Video Screencast Help
Security Community Blog
Showing posts tagged with Control Compliance Suite
Showing posts in English
Gavin Fulton | 13 Dec 2012 | 0 comments

Over 6 years ago, when working for a Professional Services organization and responsible for developing key Security propositions for customers, I first developed an approach for "Vulnerability Lifecycle Management".

At the time the solution involved manual integration of a range of technologies from a range of different vendors:

  • network vulnerability assessment tool
  • patch management tool
  • compliance management tool
  • risk reduction tool (Host based IPS)
  • security intelligence feed

At that time this involved a identifying a range of tools from a number of different vendors, and the associated technical and procedural integration of inputs and outputs from each.  There were challenges with the different cost models to license this complex solution, let alone the technical integration of the various input and output formats.

Jumping forward from 2006 to 2012 and this type of solution is entirely...

Daniele Bertolotti | 12 Dec 2012 | 1 comment

 

I think it’s about time to refer to PCI DSS as a rather mature and dissected standard. And I’m ready to bet that you heard at least once in your life the sentence “PCI only demands for common-sense security!” All true, still we keep on facing situations where organizations struggle to maintain compliance with PCI DSS. It seems that we do a pretty good job at covering PCI DSS requirements, but somehow neglect to drive an approach that would help organizations stay compliant and protect their business through their evolution.

PCI standard is based on a very simple yet effective equation: you need to protect a specific and well defined type of data and you must do it with a series of well-defined measures, most of them technological (PCI DSS is probably the standard that, more than any other, dares to get its hands dirty with technology) and many other...

Pamela Reese | 06 Dec 2012 | 0 comments

Symantec received a finalist nomination in 9 categories of the upcoming SC Magazine 2013 Awards, representing Symantec's broad portfolio of superior security offerings. SC Magazine will announce the winners at a dinner event during RSA 2013. Symantec looks forward to attending!

Deb Banerjee | 16 Nov 2012 | 0 comments

Amazon Web Services (AWS) clouds offer a variety networking security controls for segmenting and isolating EC2 instances running in that cloud. These controls address the following use cases

  1. Isolate EC2 instance from the public internet. E.g make those instances unaccessible from the public internet.
  2. Isolate EC2 instance belonging to an Enterprise from other EC2 instances belonging to other tenants.
  3. Within a tenant, isolate applications and departments from one another. This can be also be used to isolate application tiers from one another.
  4. Isolate applications and application tiers from one another within a tenants AWS network..

AWS Network Security Constructs

AWS offers a variety of networking constructs to implement these controls. These include VPC's, Gateways(Internet and VPN), NAT, Subnets, Routes, Security Groups and Elastic IP's.  These objects would be used to implement the above controls...

James Hanlon | 15 Oct 2012 | 0 comments

Cyberspace presents an incredible amount of opportunity for today’s organisations. Connectivity, innovation, productivity and collaboration are just some of the benefits on offer. However, cyberspace presents equally significant risks. Those risks can have huge impact and visibility; it seems that a week cannot go by without another cyber incident being splashed across internet feeds, newspapers and websites. This visibility means that cyber risks have the attention of the executive management of every organisation.

Cyber risks include targeted attacks, advanced persistent threats, data loss, denial-of-service attacks, hackitivism, negligent and malicious insiders, reputational damage, cyber espionage and nation state threats. In 2011, Symantec blocked over 5.5 billion malware attacks, an 81% increase over the previous year, witnessed a 36% increased in web based attacks and an increased focus and intensity of advanced persistent malware. Furthermore, Symantec...

Jhildy11 Xcend Group | 14 Aug 2012 | 0 comments

In case you missed it, see the archived version from last weeks webinar " Learn How to Protect Even Your Hardest-to-Find IP with Intelligent Data Loss Prevention"

 

 

With the average cost of a breach now topping an incomprehensible $7 million, more and more organizations are looking to Data Loss Prevention solutions to protect their highest value data. Join XCEND, a Platinum Symantec partner and DLP Master Specialist, to learn how you can accurately detect and protect all types of confidential data wherever it is stored or used.  (54 min)
 
Here's the Link to see the Archived Version: https://www2.gotomeeting.com/register/430279362 or go to our website at www.xcendgroup.com  to...
Mira Davda | 25 May 2012 | 0 comments

The value of data is appreciating, especially with organizations rapidly  adopting  new technologies to provide access to business information anywhere, at any time. This means threats to data or information translate into business risks to business. These risks, related to reputation, customer loyalty, finance and legal, are not only serious but also quantifiable.   The first benchmark Cost of Data Breach Study in India, conducted by the Ponemon Institute on behalf of Symantec, revealed that the average organizational cost of a data breach in India is INR 53.4 million (53.4 crore), with malicious breaches by hackers or criminal insiders being the most expensive type at INR 4,224 for one compromised record. 

The report further components of the total cost: detection, escalation and redressal formed a significant component, averaging INR 16.4 million (1.64 crore) and INR 20.9 million (2.09 crore) respectively. Victims lost INR 14.6 million (1.46 crore...

Srikanth_Subra | 02 May 2012 | 0 comments

Hi

Now a days the data theft is increasing in many organizations which leads to loss of data in turn business.

we can follow the below ways to protect our data which is the valuable resource

1. While we are using any DLP Solutions we can assign least permissions in policies

2. We can restrict the permissions to the important files which we are using based on user level

3. We can use the encryption solutions like PGP encryptions

4. We can restrict the use of removable media like USB and other devices

5. We need to monitor and audit the file transfer sites

6. We need to create security controls if systems are connecting to Wireless

By using the above ways we can still keep in control the data theft.

Beverly van de Velde | 29 Mar 2012 | 0 comments

Education Enablement Services is developing a Symantec Cloud Security Essentials course that combines the CSA training in order to achieve the CCSK credential & a Symantec Certified Professional (SCP) in Cloud Security credential. 

This is an open call for your experiences with reviewing, designing, or implementing security solutions in a cloud environment.  These could come from situations unique to the cloud (ex. compliance issues for systems in a public cloud) - OR - general security solutions addressed in cloud environments (ex. how existing encryption policies were applied to a cloud architecture). 

We need your:
• Specific examples of security solutions in cloud environments
• Example cloud architectures – good or bad – implemented by customers
• Key questions, challenges, and concerns from customers migrating their infrastructure to...

Swathi Turlapaty | 27 Feb 2012 | 1 comment

Host Andy Nicholson interviews Symantec Senior Product Marketing Manager Suzanne Konvicka for a preview of the forthcoming Symantec Security Compliance Suite version 11 expected for release this spring. The product will incorporate upgraded reporting, dashboarding, analysis, and roll-up tools to provide IT leaders with health-of-the-business views of security risk postures, consolidating information from multiple points of threat and vulnerability. This shifts the enterprise security conversation from a laundry list of technical threats to a holistic view of business risks much better aligned with how real-world business leaders think and act.

Listen to the Podcast:  http://bit.ly/xABWyy.