It can often seem that security measures exist to stop people from doing things, or to try to catch them out if they do. Across organisations, an broadening range of mechanisms can be used to ensure staff are not breaking the rules - raising the increasingly important question - how can security needs be balanced with employee privacy?

The answer is not straightforward. All manner of techniques are available to system administrators, security managers or senior management, including Data Leakage Prevention (DLP) and Deep Packet Inspection, but also extending to simply using privileges to gain access to the content of employee emails.

Not only is the potential for abuse clear and present but also, the corporate environment is becoming more complicated. A person's smartphone may connect to the corporate guest LAN - does this make it fair game for monitoring? What about use of  location information or CCTV, to help process efficiency or monitor for misdemeanour? 

While no simple answer exists, we do have a good starting point - that is, why we have IT Security in the first place. The role of security is generally agreed as protecting the confidentiality, integrity and availability data assets but this role, too, exists for a reason, which is to protect the interests of the business and its stakeholders.

As well as the business itself (representing the shareholders), the organisation has a duty of care to all of its stakeholder groups - these include customers, suppliers and, indeed, employees. Of course this can cause conflicts from time to time, but getting this balance right goes to the heart of business strategy and, indeed, corporate governance. 

Equally, stakeholder groups need to deliver on their side of the bargain, as captured in documents such as the contract of employment, acceptable use policies and terms of service. Organisations may not always get everything right - we only need to look at the recent controversy over zero-hours contracts for an illustration of how some will choose to cross the line. 

In general however, organisations that want to have a good relationship with their staff already have the tools they need. We are all human, and sometimes need both the stick as well as the carrot - if it were otherwise, we wouldn’t need to put locks on the doors. 

However it is more than possible to get the balance right, if the needs of different stakeholder groups are treated with equal merit. If employes are considered simply as a problem to be solved, then they are more likely to become one.

Protect your mobile apps against vulnerabilities like Apple's "Goto fail" SSL exploit by using Symantec's app wrapping.

Performance degradation can happen due to multiple reasons. The main bottlenecks that would affect performance are:

1. Memory
2. Disk IO
3. CPU
4. Blocking
5. System resource contention
6. Application design problems
7. Queries or stored procedures that have long execution times

Please check the Article below which has articles from Symwise, Connect, Few Querys, 3rd Party Tools and Articles

Articles from SymWise

Creating a maintenance plan in SQL Server 2005 or 2008 to optimize database performance
http://www.symantec.com/docs/HOWTO8589

SQL Tuning and Performance
http://www.symantec.com/docs/HOWTO5289

Notification Server performance issues due to SQL index fragmentation
http://www.symantec.com/business/support/index?page=content&id=TECH28827

Articles from Connect

The Story of a Very Expensive Filter
http://www.symantec.com/connect/blogs/story-very-expensive-filter

Use of SQL Queries and performance
http://www.symantec.com/connect/forums/use-sql-queries-and-performance

SQL Querys

Query to check the largest Column within CMDB

select c.collectionguid, count(*), vi.Name
from collectionmembership c join vItem vi on c.CollectionGuid = vi.Guid
group by collectionguid, vi.Name
having count(*) > 1
order by count(*) desc

This query will help you while troubleshooting on the performance issue to find out the largest table within CMDB

SELECT OBJECT_NAME(OBJECT_ID)
TableName, st.row_count FROM sys.dm_db_partition_stats st
WHERE index_id < 2 ORDER BY st.row_count DESC

Following script find out which are the queries running currently on your server.
SELECT sqltext.TEXT,
req.session_id,
req.status,
req.command,
req.cpu_time,
req.total_elapsed_time
FROM sys.dm_exec_requests req
CROSS APPLY sys.dm_exec_sql_text(sql_handle) AS sqltext

While running above query if you find any query which is running for long time it can be killed using following command.
KILL [session_id]
 

3rd Party Tools and Articles
 

Tools to help database administrators manage the performance of Microsoft SQL Server.

RML Utilities for SQL Server (x86)
http://www.microsoft.com/en-us/download/details.aspx?id=8161

SQL Nexus Tool
SQL Nexus is a tool that helps you identify the root cause of SQL Server performance issues. It loads and analyzes performance data collected by SQLDiag and PSSDiag. It can dramatically reduce the amount of time you spend manually analyzing data.
http://sqlnexus.codeplex.com/

How to troubleshoot SQL Server performance issues
http://support.microsoft.com/kb/298475

HOW TO: Troubleshoot Application Performance with SQL Server
http://support.microsoft.com/kb/224587/en-us

The new Bring Your Customer Advocate to Vision program offers Symantec partners the opportunity to receive a free pass to Vision 2014 for your customer in exchange for a qualifying reference submission. Interested in participating? Follow the simple instructions below.

