850-001 mission - Cloud Security 1.0 Updated: 2023

Network boundaries are drastically changing, opening new attack vectors for threat actors to target across IT infrastructure, operational technology, application supply chain and user accesses.

Defense and intelligence community leaders working to Boost security resilience and remain operational during disruptions should consider the full capabilities of next-generation firewall (NGFW) solutions, says a new report produced by Scoop News Group, for FedScoop, and underwritten by Cisco.

Because organizations have acquired separate security tools over time, they have added a lot of complexity to their suite of solutions. NGFW can now provide interconnectivity between firewalls, intrusion detection systems, intrusion protection systems, workload security, endpoint security, threat intelligence and encrypted traffic analysis.

“I remind people that there are over 3,100 U.S.-based security vendors — tens of thousands across the world — and while I will never argue against the necessity of a security tool, I do stress that at some point, these innovations need to either work with something else or be bought by somebody,” explained Chris Crider, security systems engineering leader at Cisco. “At some point, leaders have to make choices on how to best implement security in their environment.”

DOD and IC communities aren’t alone in this challenge. A latest study, produced by Scoop News Group, asked 165 prequalified federal leaders about the state and strength of their current security posture.

More than half (55%) of respondents reported that their security tools function moderately to completely independently from their suite of solutions. And 33% said their organization uses between 11 to 40 different vendors across their security technologies, while 11% use more than 50 security vendors.

But changing the way organizations defend the perimeter is a sentiment that defense leaders are echoing. In a latest FedScoop interview, James “Aaron” Bishop, CISO for the Department of the Air Force, spoke about the challenges of defining the network perimeter and how the Air Force is securing their substantial IT environment.

Bishop referred to the Air Force as operating “150 little cities around the world,” which encompasses a vast IT infrastructure with technology running on different lifecycles that need to be upgraded, maintained, patched and replaced.

“But as a warfighting mission,” he explained, “I also have to extend that capability beyond that base. So now my networks have to go into expeditionary communications, extended aerial networks, etc. Now I need to understand where that perimeter is, where do I protect it [and] where do I pass it on to the next environment that may or may not be there today or tomorrow?”

Leaning into NGFW allows organizations to adopt dynamic packet filtering and policies that travel with applications as they move across a global infrastructure.

“That means that DOD and IC organizations can build and implement policies and additionally utilize security group tags to specify the privileges of a traffic source within a trusted network. Then migrate into any cloud to provide services globally and take the analytics and logging to monitor traffic with a single pane of glass,” added Norman St. Laurent, cyber security specialist at Cisco. “With NGFW, organizations can always monitor what is happening on the network, have a holistic view of activity and full contextual awareness to see threat activity across users, hosts, networks and devices.”

The first important step is finding the right partner to begin integrating security solutions. According to Gartner, organizations should look for some of the following key capabilities when implementing an NGFW:

• Standard firewall capabilities like a stateful inspection.
• Integrated intrusion prevention.
• Application awareness and control to see and block risky applications.
• Threat intelligent sources.
• Upgrade paths to include future information feeds.
• Techniques to address evolving security threats.

Read the full report and learn more about integrating a firewall solution that will adapt to your organization’s evolving network needs.

This article was produced by Scoop News Group, for FedScoop, and sponsored by Cisco.

Symantec and VMware unveiled a strategic partnership to unify endpoint management and broader threat security. As part of the announcement at VMware's Connect 2016 conference in Atlanta, Symantec joined the VMware Mobile Security Alliance, a group of digital security companies that work to mitigate mobile threats by providing advanced security solutions that are seamlessly integrated into the VMware AirWatch Enterprise Mobility Management Platform

To address the challenges of increased security vulnerabilities, Symantec and VMware plan to integrate their cybersecurity and endpoint management technologies. The two companies want enable organizations to have the ability to leverage advanced machine learning techniques through Symantec's Global Intelligence Network with integrated identity management and unified endpoint management via the VMware AirWatch compliance engine.

