UPLOAD - Symanteceval.symantec.com/mktginfo/enterprise/html/ciodigest/articles/200701/upload.pdf · (PIPA), Gaitame.Com, a leading Internet foreign exchange company, chose Symantec
Post on 31-Aug-2019
0 Views
Preview:
Transcript
� CIO Digest January-February 2007
yx NEWS BY REGION
[UPLOAD]NEWS, REVIEWS AND PERSPECTIVES
>> WORLDWIDE[ Sales expertise ]Symantec has five new training modules in Sales Expert training as part of its Symantec Partner Program. The training lets part-ners achieve sales accreditation for Symantec’s security products. Customers who complete the
program become accredited Symantec Sales Experts (SSE).
[ Acer aces security ]When Acer, the world’s fourth largest PC producer, selected a security program for its 45 million computers, it opted for a complimentary 90-day trial of
Norton Internet Security 2006 and Norton AntiVirus 2006. “The inclusion of Symantec security solutions helps ensure that our customers enjoy the safest computing experiences,” said Jim Wong, president of Acer’s IT products business group.
>> AMERICAS[ Email made easy ]When Advantage Sales and Marketing (ASM), which handles marketing for more than 1,200 consumer packaged goods cli-ents, including Unilever, Quaker, and Johnson & Johnson, decided to synthesize 30 email systems
yx INSIDE STORY
Symantec researchers have developed a way to outsmart rootkits, the stealth programs that can live undetected on a
computer and help unauthorized users access a system.
“When antivirus software tries to scan your computer, the rootkit detects the scan and hides its files,” explains Stephen Trilling, vice president of Symantec Research Labs. “These threats can make themselves essentially invis-ible to traditional file-scanning mechanisms.”
To make the rootkits visible, researchers integrated Veritas File System and Volume Manager into Symantec AntiVirus to create Raw Disk Virus Scan. This new technology lets the antivirus software scan disks by accessing raw blocks rather than files.
“This technology makes it much harder for these threats to hide,” Trilling says. “This is a great example of a technology synergy between Veritas and Symantec. By combining core technologies from each company, we will better protect customers.”
The Raw Disk Virus Scan is available now as part of an update to Symantec AntiVirus Corporate Edition and Symantec Client Se-curity, as well as all of Symantec’s consumer antivirus offerings.
RAW DISK VIRUS SCAN
Ph
oTo
: MA
Rk
ES
PE
RTI
; Ill
US
TRA
TIo
N: C
AM
BE
ll l
AIR
D
Symantec Research Labs
symantec.com/ciodigest �
yx AMERICAS NEWS
In Wales We Trust
Fifty-one percent of Americans
are concerned about having their
personal data outsourced overseas,
according to a 2006 study conducted by
the Ponemon Institute, a think tank, and
commissioned by White & Case llP, a
global law firm. Respondents sent a mixed
message, though, since 73 percent said
they would prefer not to pay higher prices
for products or services to keep that sensi-
tive data in the U.S. If their data had to
be outsourced overseas, Americans most
trusted Canada, Ireland, India, Wales, and
Germany.
into one, it chose Symantec En-terprise Vault for archiving and Symantec Brightmail AntiSpam for security purposes.
[ Free security ]TD Canada Trust’s EasyWeb Internet banking site (www.tdcanadatrust.com) has been offer-ing Symantec Norton Confidence online at no cost to customers
to safeguard its online banking system. The software blocks phony Web sites, reducing the chances that customers will get scammed.
[ Compliance solution for electric utilities ]To help electric utilities meet North American Electric Reli-ability Council (NERC) stan-dards, Symantec inaugurated
a comprehensive IT compli-ance solution. NERC’s Critical Infrastructure Protection (CIP) code establishes minimum guidelines for cybersecurity programs assuring electric controls and transmission functions are protected. Symantec NERC CIP Compli-ance Solution meets these guidelines while integrating
consulting services, com-pliance architecture, and automated policy management technologies.
>> ASIA PACIFIC/JAPAN[ Reducing costs ]korean Broadcasting System (kBS), korea’s public TV net-work, recently chose Syman-tec’s products to reduce data
of the US$660 billion that American companies
lost annually to fraud in 2004, the majority of
losses were from senior managers. Though employ-
ees were responsible for most fraud, the median
loss from their crimes was US$62,000. Of the 34
percent of losses caused by managers, the me-
dian damage was US$140,000, more than double
the employee loss.
