Video Screencast Help
Mail and Web Security Blog
Showing posts in English
Janene C | 02 May 2014 | 0 comments

Keeping email and web security services up and running is vital to businesses, and protecting the management of these services via a simple username and password is not enough for some organizations.

For those who desire additional security to further control access to the management portal of Symantec Email and Symantec Web, Symantec introduces new access control features:

  • Two-factor authentication
  • IP address restriction

Both two-factor authentication and IP address restriction options are being added to prevent unauthorized access to the management portal (also known as ClientNet). Administrators will have the option to enable one or both of these features for all administrative users within their organization.

Two-factor authentication requires something you know (like a user name and password) plus something you have (such as a one-time password from an app or token) to allow access. We are...

Matt Cooke | 29 Apr 2014 | 0 comments

Getting ready for Vegas? Symantec Vision Las Vegas 2014 is going to be a great event and they'll be lots of experts from our Email Security team on hand to talk to. Many of them will be talking at breakout sessions or working with you in hands-on labs.

If you're looking to find out how Email Security from Symantec has evolved, why Antivirus and Antispam won't cut the mustard, how you block targeted attacks in Office 365 or how the email gateway provides context to your security event clutter, then you should definitely checkout these session and labs from the team.

Not To Be Missed Breakout Sessions:

Wednesday 8th May
9:00am    Behind the Yellow Curtain: Discover Symantec's Proactive Protection Technology - 1481
3:15pm    ...

Ian McShane | 15 Apr 2014 | 0 comments

Last week, we shared details of how the HeartBleed OpenSSL vulneratbility affected our Email & Web Security products.

The newest feature in our Web product, the ability to analyze and control data over HTTPS communications, was found to be vulnerable and was taken offline immediately on April 9th 2014.  No other features, functionality or services were impacted.

I'm happy to announce that over the past weekend, we completed the work necessary to be able to restore this functionality.  With visibility into both unencrypted HTTP and encrypted HTTPS traffic, Symantec Web can secure users from malware, enforce web usage policy and prevent sensitive and confidential data from leaving the network.

As a reminder, the following products and services are NOT at risk and...

Ian McShane | 10 Apr 2014 | 2 comments

By now you should be well aware of the vulnerability CVE-2014-0160, nicknamed HeartBleed, that exists in a number of versions of OpenSSL - an extremely popular open source cryptographic library.

Yesterday, we provided some guidance on steps businesses and consumers should take in light of this vulnerability.

We have also made it very simple to inspect and verify many aspects of SSL certificate security, including whether a server is still vulnerable to the HeartBleed attack.

We are extremely sensitive to the anxiety felt by customers who rely on our software and services as a core part of their work and personal lives.  So today, I want to give you an...

Ian McShane | 27 Mar 2014 | 0 comments

One of the oldest tricks in the book for spammers is to spoof or forge the "From" address so that the email appears to come from a legitimate source.

This month, Symantec is introducing DMARC Validation as a free upgrade for Email customers, further enhancing our protection against these types of spam, targeted attacks and phishing messages.

Once customers enable this new functionality, Symantec will automatically check if sending domain owners have a published DMARC policy and check that the email is legitimate. 

Big, popular brands are often used in phishing and scam email attacks and I'm sure you've seen some of them first hand.
This is why over 80,000 domains have published DMARC policies and since 2011 it has been quickly adopted by some of the largest global brands and email senders such as Paypal, Twitter,, Yahoo! Mail, Facebook, LinkedIn and Bank of America.


dougbowers | 19 Nov 2013 | 2 comments

Most people today rely on email as their method for business communication – sending and receiving hundreds of emails every day. This dependence on email can create a weak link in securing corporate information and expose a company to attacks. While hackers still use general spam emails and social engineering (or phishing) attacks against organizations, they are now increasingly pursuing sophisticated and targeted attacks that are far more difficult to differentiate from the emails we typically receive. In fact, Symantec’s 2013 Internet Security Threat Report found a 42 percent increase in targeted attacks in 2012.  

Most spam emails are relatively easy to identify and quarantine, but targeted attacks are customized for their recipients, making them harder to spot. For example, a company’s HR department could receive an email that requests that they click on a link to...

Spencer Parkinson | 02 Oct 2013 | 0 comments

Information Security™ magazine and recently announced the winners of its 2013 Reader’s Choice Awards, which were selected based on feedback by customers who were asked to assess products deployed within their organizations. We’re excited to announce that Symantec was honored with eight awards – four Gold, two Silver and two Bronze –demonstrating significant representation across our diverse portfolio of market-leading security solutions.

Included below is a complete list of Symantec’s wins, which will be featured in the October edition of Information Security magazine and are highlighted online at

The Information Security magazine and 2013 Readers’ Choice Award winners were selected based on extensive, in-depth discussions and...

Duncan Mills | 27 May 2013 | 1 comment

Part 3 – what you should look for when choosing a cloud security provider.

In the first two parts of this 3-part blog we highlighted the importance of choosing a financially secure and stable organisation; one that you can trust with your data and the protection of your people and information from a constantly changing threat landscape. Here are some of the other important things to look for when choosing your security services provider.

Service level agreements are extremely important. Someone else is processing your emails and web traffic, both of which are business critical, so look for SLAs around all aspects of the service. Read past the headline SLAs to ensure that they are backed by meaningful, financial remedies. The provider should be transparent and publish their performance against the SLAs. This is how you can be sure that they are confident in their own ability to execute.  


Duncan Mills | 20 May 2013 | 0 comments

Part 2 – the impact of the changing threat landscape.

In the first part of this 3-part blog we looked at changes in the cloud security industry and how mergers and acquisitions and vendors’ changing strategies have impacted their customers. In part 2 we will look at how the threat landscape has changed and what this means to those organisations that rely on a cloud email and web security vendor.

Early entrants into the SaaS email security market quickly realised that they were in a unique position to offer better protection than their competitors that were producing on-premises products. Because they were protecting, in some cases, tens of thousands of customers, they had visibility of the end-to-end flow of millions of emails. This meant they had a significant amount of security intelligence that they could use to identify suspicious emails and protect against zero-day threats.

Today it is common for email and web security vendors...

Duncan Mills | 16 May 2013 | 0 comments

The increased use in the workplace of user-owned devices such as smartphones and tablets, often referred to as bring your own device (BYOD), provides businesses with significant productivity and cost benefits. However, it also presents a number of complex challenges related to security.

Due to the rise of smart media devices like smartphones, tablets and ultrabooks, it is estimated that potentially, as many as 30-35%* of endpoints connected to a company’s network could be unmanaged. These are more at risk than managed endpoints which are typically subject to software patching and endpoint security policies.

Of course unmanaged endpoints are still protected by your perimeter security, such as secure web gateways. However, these have typically evolved from caching proxies and URL filters. What you need is an additional layer of security that provides the best possible levels of protection for unmanaged endpoints.

Symantec Web Gateway (SWG) will...