Just raising awareness of this new (free!) blog post and white paper from Symantec Security Response:
Targeted Ransomware: Proliferating Menace Threatens Organizations
https://www.symantec.com/blogs/threat-intelligence/targeted-ransomware-threat
These attacks are launched every day. Take measures now to remain safe!
Hi,
where can i find Virtual Appliance for my Symantec Endpoint Protecion? When i login in my accont in mysymantec in download i can't anything. Maybe i should login to https://support.symantec.com/us/en/security-analyt...? My username and password from from mysymantec don't work.
I use location awareness to apply more restrictive policies when users leave the corporate office. For example, I don't trust other networks and apply more protection that would prevent them from doing work on their office network. Users will just surf the internet and mostly and I would apply more security policies that are more restrictive. I don't see this option in Sep 15 console or client.
Aka
How Sales & Marketing Supports IT & Cloud Security
Hello again! This is another episode breakout from our hit whitepaper, How to Implement a Cloud Center of Excellence (or CCoE). Somewhere between requesting a Shadow IT Assessment and running a full-time CCoE there’s a moment where the CASB Administrator or IT/Security Manager needs to sit down and educate the stakeholders – which means assigning cloud application owners outside of IT, Dev, Engineering, etc. Today we’ll look at Marketing.
Let’s say I’m the Chief Marketing Officer of my enterprise, a global security company. I own a budget and manage multiple teams and their managers, including Direct Marketing, Field Marketing, Events teams, and Product Marketing Management. Each one of those teams has their own technology stack, and can include use of central CRM tools, ticketing tools, storage repositories, document sharing and collaboration, project tracking, and more. During my tenure, I’ve let each marketing director determine the tools and cloud services their team needs to do the best job possible – and I’ve never imposed rules or guidelines on which to use because I’ve relied on them to pick the best tools for their teams.
Many enterprises don’t realize how large their marketing stack is – or maybe the first inkling of the stack size and content was when the legal team sat down and worked with marketing for GDPR compliance, and reviewed contracts for each vendor to determine which could hold EU customer data. Sometimes this, too, can be delegated to the managers underneath the CMO. But marketing has been summoned to be part of the CCoE for our organization, and to represent as owners for Marketing cloud apps and services. That’s why I’m a stakeholder in the CCoE.
The two primary concerns I usually have are budget (can I consolidate and reduce cost by eliminating redundancy?) and business continuity (can my people still perform their jobs effectively?) in support of building pipeline and sales enablement. I’m therefore interested in looking at categories of tools found by my cloud access security broker’s Shadow IT report.
In the RACI matrix of responsibilities, I am the Functional Manager for Marketing. This means I will be consulted on reviews and policies, and responsible for our marketing stack ownership and responses. Exhibit A here for where Functional Managers sit:
According to the Shadow IT report I have been shown (in this hypothetical exercise), my team uses the following Project Management tools:
I can see right away that this needs attention and a decision – this could be a prime time to migrate all of my teams to the same project management tool to save money. (Especially if we have licensed multiple versions in different parts of my organization.) Or, if there are necessary features missing in the tool with the highest business readiness rating (BRR), I will still ask the CASB Administrator to mark Sanctioned vs Unsanctioned/Provisionally Approved. I can also request a list of users and assign their manager the task of determining which alternatives are going to be our official tool. Or, better yet, investigate other online project tools.
If the teams start a trial with a new project management service/app, I’ll get that vendor’s BRR in next month’s meeting to determine if it’s a more secure option along with a report on features and usefulness by the entire marketing department.
For the next category "File Sharing" which my team uses, there is a shorter list from our CloudSOC Shadow IT Audit report:
Citrix is the clear winner for BRR security scoring, and the most-used app on my team. I ask the CASB Administrator about who is using the other two services. They tell me that these are not being used by my team at all, and haven't been used recently by engineering, either.
I’ll tell the CASB Admin to go ahead and block the other two options in 3 weeks – after I send out my next team communication and add a note to the All Hands communication our executives are planning. It’s always important to give at least two-weeks’ warning before shutting off access to any service. That gives the team time to pull their files down and migrate to a better system – just in case they were using the apps in coordination with another part of the organization.
Communication is the key here.