>> FIVE-FINGER BONUS
Source: Association of Certified Fraud Examiners
Go
RD
oN
STU
DE
R
In the 1940s, philosopher Carl hempel took the
statement “all non-black objects are non-ravens”
and used it to prove that seeing a non-black non-ra-
ven provided evidence that all ravens are black. When
Fernando Esponda, a computer scientist at Yale Univer-
sity, read the study, it inspired him to create a negative
database. While a positive database might include only
200 characters based on names, addresses, and social
security numbers, a negative database encompasses all
available data plus considerable gibberish. Exploring
the negative “has an interesting potential for security
or privacy since it requires all or almost all evidence to
decide what is true about the data set,” Esponda says.
“Negative databases can protect databases by natural-
ly restricting the kinds of queries that can be answered
easily by them.”
Negative databases can also examine the intersec-
tion of data owned by different parties. Two or more
banks could share information on common transac-
tions without revealing the database’s entire contents.
Negative surveys can collect sensitive data without di-
vulging personal information. If respondents complete
a survey and fill in a box on diseases they don’t have,
for example, Esponda could estimate the disease’s
frequency.
yx DATABASE
How a Philosopher Helped Secure Databases
>
� CIO Digest January-February 2007
costs by 33 percent and halve its backup administrative costs.
[ Joint impact ]When an agency organized by the Malaysian govern-ment with the acronym IMPACT wanted to increase its impact, it turned to the CEo of Symantec Corp. The International Advisory Board
of the International Multi-lateral Partnership Against Cyberterrorism (IMPACT) asked John W. Thompson, chairman of Symantec, to serve on its board. IMPACT brings government and industry leaders together to share notes and ideas to combat cyber crimes, an area Thompson specializes in.
[ Keeping it private ]To comply with the Personal Information Protection Act (PIPA), Gaitame.Com, a leading Internet foreign exchange company, chose Symantec En-terprise Vault. Enterprise Vault, which helps archive emails and protects them against any external interference, will help Gaitame guarantee the privacy
of customer information and meet PIPA requirements.
[ Stored content ]Symantec introduced its Store Content Review Service in Japan to help businesses comply with the Internal Control Reporting System (commonly referred to as the Japanese SoX law). The service enables companies
ABritish TV comedy that portrays computer geeks as awkward and gawky is proving popular with the most unexpected of
audiences: IT geeks. Though critics of “The IT Crowd” might say that the main characters Moss and Roy are stereotyped geeks who are awkward with women, speak jargon, and seem to live full-time in a basement with their PCs and laptops, computer geeks are responding well to the show. The first episode of “The IT Crowd” was present-ed online before moving to Channel 4, a station on the UK broadcast network, and then returning online on BitTorrent.com.
yx PERSPECTIVE
The IT Crowd
A survey of 332 IT executives by
AMR Research revealed that
31 percent expected to increase
their compliance budgets in 2007.
Sixty percent saw budgets remain-
ing constant, and only 9 percent
envisioned a decrease in compli-
ance funding. The companies with
revenues of less than US$250,000
spent 14 percent on compli-
ance; US$250,000 to $500,000
spent 17 percent on compliance;
US$500,000 to a million spent 23
percent. Companies earning US$1
to US$2 million spent the most on
compliance at 24 percent; com-
panies with earnings from US$3
to US$5 million spent 7 percent;
and companies earning more than
US$5 million spent 15 percent.
yx ADD IT UP
Compliance Costs
MA
RIA
RE
ND
oN
/IM
AG
ES
.Co
M
[UPLOAD]M
ICA
hE
l M
oR
GE
NS
TER
N
symantec.com/ciodigest �
yx BOOK REVIEW
The Art of Software Security Testing
Today’s software professionals are under pressure to per-form applications security testing more thoroughly and quickly than ever.
The Art of Software Security Testing: Identifying Software Security Flaws (Addison-Wesley Symantec Press, 250 pages) can help them stay ahead of the competition. The book provides a comprehensive approach to reducing the chances that customers will be exposed to security vulnerabilities.
Readers are guided through the process of learning how to think like an attacker. After all, how better to protect a system than learning how to break it?
The book also discusses how security needs can be addressed in the software development life cycle starting with the earliest phases. Project managers will find useful information about how to decide whether to implement specific security tests and what needs to be reflected in test planning, development, and execution of security-testing efforts.