1. Go to the “Get Started” link below and complete the Customer Reference Nomination Form
2. Confirm the types of reference activities that your customer is willing to participate in for at least one year in the online form
3. Submit the completed form by clicking the “Register” button

IMPORTANT: Last chance to submit the Customer Reference Nomination Form is 12:00pm PST on Tuesday, April 15, 2014.

Get Started>

Looking for additional details on Symantec’s Vision 2014 event? Visit the website at www.symantec.com/vision

Por Rodrigo Gómez, Director Comercial y de Canales para Symantec en México

El 17 de febrero en la Ciudad de México llevamos a cabo nuestro Partner Engage 2014, un evento anual que creamos para ustedes, nuestros socios, y en el cual esta vez nos acompañaron más de 300 partners provenientes de diversas partes del país. Durante el día, además de capacitaciones, compartimos información sobre nuestra estrategia y visión como compañía y presentamos algunos detalles de nuestro Programa de Canales, el cual hemos rediseñado y está basado en la Estrategia Global para Canales de Symantec, misma que dimos a conocer en noviembre de 2013. Esta estrategia fue desarrollada para apoyar de manera más efectiva la forma en que nuestros socios hacen negocios, al construir relaciones más efectivas que promuevan el crecimiento y brinden un valor diferenciado a los clientes de cualquier tamaño.

El mundo está cambiando y hay oportunidades para todos. Nuestro portafolio es extenso y, por ello, requerimos socios que se enfoquen en cada tipo de cliente, que entiendan sus objetivos de negocio y les ayuden a reducir la complejidad. Queremos socios que comprendan y apoyen a resolver con tecnología las necesidades de un negocio pequeño o mediano, pero también partners que sostengan relaciones a un nivel más profundo en las organizaciones, para ofrecer soluciones más completas. Nuestro Programa toma en cuenta estas necesidades y está diseñado para recompensar el crecimiento de las áreas donde cada partner tiene mayor, experiencia, fortaleza y capacidad.

Como parte de este rediseño, durante nuestro evento en México dimos a conocer Symantec Competencies (Competencias Symantec), una nueva arquitectura diseñada para ofrecer una mejor experiencia al cliente y que toma en cuenta la capacidad de cada socio mediante un mayor conocimiento de las áreas afines con nuestras soluciones. ¿Cómo funciona? Nuestros socios desarrollarán las capacidades requeridas para comercializar e implementar las diferentes soluciones de Symantec y, una vez que cuenten con la experiencia necesaria para cada competencia, obtendrán beneficios especiales del Programa. Así, cuando nuestros canales alcancen cierto nivel de desempeño, obtendrán más beneficios y recompensas por crecer su negocio y brindar valor a los clientes. Las competencias son la base y comprenden un enfoque al cliente además de ofrecer una mayor capacidad de recompensar a los partners más comprometidos y con el mejor desempeño.

Al respecto, Antonio Lamparero de Industrial Solutions, nos comentó: “La nueva arquitectura de competencias de Symantec nos ayudará a diferenciarnos de nuestros competidores en el mercado mexicano, al fortalecer nuestras habilidades e identificar nuevas áreas para ofrecer valor y satisfacción a nuestros clientes”.

¿Qué otra diferencia hay en nuestro Programa de Canal rediseñado? Que invertiremos más que nunca en nuestra historia en beneficios económicos para nuestro canal pues el nuevo diseño concentra nuestras inversiones en los socios que tienen un mejor desempeño. Por eso, hemos fortalecido nuestro programa de Opportunity Registration (Registro de Oportunidades) y agregado un rebate por crecimiento. Por otra parte, también ofreceremos fondos para el desarrollo de nuestros socios, con el fin de invertir en ellos, de la misma forma en que a lo largo de este tiempo han invertido en nosotros.

Siguiendo con este tema, también hemos reforzado los beneficios no económicos para apoyar el crecimiento del negocio de nuestros partners y estimular a los clientes a través del ciclo de ventas. Uno de estos nuevos beneficios será la posibilidad de tener acceso a la misma inteligencia de mercado que utilizamos para planear nuestra estrategia de negocio, con el fin de que ambos tengamos la misma información y podamos crecer juntos. Asimismo, brindaremos una consultoría más amplia, mayor apoyo técnico y más oportunidades de capacitación en línea.

