Blogs

    Publish
     
      • Three-Dimensional Data Protection: Access, Visibility, and Control

        Nov 18 2016, 12:51 AM

        by Sunil Choudrie 2

        Knowledge is power. Whether it’s your proprietary data, customer insights, or strategic plans, data is valuable and needs protection. The problem is large. In 2015, half a billion personal records were stolen or lost, according to the Symantec 2016 Internet Security Threat Report Vol. 21 (ISTR). 

        What’s behind this risk? Our research shows both internal and external threats. Criminals have found that they can obtain your data by breaking into your systems or by targeting your staff who might be softer targets. If your staff use simple or default passwords, over-share data, or don’t follow security measures (such as removing redundant files from cloud services), they put your data at risk. And malicious insiders, such as disgruntled employees, may try to steal sensitive corporate data to further their career or to sabotage your company.

        Data Protection is not just about data loss prevention, it’s also about protection and access control. The key questions revolve around how do we allow open access to everyone, while still ensuring sensitive data is properly controlled? And moreover, how do we do this correctly?

        Symantec Information Protection

        The objective is not to contain data, but instead place the right visibility, controls, and policies to ensure that data is useful and not over-exposed. There’s also the people element. Encouraging the right behavior is better for employee trust and security. Consider a member of your team that attaches a document to an email. If they accidentally attach the wrong file in their haste, it can lead to embarrassment at best or a PR disaster or worse. Ideally, you would want to intercept this email before it leaves the organization, but if this isn’t carefully managed you can block emails that you didn’t mean to. A better approach is to empower your staff. A well-timed alert could inform your staff member that the attachment contains sensitive data, and gives an opportunity for any mistakes to be corrected. This approach allows your staff to make the right decision in what might be complex circumstances, which both plays to their strengths and reinforces and builds a strong security culture.

        Symantec Information Protection helps you identify critical data across all your files and emails using automated discovery and context-based classification. With Symantec, risk is reduced by ensuring you limit access to the right people. You limit the risk of data getting into the wrong hands by managing how it’s stored and the protection that surrounds it. You can easily apply policies to control access and usage―in the cloud, on mobile devices, or on the network—and protect and control data by establishing policies that apply across your entire network via a single point.

        Symantec VIP, VIP Access Manager, Data Loss Prevention all work together to create an information protection platform. Symantec Information Protection covers three areas: Access, Visibility, and Control.

        “Where are my data risks?”

        To protect data, you first need to find it, classify it, and then ensure that it’s properly managed. The challenge here is identifying the highest risks to your data. With data volumes exploding (a five-fold increase in data is predicted between 2015 and 2020), and data formats becoming less structured (photographs of forms or whiteboards), the challenges will only grow. 

        Symantec Information Protection helps you discover where your sensitive data is stored across your infrastructure. You’ll be able to monitor and protect sensitive data on mobile devices, on-premises, and in the cloud. And it’s all done through a unified policy framework to define data loss policies and to help you review and remediate incidents.

        “Who is accessing my data?”

        Passwords are the de facto standard, but bitter experience teaches us that too many users are inundated with them, resulting in the use of weak passwords, passwords being reused or even written down when they are too hard to remember. A recent study entitled Cyber Security Flaws in Working Practices discovered that 21 percent of workers write down their passwords. In another study, sixty-three percent of confirmed data breaches involved weak, default, or stolen passwords, according to the Verizon 2016 Data Breach Investigations Report. You need to strike the right balance—making it easy for the end-user to access systems while ensuring security without relying on written-down notes.

        Poor password hygiene makes accounts vulnerable to takeover attacks. These attacks can be eliminated with the use of single-sign on and multi-factor authentication technologies, such as Symantec VIP and VIP access manager. Symantec Managed PKI service also provides simple to manage device certificates, enabling secure access from any device, anywhere, to any apps your users need. Symantec increases security because VIP password-less fingerprint authentication makes accessing all approved applications simple, without the user needing to remember multiple passwords for multiple applications. This enables your organization to determine what applications show up as an option for the user based on their role.

