Tag Archives: Protection Engine for Network Attached Storage (formerly SAV for NAS)

Second PoC Exploit for Adobe Flash Player Discovered after the Hackers-For-Hire Company Breach

Yet Another Adobe Flash Player Zero-Day from Hacking Team Breach.Read More

Protecting Cloud Services, Applications and Storage with Symantec Protection Engine

Did you see my session at Symantec Vision 2012?  If not, you missed me talk about how you need your very own Robocop to protect services, applications and storage that accept and distribute files.

His prime directives align very well with how you should approach your service and infrastructure security:

1. Serve the public trust – Your users will TRUST your service.  They’ll ignore warnings and common sense because YOU are giving them access to something.

2. Protect the innocent – Your users are unlikely to be as security-aware as you are, they may not understand risks and they certainly shouldn’t be trusted to protect themselves 🙂

3. Uphold the law – You need to be able to set and enforce policies and you need to do this at your application or storage level.

{If you’re a fan of Robocop, as I am, just ignore the “Classified” 4th directive… It doesn’t quite fit the metaphor 🙂 }

 

Symantec Protection Engine gives you the ability to do just that.

It gives you out-of-the box integrations with almost all storage vendors, many applications and services.  Oh and we’ll also give you access to our SDK so you can embed our industry leading threat detection technology DIRECTLY INTO YOUR OWN APPLICATIONS.

BETA

I’m delighted to announce that we’re now accepting registrations for the Symantec Protection Engine 7.0 beta program.
This major release is the next generation of the technologies currently sold as Symantec Scan Engine and Symantec AV for NAS/Messaging/Caching.

For more information about this new release and the benefits of participating in our beta program, use this link: https://symbeta.symantec.com/callout/default.html?callid=7E4530E666124B0A80EFBF428FE32301

 

Symantec Email Submission Client (SESC) 1.0: NOW AVAILABLE

 

Hi!
 
My last post back in October 2011 introduced the beta program for a new application for our messaging security customers.
I’m delighted to announce that we achieved our Generally Available (GA) milestone yesterday on March 19th meaning that the Symantec Email Submission Client is now available for all of our customers to download and install.  This is my first “1.0” product release so I’m particularly excited to see this product ship 🙂
 
Did I mention that this is provided at no extra charge?  Yup, free.
 
We had some excellent beta participants in this cycle, ranging from large enterprise customers to small businesses and we got some fantastic real world feedback which helped us ship an even better product than we originally scoped.
 
So, what is SESC?
 
The Symantec Email Submission Client (SESC) enables messaging administrators to streamline their process and procedures around one of the highest help desk call generators – missed spam.
 
Without blocking ALL email, no mail security vendor can claim to have a 100% catch rate.  Despite having an externally verified and market leading catch rate, Symantec understands that customers want to be able to report missed spam to us so that we are able to prevent the same spam attack hitting them again.
 
The SESC has been designed with the end user in mind, with the goal of making it SIMPLE TO SUBMIT.
 
Awesome! How does it work?
 
SESC integrates with Microsoft Exchange Server 2007 and 2010, utilising the flexible Exchange Web Services (EWS) platform to provide native support for all rich Exchange clients including Outlook, Outlook:Mac, OWA and Exchange enabled mobile devices.
By integrating directly with the backend of the messaging system, customers can avoid the costly admin overhead associated with deploying a plug-in or client to endpoint devices.
Because of the way EWS works, we are able to recommend that SESC is installed to a non-Exchange server so that there is no additionaly CPU burden placed on your mission critical infrastructure.  You can run SESC on any Windows 2008 R2 server, both physical or virtual (VMware ESX/ESXi or MS Hyper-V) are supported too.
 
What about the user experience?
 
Like I said, we want this to be as simple as possible and actually aimed to make it easier than deleting an item from your Exchange client.
To submit missed spam (aka false negatives) to Symantec, end-users simply move the offending message to an special folder in their mailbox.
This folder name is fully configurable by Administrators, who also have absolute control over which users are enabled for submissions.  Using their existing Active Directory infrastructure, Administrators can use pre-existing or new Groups or OU’s as well a providing a custom LDAP query to opt-in the users.
 
There are two working modes for SESC, Moderated Submissions and Direct Submissions.
With Direct Submission mode, every message moved to the submission folder by an end-user is submitted to Symantec.
With Moderated Mode, Administrators can delegate an approval process to one or more users.  In this mode, the end-user moves the message to the submission folder as normal.  This message is then made available to the ‘approval’ user who can decide whether the message should be submitted to Symantec or not.
This is particularly useful where data privacy may be a concern.
 
With SESC, customers no longer have to use the existing and rather convoluted method of submission; which involves supplying the entire missed spam message as an RFC822 attachment to ANOTHER email and sending it to the correct email address at Symantec.
 
The Symantec Email Submission Client is available today for the following products:
  • Symantec Messaging Gateway
  • Symantec Mail Security for Exchange
Simply sign into http://fileconnect.symantec.com and download the installer.
Note: Symantec Protection Suite Enterprise Edition customers will be able to download SESC from Fileconnnect from April 2012.
 
There are some really fantastic extensions to our submissions process coming in the next release of Symantec Messaging Gateway which not only extend the functionality of SESC but also help to improve your protection even more.  What’s more, the beta for Symantec Messaging Gateway 10 is due to kick off in May 2012 – if you are interested in participating please get in touch either in the comments below or you can email me ian_mcshane@symantec.com.
 
I’m excited to get more feedback as we start to think about the next releases of SESC so please do download, install it, check it out and let me know what you think either in the comments or directly by email.
 
Cheers!
 
Ian McShane
Senior Product Manager | Messaging & Web Security
Endpoint & Mobility | Symantec