En este sentido, al finalizar el Partner Engage, Agustín Robles, Director General de Tecno XXI, comentó: “Durante varios años hemos mantenido una relación cercana con Symantec que nos ha permitido fortalecer nuestra presencia, crecer como empresa y ofrecer la mejor tecnología a nuestros clientes. Con el rediseño del Programa de Canales, buscaremos sacar provecho de los nuevos beneficios para tener más y mejores oportunidades de negocio y, a la vez, continuar ayudando a nuestros clientes a ser exitosos junto con nosotros”.

En Symantec, estamos analizado cómo se hará la transición hacia este nuevo programa y cómo reconoceremos las inversiones que nuestros socios realizan actualmente, por ello, hemos establecido un periodo de transición, durante el cual mantendremos el nivel actual de cada uno de los miembros del Programa y los beneficios asociados.

Estamos construyendo nuestro Programa de Canal de la mano de nuestros socios en México y todo el mundo, ajustando nuestra metodología con base en la retroalimentación recibida, por ello, reiteraremos nuestro enfoque, el cual sigue evolucionando para asegurarnos de ofrecer valor y cumplir con las necesidades y expectativas de nuestros partners. Sin duda, nuestro Programa rediseñado nos permitirá brindar las mayores recompensas en la historia de Symantec, así que les compartiremos más información y detalles sobre este tema y el proceso que estamos siguiendo durante los próximos meses conforme nos acerquemos al lanzamiento oficial, así que seguimos en contacto.

Entering the second week in Peru, the Symantec Service Corps (SSC) team has settled into their business projects as well as their home for the month, Hotel Casa Di Me Abuela, which translates to "My Grandmother's House."

While each morning the 10 team members head out to three different locations, they return at the end of the day and sit in the garden outside of their hotel, debriefing on what they learned and establishing a plan for the next day. We're keeping in close contact with them through their blogs, and are compiling weekly updates on their progress. Here's an update from Week Two!

A taste of Peru

Traveling to a foreign country is always an experience. It can be a challenge to acclimate -- everything from food to lifestyle -- not to mention conducting business meetings in a new language. The SSC has interpreters at each job assignment to help them communicate with their clients. Outside of the work environment, the team is fortunate to have a few members that are fluent in Spanish, who help guide their way.

As the team gets to know the Peruvian culture, here are a few things they've learned:

• Time: In Peru, things are typically less urgent and locals are very time-relaxed. It is not unusual for people to take two or three hour lunches, or for taxis to arrive plus or minus 30 minutes from the time requested.

• Food: Peruvian food features lot of flavorful spices, fresh fruits, root vegetables, cheese, desserts and fruit juices. Traditional meals are larger than most of the team members are accustomed to and include a range of meats such as alpaca and cuy cuy (guinea pig).

"I was very surprised by the Peruvian cuisine. Living in the San Francisco Bay Area, I expected the cuisine to be closer to traditional Mexican cuisine. It is not at all. It has deep spices and is beautifully cooked, with a range of meats, vegetables, amazing Arequipenan mangos and other fruits. I have not seen a tortilla since I left the United States," said Claire Dean.

• Shops: Owner-operated Peruvian shops can exist anywhere -- in an alley, a doorway, a cart, a traditional mall, a small flea markets or an upmarket boutique.

• Attire: A large number of Peruvians wear the traditional Andes dress day-to-day.

• Greetings: The locals are extremely friendly. Each morning co-workers great the team with a kiss and a hug.

"Everyone has been incredibly nice and helpful. The organizations are ecstatic that we are here, and the locals have been incredibly understanding of our inability to speak Spanish or Quechua, and have gone out of their way to help us out," said Kamal LaBreche.

Helping an 85-year-old farmer pack feed on his donkey

Making an impact: client projects underway

The SSC team is diving into the challenges of their three client organizations since kicking things off more than a week ago. Here are the latest updates directly from the teams on the ground in Peru.

Paz Peru update

Claire Dean, Alicia Pereira Pimintel, Ashley Savageau and Joseph Ferrar are working with Paz Peru to create a marketing plan to help increase revenue for the organization's textile business.

So far they have met with the director, head of sales, graphic designer and the former head of the Arequipa Chamber of Commerce to learn more about their positioning in the market and goals. They also have interviews planned with prospective and current customers and the textile factory supervisor to further research their ideas. They are working towards the creation of a positioning document, a sales playbook, and a demand-generation plan.

While the team is working solely on the textile business, Paz Peru also has various lines of business including a domestic violence shelter for girls, organic farm, medical and dental clinic, job skills training, as well as administrative offices.

"We're getting more and more excited about the project by the day. We intend to bring the Paz Peru team along on this journey so that they can replicate the process for their other lines of business after our departure," said Ashley Savageau.