The announcement comes less than two months after VMware announced its new approach endpoint security, which it has dubbed Unified Endpoint Management (UEM). The approach combines endpoint security, endpoint management and software lifecycle automation. 

In the 2016 Internet Security Threat Report, Symantec reported that new mobile vulnerabilities increased by 214 percent in 2015. VMware and Symantec said that data confirms the need to complement threat intelligence with comprehensive endpoint management to achieve end-to-end security from the device to inside the data center.

Photo: John Johnston

Symantec’s security suite will pay for itself within a year, say Preston Panza (left) and Mike Messick of Colorado Capital Bank.

Preston Panza and Mike Messick of Colorado Capital Bank in Castle Rock, Colo., knew they were spending too much money on security software, but it wasn’t until they upgraded the bank’s Symantec software earlier this year that they finally did something about it.

“We realized we were using three different software packages from three different vendors: one for anti­virus, one for spyware and a third to secure endpoint devices,” says Panza, systems engineer for the bank, which manages 5,000 accounts among its depositors and wealth management clients. “Each package also had its own contract renewal date,” he adds. “It was very expensive and highly inefficient.”

Colorado Capital’s solution was to deploy Symantec Multi-tier Protection, a software suite that delivers all three capabilities.

Messick, the bank’s vice president of information technology, says by saving money on maintenance agreements and consolidating software contracts, the new Symantec security suite will pay for itself within a year.

Both Panza and Messick also like that the Symantec suite has scripting features they can use to set automated installs. The software can also be programmed to generate reports when a machine does not meet the specific requirements set by the bank.

“We also get full reports every week that detail which machines were infected and which machines were cleaned,” says Panza. “Under the old system, we didn’t have any meaningful reporting,” he says.

Suite Popularity

Software suites like the one offered by Symantec are becoming popular among SMBs and other companies looking to consolidate all the security software they’ve accumulated over the years. Along with Symantec, other major security vendors such as Kaspersky Lab, McAfee and Trend Micro all offer endpoint suites.

“The bottom line is that companies don’t want a point software solution for every new security threat that comes along,” says Peter Firstbrook, a Gartner security analyst.

Firstbrook says the security industry has matured, which means it’s much less likely for a point product, such as antispyware software, to come along to solve a new threat. New security software is more likely to be bundled into a software suite.

Firstbrook says another factor that has IT managers looking more closely at total endpoint protection is that more companies rely on mobile workers, most of whom use notebook computers and typically work on more than one network when they travel on business.

“It’s not as easy today to lock down the corporate network,” says Firstbrook. “One nice feature many of these new suites have is that they can alert the IT staff when something goes wrong when a PC comes back into the network.”

The management features are important to Michael Draeger, senior field support representative for Silgan Containers. Draeger manages the Oconomowoc, Wis., data center for the California-based container company.

While he appreciates that the Trend Micro suite helped him consolidate vendors and software licenses, what Draeger likes best is that the management features provide him greater control of the network. He says the company saves thousands of dollars on travel because he can manage security from a central location, a very important feature for a company that has 39 manufacturing locations around the country.

“I can sit here in Wisconsin and manage a server in Paris, Texas,” Draeger says.

“In the past, if we wanted to do security upgrades, we had to do it onsite. I either had to fly or drive,” he explains. “Now I can observe all the pattern files and do upgrades right from my desk.”

Draeger says the reporting tools are also excellent. The system lets him know which machine is out of date, offline or infected and also if and when a computer has been cleaned.

Chad Carr, network administrator for Heartland Bank and Trust in Bloomington, Ill., says the management features were a big reason the company opted for Kaspersky Enterprise Space Security to consolidate its antivirus and spyware software.

“Before, everything was controlled on each individual computer,” explains Carr. “Now, I can do all the updates from one central location,” he says, adding that he can now install new security software at his own convenience, in the middle of the workday or at night after business hours.

