Website Security Solutions

Website Security Solutions allow companies and consumers to engage in communications and commerce online with trust and confidence. With more than one and a half million web servers using our SSL certificates, an infrastructure that processes more than four and a half billion certificate checks daily, and a trust mark that is seen more than half a billion times a day in 170 countries, the Norton Secured seal is the most recognized symbol of trust on the Internet.

Follow Us on Twitter
  • 0
    Created: FranRosch 01 Nov 2012

    VeriSign Japan joins the Symantec Authentication Services team!

    I’m very pleased to announce that as of today Symantec has wholly acquired VeriSign Japan, a long time business partner, solidifying our investment and commitment to growing our business in Japan. This acquisition achieves three key goals that help benefit customers in the local Japanese market: We will expand VeriSign Japan’s current SSL offerings by providing full website security solutions, including Website Malware Scan, Vulnerability Assessment and Seal-in-Search functionality. VeriSign Japan customers now benefit from the combined resources of the existing local team and Symantec’s global expertise.  Organizations in Japan are now able to acquire identity and authentication security and website security solutions through a single vendor. By bringing our two teams together, Symantec will help enable IT to confidently and securely adopt new computing models – from cloud computing to social networking to...
  • 0
    Created: Rick Andrews 30 Oct 2012

    SSL for Apps

    SSL/TLS is technology that is critical for securing communications. The challenge facing the SSL ecosystem today is how it is being implemented and used. Several University researchers have recently published reports indicating errors and shortcomings in non-browser applications that act as the client of an SSL/TLS connection. These issues result from flawed implementations of SSL in the applications or in SDKs or APIs used by them. SSL Client non-browser applications should follow these best practices to ensure the high level of authentication, confidentiality and integrity promised by SSL remain intact. A Developer must perform a number of checks, and the most important is to cryptographically validate that the end-entity certificate presented by the server is the expected certificate, or was signed by an expected certificate. In other words, the Developer must create a trusted and validated chain of certificates starting with the end-entity certificate and linking up to...
  • 0
    Created: Jimmy Edge 29 Oct 2012

    Credit Card Fraud – How Can I Stay As Safe As Possible?

    Thieves and hackers across the globe are using more and more sophisticated techniques to carry out credit card fraud in the modern world. In India, they are currently trialling a new ‘virtual card’ system which means that using an actual credit card to make future purchases online could become a thing of the past. This is in response to persistent and widespread fraud problems in the country. We all probably consider ourselves to be quite savvy when it comes to staying safe while using our cards, but there are a few simple rules that we can follow to be as safe as possible. Some of them might be obvious, but a couple might change your thinking on the issue completely. 1. Be ultra-careful with your credit card information. This applies to using your card online as well as avoiding unnecessary Facebook/Twitter posts (it really does happen!) that reveal your details. It’s also a good idea to avoid discussing any personal credit...
  • 0
    Created: Jimmy Edge 22 Oct 2012

    Get Safe Online Week Kicks Into Top Gear

    The latest Get Safe Online campaign – Click and Tell - has been launched in the UK this week, and the organisers will be hopeful that the campaign can educate people in the importance of online security. The Get Safe Online initiative was launched in October 2005 and has gathered significant momentum each year since. The week is designed to inform people about the basics of using the internet and still keeping yourself safe from fraud, with established website security companies such as Symantec getting firmly behind the campaign. What does the week mean for me? Have you ever been charged for a number of premium-rate text messages which you did not actually send? Or have you ever found yourself to be the target of online...
  • 0
    Created: Jeannie Warner 11 Oct 2012