In terms of time, I’ll attend the CCoE meeting once a month to get started, moving to once a quarter after the first six months; an hour is not too much time to dedicate to shutting down services we are not using, possibly saving money that can go back into my budget. In the end, if someone on the marketing team causes a breach, it will come back to my doorstep. Participation on the CCoE keeps me informed and aware of what IT and Security messages need to come back to my part of the organization.
Your turn!
Hi All,
PFA document with screenshots of an example of a successful 12c installation of Oracle Standard. This is often a pain point of the initial set up of DLP. Hope this helps!
Hi,
I am very new to CASB and is trying to figure things out. I have a very basic question and please bare with me.
I am interested to export the filtered activities from O365 securlet. I was able to obtain the csv report but I noticed that when I try to open the .csv file in excel, the last column under Other header, it has a bunch of text with all the information contain in a single column. For example, Sub_Feature, domain, doc_class,filename,file size,training profiles, uba detection,risks,expressions etc are all in 1 column. How can I seperate those into seperate columns so that it is easier to view the results?
Thanks
--Kim
Hi Guys,
We are testing Symantec endpoint protection 14.2 in our new project, which contains both windows OS and Linux OS.
My questions are as below:
1. I am not able to find Linux install package in trail version SEPM 14.2. However, I can see there is Linux install package in our licensed SEPM 14.0. why there is no Linux package in 14.2?
2. I managed to install SEP 14.0 Linux package to my Linux server and imported client-server communication file also. Now I am able to see the Linux client in SEPM 14.2. Since our SEPM server is an offline server due to security concern, My question is how to update this Linux client definition from SEPM14.2 by offline actiton? Will it be updated by importing latest jdb file to SEPM like windows? We got a lot of Linux servers so I don't think Intelligent Updater definitions is a good choice to us.
Thanks in advance if anyone can give any idea.
Regards,
Feng
I would like to hear your suggestions.
I have a physical server with the following specs: 1TB disk , 16 GB RAM - HP Proliant 10th Generation.
My plan is to set up a testing environment for a small company of 65 employees. So I want to simulate the the three-tier installation by creating Oracle server, Enforce Server & Detection Server VMs on that physical server.
So I would like to know how much disk space & RAM to allocate (minimum requirements). Please help!
Note: I am deploying symantec DLP 15.5
Thanks in advance
Webinar: How to Effectively Secure Hundreds of Thousands of Mobile Devices
Date/Time: July 25, 2019 (10:00am PT / 1:00pm ET)
Speakers: Brian Duckering, Enterprise Mobile Security Specialist, Symantec and Jeff Louisma, Sr. Manager, Specialist Leader, Cyber Risk Services from Deloitte & Touche LLP
Join us as we cover ways to effectively and efficiently secure mobile devices across a broad range of industries.
As more enterprises are recognizing the need for greater visibility into mobile threats and the desire to protect their organizations from such threats, primary concerns still seem to be focused around what threats a solution can identify – malware, phishing, network attacks and much more.
While this is a starting point, there are other elements, characteristics, and abilities that have a far greater impact on the protection of an organization’s sensitive assets, information, and data that are not discussed often enough.
This webinar will explore the less-discussed topics of a mobile security strategy that everyone should understand – before it’s too late.
• Focus on high user acceptance rates - poor adoption rates can make a good solution worthless.
• Provide security on managed & unmanaged devices - equally effective security should be available for mobile devices and use cases.
• Protection of sensitive data and systems should take place in real time - relying on third-party solutions or human intervention could be too late.
• Resource demand should be minimal - maintaining and updating the solution should be efficient and require minimal resources.
Participants should leave this webinar with knowledge and considerations to help them evaluate mobile security solutions and plan an effective deployment and execution in their own environment.
Hello guys,
It happens sometimes, like one time per several days on latest Win 10 x64 1903 Enterprise
Event log says "The Symantec Endpoint Protection service terminated unexpectedly. It has done this 3 time(s).". Error: 7034
When I start service manually after that failure it works properly but it can't be recovered aromatically because there is no recovery option after third failure.
I was trying to add it but I have no access even during command prompt.
Please see screenshots.
I would like to fix that crashes and if it's possible add additional recovery restart service option to 3rd or later failures.
I also have SEP clients on Windows 8.1 and they have no problem, no one crash was noticed.
Any suggestion would be highly appreciated.