        With Symantec VIP, VIP Access Manager, and Managed PKI Service, we offer single sign on with rock-solid authentication to protect all your cloud and on-premises apps.

        “How do I better protect my data?”

        Data Breaches have almost become a weekly, if not daily, occurrence. According to the ISTR, the number of publically disclosed data breaches has risen steadily over the last number of years to reach 318 in 2015. What about stolen laptops or USB thumb drives and data breaches? Breaches caused by stolen or lost devices are real threats organizations face. In fact, this type of data breach makes up 45 percent of healthcare industry data breaches, according to the Verizon 2015 Data Breach Investigation Report. And the cost? The Ponemon Institute found that the average consolidated total cost of a data breach grew from $3.8 million to $4 million last year, but of course this is highly variable with costs escalating significantly depending on scope, scale, and nature of the breach.

        Fortunately, you can take some measures to help protect your organization from data breaches. Symantec offers four broad ways to help.

        • Symantec Endpoint Encryption helps prevent breaches by protecting critical data sent by email, as well as with files shared on network drives and in the cloud.
        • Second, Symantec’s unified policy controls the flow of information everywhere it goes—in the cloud (with Office 365, Box, Gmail and others), on premise, and with mobile applications. We deliver powerful protection without added complexity.
        • Third, Symantec Data Loss Prevention (DLP) integrates with encryption to prevent accidental leaks through user error and secures devices against data loss or theft.  
        • The fourth area is that Symantec ensures you limit access to only trusted users and devices. Symantec VIP, VIP Access Manager, and Managed PKI Service offer rock-solid access control, reducing the risk and consequences of account takeovers.

        In upcoming posts of this series, we'll take a closer look at specific features of Information Protection. 

        • Products
        • Identity Access Manager
        • Identity and Authentication Services
        • information protection
        • Data Loss Prevention
        • VIP (Validation ID Protection)
        • Products and Solutions
        • Managed PKI for SSL
      • Bridging the Gap between IT and the Business with Next Generation Cloud Security

        Mar 18 2015, 11:16 AM

        by Mike Smart 0

        To those of us that have been brought up in the world of IT, there is nothing scarier than users and lines of business choosing and deploying their own IT.  We’ve labeled it ‘Shadow IT’ because it’s technology that is used in the dark, without the knowledge of the IT Department.

        But actually, to the user or the line of business, it’s just innovation. The typically risk-averse IT departments are all about mitigating risk; after all we’ve deployed Anti-Virus, Intrusion Prevention technologies to mitigate the risk of viruses and intrusions. This attitude of preventing risk is making us unpopular and irrelevant to the business, and this is why they often choose to bypass the IT procurement process.

        The fact is, users are more mobile than ever, and are comfortable taking corporate data and storing it on mobile devices or cloud storage applications all in the name of innovation and increased productivity.  Perhaps those of us in IT should find a way to embrace this and at the same time protect the business without imposing impractical policies and process.

        To help you bridge the gap, and allow users and the business to adopt flexible working practices that drive innovation through the adoption of mobility, cloud based systems and infrastructure, Symantec has released Identity: Access Manager.  Symantec™ Identity: Access Manager is a next generation access control platform that offers users and administrators control, convenience, and compliance for cloud-based applications.

        Access manager starts by using Symantec Validation and ID Protection (VIP) and Symantec Managed PKI to bring integrated single sign-on (SSO) and strong authentication to mobile devices. With Access Manager, users can login one-time using a password, PIN, or even a fingerprint to safely access all of their cloud apps and information. This helps secure mobile devices by eliminating bad password practices and gives your users fast, easy access to the resources they need.

        Also, Access Manager provides flexible, easy-to-create connectors and unified identity and context-based access control for virtually any cloud app or service, which means you can enforce your security and compliance policies, log your activities to stay compliant, and ultimately turn those rogue apps into legitimate productivity tools.

        Access Manager is every bit as flexible as it is powerful. You can choose to deploy it on-premise or in the cloud, depending on the needs of your organization. And because Access Manager integrates seamlessly with your existing infrastructure, it reduces complexity by providing a convenient central point for managing all of your different user directories.