Carr says another big advantage is that all the real-time monitoring is now done centrally. He also has more information than ever before about all his PCs, including the version of the operating system, the name of the machine and its IP address.

Get Organized

The management features are important, but some IT managers say security suites simply help them get organized.

Greg Ellison, IT manager at Gilligan Oil, a convenience store chain based in Cincinnati, says a few years ago, through acquisitions, the company jumped from nine stores to 40 in a very short time.

Ellison says before the company absorbed the new stores, all the computers were standalone machines with different antivirus software packages.

“I was a district manager and the company put me into the IT position, primarily to organize the IT and consolidate all the security programs,” explains Ellison, who says that now all the stores have Digital Subscriber Line connections and have been standardized on McAfee’s Total Protection Service.

Before, Ellison would have had to go out to every site and inspect every computer. “Now I can look at 72 computers from a central location and know they are protected and when the software license expires,” he says. “In the past, I wouldn’t have even known if a license expired — I would have no idea.”

The US Secret Service implemented tougher disciplinary measures after preliminary findings from an internal investigation found agents missed an intruder at national security adviser Jake Sullivan’s home in part because they were using their personal phones, people briefed on the matter said.

Secret Service Director Kimberly Cheatle in latest days ordered increased penalties for employees who violate policies on duty, including the use of personal devices while on the job.

The moves are partly in response to initial findings of an internal investigation following the April incident at Sullivan’s home, when agents on his protective detail failed to see an intruder enter and exit, the sources said.

A law enforcement official familiar with the internal investigation said the agents on duty that night and their supervisors, are likely to be subject to disciplinary action, including an evaluation of whether they can maintain their federal security clearance, a requirement for their positions.

The incident at Sullivan’s home occurred in the early morning hours in late April. Sullivan confronted the intruder inside the home and later told investigators that he believed the person was intoxicated and entered the home by mistake. Sullivan and his family were unharmed.

The internal investigation found the agents were distracted and on their personal phones while on duty and never saw the unidentified intruder, who was later seen on surveillance video entering and exiting the property, a person briefed on the matter said.

Cheatle this week ordered that disciplinary penalties be increased to up to 21-day suspensions, and up to removal for infractions that lead to operational failure. Those include for the use of personal phones or the use of alcohol while on assignments.

“The Director of the Secret Service Kimberly Cheatle issued a clear directive, emphasizing the importance of conduct and behavior in upholding our mission’s excellence,” said agency spokesman Anthony Guglielmi.

“We have zero tolerance for anything that jeopardizes operational success,” he continued. “While human errors may occur, what sets us apart is our unwavering commitment to maintaining very high professional standards and ethics. This includes enhanced penalties for incidents involving alcohol and a strict policy regarding personal cell phone use while on duty.”

