Connect and Protect:Securing critical digital environments through implementation of Symantec EndPoint Protection and Services.
Televisa is the larger Television Broadcaster in Mexico and his digital content production workflow is critical to time to broadcast, even more on the News online one’s… where errors should not happen. Cost of downtime is absurd, if you know what I mean…
We were invited to provide a service in order to assure a security level, where the goal was to secure all systems on postproduction workflow; we realize that a service like that should mean not to only manage an antivirus/antimalware platform with ID and keep it updated, but to think of the customer perspective, considering all now common security risks and the best ways to handle all those under current scenarios.
Confiker worm was fast spreading all around, and a service as needed should consider supporting a thread like that and how to avoid it... What we learn from our experience was: Confiker will attack even in environments where an antivirus was correctly managed (I mean, updated, etc.) because it exploits a Windows security hole; also using external drives (USB mostly) was dangerous without modifying a configuration feature (hided autorun.ini folder in each and all of drives).
We decide after considering all that, to implement Symantec Antivirus Corporate Edition (mainly because the Avid current certificated version is 10, and testing 11) as the main security platform, but to include vulnerabilities scanners as well, in order to proactively detect all those (open risky ports, O/S Hot Fixes, weak passwords, shared files, etc. –which all are hacker targets), as part of the service, with onsite support and period reports, with remediation’s procedures of course.
Post Production environment consist of Windows and Linux Servers, running Avid and Dalet platforms and all related applications and also working stations where video materials are ingested and edited from segments stored in a SAN, and from there TV broadcasted, under planed playlists, some in real time.
I may say, after a few days we eradicate all Confiker infected systems, a week later closed all threads and hacking opportunities, and started a service which has now drastically decrease security breaches!