        In summary, there are five good reasons to try Symantec Identity: Access Manager in your environment:

        • Ensures control, convenience, and compliance for public and private cloud applications
        • Enhances security with strong authentication and identity/context-based access control
        • Streamlines compliance auditing by consolidating access logs for protected users and applications
        • Boosts users’ productivity with Single Sign-On – one password grants access to all apps
        • Offers flexible deployment options, choose from on-premise or hosted service

        If you want to find out more, visit our home page here:

        • cloud security
        • Security Community Blog
        • User Authentication
        • Web Gateway
        • Products
        • Symantec Enterprise Security
        • Thought Leadership
        • Identity Access Manager
        • Device Certificate Service
        • Identity and Authentication Services
        • Digital IDs for Secure Email
        • Data Loss Prevention
        • VIP (Validation ID Protection)
        • Web Security.cloud
        • Managed PKI for SSL
      • Information protection everywhere begins with Symantec Identity: Access Manager (SAM)

        Feb 02 2015, 8:44 AM

        by Teresa Law 0

        So information protection everywhere begins with Symantec Identity: Access Manager (SAM)?  But what is information protection everywhere?

        • It’s prevention - scanning on-premise and in cloud apps to find sensitive files that should be secured
        • It’s user friendly protection – securing identities and access with simple, smart, and secure strong authentication; and protecting data in the enterprise or the cloud, at rest and in transit
        • It’s fast detection and rapid remediation – quickly identifying suspicious or risky behavior and automating responses
        • It’s about standards so integration with vendors' products is easy
        • And it begins with SAM

        Access Manager (SAM) is the platform on which Symantec’s information protection solution will be built.  A comprehensive information protection solution that not only includes identity and access protection, but also information management, and a way to intelligently correlate unusual behavior or events identified by both.  Access Manager acts as the single access point for all cloud apps and services to ensure secure access and data integrity; similar to a Control Access Security Broker (CASB) or Cloud Access Control. 

        But why does Symantec’s information protection start with Access Manager? The single access point provided by Access Manager is necessary, not just to help ensure that legitimate users are the only ones to gain access to sensitive corporate data, but also to identify users if there is a need to take action - enabling rapid response.  Identity provides the best means to correlate disparate events and Access Manager provides the unified identity.

        The introduction of Access Manager is just the beginning of information protection everywhere. Read more about Access Manager http://bit.ly/1H8H33G or visit the Access Manager website

        • 2FA
        • Products
        • Identity Access Manager
        • #SSO
        • Single Sign-on
        • Identity and Authentication Services
        • Access Control
        • VIP (Validation ID Protection)
        • Products and Solutions
        • Managed PKI for SSL
      • Who's Watching You Sleep?

        Nov 25 2014, 10:48 PM

        by Brook Chelmo 1

        Thanks to George Orwell’s classic book 1984, I graduated High School thinking I would eventually live in a world monitored and suppressed by world governments.  In the wake of the PRISM scandal in 2013 I started to get the feeling that Orwell’s dystopian novel was looking like an ill-timed prophesy.  In light of comedian Pete Holms’ rant on how Privacy is Uncool, it is little brother (us) leaking our secrets; no one has to steal them from us.  If you thought unmanaged Social Media privacy settings were bad, how much would you cringe if you knew you were letting people watch you sleep?  Welcome to the perils of the Internet of Things (IoT).

        Up until very recently a number of security camera manufactures were shipping internet connected cameras (AKA IP cameras) with default passwords.  Many of these passwords were never changed by the purchaser after setting them up.  It was only a matter of time that someone would set up a website displaying many of these feeds (Up to 73K at its peak). 

        Let me introduce Insecam, the website dedicating to not only showing you the unrestricted feeds of home and commercial security cameras but also to where they are located with all of the admin and password information.  In addition to this they have social plugins that let you share your favorite feeds with your community.  Ultimately taken from the pages of the improving-through-shaming security book, this site claims to seek the end of default passwords yet places advertisements conveniently next to navigation icons.

