve the quality of life in the communities where they do business.

    As the leader of global Corporate Responsibility (CR) at Symantec, our team continually thinks about the approaches and opportunities to maximize our benefit to society; how we can take the actions and make the commitments that inspire, ignite and unite our employees, customers, business and society as a whole.

    As I highlighted in a recent article, the definition of a business’ responsibility to communities is expanding. Today leaders in community engagement and CR recognize that everyone benefits when business looks at its responsibility to serve communities not as what can “I” - the business – do, but what can “we” do – viewing businesses as part of a much larger network that has the potential to create impact. For example, viewing the company as a collection of thousands of individuals (e.g. employees), as part of an industry made up of thousands of companies, as part of a broader business community, all of which together have the power to bring awareness to and significantly impact community issues. When we look at our potential to benefit society from this perspective, community engagement becomes a value driver in many ways. For example, at Symantec:

    • We hold ourselves to the highest standards, designing ethically-sound programs that are integrated into our business, delivering benefits to all of our constituents—from our customers to our shareholders to the world at large. We have developed a community investment strategy that is based on focus areas aligned with our key business priorities and objectives including: science, technology, engineering, and math (STEM) education and equal access to education, diversity, online safety and environmental responsibility.

    Our signature CR program, the Symantec Cyber Career Connection (SC3), was launched in 2014 and is a collaborative effort leveraging the expertise and resources of Symantec (as a world-leading cybersecurity provider), nonprofit partners (with their tried and tested programs in skills development and job placement) and our customers and partners (who provide mentoring, internships, job placement) to address the global cybersecurity workforce gap.  

    Additionally, through our software donation program executed with TechSoup, in FY16 we donated $20.8 million of software (retail value) to 22,796 nonprofits across 55 countries, so they could focus on their mission and worry less about the security of their information.

    • Our investment in the community is driven in large part by the passion of individuals. We believe in the power each employee to make a difference and together—from our Green Teams to community relations committees to local volunteer programs—our actions empower each other and communities in new and innovative ways. In FY16, we logged more than 28K volunteer hours of employee volunteer time. This amount equals 2.5 hours for each of the 11,430 employees with whom we ended the year.

    From mentoring students in STEM and professionals in our SC3 program to helping resource strapped nonprofits protect their organizations to advocating for a fair and equal industry, Symantec’s philanthropic activities provide our employees with meaningful ways to put their skills to use and to grow professionally.

    • While the drive of individuals is key, we also recognize that providing the platforms and policies to support community giving helps engage individuals and strengthen our efforts. Through our Take 5! initiative we challenge employees to offer at least five hours of service each year, through our Dollars for Doers program employees can donate money for time volunteered and double (or even triple) this through our Matching Gifts policy, and our Global Service Week encourages all employees to come together for one week of service each year. Through philanthropy and community engagement, we connect the world to Symantec, helping our customers and partners understand who we are and what we stand for, driving trust and confidence in Symantec’s business and products.

    It is an honor to be recognized for the third consecutive year as a leader in community engagement alongside the United States’ and our world’s top companies. We are all proving that doing good is good business and the extended impact of hands-on support as well as financial contributions. For example, Civic 50 honorees use community engagement to drive key business functions, including employee engagement (88 percent), diversity and inclusion (84 percent), marketing and PR (84 percent), and skill development (72 percent). Demonstrating that ultimately we are all part of one community, and helping each other by strengthening the communities in which we live and work, can only help ourselves, our businesses, and our industries.

    The Civic 50 winners are public and private companies with U.S. operations and revenues of $1 billion or more, and are selected based on four dimensions of their U.S. community engagement program: investment, integration, institutionalization, and impact. The Civic 50 survey was administered by True Impact, a company specializing in helping organizations maximize and measure their social and business value. The survey instrument consists of quantitative and multiple-choice questions that inform the Civic 50 scoring process. The Civic 50 is the only survey and ranking system that exclusively measures corporate involvement in communities.

    To learn more about The Civic 50, to see a full list of the winners and to access the highlights, trends, benchmarking data and best practices from the 2017 Civic 50, please visit

    Article Image 1_Career Village.pngArticle Image 2_Surf Smart India_1_0.jpg