For more CNN news and newsletters create an account at CNN.com

<p>Protects endpoint, web and messaging environments to secure against today’s complex Internet threats and quickly recover information in the event of system failure</p>
<p>SYDNEY, Australia – 22 April 2009 – Symantec Corp. (Nasdaq: SYMC) today announced it has expanded its security portfolio by offering new Protection Suites for small business and enterprise customers and adding Web security technology through the acquisition of Mi5 Networks. Symantec Protection Suite Small Business Edition and Symantec Protection Suite Enterprise Edition are comprehensive solutions designed to secure firms against security risks and business interruptions, ensuring systems and critical information are readily available. The Symantec Protection Suites are scheduled to be available in summer 2009.</p>
<p>Symantec also today announced the acquisition of Mi5 Networks, a privately held Web security company which offers the industry’s most innovative approach to Web gateway security by providing streaming technology that examines traffic coming into and leaving the enterprise. Symantec’s market-leading email gateway and endpoint security solutions combined with Mi5’s Web gateway technology will provide protection at the most common entry points to secure organisations against evolving Web-based malware.</p>
<p>“Our customers and partners have made it clear that security solutions that tie together multiple layers of protection offer the highest return for the lowest cost of management,” said Francis deSouza, senior vice president, Enterprise Security Group, Symantec. “Moving forward, with the acquisition of Mi5’s Web security technology, Symantec is further addressing the fastest growing path for malware to infect network environments and we look forward to integrating this technology into our security portfolio.”</p>
<p>Symantec Protection Suite Small Business Edition is an easy-to-use suite that protects critical business assets by securing against today’s malware and spam threats and by rapidly recovering client computer systems. This all-inclusive suite provides complete protection, creating a secure environment where computer system failures, malware, and spam risks are identified and addressed immediately. The ease-of-use, fast performance and unmatched protection allows small businesses to save valuable time and money with a suite that requires little administration to install, deploy and manage.</p>
<p>Symantec Protection Suite Enterprise Edition includes Symantec’s endpoint security, messaging security and system recovery technologies that allow customers to reduce the cost of securing their environments and effectively manage the inherent risks of today’s IT infrastructures. Multiple layers of protection ensure customers are accurately identifying and addressing risks while delivering consistent protection across platforms. In the event of system loss or failure, users may recover individual files and folders in seconds, or complete Windows systems in minutes, thus minimizing downtime. By combining security with backup and recovery, Symantec is enabling businesses to completely protect, easily manage and automatically control their valuable assets.</p>
<p>“Securing our network is essential for us to maintain an efficient working environment for our users,” said Mike Miller, director of Information Security, Media General. “Using Symantec’s security, anti-spam and backup solutions allows us to protect the flow of information critical to our business as well as reduce the costs and time required to manage our IT infrastructure.”</p>
<p>“With the Symantec Protection Suites, we are able to provide our customers with multiple layers of protection to protect them from a broad range of security risks,” said Steve Barone, CEO, Creative Breakthroughs. “As a Symantec partner, I’m excited about the fact that these are simple, easy-to-deploy solutions that can help us address the security needs of small businesses to enterprise customers.”</p>
<p>According to the Symantec Internet Security Threat Report Volume XIV, over 60 percent of all currently detected malicious code threats were detected in 2008. The continued growth and evolution of the Internet presents attackers with a growing range of targets and various means to launch malicious activity. Symantec observed an average of 75,158 active bot-infected computers per day in 2008, an increase of 31 percent from the previous period. In 2008, bot networks were responsible for the distribution of approximately 90 percent of all spam email. Symantec observed a 192 percent increase in spam detected across the Internet, from 119.6 billion messages in 2007 to 349.6 billion in 2008.</p>
<p>Symantec Protection Suite Enterprise Edition and Symantec Protection Suite Small Business Edition are backed by Symantec Security Response and the Global Intelligence Network. Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec Global Intelligence Network. This network captures worldwide security intelligence data that gives Symantec analysts unparalleled sources of data to identify and analyse, to deliver protection and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam.</p>
<p>Licensing and Availability</p>
<p>To better suit individual customer needs, Symantec Protection Suite Enterprise Edition and Symantec Protection Suite Small Business Edition offer flexible deployment options. The Symantec Protection Suites are scheduled to be available in summer 2009 through Symantec’s worldwide network of value-added resellers, distributors and systems integrators. Organisations seeking a reseller or distributor should visit: http://www.symantec.com/partners/index.jsp.</p>
<p>About Symantec</p>
<p>Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organisations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.</p>
<p>###</p>
<p>NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.</p>
<p>Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.</p>
<p>Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.</p>
<p>Press Contact:</p>
<p>Laura Skelley</p>
<p>Max Australia</p>
<p>+61 2 9954 3492</p>
<p>laura.skelley@maxaustralia.com.au</p>

Michael Brink, CTO, CA Southern Africa.

CA Southern Africa, a representative of Broadcom Software and driving Symantec Enterprise Cloud (SEC) uptake in SA’s enterprise market, highlights Symantec’s five decades of innovation as a global cyber security leader with an incomparable record of accomplishment, CA Southern Africa says.

