Video Screencast Help
Search Video Help Close Back
to help

Security Community Blog

Showing posts tagged with Critical System Protection
Showing posts in English
The “Cyber Phenomenon” – Is it just hype or does cyber offer real business opportunity?
James Hanlon | 10 Jun 2013 | 0 comments

You must have been taking a long (and probably well deserved) holiday if you have not noticed the increasing use of the term “cyber” in the press recently.

Anything security related is now a cyber risk, a cyber incident or a cyber attack. Governments are driving cyber strategies, citizens need to be cyber aware, businesses are tabling cyber projects, companies are building cyber capabilities, vendors are creating cyber solutions and consultancies are creating cyber practices to help you enhance your cyber resilience.

With all this hype, the key question is - what is different from the infrastructure and information security we have been doing for years and this new cyber approach? This is a good question because everyone seems to have a different perspective on cyber. And for very good reasons.

At Symantec, we get the opportunity to discuss the different interpretations of cyber with many types of users and businesses – consumers, small and...

Read more
Keeping your business out of the news.
MFox70 | 31 May 2013 | 0 comments

Does your customer have a requirement for monitoring servers or for Intrusion Detection? Are they asking about Real-time File Integrity Monitoring (FIM)? Have they recently failed an IT compliance or regulatory audit?

 

Usually a request to monitor server activity, or user and administrative access to a server, is driven by a few business needs.

It could be a Compliance or Audit requirement, it could be to pass information to a Security Incident and Event Management tool (SIEM) or Security Operations Centre (SOC) team, but more typically it is deemed to be good IT behaviour to keep an eye on how your servers are being used on a daily basis.

 

Let’s think about the rationale for those points.

Firstly if you are being audited, or someone in a risk and compliance role is scrutinising your environment, the process of generating incidents which are then analysed and potentially acted upon is actually the housekeeping role that...

Read more
A question of Trust
MFox70 | 01 May 2013 | 0 comments

Whitelisting has been a buzzword used in the industry for the past 18 months or so, and is seen by some as a Panacea to beat Malware spreading within organisations and control threats inside your environment. Indeed, some of Symantec’s products use Whitelisting as an additional method of controlling software behaviour and limiting the applications that employees can or cannot use.

 

Whitelisting generally involves a process of learning exactly which applications, operating system components and hardware drivers are installed on a server or workstation, collating that information centrally, and then allowing an administrator to approve or deny the use of these tools.

Once this process has initially completed, enforcement of this list of applications is then applied to the target machines. Theoretically, this has given control back to the organisation in relation to what software is allowed to run on the corporate computers.

 ...

Read more
W32.Inabot - Support Perspective and Battle Plan
Brandon Noble | 25 Apr 2013 | 2 comments

I. BACKGROUND:
We have been receiving a few scattered cases of outbreaks from a file labeled snkb00ptz.exe or snkb0ptz.exe, but it seems to be on the rise.

It's normally considered poor troubleshooting to use the file name for any type of identification of a threat, but recent examples have made this practical. Even though these files were detected as many different threat names and families (Trojan.gen, w32.IRCBot.NG, Downloader, etc), the cases all reported the same behavior and symptoms.

After some additional investigation, Symantec Security Response has broken out detection for W32.Inabot. That's short for the Insomnia IRC bot. More information is available from the makers of this threat in their manual, here: http://pastebin.com/dvpu8Zwb

For those of you familiar with W32.Changeup, much of this...

Read more
Symantec Sponsors the SANS Institute 20 Critical Security Controls Survey
darci_hunt | 10 Apr 2013 | 0 comments

The Critical Security Controls (CSC's) are being adopted by federal and state agencies in the U.S., Canada and elsewhere, to increase visibility into advanced threats, to shore up defenses, and ultimately for benchmarking and to improve risk posture.

To increase the limited information currently available about implementing the controls, the SANS Institute is conducting a 20-question survey for IT professionals, business unit managers and security/compliance experts. The survey was developed to find out what controls they're adopting, why, and how. The survey also explores how integrated the CSC's are in organizations that have adopted the controls, and whether any adopters have reached the stage where they can use the controls for benchmarking and to improve their risk postures.

