Video Screencast Help
Security Community Blog
Showing posts tagged with Critical System Protection
Showing posts in English
MFox70 | 23 Jul 2013 | 0 comments

I attended a webinar recently which was talking about the move from physical to virtual servers in large corporations. The analogy used was that today, approximately 70% of all servers can be virtualised very quickly, but the remaining 30% can take several years of effort. Hypervisor vendors are working hard to sort this problem out, but the interesting finding was that a large section of that problematic 30% of servers are running legacy applications or are indeed legacy operating systems.

This is odd as you would think that any IT operations person would want to migrate a legacy server from physical to virtual hardware as soon as humanly possible.

 

Legacy systems are still around for a few reasons.

1 Laziness

2 Applications cannot be modified to work on newer OS platforms

3 Software Developers have long since left the company ( relates to point 2)

4 Legacy systems are connected to business critical servers, with little or no...

MFox70 | 26 Jun 2013 | 0 comments

Patching.

 

It’s a painful topic for most IT professionals, seen as the eternal battle between keeping a system running, functionally up to date yet ensuring it is secure.

Some organisations I talk to have a monthly patching cycle, which takes a week out of every month to complete. Yes, 3 months of the year, they have teams of staff patching applications and servers. This is a costly and time consuming process, and I am sure these engineers would rather be doing something more interesting!

 

Yet it is arguable if a fully patched system really IS secure. Many hacking attempts and malware writers look for vulnerabilities that are not even discovered by the software vendors, a concept known as a Zero Day threat, so having a system that is patched against “ yesterdays’ “ threats is not exactly ideal. Let’s face it, malware writers and hackers create exploits quicker than corporates patch their systems.

...

James Hanlon | 10 Jun 2013 | 1 comment

You must have been taking a long (and probably well deserved) holiday if you have not noticed the increasing use of the term “cyber” in the press recently.

Anything security related is now a cyber risk, a cyber incident or a cyber attack. Governments are driving cyber strategies, citizens need to be cyber aware, businesses are tabling cyber projects, companies are building cyber capabilities, vendors are creating cyber solutions and consultancies are creating cyber practices to help you enhance your cyber resilience.

With all this hype, the key question is - what is different from the infrastructure and information security we have been doing for years and this new cyber approach? This is a good question because everyone seems to have a different perspective on cyber. And for very good reasons.

At Symantec, we get the opportunity to discuss the different interpretations of cyber with many types of users and businesses – consumers, small and...

MFox70 | 31 May 2013 | 1 comment

Does your customer have a requirement for monitoring servers or for Intrusion Detection? Are they asking about Real-time File Integrity Monitoring (FIM)? Have they recently failed an IT compliance or regulatory audit?

 

Usually a request to monitor server activity, or user and administrative access to a server, is driven by a few business needs.

It could be a Compliance or Audit requirement, it could be to pass information to a Security Incident and Event Management tool (SIEM) or Security Operations Centre (SOC) team, but more typically it is deemed to be good IT behaviour to keep an eye on how your servers are being used on a daily basis.

 

Let’s think about the rationale for those points.

Firstly if you are being audited, or someone in a risk and compliance role is scrutinising your environment, the process of generating incidents which are then analysed and potentially acted upon is actually the housekeeping role that...

MFox70 | 01 May 2013 | 1 comment

Whitelisting has been a buzzword used in the industry for the past 18 months or so, and is seen by some as a Panacea to beat Malware spreading within organisations and control threats inside your environment. Indeed, some of Symantec’s products use Whitelisting as an additional method of controlling software behaviour and limiting the applications that employees can or cannot use.

 

Whitelisting generally involves a process of learning exactly which applications, operating system components and hardware drivers are installed on a server or workstation, collating that information centrally, and then allowing an administrator to approve or deny the use of these tools.

Once this process has initially completed, enforcement of this list of applications is then applied to the target machines. Theoretically, this has given control back to the organisation in relation to what software is allowed to run on the corporate computers.

 ...

Brandon Noble | 25 Apr 2013 | 2 comments

I. BACKGROUND:
We have been receiving a few scattered cases of outbreaks from a file labeled snkb00ptz.exe or snkb0ptz.exe, but it seems to be on the rise.

It's normally considered poor troubleshooting to use the file name for any type of identification of a threat, but recent examples have made this practical. Even though these files were detected as many different threat names and families (Trojan.gen, w32.IRCBot.NG, Downloader, etc), the cases all reported the same behavior and symptoms.

After some additional investigation, Symantec Security Response has broken out detection for W32.Inabot. That's short for the Insomnia IRC bot. More information is available from the makers of this threat in their manual, here: http://pastebin.com/dvpu8Zwb

For those of you familiar with W32.Changeup,...

darci_hunt | 10 Apr 2013 | 0 comments

The Critical Security Controls (CSC's) are being adopted by federal and state agencies in the U.S., Canada and elsewhere, to increase visibility into advanced threats, to shore up defenses, and ultimately for benchmarking and to improve risk posture.

To increase the limited information currently available about implementing the controls, the SANS Institute is conducting a 20-question survey for IT professionals, business unit managers and security/compliance experts. The survey was developed to find out what controls they're adopting, why, and how. The survey also explores how integrated the CSC's are in organizations that have adopted the controls, and whether any adopters have reached the stage where they can use the controls for benchmarking and to improve their risk postures.

"The Critical Security Controls are successful because of their open community approach - people and...

Vikram Kumar-SAV to SEP | 04 Feb 2013 | 0 comments

 

Symantec keeps tab on the changing Threat Landscape and incorporates relevant security on its products.Same is the story with SAV to SEP to now SEP 12..

When we had SAV in the market what our customer needed was just a Antivirus to protect their system from downtime..here antivirus was looked more as a Availability facilitator than a core security product..till early 2000.

Even though we had SCS (firewall and IPS) seclected people used the other features.

Starting from 2006-2007 that was a high rise in malware being created and vulnerabilities being exploited..slowly the trend changed and it all came down to money making malwares..

FakeAntivirus, Downadup, Various Blackmailing Trojans etc..here the audience was not high profile..and SEP 11 very well detect and blocks and does whatever it can..Slowly people started using IPS, ADC and found much more can be done with SEP and they are doing it..

However in last few years there has been...

SebastianZ | 02 Feb 2013 | 0 comments

A small compilation from the Symantec Portfolio including Data Sheets of several Symantec Security Products.

 

- Symantec™ Endpoint Protection 12.1.2 (10/12)
http://www.symantec.com/endpoint-protection/data-s...

- Symantec Endpoint Protection Small Business Edition 2013 (11/12)
http://www.symantec.com/endpoint-protection-small-...

- Symantec™ Protection Suite Enterprise Edition - Comprehensive, powerful endpoint, messaging, and Web protection, for less
money (06/11)
...

Al Cooley - DeepSight Product Management | 29 Jan 2013 | 0 comments

There has been a data explosion within security teams, as organisations everywhere seek to increase their effectiveness in preventing breaches of defences through improved correlation and data sharing. You have probably seen this happening within your own working environment, too.

In the quest to achieve this sought-after level of ‘good enough’ security, the findings of new research from the Enterprise Strategy Group, ‘Big Data Intersection with Security Analytics’, partially sponsored by Symantec, are encouraging.

You won’t be too surprised to hear that, in our ‘Big Data’ world, we are collecting a lot more data than we used to two years ago. There is only one direction in which that arrow is going to be pointing from now on. What is interesting here, though, is that lots of people are vested in this information to do their job – and that is likely to envelop even more people, across a wide range of roles over the next...