Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Security Community Blog

Showing posts tagged with Critical System Protection
Showing posts in English
MFox70 | 01 May 2013 | 1 comment

Whitelisting has been a buzzword used in the industry for the past 18 months or so, and is seen by some as a Panacea to beat Malware spreading within organisations and control threats inside your environment. Indeed, some of Symantec’s products use Whitelisting as an additional method of controlling software behaviour and limiting the applications that employees can or cannot use.

 

Whitelisting generally involves a process of learning exactly which applications, operating system components and hardware drivers are installed on a server or workstation, collating that information centrally, and then allowing an administrator to approve or deny the use of these tools.

Once this process has initially completed, enforcement of this list of applications is then applied to the target machines. Theoretically, this has given control back to the organisation in relation to what software is allowed to run on the corporate computers.

 ...

Brandon Noble | 25 Apr 2013 | 2 comments

I. BACKGROUND:
We have been receiving a few scattered cases of outbreaks from a file labeled snkb00ptz.exe or snkb0ptz.exe, but it seems to be on the rise.

It's normally considered poor troubleshooting to use the file name for any type of identification of a threat, but recent examples have made this practical. Even though these files were detected as many different threat names and families (Trojan.gen, w32.IRCBot.NG, Downloader, etc), the cases all reported the same behavior and symptoms.

After some additional investigation, Symantec Security Response has broken out detection for W32.Inabot. That's short for the Insomnia IRC bot. More information is available from the makers of this threat in their manual, here: http://pastebin.com/dvpu8Zwb

For those of you familiar with W32.Changeup,...

darci_hunt | 10 Apr 2013 | 0 comments

The Critical Security Controls (CSC's) are being adopted by federal and state agencies in the U.S., Canada and elsewhere, to increase visibility into advanced threats, to shore up defenses, and ultimately for benchmarking and to improve risk posture.

To increase the limited information currently available about implementing the controls, the SANS Institute is conducting a 20-question survey for IT professionals, business unit managers and security/compliance experts. The survey was developed to find out what controls they're adopting, why, and how. The survey also explores how integrated the CSC's are in organizations that have adopted the controls, and whether any adopters have reached the stage where they can use the controls for benchmarking and to improve their risk postures.

"The Critical Security Controls are successful because of their open community approach - people and...

Vikram Kumar-SAV to SEP | 04 Feb 2013 | 0 comments

 

Symantec keeps tab on the changing Threat Landscape and incorporates relevant security on its products.Same is the story with SAV to SEP to now SEP 12..

When we had SAV in the market what our customer needed was just a Antivirus to protect their system from downtime..here antivirus was looked more as a Availability facilitator than a core security product..till early 2000.

Even though we had SCS (firewall and IPS) seclected people used the other features.

Starting from 2006-2007 that was a high rise in malware being created and vulnerabilities being exploited..slowly the trend changed and it all came down to money making malwares..

FakeAntivirus, Downadup, Various Blackmailing Trojans etc..here the audience was not high profile..and SEP 11 very well detect and blocks and does whatever it can..Slowly people started using IPS, ADC and found much more can be done with SEP and they are doing it..

However in last few years there has been...

SebastianZ | 02 Feb 2013 | 0 comments

A small compilation from the Symantec Portfolio including Data Sheets of several Symantec Security Products.

 

- Symantec™ Endpoint Protection 12.1.2 (10/12)
http://www.symantec.com/endpoint-protection/data-s...

- Symantec Endpoint Protection Small Business Edition 2013 (11/12)
http://www.symantec.com/endpoint-protection-small-...

- Symantec™ Protection Suite Enterprise Edition - Comprehensive, powerful endpoint, messaging, and Web protection, for less
money (06/11)
...

Al Cooley - DeepSight Product Management | 29 Jan 2013 | 0 comments

There has been a data explosion within security teams, as organisations everywhere seek to increase their effectiveness in preventing breaches of defences through improved correlation and data sharing. You have probably seen this happening within your own working environment, too.

In the quest to achieve this sought-after level of ‘good enough’ security, the findings of new research from the Enterprise Strategy Group, ‘Big Data Intersection with Security Analytics’, partially sponsored by Symantec, are encouraging.

You won’t be too surprised to hear that, in our ‘Big Data’ world, we are collecting a lot more data than we used to two years ago. There is only one direction in which that arrow is going to be pointing from now on. What is interesting here, though, is that lots of people are vested in this information to do their job – and that is likely to envelop even more people, across a wide range of roles over the next...

Gavin Fulton | 13 Dec 2012 | 0 comments

Over 6 years ago, when working for a Professional Services organization and responsible for developing key Security propositions for customers, I first developed an approach for "Vulnerability Lifecycle Management".

At the time the solution involved manual integration of a range of technologies from a range of different vendors:

  • network vulnerability assessment tool
  • patch management tool
  • compliance management tool
  • risk reduction tool (Host based IPS)
  • security intelligence feed

At that time this involved a identifying a range of tools from a number of different vendors, and the associated technical and procedural integration of inputs and outputs from each.  There were challenges with the different cost models to license this complex solution, let alone the technical integration of the various input and output formats.

Jumping forward from 2006 to 2012 and this type of solution is entirely...

Brandon Noble | 30 Nov 2012 | 15 comments

I. BACKGROUND:
In mid-2009, W32.Changeup, was first discovered on systems around the world. Over the last few years, Symantec Security Response has profiled this threat, explained why it spreads, and shown how it was created.  Since November 2012 we have seen weekly spikes the number of W32.Changeup detections and infections. The increase in detections is a result of a renewed W32.Changeup campaign now active and in-the-wild.

 

II. THREAT DETAILS:
When a system is compromised, W32.Changeup may install additional malware. These secondary threats have the ability to download even...

Deb Banerjee | 16 Nov 2012 | 0 comments

Amazon Web Services (AWS) clouds offer a variety networking security controls for segmenting and isolating EC2 instances running in that cloud. These controls address the following use cases

  1. Isolate EC2 instance from the public internet. E.g make those instances unaccessible from the public internet.
  2. Isolate EC2 instance belonging to an Enterprise from other EC2 instances belonging to other tenants.
  3. Within a tenant, isolate applications and departments from one another. This can be also be used to isolate application tiers from one another.
  4. Isolate applications and application tiers from one another within a tenants AWS network..

AWS Network Security Constructs

AWS offers a variety of networking constructs to implement these controls. These include VPC's, Gateways(Internet and VPN), NAT, Subnets, Routes, Security Groups and Elastic IP's.  These objects would be used to implement the above controls...

James Hanlon | 15 Oct 2012 | 0 comments

Cyberspace presents an incredible amount of opportunity for today’s organisations. Connectivity, innovation, productivity and collaboration are just some of the benefits on offer. However, cyberspace presents equally significant risks. Those risks can have huge impact and visibility; it seems that a week cannot go by without another cyber incident being splashed across internet feeds, newspapers and websites. This visibility means that cyber risks have the attention of the executive management of every organisation.

Cyber risks include targeted attacks, advanced persistent threats, data loss, denial-of-service attacks, hackitivism, negligent and malicious insiders, reputational damage, cyber espionage and nation state threats. In 2011, Symantec blocked over 5.5 billion malware attacks, an 81% increase over the previous year, witnessed a 36% increased in web based attacks and an increased focus and intensity of advanced persistent malware. Furthermore, Symantec...