Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts tagged with Control Compliance Suite
Showing posts in English
vgtero | 03 Oct 2014 | 1 comment

There is a new vulnerability in the commonly used UNIX shell BASH, which the media is now calling Shellshock.  

What is Shellshock? 

A new vulnerability has been found that potentially affects most versions of the Linux and UNIX operating systems, in addition to Mac OS X (which is based around Unix). Known as the “Bash Bug” or “Shellshock,” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271) could allow an attacker to gain control over a targeted computer if exploited successfully.

The vulnerability affects Bash, a common component known as a shell that appears in many versions of Linux and UNIX. Bash acts as a command language interpreter. In other words, it allows the user to type commands into a simple text-based window, which the operating system will then run.

For full details see: the Symantec Security...

ryanschoenherr | 08 Jul 2014 | 0 comments

Need complete visibility into your environment?  Do you find yourself reactive to breaches or always behind intrusions?  MetriX dashboards can provide complete visibility into your security environment and give you the power to be proactive!

 

Check out MetriXdashboards for more information and ways to utilize MetriX to increase your efficiency.

 

EP dashboard.png

DLP dashboard.png

 

For more information or to schedule a demo please contact:

Ryan Schoenherr

810-877-1743

...

vgtero | 05 May 2014 | 0 comments

Symantec Vision 2014 has finally arrived and we are excited to welcome all of our attendees! This week’s event offers four days of face-to-face insights, information, and experiences you can use to secure your organization.   

On Wednesday, May 7, we are offering a hands-on lab session to highlight the new capabilities of Symantec Control Compliance Suite Standards Manager 11.0.5, which started shipping on April 15, 2014.   Lab 1381- Enhance Asset Discovery and SCAP 1.2 Compliance for Continuous Monitoring with CCS Standards Manager, will demonstrate how CCS Standards Manager's new network and asset discovery capabilities and SCAP 1.2 support enhances your continuous monitoring objectives. (Lab 1381, Wednesday, May 7, 2-3 pm, Milano 1). 

Control Compliance Suite...

khaley | 05 May 2014 | 1 comment

Hear the word flimflam and you think of a time of straw hats and cardboard suitcases; of grifters pulling into town to take the rubes with patent medicine, three-card monte and the old pigeon drop con.

It would be nice to think that these words don’t get used today because we’ve become so much smarter.  We have information at our finger tips.  We are too smart and sophisticated for flimflam, grifts, ruses, hustles, swindles or bunko to work on us. 

Of course that’s not true.  Words just fall out of fashion.  Today we call them scams and cons.  And while we might be more sophisticated than we were, we remain human and human nature remains just as exploitable as it was a hundred years ago.   Oh, and the Flimflammers have gotten more sophisticated too. They’re now using computers.

Using the Internet to run scams makes sense.  Con is short for confidence.  And where better to gain confidence than among friends and...

vgtero | 02 May 2014 | 0 comments

A new report from the Ponemon Institute, “Exposing the Cybersecurity Cracks: A Global Perspective,” concludes that global security professionals find themselves “deficient, disconnected, and in the dark” in combating cyber threats.

Despite the fatalistic tone in this report, I don’t believe that as security pros, you are the type who would just shrug your shoulders, say “cie la vie”, continue with business-as-usual, and hope for the best. As security professionals, you are excellent at problem solving and thrive at these challenges! You are probably in the midst of figuring out strategies or executing plans to address these deficiencies and remove these feelings of “security inadequacies”.  Many of you are multi-taskers, shoring up your organization’s security and risk management capabilities; at the same time, executing transformative activities such as migrating applications to a software-defined environment. 

At Symantec, we continue to develop solutions...

vgtero | 24 Apr 2014 | 0 comments

With the recently discovered Heartbleed vulnerability, information security professionals and end users are feeling the pressure and impact to better protect their information. The task of securing your organization and information can seem overwhelming.

Don’t miss out on this webcast to get step-by-step instructions on how to protect your business and information, and keep your communications secure. 

Join Us To Learn About:

  • What is Heartbleed and the impact it has
  • Understand how the vulnerability is exploited and how you can detect it
  • Steps you need to take to secure information now and going forward

Register at:  https://symantecevents.verite.com/31175/241406

vgtero | 15 Apr 2014 | 0 comments

What is Heartbleed?

By now, you should be very well aware of vulnerability CVE-2014-0160, nicknamed HeartBleed.  Security engineers at Codenomicon and Google discovered a vulnerability last week in the popular OpenSSL cryptographic software library, an open-source implementation of the SSL and TLS protocols. OpenSSL is used by a large majority of organizations to secure the Internet's traffic. "Heartbleed," allows anyone on the Internet to read the memory of the systems using vulnerable versions of OpenSSL software. This may disclose the secret keys, allowing attackers to decrypt and eavesdrop on SSL-encrypted communications and impersonate service providers. In addition, other data in memory may be disclosed, including names and passwords of the users, or other data stored in memory by the service.  OpenSSL versions 1.0.1...

captain jack sparrow | 03 Dec 2013 | 0 comments

can transmit information between computers using high-frequency sound waves inaudible to the human ear. The duo successfully sent passwords and more between non-networked Lenovo T400 laptops via the notebooks’ built-in microphones and speakers. Freaky-deaky!
The infected victim sends all recorded keystrokes to the covert acoustical mesh network. Infected drones forward the keystroke information inside the covert network till the attacker is reached.

ref:
http://www.pcworld.com/article/2068525/researchers...

darci_hunt | 14 Aug 2013 | 0 comments

Today, nearly all of an agency’s mission-critical functions depend on safe and secure information technology systems. With cyber threats ever evolving and growing at an exponential rate, and increased reliance on technology to deliver core services in government, a robust cyber defense is needed by agencies.

Continuous Monitoring is certainly not a new term, but if you were to ask 10 people how they would define this term, you’re likely to get 10 different responses. Ken Durbin, Cyber & Continuous Monitoring Practice Manager, Symantec, provided expert insights on Symantec’s view of Continuous Monitoring and how agencies are adopting continuous monitoring programs as a means to protect government data and infrastructure. Durbin also highlights the benefits, best practices and challenges to adopting a continuous monitoring program.

Continuous monitoring is one part of a six-step process in the NIST Risk Management Framework (RMF), from NIST...

MFox70 | 23 Jul 2013 | 0 comments

I attended a webinar recently which was talking about the move from physical to virtual servers in large corporations. The analogy used was that today, approximately 70% of all servers can be virtualised very quickly, but the remaining 30% can take several years of effort. Hypervisor vendors are working hard to sort this problem out, but the interesting finding was that a large section of that problematic 30% of servers are running legacy applications or are indeed legacy operating systems.

This is odd as you would think that any IT operations person would want to migrate a legacy server from physical to virtual hardware as soon as humanly possible.

 

Legacy systems are still around for a few reasons.

1 Laziness

2 Applications cannot be modified to work on newer OS platforms

3 Software Developers have long since left the company ( relates to point 2)

4 Legacy systems are connected to business critical servers, with little or no...