Video Screencast Help
Search Video Help Close Back
to help

Does SEP 12.1 have special abilities with respect to managing Java threats?

Created: 30 Jan 2013 | Updated: 30 Jan 2013 | 7 comments
Bill_K's picture
Bill_K
0 0 Votes
Login to vote

Yesterday John Strand and Paul of Pauldotcom put on a great webinar with respect to the current concerns (and hyseteria) over Java vulnerabilities:

https://www.sans.org/webcasts/uninstall-java-realistic-recommendation-no-insanity-yes-96192

 

While discussing the various countermeasures (using Proxies, GPO, etc), they mentioned that SEP 12.1 brought new tools that can be used for Java defenses.  They didn't get into detail, and I can't find anything in the documentation or the SEP or SEPM GUI.  Any idea what they were talking about?  What I would REALLY love is to identify all of the legit Java apps (we really don't have that many) and then create a java applet whitelist with SEP-- is that possible? 

 

Much thanks in advance,

Bill

 

Discussion Filed Under:
, , , , ,

Comments 7 CommentsJump to latest comment

Brian81's picture
Brian81 Trusted Advisor
Does SEP 12.1 have special abilities with respect to managing Java threats? - Comment:30 Jan 2013 : Link

Would be interesting to hear what they were talking about.

Obviously you have the AV, SONAR, Firewall, Application and Device Control, HIPS, browser IPS and Downlod Insight. Yes, you can do whitelisting in SEP. Only executables on your hash list would be allowed to run.

My guess would be Download Insight as it was just implemented in 12.1

How the Insight Lookup process works

Article:TECH169282  |  Created: 2011-09-09  |  Updated: 2012-06-28  | 

Article URL http://www.symantec.com/docs/TECH169282

 

 

Expected behavior of Download Insight

Article:TECH171776  |  Created: 2011-10-13  |  Updated: 2012-05-10  |  Article URL http://www.symantec.com/docs/TECH171776

 

SEP Knowledge Base

Endpoint SWAT

+1
Login to vote
SebastianZ's picture
SebastianZ Symantec Employee
Does SEP 12.1 have special abilities with respect to managing Java threats? - Comment:30 Jan 2013 : Link

Thumbs up to the above - apparently the Insight technology may have been exactly the feature that was discussed on that webinar - it is the one of more important changes and implementations between SEP 11.x and 12.1.

Have a look at one other article concerning SONAR and Insight:

http://www.symantec.com/docs/TECH168849

+1
Login to vote
Bill_K's picture
Bill_K
Does SEP 12.1 have special abilities with respect to managing Java threats? - Comment:30 Jan 2013 : Link

Is there a way to leverage SONAR to specifically lock down Java applets to a whitelist? 

0
Login to vote
Brian81's picture
Brian81 Trusted Advisor
Does SEP 12.1 have special abilities with respect to managing Java threats? - Comment:30 Jan 2013 : Link

You wouldn't be able to use SONAR for this but can use the whitelisting feature

SEP Knowledge Base

Endpoint SWAT

0
Login to vote
Mick2009's picture
Mick2009 Symantec Employee
Does SEP 12.1 have special abilities with respect to managing Java threats? - Comment:30 Jan 2013 : Link

Hi Bill,

This (and several previous Security Response blogs) may be of interest as well:

Additional Protection for Recent Java Zero-Day
https://www-secure.symantec.com/connect/blogs/additional-protection-recent-java-zero-day

With thanks and best regards,

Mick

+1
Login to vote
Mick2009's picture
Mick2009 Symantec Employee
Does SEP 12.1 have special abilities with respect to managing Java threats? - Comment:26 Apr 2013 : Link

This new Security Response blog post will be of interest to followers of this thread:

2013 First Quarter Zero-Day Vulnerabilities
https://www-secure.symantec.com/connect/blogs/2013-first-quarter-zero-day-vulnerabilities

...

Symantec recommends users to follow these best security practices:

  • Ensure all applications are up to date with the latest security patches. Even though a zero-day exploit cannot be patched, the latest updates will provide protection from previously disclosed vulnerabilities.
  • Ensure antivirus and IPS definitions are up-to-date.
  • Avoid visiting sites of questionable integrity.
  • Avoid opening files provided by untrusted sources.
  • Implement multiple redundant layers of security such as non-executable and randomly mapped memory segments that may hinder an attacker's ability to exploit vulnerabilities.

 

With thanks and best regards,

Mick

+1
Login to vote
cus000's picture
cus000 Partner Accredited
Does SEP 12.1 have special abilities with respect to managing Java threats? - Comment:30 Jan 2013 : Link

Hmm i'm not sure what tool is that, most likely new features mentioned above (download insight or sonar)

Based on your words it sounds like whitelisting?

 

 

0
Login to vote