Video Screencast Help
Search Video Help Close Back
to help

Security Community Blog

Showing posts tagged with Control Compliance Suite
Showing posts in English
Symantec Sponsors the SANS Institute 20 Critical Security Controls Survey
darci_hunt | 10 Apr 2013 | 0 comments

The Critical Security Controls (CSC's) are being adopted by federal and state agencies in the U.S., Canada and elsewhere, to increase visibility into advanced threats, to shore up defenses, and ultimately for benchmarking and to improve risk posture.

To increase the limited information currently available about implementing the controls, the SANS Institute is conducting a 20-question survey for IT professionals, business unit managers and security/compliance experts. The survey was developed to find out what controls they're adopting, why, and how. The survey also explores how integrated the CSC's are in organizations that have adopted the controls, and whether any adopters have reached the stage where they can use the controls for benchmarking and to improve their risk postures.

"The Critical Security Controls are successful because of their open community approach - people and organizations voluntarily...

Read more
Symantec Control Compliance Suite Vendor Risk Manager Enables Businesses to Cost-Effectively Manage Third-Party Risk
Brian Modena | 05 Mar 2013 | 0 comments

MOUNTAIN VIEW, Calif. – March 5, 2013 – Symantec today unveiled its Control Compliance Suite Vendor Risk Manager, enabling customers to better assess their third-party risk and protect their reputation and sensitive data. Control Compliance Suite Vendor Risk Manager provides a solid foundation on which to build a vendor risk management program.  Customers are able to gain visibility into their organization’s vendor risk exposure and automate the ongoing assessment of vendors’ IT security readiness.

Control Compliance Suite Vendor Risk Manager arms organizations with the following capabilities:

  • Auto-calculated vendor risk scores based on multiple evidence sources
  • Vendor tiering based on data risk and business criticality
  • Shared Assessments content for controls-...
Read more
Excel cells break when a report is exported to CSV format
Chaitali | 20 Feb 2013 | 0 comments

Issue: When a result of a Collection Evaluation Report job is exported in CSV format, the cells break - giving a non-uniform report output.

 

Cause: When the evidence of the failed checks is large, Microsoft Excel cannot handle the large character count of an individual cell. This causes the cells to break.

 

Explaination: The capacity of Microsoft excel to handle the length of cell contents is 32,767 characters. The first 1,024 characters display in a cell and the remaining appear in the formula bar. If the character count of the evidence in a cell is more than 32,767 characters, the cell will break. This is a limitation of Microsoft Excel.

Solutions:

Solution 1:

Instead of exporting the report in CSV format, export the result to excel by the following method:

Go to the Evaluation Result >> Select "Asset Based View" >> Highlight and select the...

Read more
How to report on agent based Unix Server hosting multiple databases
Chaitali | 20 Feb 2013 | 0 comments

How to report on an agent based Unix Server hosting multiple databases

Desired reports:

- Reports from the Unix Host

- Reports from DB1, DB2, DB3

Refer to the diagram below:

Solution:

To report on the Unix Host:

Install the Unix agent on Unix Host.

- Register Interface 1 with BVIS using command:

  • /setup.sh -a <IP of BVIS> <IP of Interface 1> <Username> <Password> -s UNX

 

To report on DB1, DB2, DB3:

- Register Interface 2 with BVIS using the -lip (logical IP) commands:

  • /setup.sh -a <IP of BVIS> <IP of Interface 1> <Username> <Password> -s UNX -lip <IP of Interface 2>...
Read more
Determine why a Scheduled Task or Query failed
Chaitali | 19 Feb 2013 | 0 comments

How to determine the cause of Scheduled Task or Query failure

Solution:

The cause of failed schedules can be determined from the Schedule Logs.

The logs for the RMS schedules are stored in text format at the following location: 

\Program Files (x86)\Symantec\RMS\data\<User Name>\ScheduleLogs

Note:

The name of each log file corrosponds to the name of the schedule in RMS.

These log files are automatically overwritten by the new log files after the respective schedule re-runs.

