Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Identity and Authentication Services
Showing posts in English
Roger_Casals | 12 Dec 2014 | 0 comments

Unified Identity by Symantec

At Symantec we thrive protecting people's and organization's life.  Symantec’s Job is “easy”:

prevent bad guys to get in, and prevent good stuff to get out”

We believe Identity is one of the most precious things we have to secure, especially in digital life. Identity is becoming the center of almost all our activities (personal and professional, social, home automation, vehicle, healthcare, interaction with governments, …)     

Identity is foundational and strategic to Symantec.  I believe Symantec can play an even bigger role on Identity, leveraging its reputation and trust. Not many people is aware of the number of millions of identities we manage at Symantec. Billions of device identities, hundreds of millions of user identities. And more to come...

We need to excel in Identity since “...

Teresa Law | 07 Nov 2014 | 0 comments

We talk a great deal about using strong authentication to secure access for enterprise employees, but often we don’t think about how breaches to vendors could make our own enterprise vulnerable.  In some cases all an attacker needs is to steal the username and password from a vendor to begin their attack on your enterprise.  That is exactly what happened to Home Depot; and it is an excellent example of why not only you, but also your outside vendors should be using strong authentication like Symantec VIP – Home Depot hackers exposed 53 million email addresses.  This kind of breach not only damages customer trust but also Home Depot estimates that the theft would cost about $62 million.

“According to Home Depot,...

Teresa Law | 03 Nov 2014 | 0 comments

You need to stay competitive and allowing users to work anywhere, anytime is one of the ways your business keeps its edge.  However, in some cases this means using personal devices to access data in unsanctioned cloud applications.  In IT’s opinion this is risky behavior and something they are not comfortable with.  Your users don’t engage in this behavior out of any malicious intent, but to innovate and improve productivity.  However the increased use of mobility and cloud can increase the risk of loss of data or a breach.  In parallel the more apps users need to access or the more “security” IT imposes generally impacts the user experience – especially on small mobile devices. Ultimately, the burden falls to IT to find a solution to balance innovation with risk, despite their increasingly complex environments – more mobile users on more platforms, more user stores, more apps, more passwords, but not more resources. ...

Teresa Law | 27 Sep 2014 | 0 comments

Every vulnerability it seems could result in the theft of passwords.  The latest is Shellshock or what some are calling the Bashbug – and this could be even bigger than Heartbleed

Bash is a Unix shell which is widely used on Linux , Unix, and Apple’s OS X operating systems (Windows you’re OK).  Every day we interact with servers that use these operating systems in our office or online through applications such as browsers, instant messages, word processors and more.  The problem is Bash works in the background so it’s not obvious you’re at risk.  It’s great for accessing computers remotely and the vulnerability found in Bash allows attackers to take any action they want on the target machine or device – good for an attacker.  That means they could insert code to download a payload such as passwords or...

Teresa Law | 18 Aug 2014 | 0 comments

If anyone needed another reason to be wary of using solely passwords to protect their accounts, the recent report of the Russian cybercrime team that stole 1.2 billion usernames and passwords from 420,000 websites is that reason.  It makes you wonder, 1.2 Billion Login Details Stolen. Time To Retire The Password?

Although the attackers have not sold much of the stolen data, because of our propensity for password reuse the risk is there to cause significant personal damage, fraud, and outright theft.

One of the best ways to protect your online accounts is through a second factor of authentication - that way even if your password is compromised your account is still protected.  Below are some tips to protect your online data:

  • Use strong, unique passwords and never reuse them across other online accounts.
  • Activate two...
Teresa Law | 27 Jun 2014 | 0 comments

Managed PKI Service 8.11 featuring a self-service portal, administrator enhancements, and updated platform support has been made generally available to customers.

Feature Details

Self-Service Portal

Managed PKI 8.11 provides a Self Service Portal that allows your users to manage their own certificate lifecycle operations (such as viewing, enrolling for, renewing, and revoking certificates, and downloading root CAs).  The new self-service portal will not only improve the user experience, no more waiting for the Helpdesk to address their issue; but it also reduces the burden on IT.   Allowing users to address credential management themselves frees IT to address other strategic issues.  This feature is available to all customers who have Enterprise Gateway.

Support for SHA2

This release establishes SHA2 as the default signing algorithm for existing and new accounts to provide the...

Teresa Law | 27 Jun 2014 | 2 comments

VIP Enterprise Gateway 9.5 supporting authentication using VIP Access Push has been made generally available to customers.

You can now use VIP Access Push to access your corporate network through your VPN, in addition to web-based applications and with web service APIs.  The best part is you don’t need to dramatically change your current behavior, you just have one less step in the login process.  When using Push verification it's no longer necessary to enter the 6-digit code at the end of your password- you just enter the same userid and password you’ve always entered, tap the Allow button on your mobile device, and you’re in!

Two-factor authentication is an important piece of any resilient security strategy, providing a second layer of security beyond a simple password helps keep attackers out.   However, two-factor authentication is only valuable if it’s used, so it must be easy.  VIP Access Push makes authentication easy, which in turn...

Teresa Law | 17 Jun 2014 | 0 comments

The release of VIP Access for Android on June 16th is a landmark event, as it is makes use of market leading technology to create a highly secure application. We are certain this is just the beginning of a trend to provide greater security for mobile devices.

We have seen in the distant past extensive use of hardware tokens because of the high degree of security they provide, but you sacrifice the user experience.  With the proliferation of mobile devices users have demanded a more user friendly option – mobile credentials.  Mobile credentials have been embraced by all industries, although certain industries are more security conscious than others: financial, government, and many large enterprises. Mobile credentials provide a high degree of convenience, but for these sensitive applications a higher level of security is welcome; particularly for Android devices. Through the work of Trustonic and Giesecke & Devrient (G&D), VIP is able to utilize a hardware...

Teresa Law | 28 May 2014 | 0 comments

A recent article in the Silicon Valley Business Journal reinforces the fact that the era of the password is over.  We all know passwords alone are insecure, and when used as the only means to secure access can be easily compromised leading to costly breaches.  Google is the latest to offer a stronger form of authentication by planning to get users to verify their identities with a “Login Challenge,” in a bid to prevent unauthorized access across all of its Web services. For example, Google will send users a text message with a verification code, which they will have to use in order to gain access to their accounts. Users will receive the challenge should the login pattern be different from users' previous attempts. The search giant noted that the move to implement two-factor...

Teresa Law | 13 May 2014 | 0 comments

In the article Bitly embraces two-factor authentication after data breach, Forrester analyst Andrew Rose told that “Reading Bitly's comments today, two things jump out - Bitly's comments about "immediately enabling two factor authentication" for a remote data store, suggests that their remote access methodologies were simple ID and password. This is a vulnerable state to be in and one which has ultimately come back to haunt them.”

Bitly is the latest in a growing number of companies finding value in two-factor authentication, which has now been enabled for Bitly accounts on the source code repository, company-wide and at third-party services. They say end users don't have this facility yet, but they are working on “accelerated development” of two-factor authentication for

As the Heartbleed...