        Sleep edit.jpg

        On my review of the site, I saw mundane shots of doors and walkways and more mild scenes of people working the front counters of gas stations and dry-cleaners.   With a chill down my spine I saw a bartender drinking the profits and an overhead shot of a girl scrolling through a fashion site.  What startled me was the shear amount of cameras in bedrooms, a no-no in my world.  Granted that a majority of these were aimed at cribs but the alarming part was the number of unsecured cameras pointed at hospital patients, adult beds, living rooms, and private hot tubs.  Sadly, various online forum contributors claim to have found dead bodies and adults in very private or intimate situations.  Situations like this define the need for better security in the internet of things landscape.

        No matter what colored bucket of hacker you place the Insecam’s creator into, they have exposed a gaping hole in the IoT landscape.  In 2011 there were over 9 Billion devices connected to the internet and by the year 2020 it is expected that number will be close to 24 billion.  This is a cause for concern for manufactures and companies like Symantec and a potential bonanza for hackers.  As more and more things come online, we are discovering new vulnerabilities and how some security practices are becoming out of date.  There are obstacles with current security practices but there are ways to overcome them.

        Better Password Management

        I’m not a fan of passwords.  Since we have to live with them we have to learn how to use them.  I wrote a fun mocku-blog on password best practices for you to loathe and share.  Passwords are a very weak form of security and Insecam proved that.  Two Factor authentication can be used to install and access IP camera feeds via a computer or mobile device.  If you have the time, take a peek at this white paper from Symantec on digital certificates used for authentication. 

        When it is all said in done, Insecam victims used default ports and passwords and were most likely discovered by an IP address surfing tool.  A simple change of the password would eliminate them from the site but it could still be guessed by a serious stalker.  Keep in mind that passwords are the number one thing sought after by hackers since we often use the same ones on multiple sites.  Here is how they do it.

        Encryption; an IoT solution

        As a best PKI practice, all data SHOULD be encrypted in transit and at rest between a Host and Client.  If the device manufactures enabled encryption of the data, only the end user could review the video stream with client authentication.  This would slow the feed a bit but it would secure the connection.  If marketers want to instill trust in their internet connected devices they need to consider implementing a security promise with their messaging.  So how can they encrypt a live feed?

        My engineering buddy and counterpart Frank Agurto-Machado recommends the use of embedding a private SSL ROOT CA within each device.  The connection between the manufacture’s infrastructure and the camera would be secured and encrypted via client authentication to this private SSL root.  Ultimately, this may increase the cost of a device but it would help better ensure security.  While this DOES NOT remedy the Password hijacking, it secures the model from point-to-point between the “client” and the host.  Symantec offers Private CAs to enterprises that need customized encryption for server to server communication or for applications such as this. 

        The Security Trade-Off

        Balance Act_0.jpg

        Throughout the course of world history humans have always had to juggle between access and fortification when it comes to security.  Our ancestors had to find a way to secure a food hoard that would not take hours to hide or cover.  Castles had to ensure soldiers and citizens could pass freely yet survive a siege.  Anti-virus software on your PC has to allow you to quickly surf the internet but check and possibly restrict all incoming traffic.  Manufactures within the IoT space have to learn how to balance these two and improve customer messaging to assist them in setting up a trustworthy and secure devices.

        Edit:  Since the writing of this blog insecam has been shut down.  From appearances it appears to be taken down by a third-party hacker.

        • Products
        • website security solutions
        • Symantec Website Security
        • encryption
        • passwords
        • password
        • Identity and Authentication Services
        • IoT
        • DigiCert Code Signing
        • white hat
        • VIP (Validation ID Protection)
        • Products and Solutions
      • To protect your enterpise, protect your vendors

        Nov 10 2014, 10:04 PM

        by Teresa Law 2

        We talk a great deal about using strong authentication to secure access for enterprise employees, but often we don’t think about how breaches to vendors could make our own enterprise vulnerable.  In some cases all an attacker needs is to steal the username and password from a vendor to begin their attack on your enterprise.  That is exactly what happened to Home Depot; and it is an excellent example of why not only you, but also your outside vendors should be using strong authentication like Symantec VIP – Home Depot hackers exposed 53 million email addresses.  This kind of breach not only damages customer trust but also Home Depot estimates that the theft would cost about $62 million.