For more, read the: Paz Peru Project Update.

Descosur update

Chris Brown, Craig Chan and Kamal LaBreche are in the process of assessing Descosur's accounting system and will ultimately make recommendations to improve availability, security, functionality and efficiency. They've spent the past week meeting with individuals throughout the organization ranging from senior executives and department managers to those who enter financial information into the system on a daily basis.

This week they are working to understand the organization's goals, challenges and requirements, as well as the specific capabilities available within the current accounting systems.

"Next week will be critical to our success as we meet with the programmer who created the accounting software system utilized by Descosur, as well as the head accountant from Lima," said Craig Chan.

For more, read the: Descosur Project Update.

CIED update

Allyson Gomez, Marq Bauman, and Prakash Pappachan are working with the Center of Research, Education, and Development (CIED) to help with an organizational restructuring. Over the past week they gathered information about the current organizational structure, employee roles and tasks, and how CIED functions. They are now creating a framework for their deliverables.

"Even though Symantec and CIED operate in vastly different markets and locations, there are similarities. One fascinating example of the commonalities was seen when the national director mentioned how his staff doesn't have a "north" to guide them. This comment resonated with us instantly (as with any Symantec employee). Some concepts such as doing good and "True North" translate across borders. We immediately felt a connection between CIED's goals and Symantec's strategy," said Allyson Gomez.

For more, read the: CIED Project Update.

Behind the scenes: How Service Corps came together

Launching a program like Symantec Service Corps is no easy task. The Symantec Corporate Responsibility team has been working on this program for nearly a year. Curious about how it all came together? Read: A journey of 4,956 miles begins with a single step ...

Continue to follow the team

Week two is almost over but there is much more in store. Continue the journey with the Symantec Service Corps team by following along on their blog, their Twitter feed or watch this space for regular updates.

For more information about Symantec's Corporate Responsibility strategy, visit the Corporate Responsibility website.

Lora Phillips is Symantec's Senior Manager, Global Corporate Responsibility.

Greetings NetBackup professionals! The NetBackup product team is actively planning for our biggest Vision conference ever. In addition to participating in over 100 training sessions and hand-on labs, conference attendees will be able to hear the latest on the future direction of NetBackup, connect with the thought leaders and subject matter experts who drive our data protection technologies, and network with their peers to learn how they are using NetBackup to protect their information.

We’d like your help to make sure the educational experience is exactly what you’re looking for. We’ve put together a quick survey of possible NetBackup topics we may cover at the conference. Please share your opinions with us and let us know which of these topics interests you:

Click here to fill out our Vision NetBackup topic survey

Symantec Vision 2014 Conference Details:

Where: Caesars Palace, Las Vegas
When: Monday, May 5 through Thursday, May 8
Register: http://www.symantec.com/vision/

1. Choosing based on price. Not all certificate authorities (CA) are the same. The security of your certificates depends in part on how secure the CA is, so it pays to choose wisely. In addition, when you’re installing new SSL certificates you need a company that can provide a full range of services and the backup to make the installation go smoothly. (Symantec secures more than one million Web servers worldwide, more than any other Certificate Authority.)
   
2. Not being prepared. Before you apply for a certificate, you will need certain pieces of information. It’s worth having everything ready before you start the process.
3. Getting the wrong type. There are different kinds of certificates for different types of application. For example, there are certificates for email systems, code signing certificates and more, besides the familiar certificates used on websites. Make sure you choose the right one.
4. Leaving certificate renewal to the very last minute. It can take a little time to go through the steps required to request and issue a new certificate, especially if you choose Extended Validation, where the CA will need time to authenticate you and your organisation. Starting 2-4 weeks in advance makes sense in most cases this also guards against unseen ‘tech issues’ that might arise too.
5. Generate a valid CSR. All certificates start with a certificate signing request (CSR) but how you get a valid CSR depends on the software you’re using. Check out this guide to the most popular applications.
6. Not checking the CSR. Use Symantec’s free CSR checker to make sure you have a valid CSR.
   
7. Not protecting the private key. SSL encryption depends on a private key that unlocks communication to and from your server. Your CA gives you this private key and you install it on your system. Treat it as a valuable asset and don’t share it with more people than necessary or make it easy for unauthorised users to access.
8. Not testing the certificate. After installation, check the site using Symantec’s certificate installation checker. Also check it on a wide variety of browsers and platforms to make sure it’s working properly.
9. Not getting help when you need it. If something goes wrong, you can turn to a reputable Certificate Authority like Symantec for help. A good starting point is our support page but you can also contact us directly.
10. Losing your password. Smart IT managers keep a run book to record the procedures they use so that if they are not around to renew the certificates when they expire, at least their successors know how to do it. Your run book should include the URL, user name and password required to access your CA’s certificate centre (but remember keep this secured and only allow access to those who need to manage the certificates).

