Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog
Showing posts in English
EfrainO | 25 Aug 2014 | 0 comments

Survey Study Tools
     The following tables, graphs and visualizations are examples of tools for performing continuous surveying of digital populations.

Cohort Study
      A cohort study takes a look at a random sampling of the population and compares it to a known group of infected systems. It than takes a specific variable or set of variables and compares the hosts’ health outcome. In table 1, we can see that users who used a resource from USB were 5.69 times more likely to become infected. This study would warrant further study to ascertain exactly what caused the infection from USB use, but at a minimum a USB protection layer can be considered to reduce the overall probability of an infection outcome. If all the USB borne disease pathogens were executable files, security administrators may consider applying a prevent execution, but allow read and write to/from USB devices policy...

EfrainO | 25 Aug 2014 | 0 comments

Epidigitalogy Survey Study Types
     In the field of epidemiology there are two study types that I think would be beneficial to the epidigitalogist. The first type of study is a retrospective cohort study. A retrospective cohort study looks to the past for comparison of a known group “cohort” against other groups to identify differences. If we have a known diseased group of machines, we can look back in time to see which other systems are also exhibiting the same attributes. A sample retrospective cohort study may show that a group of computers with their hard drives at 95% capacity tend to not retrieve their content in a timely manner thereby exposing them to more frequent vulnerable states. The second study is a prospective cohort study. A prospective cohort study looks to the present state of hosts, selects a “cohort” of interest and follows them forward in a controlled experiment. An example of a prospective cohort study would look...

EfrainO | 22 Aug 2014 | 0 comments

Leveraging Waiting Room Time
     Organizations can continue to rely solely on their security vendors to provide the miracle drug or antidote for the digital disease pathogen, or they can take more of a hands-on surveying approach to improve security. Relying on the security vendor is the traditional practice which is normally followed by applying pressure on the security vendor to deliver the miracle drug or antidote quickly. This time spent waiting allows the digital disease pathogens to possibly mutate and spread further in the environment. Another approach taken by organizations is the installation of many different security technologies with all the bells and whistles activated in hopes of detecting and preventing the next threat. Unfortunately, enabling all the prevention features of a security product or collection of security products may present an unwanted side effect: with prevention enabled at a very aggressive level, the...

Kari Ann | 21 Aug 2014 | 1 comment

Demand for cyber-security professionals is growing twice as fast as other IT jobs, according to the report by Burning Glass, and the availability of necessary skills appears to be “outstripping supply.” Given the complex and competitive environment, how do cyber-security professionals keep up with the expertise required to move endpoints “beyond antivirus” in today’s digital age? 

Complex threats and internal challenges require focus on building an architecture with efficiency and effectiveness. A solid endpoint security architecture under-pins every foundation from the small-business to even the most complex enterprise. 

With constrained resources, is it possible to improve your security architecture without spending another cent? 

The simplest place to start is with Symantec’s...

Richard Harsell | 20 Aug 2014 | 0 comments

We are looking to hire a CSP resident in the Raleigh, NC area.  The req can be found at:

Please contact Ryan Alves at


This Resident Consultant will be the trusted advisor in Symantec Data Center Security (DCS) - formerly Critical System Protection (CSP) - for a customer located in Raleigh, NC.  The successful candidate will be part of a team of onsite Consultants that support multiple Symantec technologies for this customer.  The primary responsibilities include:

  • Prevention and Detection policy testing, tuning, and automation
  • Customized reporting and analytics
  • Upgrade testing and deployment
  • Assist with daily administration and optimization of the DCS/CSP...
EfrainO | 18 Aug 2014 | 0 comments

Following in Dr. Snow’s footsteps
     We can follow Dr. Snow’s lead by looking for commonalities, differences and outliers in our own digital communities. We need to start to look for what makes one system get infected while another does not. It is difficult to inconvenience many people based on incomplete evidence or misunderstood information. It may help to tell the Dr. Snow story to illustrate the parallels with the difficult fight against digital diseases. When the water pump on Broad Street was removed, the community complained about the inconvenience of having to walk farther to get their water. In order to convince our digital General Board of Health to remove a digital pump handle at an organization, we must have the evidence to back up our claims.  We must remind users that when it comes to digital diseases, just like biological diseases, epidemiology is a science of probability not a science of certainty. Even a great...

Marianne Davis | 15 Aug 2014 | 0 comments

How do you know how much cybersecurity is enough? Roughly 45 percent of global CIOs admit to underinvesting in cybersecurity according to a recent Accenture study. While CIOs are generally aware that endpoint protection alone is not enough to protect their business against advanced cyber threats, many are reluctant to upgrade security technologies. Why? Because of the perceived cost involved.

According to the U.S. Treasury, companies often avoid sufficiently investing in cybersecurity because they perceive that existing threats don’t warrant high levels of investment. Unfortunately, the cost of data...

EfrainO | 07 Aug 2014 | 0 comments

This is the second part of my blog series.

In the medical community, Dr. John Snow is considered the father of modern epidemiology. He is known for successfully investigating the cause of a cholera outbreak in London in 1854. Through careful surveying of the deceased individual’s location of death, and which company was their water provider, Dr. Snow noticed that the locations of the deceased seemed to correlate to where they obtained their water. Contrary to popular retelling, Dr. Snow did not figure out the cause of cholera from looking at a map of data. Before the Broad Street pump incident, Dr. Snow was already investigating two water companies that served London; the Southwark & Vauxhall Company and the Lambeth Water Company. An outbreak of Cholera in the Soho area of London occurred in 1854 which offered him the opportunity to test his hypothesis: that cholera was transmitted via water and not air as believed by miasmatists. Miasmatists believed diseases were...

Kari Ann | 07 Aug 2014 | 4 comments

The prevalence of zero-day vulnerabilities hit close to home this week when a North American penetration tester published a report claiming they had found a vulnerability in Symantec Endpoint Protection. The reality of Symantec’s ISTR vo. 19 seeing a 64%* increase in zero-day discoveries last year came alive as the Endpoint Protection product team reacted quickly to confirm and respond to the risk with a patch (available on FileConnect).

To date, no known compromise has been reported due to this medium severity vulnerability. The issue affects the Application and Device Control component of Symantec Endpoint Protection. If exploited, it could result in a client crash, denial of service or, if successful, escalate to admin privileges and gain control of the system.

It’s important to note that the vulnerability is not...

EfrainO | 06 Aug 2014 | 0 comments

This is the first of a multipart blog. I want to advocate a process change to continuously monitor an organization’s digital population, healthy or otherwise, modeled after Dr. John Snow and the Center for Disease Control and Prevention’s Epidemic Intelligence Service (CDC EIS). This Snow–and-CDC inspired process will help in detecting outliers or indicators of early stage digital disease onset, limiting the exposure time to hosts, and limiting the total cost of loss. Instead of waiting for a digital disease outbreak to engage responders, we should engage in the constant day to day analysis of population health data to find the digital disease pathogen before it becomes an epidemic and possible pandemic. In this paper I’ll discuss Dr. Snow’s investigation of cholera and how his investigation method relates to digital disease detection, response and prevention. I will also cover some tools used in epidemiology that demonstrate epidemiology’s applicability to advance the information...