Six months after Hurricane Katrina disrupted the Gulf
Coast, half of the 420 chief security officers surveyed
reported that assuring business continuity and disaster
recovery was their top priority. Following business conti-
nuity was enforcing security policy (47 percent); aligning
security strategy with business goals (43 percent); improv-
ing the effectiveness of security (43 percent); and training
and educating employees about security policies and
procedures (43 percent).
yx IN THE NEWS
Katrina Aftermath>> CERTIFIED TRUST
For the first time, Symantec
Corp. has certified a software
solutions company. Symantec
certified Trust Digital, a lead-
ing manufacturer of handhelds,
PDAs, and smartphones, en-
abling it to incorporate Syman-
tec’s Mobile Device Security
2005 software. The Trust Digital
software complements Syman-
tec’s mobile antivirus capability.
to evaluate and manage their storage resources. The service also makes recommendations on improving data security and protection. Symantec’s J-SoX Installation Information and Support office serves as an ad-ditional resource.
[ China development ] Symantec’s commitment to
its China Development Center in Beijing continues to grow. Symantec plans on doubling the workforce at its Beijing re-search and development (R&D) center by adding 300 staff this spring.
[ India lab]Continually searching to expand its global research
footprint, Symantec recently added a research and develop-ment (R&D) lab in Pune, India. The Security Response lab located at Symantec’s Centre of Innovation will research online fraud, malicious code, and develop real-time updates to protect and safeguard Symantec products. The lab operates 24/7.
>> PARTNERS[ Windows-based solutions ]Synnex Corporation, a global IT supply chain services company, expanded its long-term partner-ship with Symantec by agreeing to distribute storage solutions for Windows Servers and Symantec Backup Exec 10d for Windows Servers. With the addition of Symantec Backup, Synnex offers
HOW TO CASE yOUR OWN JOINT
>
Source: CSO Security Survey
10 CIO Digest January-February 2007
Michael Schrage believes in the value of play; he wrote a best-selling book about it for harvard Business School Press in 2000.
of course, the play Schrage writes about—how companies use experiments, modeling, simulations, and prototyping—is serious business. In a marketplace glut-ted with products, how can companies ensure customers will embrace their innovations?
Businesses worldwide have turned to Schrage, a lead-ing expert on the economics of innovation, for answers.
Schrage serves as co-director of the MIT Media lab’s E-Markets Initiative and as senior advisor to MIT’s Security Studies Program.
Q: In your book, Serious Play: How the World’s Best Companies Simulate to Innovate (Harvard Business School Press, 2000), you describe the type of environment that cultivates innovation. How would you describe that environment in three adjec-tives?A: Attentive, argumentative, and collab-orative.
Q: How would you describe your life’s work in one sentence?A: I wouldn’t, but if someone held a loaded gun to my head, I might say my life’s work revolves around of-fering individuals and institutions the tools and rules
to create ‘shared spaces’ that become their preferred media for innovation.
Q: What has been your most memorable mistake?A: Choosing to be polite when someone behaved badly at an interview. I should have spoken up—better to die on your feet than live on your knees.
Q: When do you get your best epiphanies?A: When I take a core assumption that everyone takes for granted and beat up on it.
Q: What technology trend currently fasci-nates you?A: Neuroeconomic engineering and memetics.
Q: What’s technology’s biggest promise in the next 25 years?A: life extension combined with quality healthcare. Will it be realized? If you’ve got the right genes and/or the right bankbook.
Q: What’s been technology’s biggest disap-pointment in the past 25 years?A: The inherent disconnects between de-
signers, producers, buyers, and users of technology.
Q: Will we make the same mistake in the future?A: of course, that’s how we know we’re human.
yx PERSPECTIVE
Two-Minute Drill
Value Added Resellers (VARs) a full line of Symantec and former Veritas products for Windows-based solutions.
[ Get certified ]In order to get the most out of Symantec’s products, receiving training and gaining certifica-tion from Symantec ensures un-derstanding all of its products
nuances. For example, staff of the Emulex Corporation, a stor-age networking company, com-pleted training in the Symantec Technology Enabled Program for Symantec’s Veritas Storage Foundation 5.0. That testing will enable Emulex to provide state-of-the-art security protec-tion for all of its customers.
>> PRODUCTS[ Be proactive ] Companies are seeking a proac-tive program that prevents threats to a computer system before they happen. To meet those needs, Symantec cre-ated the Symantec Threat and Vulnerability Management Program, which secures a system and prevents attacks.
It enables customers to proac-tively map threats against their systems’ vulnerabilities and prioritize preventive measures.