At any given point in time, one schedule in RMS has a corresponding one schedule log file from its latest run.

 

Read more
latest virus attacks and its imapact
K S Sharma | 17 Feb 2013 | 1 comment

Dear All,

As day by day security threat are increasing  and u need to more proactive approach to find latest details and make security tighten. As hackers group are continously working to break out security measures but at the same time organization spending lots of resource and money to make bussiness smooth and secure.

I think this is not just spending the money on IT security and having securty experts. makes u secure by implementing the security solutions. It is equally important to you how intellegently and smartly you take care each sides of security threats and configure it accordingly.

Please also read below threads for getting updates on some recent security threats

 

  • Shamoon virus targets energy sector infrastructure

            ...

Read more
Evolving Endpoint Security
Vikram Kumar-SAV to SEP | 05 Feb 2013 | 0 comments

 

Symantec keeps tab on the changing Threat Landscape and incorporates relevant security on its products.Same is the story with SAV to SEP to now SEP 12..

When we had SAV in the market what our customer needed was just a Antivirus to protect their system from downtime..here antivirus was looked more as a Availability facilitator than a core security product..till early 2000.

Even though we had SCS (firewall and IPS) seclected people used the other features.

Starting from 2006-2007 that was a high rise in malware being created and vulnerabilities being exploited..slowly the trend changed and it all came down to money making malwares..

FakeAntivirus, Downadup, Various Blackmailing Trojans etc..here the audience was not high profile..and SEP 11 very well detect and blocks and does whatever it can..Slowly people started using IPS, ADC and found much more can be done with SEP and they are doing it..

However in last few years there has been...

Read more
WHERE BIG DATA AND SECURITY ALIGN
Al Cooley - DeepSight Product Management | 30 Jan 2013 | 0 comments

There has been a data explosion within security teams, as organisations everywhere seek to increase their effectiveness in preventing breaches of defences through improved correlation and data sharing. You have probably seen this happening within your own working environment, too.

In the quest to achieve this sought-after level of ‘good enough’ security, the findings of new research from the Enterprise Strategy Group, ‘Big Data Intersection with Security Analytics’, partially sponsored by Symantec, are encouraging.

You won’t be too surprised to hear that, in our ‘Big Data’ world, we are collecting a lot more data than we used to two years ago. There is only one direction in which that arrow is going to be pointing from now on. What is interesting here, though, is that lots of people are vested in this information to do their job – and that is likely to envelop even more people, across a wide range of roles over the next...

Read more
Vulnerability Lifecycle Management
Gavin Fulton | 13 Dec 2012 | 0 comments

Over 6 years ago, when working for a Professional Services organization and responsible for developing key Security propositions for customers, I first developed an approach for "Vulnerability Lifecycle Management".

At the time the solution involved manual integration of a range of technologies from a range of different vendors:

  • network vulnerability assessment tool
  • patch management tool
  • compliance management tool
  • risk reduction tool (Host based IPS)
  • security intelligence feed

At that time this involved a identifying a range of tools from a number of different vendors, and the associated technical and procedural integration of inputs and outputs from each.  There were challenges with the different cost models to license this complex solution, let alone the technical integration of the various input and output formats.

Jumping forward from 2006 to 2012 and this type of solution is entirely...

Read more
Oh, PCI DSS, will we ever learn how to deal with you?
Daniele Bertolotti | 12 Dec 2012 | 1 comment

 

I think it’s about time to refer to PCI DSS as a rather mature and dissected standard. And I’m ready to bet that you heard at least once in your life the sentence “PCI only demands for common-sense security!” All true, still we keep on facing situations where organizations struggle to maintain compliance with PCI DSS. It seems that we do a pretty good job at covering PCI DSS requirements, but somehow neglect to drive an approach that would help organizations stay compliant and protect their business through their evolution.

PCI standard is based on a very simple yet effective equation: you need to protect a specific and well defined type of data and you must do it with a series of well-defined measures, most of them technological (PCI DSS is probably the standard that, more than any other, dares to get its hands dirty with technology) and many other procedurals... It...

Read more