Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Symantec Analyst Relations
Showing posts tagged with Security
Showing posts in English
Symantec Analyst Relations | 01 Oct 2013 | 0 comments

This Blog was originally posted in Security Response

The ZeroAccess botnet is one of the largest known botnets in existence today with a population upwards of 1.9 million computers, on any given day, as observed by Symantec in August 2013. A key feature of the ZeroAccess botnet is its use of a peer-to-peer (P2P) command-and-control (C&C) communications architecture, which gives the botnet a high degree of availability and redundancy. Since no central C&C server exists, you cannot simply disable a set of attacker servers to neuter the botnet. Whenever a computer becomes infected with ZeroAccess, it first reaches out to a number of its peers to exchange details about other peers in its known P2P network. This way, bots become aware of other peers and can propagate instructions and files throughout...

GregDay-SecurityCTO | 08 Mar 2013 | 0 comments

The Internet of Things (IoT) took another step forward, as standardisation body OASIS formed a committee to enable the adoption of Messaging Queue Telemetry Transport (MQTT) for machine to machine (M2M) communications. 

MQTT is a small-footprint messaging protocol designed to enable low-power devices to exchange information. Such standards matter as they accelerate technology creation and adoption, by reducing development costs and increasing interoperability. In layperson's terms, the easier it is for devices to talk to each other, the more they will do it.

IoT is very interesting to us at Symantec, most importantly because it will have a dramatic impact on the way we all use technology. The EU's Neelie Kroes suggested that up to 50 billion devices could be connected to the Internet by 2020, from pallets to fridges. Indeed, the number of '...

GregDay-SecurityCTO | 10 Dec 2012 | 0 comments

IT Security is, at its core, just another kind of risk management. The principles are straightforward to explain – identify the risks, their probability and impact, then work out suitable mitigation strategies to reduce one or the other. 

So, how hard can it be to 'deliver' IT security - that is, to make an organisation's IT environment secure? Very hard, is the answer, when we consider just how far technology has come since such principles were first documented. The main challenge can be to identify the risks in the first place, against a background of constant evolution and sudden change.

And it's not going to get any easier given that threats come from an increasing variety of places. Let's summarise - mobile devices and networks; cloud-based applications, services and infrastructure; social networks and online collaboration tools; email and documents; virtualised...

Symantec Analyst Relations | 28 Nov 2012 | 0 comments

by John Brigden, SVP EMEA

This blog was originally posted in Information Unleashed.

Imagine half the value of your business being buried out of sight; or that value residing on the devices your employees took home at night, possibly to be lost or damaged. It’s a sobering thought—and one that’s all too real in today’s digital world.

According to the Symantec 2012 State of Information Report, almost half (46 percent) of an organisation’s information is being stored outside of its own data centre on devices beyond the corporate firewall. That could be anything from confidential customer information and sales opportunities, to crucial emails and financial reports. This ‘information sprawl’ is like setting a match to your business.

In the report, information sprawl was identified as the culprit in more than one-...

Symantec Analyst Relations | 22 Oct 2012 | 0 comments

By Johnny Karam, Regional Director Middle East

This blog was originally posted in Security Community Blog.

It is day three of GITEX and I’ve been talking from morning to night with CIOs, IT executives and partners. But I’m not tired...I’m actually energised. Energised because now more than ever before I am seeing how Symantec is an integral piece of the puzzle at the heart of Middle East organizations – and that is exciting!

In making the rounds at this premiere IT event for the Middle East, one of the resounding subjects in every discussion has been cyber security threats. The recent blaze of high profile attacks in the region has brought to life the growing concern and deeper awareness of the threats that organisations are facing today and how to protect their information and minimize the risks from undue...

GregDay-SecurityCTO | 22 Aug 2012 | 0 comments

There is often talk of the growth in mobile threats and, in 2011, we saw significant growth, in terms of volume as a percentage. Yet, as a total of the numbers involved, these were still relatively small – in the thousands, rather than hundreds of millions that unleashed themselves on the PC last year.

At the same time, we did see far greater innovation in the nature of mobile threats, with attackers focusing in on finding vulnerabilities to exploit, such as the botnet concept, as well as where money can be made and information stolen through smart devices.

So what is the right way to manage that threat and soften its impact?

Let me start by looking at process – and please bear with me as I do. In the past 10 years, the cost of a laptop computer has plunged by a massive 90%, while already it’s...

GregDay-SecurityCTO | 10 Jul 2012 | 0 comments

Attacks by viruses, trojans and other malware have often been considered as a Microsoft problem. Whilst Microsoft may have initially been slow to realise the significance and impact of malware, with  Windows XP Service Pack 2 and Microsoft’s Trustworthy Computing initiative, led by a former FBI agent, that the company started to get on top of the challenge.

Despite what the anti-Redmond crowd have blogged over the years, however, hackers didn’t target Microsoft products exclusively because they were insecure, or because the people involved had some ideological death-wish on the company. No – they did it because Microsoft was the most used end-point device environment in the world. Bill Gates’ “Windows Everywhere” ambition, once realised, made it the most obvious of all targets.

When times change, however, they don’t necessarily follow the script. In the personal computer era, the debate was about whether Linux (and more...

Symantec Analyst Relations | 25 Jun 2012 | 0 comments

By Patricia Titus, Vice President and Chief Information Security Officer

This blog was originally posted in Information Unleashed: The Official Voice of Symantec

Security leaders have come a long way, from backroom IT gurus to earning a seat at the executive table. Today, boardroom discussions increasingly focus on security threats and risk management and CISOs are being asked by the CEO “How secure is our online e-commerce site?” or “Are we at risk of being attacked by hackers?”

As a security leader, your answer to these questions can determine whether you get the resources and support needed to manage the risks to your organization. Therefore, the ability to answer these kinds of questions in a way that resonates with business executives is critical.

To do this, you cannot rely on the technical dashboards of IT GRC solutions past. While...

GregDay-SecurityCTO | 24 Apr 2012 | 0 comments

A conversation I sometimes get involved in with customers is, "How should we secure vSphere?" The environment doesn't have to be VMware-based of course, it could be Xen, Microsoft, Red Hat or any other, but the question remains. 

From a technical perspective, the set of risks is reasonably well understood and by and large appropriate mitigations exist. For example each virtual machine, and the network connections between VMs need to be as secure as their physical equivalents. Meanwhile security holes could exist in the hypervisor layer, as with any other software package. Protections such as defence in depth, intrusion detection and prevention, patch management and so on remain much the same as in the traditional, physical world.

However, the net-new of a virtualised environment lies in how VMs are provisioned and managed. It is clearly much easier to deploy a virtual machine...

D Thomson | 01 Feb 2012 | 0 comments

With many organisations giving cloud computing serious consideration, a question we are often asked is, "Should we be putting our data in the cloud?" Organisations should be concerned about their data, wherever it is - it's a strategic business asset, after all. Indeed, this concern should extend to wherever the data is, depending on what it is and how it is being used. 

Each organisation is different and no blog post would be long enough to map out all the different risks and options, but we can get an idea of where to look for causes of concern. Here we separate risks out into non-scientific but nonetheless helpful categories of security, privacy, supplier and compliance. 

Security risks first, then. When we say data need to be kept secure, what we're really thinking is that malicious third parties can't get hold of it, to use or damage it in some way. Of course you need some kind of assurance that a cloud provider is protecting your...