[ In control of compliance ]Symantec Control Compliance Suite helps customers reduce the cost and complexity of IT policy compliance. It includes data-gathering functions on agent-less
Michael Schrage, Co-Director, MIT Media lab’s E-Markets Initiative
[UPLOAD]
symantec.com/ciodigest 11
yx PERCOLATING PRIORITIES
What’s most on the mind of today’s CSO
Fifty-six percent of respondents
to a CSo Research survey of
CSos, CISos and directors of
security deemed it smart to combine
the information and corporate securi-
ty group into one department. Nearly
half thought the major benefit would
be having a single point of contact and
accountability. of the 35 percent who
objected to integrating the depart-
ments, 28 percent thought it would be
difficult to identify a leader who pos-
sessed both skills sets, and 17 percent
envisioned a culture clash between IT
professionals and security guards.
reporting and database discovery and offers ready-to-run reports on auditing controls.
[ Online confidence ]To safeguard online banking, Symantec recently introduced Norton Confidential online Edi-tion. The Norton Confidential security solution authenticates a bank’s Web site at every
login to prevent phishing, and protects against keylogging, screen capture, and password-stealing programs.
[ Vista-compatible ]Symantec released beta versions of Norton Internet Security 2007 and Norton AntiVirus 2007 to users of the Microsoft Vista operat-
ing system in November 2006. The beta versions block spam, eliminate viruses, and protect against data leakage.
[ Online training ]Responding to the intensi-fied scrutiny of regulatory controls, Symantec introduced its Security Awareness Center,
a subscription-based online training program that helps companies reduce their IT and regulatory risks. The Web-based program is targeted to small and mid-size businesses to help minimize training costs. The training special-izes in information protection, password security, and email security.
BR
IAN
STA
UFF
ER
Researchers visiting Barrow, Alaska, are warned to take specially prepared laptops when they head out to the field. Sometimes they listen, sometimes they don’t, and those who don’t often re-
gret it when their laptop screen suddenly shatters because the liquid crystal inside freezes.
This is just one of the environmental challenges faced by the two-person technology team at Barrow Arctic Scientific Consortium (BASC), a National Science Foundation-funded nonprofit research or-ganization on Alaska’s North Slope. other challenges include random bursts of static electricity—common near the North Pole—that can appear without warning and fry researchers’ laptops.
BASC Chief Technology officer Bob Bulger protects hard-won data with a combination of Symantec Backup Exec and Symantec Ghost Solution Suite. once a week, Ghost captures the image of the system, which then stays in backup storage for six months.
“let’s say someone shorts out a computer, which happens,” Bulger says. “We can put another computer in place, pop that Ghost image back on it, and the researcher is up and running 20 minutes later.”
In any list of today’s premiere scientific issues, both climate change and avian flu would be near the top. Because Barrow is a breeding ground for 120 bird species, BASC hosts a large number of bird flu researchers as well as climate change specialists. That puts the IT staff under special pressure to get data protection right.
“The government spends a lot of money to send people up here to do research,” Bulger says. “To have an IT failure prevent them from doing their work would not be a good thing.” -- Minda Zetlin
Keeping Data Safe at theTop of the World
A recent survey shows 18 percent of cus-
tomers will switch to a competitor or forgo
their transaction due to business application
delays. The survey also reveals that IT staff
spend 24 percent of their time resolving ap-
plication slowdowns.
>> DELAYS COST DEARLY
Source: Applied Research
>
yx ICED OUT
12 CIO Digest January-February 2007
[ Mobile protection ]To protect confidential in-formation on employee cell phones, Symantec intro-duced its Mobile AntiVirus 4.0. This new tool protects Pocket PCs and smart-phones running on a Win-dows Mobile 5.0 platform. Mobile 4.0 safeguards mo-
bile devices against threats to email, multimedia mes-saging, cell networks and Wi-Fi, and fights specific threats such as Snoopware and Pranking4Profit.
[ Data center, transformed ]To help enterprises keep up with the growth in demand
for data center services, Symantec has released Veritas Application Director, the industry’s only solution that enables IT to control when and where multi-tiered applications run across heterogeneous physical and virtual environments to maxi-mize server utilization and
application availability.
