Video Screencast Help
Security Community Blog
Showing posts in English
ryanschoenherr | 24 Nov 2014 | 0 comments

Novacoast is a Syamntec Platinum Partner and has partnered with MetriX Dashboards who have developed their our own unique real time dashboard solution. MetriX gives users the power to quickly and easily aggregate real-time data from any number of data sources into a single, consolidated view.

MetriX provides those within security with an unprecedented view into the organization’s security posture, while providing you with real-time notifications when thresholds or service levels are not being met. This ensures that IT can respond quickly to threats, thereby reducing risk associated with lack of timely visibility.

I thought this may be of intrest and wanted to share a screen shot of a few dashboards.

For additional information feel free to shoot me a note at rjschoenherr@novacoast.com or visit www.metrixdashboards.com

...

Steve C Blair | 24 Nov 2014 | 0 comments

On behalf of all of us in Product Management and Engineering I would like to thank you for your willingness to be part of the DCS 6.5 Beta. For all of you who also filled in our survey, your anonymous responses were very helpful so we can better understand your needs, environment and the use-cases you want to investigate with our new product.

Updates since last Blog

Over late October and November, a lot of work has been going on with our Engineering teams who are busily preparing for the December Beta drop.  We have had a number of pre-Beta trials running inside the company, defect reviews and have a high confidence you will be impressed with our new UI, product features and flexibility to better secure your workloads in your data center.

You may recall in the previous Beta announcement we said we were investigating doing Hands-On Labs to give customers an opportunity to test without having to setup your own environment. Unfortunately this...

Avkash K | 20 Nov 2014 | 0 comments

Some bad news for Android users, A security weakness in Android mobile operating system versions below 5.0 has been noticed. It puts potentially every Android device at risk for privilege escalation attacks. It has been patched in Android 5.0 Lollipop – the latest version of the mobile operating system.

This vulnerability has been discovered by a security researcher named Jann Horn. 
This could allow any potential attacker to bypass the Address Space Layout Randomization (ASLR) defense and execute arbitrary code of their choice on a target device under certain circumstances. ASLR is a technique involved in protection from buffer overflow attacks.
The flaw resides in java.io.ObjectInputStream, which fails to check whether an Object that is being deserialized is actually a serializable object. The vulnerability was reported by the researcher to Google security team earlier this year.

Jann confirms ""When ObjectInputStream is used on untrusted inputs,...

Matt Cooke | 12 Nov 2014 | 0 comments

Symantec are building a new security client designed specifically for embedded systems.  We’ve taken the code base of our Critical System Protection client edition re-architected, feature enhanced and optimized it to run on embedded systems such as those used in industrial control systems, automotive, point of sale, healthcare and beyond.

We are inviting you to take part in our Symantec Embedded Security: Critical System Protection beta program beginning early December 2014. By participating in the beta program, you will be able to experience first hand the benefits of our new Internet of Things (IoT) product offering.

Key features in Symantec Embedded Security: Critical System Protection

Securing IoT devices: Symantec Embedded Security: Critical System Protection provides a signature-less policy-based approach to security for your terminals or embedded devices. Symantec Embedded Security: Critical System Protection...

Kari Ann | 05 Nov 2014 | 5 comments

Today, Symantec released a new security advisory impacting older versions of the Symantec Endpoint Protection Manager (SEPM). Product engineering teams have worked closely with SEC Consult Vulnerability Lab and @virtualminds_es to verify the vulnerabilities. The latest release, SEPM 12.1.5, is available on FileConnect and contains updates that prevent the issues and should be installed to prevent infection.

The issues affect XML External Entity Injection, reflected cross-site scripting and the potential for arbitrary file write/overwrite. The vulnerabilities are considered medium to high severity. With normal SEPM installation the affected port(s) should not be accessible without gaining initial access to the network. Successful exploitation of these vulnerabilities could result in unauthorized user-level access to the SEPM, elevated or application-level access on a server, or...

ryanschoenherr | 27 Oct 2014 | 0 comments

metrix_small1.png

Security

Security presents a challenge with regards to data analysis for two distinct reasons. First and foremost is the enterprise’s ability to keep pace with a fast-changing, ever-evolving security landscape. Most organizations have little to no visibility into where their confidential data is stored on the network, control over where that data is going, or what to do once they find it. Unsurprisingly, data-related security was cited as a top priority among business technology professionals who responded to a 2012 survey conducted by ...

Dhasan | 16 Oct 2014 | 0 comments

In Data Center Security Server Advance 6.0

If you navigate to the below location

DCS console - > Admin - > Settings - View configuration - > Master Server : 'Server Name and IP address'

When you have 2 or more DCS server installed and using same SQL DB, you will see the same name on all the DCS console.

This is actually not referring to the Primary DCS server.

It refers to which DCS server is resposible to send an alerts.

To determine, if you have got 2 DCS server , turn off your actualy primary DCS server, then you will see the 'Master server' name shows your secondary DCS server name.

master server.jpg

James L | 14 Oct 2014 | 0 comments

Google recently announced the https certificate update to its search algorithm, it will directly impact on your website ranking, if your website carry the SSL Certificate then you will get the “Google Ranking” boost up. But think why Google is giving the more important to websites which has an SSL Certificate let me explain you.

https_0.PNG

An SSL Certificate is create a secure layer between your web browser and visitors’ web browsers, and making important data like banking & personal details in encrypted format. As phishing attacks are increasing nowadays, online security is major concern for the world. Google believes that by penalized the websites which don’t have an SSL Certificate, owners of the websites create the benchmark that show users are more likely to visit a websites which are secure with “https” and by this way people become more aware about online web security and the...

Dhasan | 09 Oct 2014 | 1 comment

SEPM home page dash board is not updating quickly

After SEP client installation shows under up-to-date category even though the client is not up-to-date

This is observed if we install SEP Client using the package exported from SEPM a month or week ago...and the LU policy is set not to download updates from SEPM or directly from Symantec...that client goes to up-to-date category then after long time..it disappears from that then it goes to out-of-date..

AV - up to date.png

av -up to date.jpg

av -up to date 1.jpg

Chetan Savade | 07 Oct 2014 | 5 comments

Hello Everyone,

Symantec Endpoint Encryption v11.0.0 has been released. Release is now available on fileconnect to download.

New enhancements have been introuduced in the release, few of them are listed here:

Feature Highlights:

New integrated Endpoint Encryption client:

o   Built on PGP technology

o   Managed by Symantec Endpoint Encryption Management Server

Various client deployment options:

o   Provides support for never-connected and seldom-connected client deployment

o   Policy delivery though GPO, native policy or install-time policy

o   Seamless user registration and enrollment

Various Drive Encryption Recovery Options:

o   Help Desk...