SEC is a consolidated hybrid cloud solution offering data and threat protection backed by the worldwide network of Symantec Security Operations Centres – it comprises a comprehensive offering designed to deliver data-centric, cross-platform security for large enterprises.

Broadcom’s acquisition of Symantec in 2019 reinforced a history of innovation focusing on areas most important to its global client base, including:

• Compliance – a major driver for large multinationals and growing fast as new regulatory authorities assert themselves and older ones fragment regionally.
• Integration – a priority for large companies any time, enhanced now by opportunities to integrate Symantec solutions with Broadcom ValueOps, AIOps and other enterprise software.
• Work-from-anywhere – an accomplished fact post-pandemic and a significant challenge to build a secure, productive user experience on top of infrastructure that wasn’t designed for it.

• Hybrid and multicloud environments – on-premises infrastructure remains out of fashion, but the global slowdown in cloud spend/adoption, together with the rising cloud costs, strengthens the case for multicloud, hybrid (on-premises) capabilities. Data residency and security concerns also keep most multinationals from going all-in to the cloud.

The period post the acquisition was one of the busiest, most productive and innovative in Symantec’s history as the company rebuilt its entire security infrastructure in the cloud to serve the needs of its global enterprise customers from the cloud at high performance levels.

Michael Brink, CTO at CA Southern Africa, says: “A SASE architecture delivers security services directly to devices at the network edge, eliminating the wasteful ‘touch base’ or hair-pinning – essentially backhauling or channelling all traffic from the cloud and back to the on-premises data centre for every transaction. But speed and latency still matter in the cloud: if the edge network is bandwidth-constrained or physically distant from a user’s device, latency will grow and performance will suffer.

"To drive these constraints to an absolute minimum, Broadcom Software rewrote and re-platformed its entire offering – more than 80 products and services, including all Symantec solutions – as cloud native, software as a service solutions on Google Cloud infrastructure, in containerised environments under Kubernetes orchestration.”

He adds that the strategic partnership with Google provides Broadcom and Symantec users the following advantages:

• Global range, interconnecting ISPs, content providers and users on a high-speed private network;

• Edge points of presence (POPs) on 180+ internet exchanges and at 160+ interconnection facilities worldwide, reducing costs and latency;

• Efficient routing on Google’s private backbone, minimising traffic over the public internet;

• Unmatched scale;
• Elasticity in response to unpredictable changes; and
• Stability and resilience in the face of disruptions.

“The enterprise sector in South Africa has a promising opportunity ahead with the support of CA Southern Africa's team of highly skilled and experienced technology professionals focused on enhancing the potential of the SEC offering,” concludes Brink.

Symantec Corp, today announced the findings of its Global Internet Security Threat Report, Volume 17, which shows that while the number of vulnerabilities decreased by 20 percent, the number of malicious attacks continued to skyrocket by 81 percent. In addition, the report highlights that advanced targeted attacks are spreading to organizations of all sizes and variety of personnel, data breaches are increasing, and that attackers are focusing on mobile threats. The report also highlights The UAE as a highly spammed country in the world with a spam rate of 73.0 percent. UAE has also seen change in the global overall ranking moving from 36 in 2010 to 46 in 2011, although throughout the Middle East the UAE ranks 4^th.

Malicious Attacks Continue to Grow Rapidly:

Symantec blocked more than 5.5 billion malicious attacks in 2011, an increase of 81 percent over the previous year. In addition, the number of unique malware variants increased to 403 million and the number of Web attacks blocked per day increased by 36 percent.

At the same time, spam levels fell considerably and new  vulnerabilities discovered decreased by 20 percent. These statistics, compared to the continued growth in malware, paint an interesting picture. Attackers have embraced easy to use attack tool kits to efficiently leverage existing vulnerabilities. Moving beyond spam, cyber criminals are then turning to social networks to launch their attacks. The very nature of these networks makes users incorrectly assume they are not at risk and attackers are using these sites to target new victims. Due to social engineering techniques and the viral nature of social networks, it’s much easier for threats to spread from one person to the next.

