Meeting Minutes for Symantec New York User Group Meeting – 10/21/2011
Attendees: Vijay Haripal, Dale Denonarain, William Brennan, Keith Donnelly, Kevin Rodriguez,Sunitha Evany, Satish Matta, Nancy Jean-Charles, Richard Tisdale, Sonia Ahluwalia, Jason Fenner, Hank Gruenberg, Filberto Lopez, Tanvir Raihan, Hal Bader, Natella Abayev, Murdock Haskins, Michael Kordelski, Ron Braves, Prakash Bhaija
Presentations for next year- Proposal to be quarterly-: 2 Webinar and 2 in person
Dates for next year – TBD
Locations – Volunteers for next year are Keith Donnelly, Sonia Ahluwalia, Hank Gruenberg, Michael Kordelski
Presentations:
Jason Fenner- CCS 10
New in CCS 10 and beyond
CCS 10
New capabilities:
Vulnerability Mgmt:
Web-based dynamic dashboard
Integration with DLP
3rd part evidence
Web Server APIs
Core Improvements:
Web Portal
SM, ESM , PM, RAM enhancements
Security awareness
Install and Upgrade
Provide content to security monitoring
Dashboards
Vulnerabilities
DLP-CCS Integration
Third party management
CCS 10 Dynamic dashboards:
New way to visualize CCs and other data
Dashboard can be customized
Will also have details of deviations
Can be filtered
Drill down to details
Evidence to remediation powered by dashboards
Ability to view information based on client’s needs
High level graphs for Senior and Executive Management
Can provide information as to which deviations have a bigger impact
New feature – Symantec CCS Vulnerability Manager –not available in previous versions
Chains together all vulnerabilities found to uncover new hidden issues
SCAP and SCSADA – Federal related
Supports network, host, database and web application scanning
Database and Application scanning:
Authenticated and unauthenticated scan of database and application vulnerabilities
Broad database coverage
Server and client web applications
Integration with DLP:
DLP discovery information to identify assets for complete assessment.
Also shows data leakage info along with CCS data
Benefits:
Discover critical assets
Prioritize complete assessment and remediation
Obtain a comprehensive view of compliance and security posture
Securely manage data
Dashboard lists incidents, policies, protocols in the same system.
Intelligence of DLP – Asset gets tagged with dynamic group based on compliance settings
Integration interfaces
CCS 10 provides web services APIs to enable integration
Enhanced control collections:
· Cleaned and improved ODBC
· Leveraging other technologies in place
· New 3rd party connector and UI
Enable easy integration with other compliance products
Third Party Connector:
Identify new provider
Collect data and drop it into required CCS format
Map data/evidence to controls and trigger the CCS job.
CCS 10.5 – 10.5.1:
Increase visibility across information, infrastructure and people.
Security content automation protocol(SCAP) support
CCS dashboard views across SCP, RAM and VM- Qualys,Bit9,SFDC,Courion
CCS dashboard s included in Symantec protection center
Build library to include a lot more products
SCAP – Government or federal connections
Problem with CCS dashboard connectors is the consolidated view of compliance products across multiple Symantec products
RAM:
Can have multiple questions on a single page and 3 attachments to a response
RAM dashboard connector reports everything on a single dashboard.
Workflow API Integration:
Need to integrate CCS with business change control process
Solution is to deliver ready to deploy workflows to automate complex tasks.
Benefits are streamlined business processes.
Ability to build more libraries in CCS 10.5.1
There are many more templates than in previous version – 7 or 8
Prevalent in conjunction with Symantec developed Policy portal using APIs and workflow
Easily manage all their policies and hierarchy of approvals
RAM APIs enable DLP integration and handling of sensitive data triggered through APIs
Security awareness program – Customized and introduced in Jan 2011
Workflow templates available at
www.workflowswat.com
Above website has a lot of videos and how to’s on a lot of different content
Published templates – Asset import and scan
Policy approvals
Send RAM questionnaire
Subscribe to evaluation results
RMS remediation for AD groups
CCS remediation
CCS VM exploit remediation
Add and remove users from portal and not losing audit capabilities by using workflow and reporting on all processes
What’s Next??
Enzo slated for March 2012
Risk Manager
Control objectives by risk
Risk thresholds and projections
Visualizations
Remediations from Dashboard via workflow
Agent consolidation – Agent and agentless
Single mgmt infrastructure
Info Manager and ESM Manager have been combined
Can be run against DLs as opposed to Bindview 9.0
Vijay Haripal – Symantec End Point 12 presentation
Information Security team’s challenges:
Spyware/Malware
Polymorphic Worms
Zero-day vulnerabilities
Stale worms
Firm has moved from Trend micro to SEP 12 as the above issues could not be remediated by Trend Micro
Spyware/Malware- Blow computer when fake virus pops up- Webmail not locked down
Allows virus via web
Although Firm upgraded from Trend 8 to Trend 10 – no improvement- Behavioral analysis although a new feature in 10, was disabled because it affected everything.
Polymorphic worms- Trojans or resident virus
Zero day vulnerabilities – Not updating signatures
Traditional anti-virus is not good anymore
Rapidly evolving threats
Sophisticated attacks
Virus/Trojan/worm variants
Reputation
Bot Networks
End Users
Symantec anti-virus product was not good
SEP 11 was ok
SEP 12 – Latest – Uses cloud and Symantec network to determine which files are malicious
Cuts down on scanning time to make client more effective and efficient
Has the market share and manpower to develop product.
Overview:
- Download insight – Symantec is aware of the file and whether it is malicious or good
- Real-time heuristics – Hash is matched from one file to the next and then the file is not scanned if there is a match. Checks what is out of ordinary.
Mgmt console – Look at any logger dropdown at top-creates exception for violation and create it for any group and issue will be resolved for that specific group. This does not happen in Trend.
- Browser IPS – Very similar to what Microsoft built in IE8- Protection nativity
- Symantec has extra components of protection within websites – web browsers – compensating control
- SONAR 3- Goes along with download insight.
- Increased performance – Symantec will perform delta of baseline and only malicious files are scanned. Changes in the trusted domain are also monitored. Symantec will include those in the next real time scan. Full scan is done off hours.
- Centralized Mgmt – Install on Windows box – single dashboard – security posture of Symantec. Pie charts of compliant PCs available.
- Configuration – Apply policies to groups by working with other vendors
- Firewall enabled – Less restrictive in corporate environment.
- Built for virtualization – Client can detect if they are running on virtual machine or an actual box- Scan is specific to the machine. Otherwise, may result in performance degradation.
- Existing Symantec Customer
Architecture:
Set up policies – IPS, firewall- everything is configurable.
Mirrored architecture and built new policies based on business units.
For remote users – primary network Symantec to update signatures. All updates are dynamic
Generating reports and providing them to technical support and contacting users.
Custom reports can be generated to include how many clients have not been checked and for how long.
Deployment:
Deployed via business unit. Policies are specific to business units.
Deployed to test groups – There were few issuesand exceptions were made before product was rolled out.
Mirrored patch schedule
Conservative approach:
Only 1 business unit for a group of patches for 1 week – took 2 mths to deploy
Client packages
Deployed using SEPM and Third party software
Phased approach:
Remediation/exceptions
Clean-up
25-40 machines every day
Decommission of Trend
Drawings:
Drawing #1: 100 points Keith Donnelly
Drawing #2: 125 points Kevin Rodriguez
Drawing #3: 150 points Richard Tisdale
Member Presentation: 300 points Vijay Haripal
Most of all, everyone enjoyed the food and Nancy’s cake!! Happy Birthday, Nancy!!
Thank you, Andy for organizing everything so perfectly!!