For more information on encryption, SSL, and website security download our SSL Explained interactive infographic now.

While the Sochi Winter Olympics may now be over without incident, considering all of the media attention and fears surrounding a potential terrorist attack at the event, it should come as no surprise that cyberattackers were preying on these uncertainties to target potential victims of interest.

During the games, Symantec saw multiple targeted email campaigns that used Sochi Olympics themes to bait potential victims. These observed email campaigns were blocked by our Symantec.Cloud service. In one such campaign, we saw that targets were being sent the following email.

Figure 1. Email purporting to relate to a terrorist threat at the Sochi Olympics

In this campaign, attackers were using the social engineering ploy of a terrorist threat at the Sochi Olympics to lure in their victims. While the email does not look professional, the curiosity for the content can still be enough to persuade an individual to open the attachment. If a victim fell prey to opening the attachment, their computer became infected with Backdoor.Darkmoon. Darkmoon is a popular remote access Trojan (RAT) which is often used in targeted attacks, as seen in a recent Symantec blog about how the G20 Summit was used as bait in targeted emails and in the 2011 Symantec whitepaper, The Nitro Attacks.  

In another targeted campaign using the Sochi Olympics theme, we observed the following email that was being sent by an attacker to targets of interest.

Figure 2. Email purporting to relate to military co-operation at the Sochi Olympics

Again, as seen in the email, the attackers used the social engineering ploy of military co-operation around the Sochi Olympics. This time, the payload was Trojan.Wipbot. This Trojan is associated with another similar targeted attack campaign, which included an attack that used a Windows zero-day elevation of privilege vulnerability.

These attacks highlight the ongoing need for vigilance when receiving any unsolicited emails. They also reinforce what is already known — targeted attackers are quick to make use of the latest news or events to enhance the chances of success for their social engineering ploy. The campaigns also highlight how targeted email attacks are showing no sign of dissipating anytime soon.

As always, we advise customers to use the latest Symantec technologies and incorporate the latest Symantec consumer and enterprise solutions to best protect against attacks of any kind.

Microsoft announced availability of an SP1 for many of its 2013 wave of products.

Specifically this includes Exchange 2013, SharePoint 2013 and Office 2013.

The service packs will be run through our standard certification process and we expect to be able to announce support within 60-90 days (inline with our normal support policy for new product releases).

I'll post back here with updates on this as they happen.

Vision is the content-rich conference that brings technology leaders and experts together to exchange techniques and strategies for success.

1. Do you qualify as a Vision Alumni? This year Vision's offering even more alumni savings, content, and perks to reward your loyalty - find out if you qualify.

2. A major Vision entertainment announcement is coming soon!  Any guesses?

3. There are lots of activities planned to help you get more value from your Symantec investment. Check out all the reasons you should attend!

4. Spring might last for months - but our Early Bird promotion doesn't.  Register now!

5. Prioritize the key sessions you’re most interested in. Check out the Session Catalog.
 

Upgrading… For System Administrators, this can be a painful idea.  What are the new hardware requirements? Where do I get the software? What is the correct process for my environment’s upgrade? So much has to be planned for with minimal downtime in mind.

Symantec has a great one-stop shop for tools and services supporting NetBackup upgrades and troubleshooting, the SORT Web Portal (https://sort.symantec.com/netbackup). SORT stands for Symantec Operations Readiness Tools and simplifies some of the most time-consuming administrator tasks. It helps you identify risks in your datacenters and improve operational efficiency, enabling you to manage the complexity associated with datacenter architectures and scale.

For NetBackup upgrades, there are data collection tools that point out common issues, identify installation and upgrade requirements, track product licenses, and gather data for support troubleshooting.  You can use it to sign up for notifications of new HotFix/EEB releases or NetBackup Future Platform and Feature Plans. You can also customize your own My SORT page with your connect login.

Next time you’re on the go, try downloading the SORT mobile app for iPhone/iPad and review NetBackup documentation or error code lookups.  