[ Vista support ] To stay a step ahead of virus spreaders and computer hack-ers, Symantec has introduced AntiVirus Corporate Edition 10.2 to protect the Microsoft Windows Vista operating system.
yx CONTINUITY
Growing Interest
Demand for chief continu-
ity officers, also called
chief security officers, is on
the rise, according to execu-
tive search firm Christian &
Timbers (C&T). According to
C&T research, contributing
factors include global supply
chains and natural and man-
made crises, including hur-
ricanes and data theft. While
certain industries—such as
financial services—have long
used CCos, more and more
industries, including media and
energy, are getting into the act
as job responsibilities expand
beyond securing IT systems.
one of the best ways to minimize fraud
losses is by instituting a hot line. Compa-
nies that introduced a fraud hot line lost
a median $56,000 in 2004. Companies
without a hot line averaged US$135,000
in losses that same year, according to the
Association of Certified Fraud Examiners.
>> TRY A HOT LINE...
Some managers who have deployed file virtualiza-
tion say it simplifies storage provisioning and can
significantly reduce the downtime caused by data
migration. While adoption of virtual solutions is at a begin-
ning stage, an increasing number of storage managers from
Fortune 1000 companies are funding network file virtual-
ization, according to a recent study by TheInfoPro research
firm. According to the company’s Heat Index, network file
virtualization rose in priority to number six (up from 15 in
last year’s survey). The Heat Index measures the spending
and implementation plans of 155 storage managers.
yx STORAGE
Virtual Becoming Reality
CU
RTI
S P
AR
kE
R
[UPLOAD]
symantec.com/ciodigest 13
[ End-to-end messaging management ] Email customers want protec-tion, security, and a strong network with no possibilities of breakdowns or intrusions. To meet these needs, Micro-soft and Symantec partnered to introduce Exchange Server 2007, which protects Microsoft’s customers using
a revised end-to-end mes-sage management system. The security system protects against spam, viruses, and data leakage.
>> ACCOLADES[ May we suggest... ]When it comes to recom-mending software protec-tion products, most custom-
ers will suggest Symantec solutions to friends and business associates, ac-cording to Satmetrix, a consumer researcher. More than 60 percent of custom-ers promote Symantec to friends, according to the report. Business custom-ers endorsed Symantec based on its overall value,
company reputation, and its Norton suite of products.
[ Award-winning security ] Norton Internet Security 2007 earned PC Magazine Editors’ Choice Award for Security Suites for its antivirus and antispyware protection, antiphishing technology, and firewall.
29%
22%
19%
15%
12%
8%
0% 10% 20% 30%
yx DATA REVIEW
Room for ImprovementProbability of more than one major information loss per year
Industrial Manufacturing
Government
Business Support
Energy and Utilities
Education and Not-for-Profit
healthcare
[Source: INFoRM Benchmark Database; www.symantec.com/inform]
>> EVENTS CALENDARVisit Symantec at the Microsoft Vista/Exchange Road Show in the following cities:
Jan. 1� The Sheraton New York hotel and Towers, New York CityJan. 1� Tampa Convention Center, Tampa, FloridaJan. 24 Boston Convention & Exhibition Center, Boston, MassachusettsJan. 30 Moscone Convention Center, San Francisco, CaliforniaFeb. 1 Minneapolis Convention Center, Minneapolis, MinnesotaFeb. � McCormick Place Convention Center, Chicago, IllinoisFeb. 13 George R. Brown Convention Center, houston, TexasFeb. 2� Washington State Convention & Trade Center, Seattle, Washington
Join us at RSA in San Francisco, Califor-nia, February 5 through February 9, 2007. Symantec Chairman and CEo John W. Thompson will be a keynote speaker, along with experts to answer your questions about Symantec’s latest product, service, and solutions offerings to help you connect with confidence. Visit us at Booth 1�0�.
y x C_U@RSA
yx COMPANY FOCUS
The Danger WithinIf you’re trying to identify who
is most likely to commit fraud
against your company, look
within. According to a study
conducted by the Association
of Certified Fraud Examiners,
50 percent of fraudsters com-
mit crimes internally. of that
number, 23 percent are senior
managers. Performing em-
ployee background checks can
help, as 12 percent of all fraud
perpetrators had been convicted of a previous
fraud-related crime.
DA
VID
PlU
Nk
ER
T
The Executive Alliance and Symantec join together to bring you the Third Annual ISE Alumni, VIP, and CXo Program at the RSA Con-ference in San Francisco, California.
The event begins with breakfast on Tuesday, February 6, followed by VIP seating at John W. Thompson’s keynote and ends with a roundtable luncheon on Wednesday, February 7. For more information and attendance qualifications, please visit: http://infosecaward.com/ise-at-rsa2007/
RSA + ISE+ VIP= What Could Be Better?
top related