Video Screencast Help
Security Community Blog
Showing posts in English
MFox70 | 31 May 2013 | 1 comment

Does your customer have a requirement for monitoring servers or for Intrusion Detection? Are they asking about Real-time File Integrity Monitoring (FIM)? Have they recently failed an IT compliance or regulatory audit?

 

Usually a request to monitor server activity, or user and administrative access to a server, is driven by a few business needs.

It could be a Compliance or Audit requirement, it could be to pass information to a Security Incident and Event Management tool (SIEM) or Security Operations Centre (SOC) team, but more typically it is deemed to be good IT behaviour to keep an eye on how your servers are being used on a daily basis.

 

Let’s think about the rationale for those points.

Firstly if you are being audited, or someone in a risk and compliance role is scrutinising your environment, the process of generating incidents which are then analysed and potentially acted upon is actually the housekeeping role that...

Philip Routley | 29 May 2013 | 0 comments

Real world tests show Symantec Endpoint Protection Small Business Edition 2013 leads the pack

Symantec’s endpoint solutions, designed for consumers, small businesses and enterprises, were recently awarded top honors from Dennis Technology Labs, specializing in security testing that uses a world-class anti-malware framework.

  • Symantec received Dennis Technology Labs’ “AAA” rating and received the highest scores across every category in its Anti-Malware testing.
  • Norton Internet Security scored the highest for home protection, while Symantec Endpoint Protection Small Business Edition 2013 (SEP SBE 2013) won for small business protection and Symantec Endpoint Protection 12 won in enterprise protection.

SEP SBE 2013 was the only small business solution to receive the Dennis Technology Labs AAA award. Testing was performed over a 3 month period...

Brandon Noble | 29 May 2013 | 0 comments

Over the past several months we have had inquiries from concerned customers claiming Symantec was scanning their forward facing IPs for vulnerabilities. After some research and some extremely tense meetings it was determined that this was actually part of a service the customer had purchased and opt'ed in for and that perhaps the Web team had forgotten to let the SOC know what was going on. Sound familiar?

The service is part of Trusted Services and allows the customer to add the Norton Secured seal to their website.

Vulnerability Assessment Service can create multiple entries in the customer’s website's logs and could cause alerts from their perimeter IDS/IPS. Its recommended to create rules or filters for these entries to avoid an false positives.
Vulnerability Assessment Service uses the following...

Swathi Turlapaty | 20 May 2013 | 1 comment

The cyber threat landscape is evolving by the second. And according to Symantec's Internet Security Threat Report (ISTR) 2013, a variety of trends are underscoring the importance of having a layered approach to security.

For most, this begins and ends with the installation of a basic antivirus protection program. However, this approach is no longer effective as cyber criminals are shifting gears from single, high-profile attacks to finely-targeted assaults using little-known malware mutations. A lone antivirus protection program is simply obsolete with the immense complexities of the modern-day threat landscape. The only way to successfully thwart these viral security breaches is with a layered approach to security—one that only Symantec Endpoint Protection 12.1 can offer. Symantec’s multi-layered approach is a mix of intelligence-based technologies that scour files, the Web, and your network to ensure that malicious malware hasn’t intruded. With five...

OmerCh | 18 May 2013 | 0 comments

 

Background

Symantec Web Gateway is state of the art proxy and web filtering solution for corporate local area networks. It has the capability to authenticate end users and provide them secure web browsing experience as per organization’s policies and requirements.

SWG can use one of the 2 authentication mechanisms available in it named

-          Domain Controller Interface (DCI)

-          NTML Authentication

SWG can only use one of these methods at a time.

 

Comparison of NTLM authentication and DC Interface Mechanisms

NTLM and DC Interface provide different kinds of authentication mechanisms and have difference in functionality as well.

DC Interface

DCI works by integrating with domain controllers in an organization. In order to do so we need to install a small piece of software on domain...

pete_4u2002 | 17 May 2013 | 0 comments

Reference: http://www.symantec.com/business/support/index?page=content&id=TECH205767

Symantec will post update to the AV Engine in Multiple Daily Virus Definitions on Tuesday May 21st 2013.

Beginning with the Virus Definitions that include the update AV Engine version 20131.1, additional files will be added. That update is expected to post in MDD1 on Wednesday May 21st.

Symantec Endpoint Protection 12.1+ and Norton AntiVirus/Norton Internet Security 2011+ customers will see 4 new index files.  Symantec Endpoint Protection 11+ and Norton AntiVirus/Norton Internet Security 2007+ products will see 8 additional index files.

As a result of the additional files, the size of each dated definition folder will increase. Note the size increase noted below will be the size that is added to the dated definition folders as they exist...

Wally | 14 May 2013 | 2 comments

Hello all - I just want to share this information with you.  It worked for me, but no guarantees...

We have a couple of older P4 systems (XP SP3 32-bit) with the Intel 865PE chipset and ICH5 controller.   We couldn't boot from the SERT CD on these systems - got a boot error 5 - probably has something to do with the older chipset and WinPE.

So, here's what we did to boot from a USB memory stick

First follow the instructions in TECH131578 -

http://www.symantec.com/business/support/index?page=content&id=TECH131578&profileURL=https%3A%2F%2Fsymaccount-profile.symantec.com%2FSSO%2Findex.jsp%3FssoID%3D1367256265628krhzFurGC64N88iGa5T5a6LD1sSGJF28647W0

with the following exception in Step 6....

Swathi Turlapaty | 13 May 2013 | 0 comments

Over the last year, the threat landscape has radically changed as cyber criminals diligently find new ways to attack encrypted data through various channels.  The annual Symantec Internet Security Threat Report (ISTR) revealed that Web-based attacks increased 30% in 2012. Surprisingly though, is that a majority of those attacks targeted small business with less than 2,500 employees, proving that no matter what size your business is, it’s vulnerable to potential attacks. Other results from the ISTR indicated a rise in targeted attacks, sub-standard website security increases risk, mobile malware is a growing concern, and that new tactics, like ransomware, will continue to evolve. To read more about the ISTR findings and learn how to better protect your small business from malicious attacks, follow this link: http://bit.ly/14QmmJ6     

Milan_T | 09 May 2013 | 0 comments

IT is tagged as a burden on business with huge annual expenses.

On the other hand businesses today face a considerable challenge to deliver ever-improving service levels to meet and exceed the expectations of their business users for service quality, availability, and security while optimizing resources and operations costs to manage and maintain the IT infrastructure. Monitoring and managing these increasingly complex infrastructures is a growing problem.

IT professional’s main challenge is to secure the increasingly time-intensive task of infrastructure and device management, increasing the overall availability of network resources to support broader use of converged technologies.

About ISMS:

Information Security Management System (ISMS) can foster efficient security cost management, compliance with laws and regulations, and a comfortable level of interoperability due to a common set of guidelines followed by the partner...

tiffany_jones | 03 May 2013 | 1 comment

Recently, I had the opportunity to speak to an esteemed group of people at the Fordham Law Center on National Security.  My topic revolved around the latest Cyber Security Trends and Threats, relying on stats from Symantec's latest Internet Security Threat Report (just released last month).  The link to the report is here: http://www.symantec.com/security_response/publications/threatreport.jsp

Areas of discussion included the rise in highly targeted attacks, increased threat to small businesses, ransom ware, and the Elderwood Project. Attendees ranged from venture capitalists, law firm partners, law enforcement officials, business consultants, policy analysts, among others.  This was a great opportunity to raise awareness about the importance of cybersecurity and stress the importance of "shared responsibility".  We each have a role to play...