ソチオリンピックはどうやら平穏に幕を閉じたようですが、この一大イベントがテロリストに狙われる可能性についてメディアの注目と懸念が集まっていたことを考えると、サイバー犯罪者がその不安心理を突いて、興味を示しそうなユーザーを標的にしていたのも予想外のことではありません。

開催期間中に、シマンテックはソチオリンピックの話題を餌にした標的型の電子メール攻撃を複数確認しました。確認された電子メール攻撃は Symantec.Cloudサービスによって遮断されています。この攻撃のある例では、標的のユーザーに次のような電子メールが送り付けられました。

図 1.ソチオリンピックを狙うテロの脅威に関する内容と称する電子メール

この例では、攻撃者はソチオリンピックを狙うテロの脅威を題材にしたソーシャルエンジニアリングの手法を使って、ユーザーを欺こうとしていました。電子メールの作りは素人然としていますが、内容で気を引いてしまえば添付ファイルを開かせるのは簡単かもしれません。被害者がうかうかと添付ファイルを開いてしまうと、コンピュータは Backdoor.Darkmoonに感染します。Darkmoon はよく使われているリモートアクセス型のトロイの木馬（RAT）です。G20 サミットが餌に使われた経緯をお伝えした最近のブログや、2011 年のホワイトペーパー「The Nitro Attacks」（英語）でも解説しているとおり、標的型攻撃に頻繁に使われています。

ソチオリンピックを題材にした別の標的型攻撃では、攻撃者から次のような電子メールが届きました。

図 2.ソチオリンピックにおける軍事協力活動に関する内容と称する電子メール

この例でも、攻撃者はソチオリンピックをめぐる軍事協力活動を題材にしたソーシャルエンジニアリングの手法を使っていますが、今回のペイロードは Trojan.Wipbotです。これも、類似の標的型攻撃に関連したトロイの木馬で、Windows の特権昇格のゼロデイ脆弱性を悪用した攻撃で使われていました。

こうした攻撃によって、迷惑メールを受け取った場合に依然として警戒が必要であることが改めて明確になりました。従来の手口が強化されることもあります。標的型攻撃の攻撃者は最新のニュースやイベントをすかさず悪用し、ソーシャルエンジニアリングの成功率を少しでも高くしようとします。今回の攻撃で、標的型の電子メール攻撃が近い将来に一掃される気配はまったくないということも明らかになりました。

このような攻撃から保護するために、シマンテックの最新技術をお使いいただき、シマンテックのコンシューマ向けまたはエンタープライズ向けの最新ソリューションを導入してください。

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。

Virtualization and “software defined” initiatives have shifted how we look at security controls. Let’s take a look at some of the factors to consider in designing security controls for a software defined data center (SDDC). To this end, Symantec has introduced a suite of data center security products:

• Symantec Data Center Security: Server, and
• Symantec Data Center Security: Server Advanced

Key Challenges:

Abstraction
Security has often leveraged or worked within “physical” boundaries, e.g. a single task server with fixed resources (CPU, memory, disk space). Administrators could easily associate a piece of hardware, in location X, with a particular set of applications or services. With abstraction and the advancement of virtualization comes the transition to logical thinking, where the Admin sees only the software view as defined by the virtual platform such as VMware. In a virtual data center, there’s near total reliance on the platform infrastructure to manage the underlying compute, storage and network resources which have been completely disassociated from hardware through software. While the platform software has the capacity to represent what had been “one” resource as potentially many (e.g. numerous guest virtual machines running on a single physical host), or many as one, security has lagged in adapting to this paradigm and enforcing policy where boundaries are dynamic and logical. Making security just another logical resource or service to the virtual infrastructure, and orchestrating security policy through this abstraction, is a goal. By leveraging new VMware NSX platform extensibility with Service Composer integration, Symantec brings security controls into the software defined era.

Shared Resources and Density
Maximizing virtual server consolidation across physical hosts to save CAPEX is one of the leading drivers behind virtualization. Yet with consolidation comes narrow resource margins, and the need to minimize any security tax or overhead on these limited resources in order to retain service levels. The resource “storm” event is a common use case, which results when intensive activities happen concurrently across guest virtual machines on a shared host- and traditional AV file system scanning has been a classic example. When on-demand scans occur simultaneously across virtual machines on a common host, the shared resource margins are strained and all virtual machines suffer. By moving security controls out of each guest virtual machine to the hypervisor as a single-instance, security virtual appliance (often referred to as “agentless”), Symantec optimizes for the shared infrastructure

Elasticity and Motion
Another key value proposition of virtualization has been the ability to quickly provision new virtual servers, and if necessary move them across physical hosts without disrupting service. New requests for IT services, or surges in demand, will trigger server provisioning events. Motion events may be executed automatically to avoid unplanned downtime (e.g. preserve availability on system failure) or manually in response to planned host maintenance. What’s important from a design perspective is recognizing that elasticity and motion are facilitated through the virtual infrastructure, and that security should be integrated into that process in order to preserve these key functions. Ideally, security should persist as a service to the infrastructure, always available and responsive to these changes. Security gains visibility into the infrastructure’s current state by inheriting this from the source- the platform itself. Without this, simple RACE conditions can arise where security could lag the real-world infrastructure, thus exposing virtual machines to unnecessary risk. By having security integrated into the platform, Symantec helps customers avoid service delays or misconfigured security, and reducing exposure to threats.