So far, I've installed ithe latest client on 3 machines. The SEPm server and 2 - windows 10 1607 LTSB VDI machines (horizon). The server was fine but both clients reported warnings after the reboot.
"Download Insight is malfunctioning. File System Auto-Protect is malfunctioning
Details: Download insight is not functioning correctly due to the file system autoprotect status.
File System auto protect is not functioning correctly. Your protection definitions may be damaged or your product installation may be corrupt. "
For client 1, i rebooted a 2nd time and it has been green for the last 2 hours. For client 2, i didnt want to do a 2nd reboot and I was told by the Symantec tech that it is trying download files from the internet so just leave it and it will fix itself. It has been 2 hours and still shows the warning.
Hi All,
I would like admin guide or any document concern about CloudSOC for Implementation.
Thank you so much for your help.
Best Regards,
Chakuttha R.
Good day,
Seems like a Collierville TN. was hit with a ransomware attack. Collierville is a community in metro Memphis.
From what we are understanding, it was hit with the ryuk ransomware. Does anyone have any symantec configurations for this or any similar type of
ransomware?
Thanks for your help in advance.
KP
Hi all,
Currently I am trying to use the Symantec Management Console 8.1 to deploy Windows 10 WIMs through WinPE and tasks using DISM. I know it's not the "right" way to deploy WIMs to machines, but we are already very set on using Altiris for other types of deployments, so instead of using something like WDS we're trying to get this working.
Current system of deployment:
The WIM images are applied to machines just fine, the issue comes into play when trying to boot to production and deploying the agent onto the client. Each time we run Boot to Production in our job, it fails while booting because it doesn't pick up the Deployment Solution Plug-in, yet on the machine after boot the plug-in is there.
This is the error whenever it fails:
CAtrsException exception, error: Failed to execute task, COM object 'DeploymentSolutionAgent_Task' is not found, make sure the corresponding plug-in or task handler module is installed and registered, OS error: Invalid class string (0x800401F3), at line 546 |
This is very inconsistent however, sometimes the job will pass, and sometimes it will fail based on if it sees the plug-in or not.
I tried extending the registration period to 10 mins, as this task usually fails every 5 mins, but that doesn't change anything.
We install the agent and the deployment plug-in specifically in the FirstLogonCommands in the unattend.xml file on our WIM, and when the PC boots it has both on there.
I'm pretty new to this whole system, I'm just an intern, so I'm not sure where I should be looking for a solution to this problem, so any help would be appreciated. Thanks
Hi,
Is there a way to connect to CASB database directly to run a custom report from Tableau or any other visualisation tool?
Thanks
B. Jal
Dear team,
We need to moving SEP 14 to SEP 15. I have some questions:
1. Can I migrate All policies, configuration of SEPM on premise to cloud ? How can I do that?
2. SEP 14 can work at Hybrid. The users installed SEP can be manged by SEPM on premise or cloud ? If they cannot connect to SEPM on premise, does it connect to cloud?
3. Do you have any document best practice on this case?
Thank you.
Hi,
I have two different SEPMs as parent company aquired the seconday organization. Now i have to migrate all the SEP clients from secondary SEPM to parent company SEPM. I have modified the MSL however this is giving the internal error while connecting new SEPM. All the firewall access are already open. Sylink.xml deployement is not possible as these systems are in workgroup and all have different admin and Symantec's client deployemnt wizard cannot be used as they are not ready to share the admin password.
Any solution or suggestion how to migrate all these clients without re-installation or manual effort.
Hello,
the release notes of SGOS 7.1 EA read:
"Note: In a future release of Advanced Secure Gateway 7.x, support for Symantec WebFilter (BCWF) will be removed."
What is meant by future release? I realize that everything ends at SOME point in the future, but is there any timeline?
For context, I'm using Powershell as the scripting environment.
I'm attempting to assemble my own report that I can drop directly into our ticketing system as a scheduled task. In particular, I'm looking for the following information for each computer SEPM knows about:
Using the /sepm/api/v1/computers URI, I've found computer name and SEP Version. Can anyone confirm that the client defintion file information is available on a per computer basis? Is it at this URI or another?
For the last date of contact, I've found lastUpdateTime and wanted to see if anyone knew if this is what I think it is (last date of client-SEPM contact).
Finally, I'm not entirely sure which endpoint I should use for the list of AV events, so I'm open to suggestions here.
Thanks to everyone for their help in advance.