        “According to Home Depot, the attackers stole login credentials from an outside vendor and used this information to infiltrate Home Depot’s systems. They could then move from a peripheral third-party vendor system to the company’s main computer network by exploiting a Windows vulnerability. Microsoft released a patch for this bug after the breach began, but while Home Depot applied the patch when it was released, it was too late. The attackers could then move to more Home Depot computers, eventually reaching 7,500 of the company’s POS terminals at self-checkout lanes. However, the attackers may have missed 70,000 of the retailer’s standard cash registers as these terminals were only identified by numbers.

        The attackers moved through Home Depot’s network during regular business hours and used malware that stole data, transmitted details to a remote location, and deleted its traces. According to the investigation, the breach could have gone unnoticed for much longer if the attackers hadn’t put some of the stolen credit card details on sale while a number of Home Depot executives were on vacation for Labor Day. “

        The Symantec Internet Threat Report highlighted how attackers are using smaller businesses and the supply chain to attack larger entities - the Home Depot attack dramatically reinforces this finding.  Attackers are becoming more relentless, using multiple avenues to stage attacks.  Enterprises need to engage in a layered security approach to mitigate the risk.  A mandatory first step is ensuring that not only your enterprise but your vendors are securing access to their networks and applications.  Symantec VIP is a simple, smart, and secure way to easily add a second layer of protection to secure access.  A username and password may be compromised but a secure second factor will not.

        • Products
        • Identity and Authentication Services
        • VIP (Validation ID Protection)
        • Identity Access Manager
        • Products and Solutions
        • Managed PKI for SSL
      • Let’ not Talk About PHI for a Moment, let’s Talk about Intellectual Property

        Aug 30 2014, 3:03 PM

        by Axel Wirth 0

        Why this post?

        Over the past few months we have seen a number of reports on breaches of healthcare organizations and medical device manufacturers where the suspected or documented target was intellectual property data related to medical devices.  Some of these recent cases have received wide press coverage.

        As a result, the FBI has issued a warning to US healthcare companies that they may be the target of further cyberattacks (FBI warns healthcare firms they are targeted by hackers). The document indicated that several companies in the sector had been targeted and intellectual property, rather than personal data or PHI, may be the main target of the attacks.

        "These actors have also been seen targeting multiple companies in the healthcare and medical device industry typically targeting valuable intellectual property, such as medical device and equipment development data" (FBI)

        It is suspected that nation states and/or well-organized cybercrime organizations are behind these highly sophisticated and well-executed attacks. This is in line with a trend cybersecurity experts have been observing for a number of years – the trend towards politically and financially motivated attacks executed with unprecedented degree of stealth, determination, and precision.

        In other words, cybersecurity is not what it used to be. Not by a long shot.

        What it means for the Healthcare Industry

        The healthcare industry has traditionally underinvested in security, yet at the same time we have seen breaches and attacks increase. Hackers focus on healthcare institutions because they are perceived as the easier target compared to other industries. We have seen focus on patient demographic information (i.e. identities), personal identifiers (social security, insurance, or medical record numbers), and medical data (PHI).

        We have seen data being stolen for the purpose of financial or medical identity theft, insurance fraud, sale of information on the underground marketplace, blackmailing of patients, financial gain, and ransoming of healthcare providers. And now we can add to that list corporate espionage and intellectual property theft.

        The recent attacks and breaches highlight the risk of companies in the medial device, biotech, and pharmaceutical industries, as well as their medical research and clinical trial partners – i.e. the hospitals and clinicians they are cooperating with. This does move the discussion to another, higher and very concerning level.

        The security industry has, for the past years, developed the concept of “Defense in Depth” … meaning that security as a point solution is no longer good enough. Not only do we need security across all layers, those security layers need to be integrated to allow reliable detection, coordinated defense, and efficient response.