To solve the server security challenges, Symantec introduces Symantec Data Center Security: Server and Symantec Data Center Security: Server Advanced for the virtual data center.

Architecture Considerations:

Single System View
One can assume that 70% of servers are virtualized, with the remaining non-x86 Unix platforms and their business critical applications in transition. With this degree of virtualization, security must overcome abstraction in order to advance the promise of a software defined data center. Security Admin’s will leverage the “logical” view rather than viewing the environment in its physical context as “this virtual machine running on this host.” In VMware terms, this logical view might represent a Security Group or Virtual Data Center. This shift in perspective to a single system view, or a leveraged perspective that accounts for abstraction, is where Administrators will focus. Their concern is only that security policies are enforced, and not on how the underlying infrastructure achieves this. In the case of scanning files of a virtual server for malware, Administrators will be less concerned about what host SVA has scanned the files for a virtual machine, and more with the fact that files have been scanned. For example, a virtual machine could move across hosts during the enforcement of policy and rely on several SVA’s to achieve this. Being assured that the security service behaves as an abstracted single system across the physical boundaries and multiple SVAs engaged in executing the policy is all the Administrator needs to know. It is the burden of the security system to respond based on its design.

Deterministic
With adoption of IT-as-a-Service, the compute, storage, and network tiers are managed in discrete resource increments. Service catalogs will automatically assemble these abstracted resources per defined templates to create new services for production use. Security will similarly fit into this model, hence security controls need to be templated, and their impact on the infrastructure predictable- i.e. no surprise. In virtual data centers, these security controls may be instantiated as security virtual appliances (SVA), and these SVA’s will be consistent in their behavior, including use of resources and performance. Every SVA will in essence be a clone of its like-templated neighbor, enforcing the various policies unique to the population of virtual machines running within its control. And should an update be made available to the SVA’s, all SVA’s will advance the update synchronously, or none do.

Preservation of Elasticity and Motion
Security will not compromise or degrade the overriding operational promise of virtualization, i.e. elasticity, motion, HA, etc. As server workloads are brought into service or moved onto any piece of hardware, security will have instant awareness of these workloads, regardless of which host they run on or which SVA protects them. As virtual machines come online and move, these virtual machines will automatically appear within the responsible host SVA’s realm of protection without operator action, and there will be no disruption to security coverage as they continue to move across the infrastructure. In its simplest form, security as an available service will be persisted across the virtual infrastructure. And should any element of the infrastructure break down, the security service will continue to function. Rather than relying on the VM Admin to manually deploy a Security SVA as a separate provisioning step, the “security service” will automatically deploy through the NSX Service Composer integration to preserve continuity.

Summary:
The agility, reliability, and efficiencies extended to IT through a software defined data center are tangible. At Symantec, we are focused on helping organizations realize these “IT-as-a-Service” benefits and dramatically lowering operational costs – while assuring their corporate assets are protected. The Symantec Data Center Security: Suite of products will continue to deliver innovative solutions for the SDDC.

To reach Chip:

Email: Chip_Epps@symantec.com

Twitter: follow us @SymantecDC

We have an important update to share with you regarding Symantec Network Access Control. At Symantec, we actively monitor security threats and trends in the industry, and after careful review and consideration, we have made the decision to End of Life (EOL) Symantec Network Access Control. The growth of Bring Your Own Device (BYOD) and the integration of access control technology into networking devices offered by most network hardware vendors have reduced the need for standalone NAC solutions. The discontinuation of Symantec Network Access Control will free up valuable resources to focus on our endpoint security offerings, including advanced threat protection and protection from newer security risks that impact your enterprise today.

Moving forward, Host Integrity, a feature of Symantec Network Access Control, will be integrated into a future release of Symantec Endpoint Protection (SEP). Customers who have SEP entitlement can continue to use the Host Integrity feature. Those who require advanced network access control capabilities should speak to their current network device providers whose products may have already incorporated this technology.

Symantec Corporation will be discontinuing the availability of Symantec Network Access Control, Symantec Network Access Control Starter Edition, and Symantec Network Access Control Enforcer with 6100 Series Appliance. This letter details the key dates that are of importance to you.