Mobile Threats Expose Businesses and Consumers:

Mobile vulnerabilities increased by 93 percent in 2011. At the same time, there was a rise in threats targeting the Android operating system. With the number of vulnerabilities in the mobile space rising and malware authors not only reinventing existing malware for mobile devices, but creating mobile-specific malware geared to the unique mobile opportunities, 2011 was the first year that mobile malware presented a tangible threat to businesses and consumers. These threats are designed for activities including data collection, the sending of content, and user tracking.

Advanced Targeted Attacks Spread to Organizations of All Sizes:

Targeted attacks are growing, with the number of daily targeted attacks increasing from 77 per day to 82 per day by the end of 2011. Targeted attacks use social engineering and customized malware to gain unauthorized access to sensitive information.  These advanced attacks have traditionally focused on public sector and government; however, in 2011, targeted attacks diversified.

Targeted attacks are no longer limited to large organizations. More than 50  percent of such attacks target organizations with fewer than 2,500 employees, and almost 18 percent target companies with fewer than 250 employees. These organizations may be targeted because they are in the supply chain or partner ecosystem of a larger company and because they are less well-defended.Furthermore, 58 percent of attacks target non-execs, employees in roles such as human resources,, public relations, and sales. Individuals in these jobs may not have direct access to information, but they can serve as a direct link into the company. They are also easy for attackers to identify online and are usedto getting proactive inquiries and attachments from unknown sources.

Rise of Data Breaches, Lost Devices Concern for the Future:

Approximately 1.1 million identities were stolen per data breach on average  in 2011, a dramatic increase over the amount seen in any other year. Hacking incidents posed the greatest threat, exposing 187 million identities in 2011 the greatest number for any type of breach last year.  However, the most frequent cause of data breaches that could facilitate identity theft was theft or loss of a computer or other medium on which data is stored or transmitted, such as a smartphone, USB key or a backup device. These theft-or loss-related breaches exposed 18.5 million identities.

As tablets and smartphones continue to outsell PCs, more sensitive information will be available on mobile devices. Workers are bringing their smartphones and tablets into the corporate environment faster than many organizations are able to secure and manage them. This may lead to an increase in data breaches as lost mobile devices present risks to information if not properly protected. latest research by Symantec shows that 50 percent of lost phones will not be returned and 96 percent (including those returned) will experience a data breach.

Solidifying Drive Control Corporation’s (DCC) leadership in the security software marketplace, the company is currently the sole distributor in South Africa for global leaders Symantec and Mandiant Services, it says.

The distribution agreements include Symantec as well as Broadcom Software’s (previously CA) entire range of security solutions and Mandiant's comprehensive portfolio of services, both available to the South African and SADC channel marketplaces.

Apart from South Africa, DCC also has a strong footprint in the SADC region, which has enabled the company to consistently grow both Symantec and Mandiant’s market share in the region. The distributor has dedicated offices in most of the SADC countries and also a strong SADC-focused team based at its head office in Johannesburg.

“Our agreements with both Mandiant and Symantec speak volumes of our continued success in the SA and SADC channel. We’ve fostered noteworthy relationships and look forward to strengthening our market share in the coming years,” says Fred Mitchell, software solutions division head at DCC.

Mandiant Services, available from DCC, includes consulting expertise on incident response, ransomware, risk management and target attack testing. The company’s team of cyber security experts provides valuable consulting on mitigating threats and reducing risk to get back to business as soon as possible.

Symantec is recognised as the industry leader in threat inspection at the endpoint level. It is the only vendor to be rated at the top of endpoint protection tests across all platforms, Windows, MacOS and mobile. Symantec product offerings include:

• Advanced threat protection;
• Information protection;
• Endpoint security;
• E-mail security;
• Network security;
• Cloud security; and
• PAM (privileged access management).