        As cyber criminals are getting better, we need to up our game, too. Unfortunately, the bad guys need to be right only once, we need to be right every time. Hence, we have developed concepts of layered security, defense in depth, edge to endpoint, and lastly the importance of selecting the right security partner.

        Symantec can help you to protect your infrastructure and information on all levels through:

        • Endpoint Security: Symantec Endpoint Protection, Mobile Security Solutions, and specific solutions for mission critical systems (e.g. servers hosting clinical research and other intellectual property data) or difficult to protect and patch systems (e.g. COTS-based medical devices).
        • Data Loss Prevention: to understand data location, data access and usage so to allow for the appropriate protection of such data.
        • Encryption: to protect critical information on endpoints, fileshares, in email, or data being transmitted.
        • Altiris IT Infrastructure Management: to discover IT assets, assess IT compliance, identify vulnerable systems, and manage configuration, patching, and upgrades.
        • Validation and ID Protection Services: to enable strong (two factor) authentication and reduce the risk external access channels being exploited.
        • Symantec Web Gateway: Backed by Symantec Global Intelligence Network, it provides multiple layers of malware protection and URL filtering, securing web access and detecting malware related traffic.
        • Symantec Mail Gateway or Hosted Email Services: to block email-based malware or spam and reduce the risk of phishing attacks.
        • Security advisory, implementation, assessment and consultancy services.
        • Security Education: to make sure your employees understands today’s security threats and their obligation to prevent e.g. spear-phishing attacks.
        • Managed Security Services: Defend against today’s sophisticated cyber threats, accelerate detection, and optimize response to relevant security events.

        Large breaches can be costly and result in fines, remediation costs, class action lawsuits, loss of reputation and trust, and can affect your business and market opportunity if intellectual property is affected.

        As a security professional, that makes me wonder if not paying attention to what is happening in cybersecurity today, not understanding the changing threat landscape, and not being prepared for modern threats could be considered 'willful neglect'?

        Conclusion:

        Traditionally, lost or stolen equipment (laptops, thumb drives, backup tapes) were the biggest breach risk in healthcare, and looking at some of the breach statistics, we are still struggling to prevent. Yet, in reality, the bad guys are stepping up their game rapidly and healthcare is now in the crosshair, leading to a growing gap between threats and the industry's security capabilities.

        The paradigm is shifting and we need to be ready to deal with these new risks now, not at some point in the future. In a recent interview, John Halamka, CIO Beth Israel Deaconess Medical Center, stated that: “to guard against hackers, health care CIOs are investing in security like never before.”

        We have to - the gap is getting bigger as I am writing this.

        For a further discussion on healthcare breaches, see also Kevin Haley's blog post here: Responding to Data Breaches in the Healthcare Industry

        • Drive Encryption Powered by PGP Technology
        • Gateway Email Encryption
        • Desktop Email Encryption
        • Endpoint Encryption
        • HIPAA
        • 12.x
        • Control Compliance Suite
        • Critical System Protection
        • Endpoint Encryption - Removable Storage Edition
        • DeepSight™ Technical Intelligence
        • File Share Encryption
        • Symantec Enterprise Security
        • Thought Leadership
        • Mobile Email Encryption
        • Data Center Security
        • Email Security.cloud
        • Endpoint Encryption - Device Control
        • intellectual property
        • Identity and Authentication Services
        • Digital IDs for Secure Email
        • Data Loss Prevention
        • PHI
        • Messaging Gateway
        • Web Security.cloud
        • Encryption Management Server Powered by PGP Technology
        • breaches
        • Managed PKI for SSL
        • Key Management Server (Key Management)
        • Endpoint Encryption Management Server
        • Symantec Protection Suites (SPS)
        • Healthcare Online User Group
        • Managed Security Services
        • Web Gateway
        • Products
        • PGP Command Line
        • ECA Certificates
        • Enterprise Security Manager
        • Healthcare
        • Endpoint Encryption - Full Disk Edition
        • Device Certificate Service
        • VIP (Validation ID Protection)
        • Endpoint Protection