Note: September 3, 2014 will be the last date of availability for customers to order Symantec Network Access Control, Symantec Network Access Control Starter Edition and Symantec Network Access Control Enforcer with 6100 Series Appliance.

Symantec Corporation will End of Life (“EOL”) the product(s) identified in this notification including any Maintenance Packs (MPs) and/or patches for each version, in all released languages. Technical support and content updates for customers with current Basic Maintenance Support or Essential Support will be available until November 5, 2017. The frequency and quantity of these content updates will decrease over time. This notice describes the timelines for the delivery of support services for these products that have reached their EOL.

Note: There is no Partial Support period for these products.

Need more information?  We encourage you to download this Frequently Asked Questions (FAQ) document.

Support Life Cycle

End of Life: “End of Life” or “EOL” means when we cease marketing or distributing a Major Release and its related releases of Licensed Software. The End of Life date starts the timeline and process leading to End of Support Life for that Major Release and its related Minor Releases and Maintenance Packs.

Limited Support: Provided the customer maintains a current support subscription for the product, Symantec will provide Limited Support for issues at all severity levels until the date identified in the table above. “Limited Support” means a level of Support Services that we provide to you in response to a Case. A technical support engineer and/or applicable engineering resources will provide Fixes, and error corrections for your Licensed Software in accordance with Symantec support policies. Limited Support is limited to modifications or additions to the Licensed Software that establish or restore substantial conformity with its Documentation. Limited Support also includes access to Content Updates (if applicable) as described herein. Note that sometimes “Limited Support” may be referred to as “Full Support” or “Normal Support.”

During this period, we will determine when it will be most effective to develop a new Fix, e.g., in cases where there has been data loss, a production system is down, significant security vulnerabilities have been identified, or other significant defects. For other types of Problems, we will typically either provide an existing Fix, or workaround. Customers may also access Content Updates (if applicable) during this period as well. At the end of this period, we will stop providing Limited Support.

End of Support Life: When the product versions identified in the table above reach their End of Support Life, we will cease providing any Limited Support and any Partial Support. Please refer to the worldwide Symantec Enterprise Technical Support Policy (the “Policy”) at the link provided below for further details. In the event of conflict between timelines stated in this notice letter and those stated in the Policy, the terms of this notice letter will control to the extent of such conflict, and only with respect to the specific products and versions covered in this notice. In the event of conflict between deliverables stated in this notice letter and those stated in the Policy, the terms of the Policy will control.

For more information regarding the services provided in Limited Support, Partial Support, and Content Updates, please refer to the Symantec Enterprise Technical Support Policy at the link below or, alternatively, contact your Symantec Account Manager: http://www.symantec.com/business/support/support_policies.jsp

To receive timely notification on updates and the support lifecycle for your Symantec product, please sign up at the following link to receive Symantec Technical Support News Bulletins:

http://www.symantec.com/business/support/news_bulletins/

We also recommend that you periodically check our website by selecting your product, then release details, for information with respect to End of Life and End of Support Life for your specific Licensed Software.

Thank you for using Symantec Corporation products and services.

Sincerely,

Symantec Corporation

A tweet from the guys at EMC caught our eye:

This link lead to an nice blog entry about how EMC and Teradata are improving their partnership etc etc. but we noticed that the blog neglects to address some of the fundamental architecture concerns end users need to understand when considering big data backup.

Customer are voting with their wallets, and Data Domain is rapidly losing credibility as a strategic investment. Read Peter's Valentine's Day love note blog for a detailed outline of the market space, and read mine on how we think about winning and losing in this space. Data Domain is a fine product and many, many customers use it as a NetBackup target. But when you are EMC, and your only tool is a hammer, everything looks like a nail.

The scenario touted in the blog our friends at EMC wrote simply neglects to mention that the entire partnership depends on someone else doing the data moving. It doesn't work without a brain guiding the brawn. In fact, EMC in the same blog entry refers readers to a Teradata article that highlights how effective Symantec NetBackup is as a media server. The Teradata folks are long time partners of ours and do indeed depend on Symantec NetBackup as the brains of their big data protection schema.

You'll notice next, if you browse around the BAR web pages in the Teradata site, that EMC has no software qualified to do this smart work - despite a wide portfolio of disparate solutions for moving data around.

Here's the bottom line. Symantec's Integrated Backup vision gives customers the freedom and simplicity to make choices on their own schedules for their reasons. EMC's years of brute force hardware revenue forces them into applying their own agenda to customers, leaving out critical parts of the complete protection story. We think that is shortsighted, and the market seems to be supporting a more intelligent approach.