"The Critical Security Controls are successful because of their open community approach - people and organizations voluntarily...

Read more
Evolving Endpoint Security
Vikram Kumar-SAV to SEP | 05 Feb 2013 | 0 comments

 

Symantec keeps tab on the changing Threat Landscape and incorporates relevant security on its products.Same is the story with SAV to SEP to now SEP 12..

When we had SAV in the market what our customer needed was just a Antivirus to protect their system from downtime..here antivirus was looked more as a Availability facilitator than a core security product..till early 2000.

Even though we had SCS (firewall and IPS) seclected people used the other features.

Starting from 2006-2007 that was a high rise in malware being created and vulnerabilities being exploited..slowly the trend changed and it all came down to money making malwares..

FakeAntivirus, Downadup, Various Blackmailing Trojans etc..here the audience was not high profile..and SEP 11 very well detect and blocks and does whatever it can..Slowly people started using IPS, ADC and found much more can be done with SEP and they are doing it..

However in last few years there has been...

Read more
Symantec Security Products Data Sheets
SebastianZ | 02 Feb 2013 | 0 comments

A small compilation from the Symantec Portfolio including Data Sheets of several Symantec Security Products.

 

- Symantec™ Endpoint Protection 12.1.2 (10/12)
http://www.symantec.com/endpoint-protection/data-s...

- Symantec Endpoint Protection Small Business Edition 2013 (11/12)
http://www.symantec.com/endpoint-protection-small-...

- Symantec™ Protection Suite Enterprise Edition - Comprehensive, powerful endpoint, messaging, and Web protection, for less
money (06/11)
...

Read more
WHERE BIG DATA AND SECURITY ALIGN
Al Cooley - DeepSight Product Management | 30 Jan 2013 | 0 comments

There has been a data explosion within security teams, as organisations everywhere seek to increase their effectiveness in preventing breaches of defences through improved correlation and data sharing. You have probably seen this happening within your own working environment, too.

In the quest to achieve this sought-after level of ‘good enough’ security, the findings of new research from the Enterprise Strategy Group, ‘Big Data Intersection with Security Analytics’, partially sponsored by Symantec, are encouraging.

You won’t be too surprised to hear that, in our ‘Big Data’ world, we are collecting a lot more data than we used to two years ago. There is only one direction in which that arrow is going to be pointing from now on. What is interesting here, though, is that lots of people are vested in this information to do their job – and that is likely to envelop even more people, across a wide range of roles over the next...

Read more
Vulnerability Lifecycle Management
Gavin Fulton | 13 Dec 2012 | 0 comments

Over 6 years ago, when working for a Professional Services organization and responsible for developing key Security propositions for customers, I first developed an approach for "Vulnerability Lifecycle Management".

At the time the solution involved manual integration of a range of technologies from a range of different vendors:

  • network vulnerability assessment tool
  • patch management tool
  • compliance management tool
  • risk reduction tool (Host based IPS)
  • security intelligence feed

At that time this involved a identifying a range of tools from a number of different vendors, and the associated technical and procedural integration of inputs and outputs from each.  There were challenges with the different cost models to license this complex solution, let alone the technical integration of the various input and output formats.

Jumping forward from 2006 to 2012 and this type of solution is entirely...

Read more
W32.Changeup keeps on giving
Brandon Noble | 28 May 2013 | 13 comments

I. BACKGROUND:
In mid-2009, W32.Changeup, was first discovered on systems around the world. Over the last few years, Symantec Security Response has profiled this threat, explained why it spreads, and shown how it was created.  Since November 2012 we have seen weekly spikes the number of W32.Changeup detections and infections. The increase in detections is a result of a renewed W32.Changeup campaign now active and in-the-wild.

 

II. THREAT DETAILS:
When a system is compromised, W32.Changeup may install additional malware. These secondary threats have the ability to download even...

Read more