    Safe Surfing with the Green Bar

    When your mobile or web browser address bar turns green it’s a clear sign that you can complete a transaction, or fill out an online form with confidence. The green address bar indicate that you’re on a site that has an Extended Validation (EV) certificate, a measure increasingly used by organizations to provide reassurance to customers who are wary of sharing personal information online. Sites protected by an EV certificate must pass the industry’s most stringent standards for identity validation and if the certificate is from Symantec it also protects you from malware, as these sites are scanned daily for infection. To receive  an EV certificate, an organization  not only has to demonstrate secure encryption methods but also pass rigorous checks based on the highest industry standards to prove that it is a legitimate company, including:  It...
  • 0
    Created: AllenKelly 05 Oct 2012

    $1,000 #SpotTheCheck Twitter Contest

    To participate in the contest: Follow @NortonSecured on Twitter. Visit your favorite websites. Spot the Norton Secured Seal. Tweet the following: “I saw the @NortonSecured Seal at [website URL] #SpotTheCheck”                             That's it! Each week for the next 10 weeks, entrants will be entered into a random drawing for a chance to win a $100 Amazon gift card! Tweets must include @NortonSecured, the publicly-accessible website URL, and #SpotTheCheck....
  • 1
    Created: FranRosch 27 Sep 2012

    Protect Your Code Signing Keys for Secure Applications

    Recently, the industry has seen increased instances involving malware signed by legitimate code signing certificates owned by legitimate companies. In each of these incidences, the private key, associated with the code signing certificate, was either compromised or otherwise maliciously used.  Code signing private keys are owned and protected by the company or business, and not the Certificate Authority (CA). Symantec advises companies to apply rigorous protection and security policies to safeguard private keys for code signing. As it is our responsibility as a CA to thoroughly authenticate each organization that applies for a code signing certificate, it is also the responsibility of the certificate owners to protect their private keys from compromises. When malicious code makes its way into the wild, it hurts everyone whether it’s a business, organization or user. Symantec recommends the following best security practices and policies to protect code...
  • 0
    Created: FranRosch 25 Sep 2012

    Protecting the Internet Trust Model

    With National Cyber Security Month right around the corner, I  wanted to take this chance to discuss Symantec’s point of view about the current state of the Certificate Authority (CA) industry. After a year riddled with highly publicized CA security breaches that threatened to undermine confidence in the entire system the message is clear:  In order to build public confidence and protect the trust model that the Internet relies on every single day (over 4.5 million sites!), the CA industry must pull together and focus on improving its operations and practices while adapting to a constantly evolving technological environment.  One way we do this is by actively supporting organizations such as the CAB Forum and the Online Trust Alliance (OTA).  Coming up shortly is the Online Trust Forum in San Jose, CA on Oct 2-4.  To...
  • 4
    Created: Jeannie Warner 10 Sep 2012

    Friends Don't Let Friends Misunderstand Clouds

    This is the first in a series of ponderings I've been having about Cloud computing, how little it's understood by end consumers, and what we in the IT space need to do to better educate the people on the street. The general internet has been greedy in terms of self-interest, selling people short in its expectations of their ability to learn about concepts and ideas. However, I am idealistic enough to really believe that once people understand what is in their best interest in terms of internet security, they will tend to act in ways that support that self-interest, to the extent that they are able. And so if we wish people to act in enlightened self-interest, we need to educate the society around us. This pondering started when I read this viral article from the Business Insider, spread by Facebook:
  • 1
    Created: FranRosch 04 Sep 2012

    Physical Security Makes Web Security Possible

    Trust on the internet isn't just a catch phrase. It's a concern that engenders policies that extend from the virtual world of security products and integration all the way down into process and physical reinforcement. It is also a daily practice at Symantec, where we back up our mission statements with concrete, measured practices. We built our datacenter facilities with a defense in depth approach, and believe in practicing what we preach regarding the standards a CA should adhere to. My leadership team demands that our infrastructure supports our strategy to be the best. We gave the folks at CNet a tour of our Operations facility where we process SSL Certificates, and showed them our model of what makes a secure facility. We are constantly investing in improvement, keeping up with the latest trends in physical security as a vital link to supporting our virtual security. Recently, CNet published the following article about what they saw on that tour: ...