Video Screencast Help
Mail and Web Security Blog
Showing posts tagged with Email
Showing posts in English
Janene C | 08 Aug 2014 | 0 comments

As more customers move to cloud-based solutions for email and web, flexible data protection capabilities become critical. To address this, Symantec has upgraded the Content Control add-on for Email to better protect confidential information and intellectual property.  This new service, Data Protection, launches August 11th, 2014.

Data Protection includes an improved policy configuration engine and compliance and regulatory-focused templates to easily create and enforce data protection policies. Enhanced reporting and content matching let administrators see when policies are violated.  Policy resources, such as content keyword and regular expression lists, can be shared with the Web Data Protection service to apply rules consistently across email and web.

Employee email is more productive with acceptable use policies that protect against data loss and protect employees from inappropriate content. Data Protection analyzes multiple email...

Janene C | 04 Aug 2014 | 1 comment

A number of enhancements to Policy Based Encryption for Email are now available to improve the ease of use and extend the capabilities of Policy Based Encryption. These enhancements are specific to each encryption service, either PBE-E or PBE-Z.


Policy Based Encryption E

  • Outlook Plugin Enhancements – Encrypting from within Outlook is streamlined, and senders now have the ability to set a one-time portal password that recipients can use to pick up their messages without creating an account.
  • Attempt TLS – When enabled, PBE-E will attempt to use TLS as the first choice to securely deliver messages with no extra effort required by the sender or recipient. If TLS is not supported by the third party...
Janene C | 02 May 2014 | 0 comments

Keeping email and web security services up and running is vital to businesses, and protecting the management of these services via a simple username and password is not enough for some organizations.

For those who desire additional security to further control access to the management portal of Symantec Email and Symantec Web, Symantec introduces new access control features:

  • Two-factor authentication
  • IP address restriction

Both two-factor authentication and IP address restriction options are being added to prevent unauthorized access to the management portal (also known as ClientNet). Administrators will have the option to enable one or both of these features for all administrative users within their organization.

Two-factor authentication requires something you know (like a user name and password) plus something you have (such as a one-time password from an app or token) to allow access. We are...

Ian McShane | 15 Apr 2014 | 0 comments

Last week, we shared details of how the HeartBleed OpenSSL vulneratbility affected our Email & Web Security products.

The newest feature in our Web product, the ability to analyze and control data over HTTPS communications, was found to be vulnerable and was taken offline immediately on April 9th 2014.  No other features, functionality or services were impacted.

I'm happy to announce that over the past weekend, we completed the work necessary to be able to restore this functionality.  With visibility into both unencrypted HTTP and encrypted HTTPS traffic, Symantec Web can secure users from malware, enforce web usage policy and prevent sensitive and confidential data from leaving the network.

As a reminder, the following products and services are NOT at risk and...

Ian McShane | 10 Apr 2014 | 2 comments

By now you should be well aware of the vulnerability CVE-2014-0160, nicknamed HeartBleed, that exists in a number of versions of OpenSSL - an extremely popular open source cryptographic library.

Yesterday, we provided some guidance on steps businesses and consumers should take in light of this vulnerability.

We have also made it very simple to inspect and verify many aspects of SSL certificate security, including whether a server is still vulnerable to the HeartBleed attack.

We are extremely sensitive to the anxiety felt by customers who rely on our software and services as a core part of their work and personal lives.  So today, I want to give you an...

Ian McShane | 27 Mar 2014 | 0 comments

One of the oldest tricks in the book for spammers is to spoof or forge the "From" address so that the email appears to come from a legitimate source.

This month, Symantec is introducing DMARC Validation as a free upgrade for Email customers, further enhancing our protection against these types of spam, targeted attacks and phishing messages.

Once customers enable this new functionality, Symantec will automatically check if sending domain owners have a published DMARC policy and check that the email is legitimate. 

Big, popular brands are often used in phishing and scam email attacks and I'm sure you've seen some of them first hand.
This is why over 80,000 domains have published DMARC policies and since 2011 it has been quickly adopted by some of the largest global brands and email senders such as Paypal, Twitter,, Yahoo! Mail, Facebook, LinkedIn and Bank of America.


Duncan Mills | 27 May 2013 | 1 comment

Part 3 – what you should look for when choosing a cloud security provider.

In the first two parts of this 3-part blog we highlighted the importance of choosing a financially secure and stable organisation; one that you can trust with your data and the protection of your people and information from a constantly changing threat landscape. Here are some of the other important things to look for when choosing your security services provider.

Service level agreements are extremely important. Someone else is processing your emails and web traffic, both of which are business critical, so look for SLAs around all aspects of the service. Read past the headline SLAs to ensure that they are backed by meaningful, financial remedies. The provider should be transparent and publish their performance against the SLAs. This is how you can be sure that they are confident in their own ability to execute.  


Duncan Mills | 10 May 2013 | 0 comments

Part 1 – changes in the industry

The email and web security industry has seen many changes over the past years, especially in the cloud or SaaS market. Many vendors in this space started by offering email anti-malware and anti-spam services. They then added email content control and web anti-malware and URL filtering.

Some vendors invested heavily, built their own multi-tenant infrastructure, patented their technology and owned intellectual property, whilst others simply purchased and deployed enterprise equipment into datacenters and managed it on behalf of their customers. Some were more serious about security than others, offering multiple signature-based AV engines as well as proprietary protection technologies and elements of data loss prevention.

Around the mid 2000s the market became quite crowded, with a number of large cloud email and web security vendors, some mid-sized ones and lots of smaller, local players. In the second half...

Ian McShane | 03 Jan 2013 | 2 comments

Join hashtag #MailSec and learn more about the dangers of targetted email attacks and how to prevent them.

Takedowns of large botnet rings in recent years have caused spam numbers to plummet. However, the drop in spam doesn’t make spammers any less dangerous. Spammers have now turned to targeted attacks to reach their victims. As targeted attacks and malware continue to expand and grow in number, and data breaches continue to rise, users and businesses of all sizes need to be aware of what to look out for, and how to protect proprietary information. No business is too big or too small to be a target.

Please join Symantec’s email security experts Ian McShane (@ianmcshane), Paul Murray (@paulsmurray), Matt Cooke (@mattcooke), Paul Wood (@paulowoody)  and Eric Schwake (@lombar77) next Thursday, January 10 at 11 am ET, to discuss targeted attacks and what can be done to prevent them from harming you or your business....
Ian McShane | 20 Mar 2012 | 25 comments


My last post back in October 2011 introduced the beta program for a new application for our messaging security customers.
I'm delighted to announce that we achieved our Generally Available (GA) milestone yesterday on March 19th meaning that the Symantec Email Submission Client is now available for all of our customers to download and install.  This is my first "1.0" product release so I'm particularly excited to see this product ship :)
Did I mention that this is provided at no extra charge?  Yup, free.
We had some excellent beta participants in this cycle, ranging from large enterprise customers to small businesses and we got some fantastic real world feedback which helped us ship an even better product than we originally scoped.
So, what is SESC?
The Symantec...