There is a subset of individuals being monitored that we want to automatically change the incident status to a specific predefined value as soon as their endpoint incidents or network incidents are detected. How can we do that?
I have installed version 14 of SEP on Windows Server 2012 R2. When I try to Run a scan after a few files it gets stuck. Pause and Cancel dont work. I have to Restart the server to try again. I haven't managed to run a single scan.
Thank you
Recently, Microsoft issued a newSecurity Intelligence Reportthat includes some interesting insights regarding attacks on cloud apps. The analytical points from the report are highlighted below:
Microsoft reported a 300% increase in the company’s cloud-based user accounts being attacked year-over-year as of 1Q2017 vs. 1Q2016
The number of account sign-ins attempted from malicious IP addresses increased by 44% year-over-year in 1Q, and over two-thirds of incoming attacks on Azure services in 1Q came from IP addresses in China and the US.
Ransomware encounter rates are the highest in Europe vs. rest of the world in 1Q2017.
These findings highlight the need to stay vigilant in pursuing comprehensive security solutions for your cloud activity. As you’re well aware, bad guys will follow the money; so when sensitive corporate content moves to the cloud, attacks will follow. Microsoft’s research findings seem to confirm this adage.
Here we will demonstrate how Symantec CloudSOC helps subvert the cloud attacks highlighted in the recent Microsoft report. Let’s take a look into the threats and supported detection controls provided by CloudSOC.
Recently, hackers have begun using cloud apps to distribute ransomware to end-users. Two attack variations have been encountered. First, ransomware is uploaded to the cloud storage app and a direct URL is distributed to end-users for download. Second, the malware specific URL (referencing the ransomware uploaded to the cloud) is used in conjunction with additional malicious code (iframe code, JavaScript, etc.) to trigger stealth drive-by download attacks. The Cloud Threat Labs research team has previously covered the spreading of petya ransomware via dropboxand cerber ransomware via Office 365.
Symantec CloudSOC has built-in capabilities to detect threats in files uploaded to cloud storage apps. The detection mechanism scans the files to unveil malicious code that may exist within. For example, when a user uploads a file to the cloud app, it is scanned for potential threats and an associated report is shown in CloudSOC. The administrator can configure additional policies to restrict the sharing of the malicious file with other users and prevent the distribution of malware. In addition, the end-user has an associated threat score profile that highlights the risk associated with the end-user who uploaded the malicious file to the cloud app. The malicious file can be ransomware or an other type of malware, but at the end, the malicious files will be flagged. As a result of successful detection of ransomware, the infections can be controlled or prevented upfront. CloudSOC is equipped with a content inspection feature that detects the malicious files and alerts upfront.
Cloud apps are being used by hackers to take over user accounts. One of the primary attack vectors is the brute-force / dictionary attack in which multiple login requests are sent over a period of time with different sets of credentials. The attack is driven with a motivation to hijack the user account by launching a robust automated attack. The attackers can use the intelligence from the previous set of attacks.
To deploy detection controls upfront, CloudSOC provides an inherent capability to configure alerts for detecting automated attacks launched against Office 365 accounts. The alerts will trigger when thresholds are hit. Importantly, administrators can configure the settings as the screenshot below using organizationally approved policies.
As highlighted in the Microsoft Threat Research report, Office 365 was frequently accessed from malicious IPs over a period of time. This could reflect the two scenarios: First, the attacker has compromised a users’ credentials and then used them to access the application. Second, the attacker was trying to obtain the users’ credentials by launching automated attacks in a distributed manner from wide variety of IP addresses belonging to different geographic locations on the Internet. It is very important and essential part of the threat intelligence process to determine how, when, and from where users’ accounts are accessed. CloudSOC provides detection control to define alert settings for checking account access from the suspicious locations.
Apart from detecting the threats above, Symantec CloudSOC has the most robust solution for protecting Microsoft environments, including:
Hi,
SEPM Web console not opening Showing error as the request resulted in an internal Error.
Our mail server IP 65.157.63.242 is unable to connect to messagelabs, for example IP 216.82.241.243. We are not on any blacklists. Can you please remove throttling for our IP?
Hi.
When i deleted response polices, response policies were not deleted because response policies were allocated.
But response policies were not allocated.
How can I solve this problem?
I attach two situation pictures.
Hi
Licensed Symantec Endpoint Protection didn't detect VBS-trojan (attached).
https://www.virustotal.com/ru/file/7ed68cc7a22b7e5...
Hi, for sizing calculation I need to calculate the number of SPE required = total data flow from NAS system to SPE / SPE throughput.
How is possible to calculate the data flow ? There is a traffic monitor tool also for SPE 7.9 ?
Can Symatec please give notification on support of macOS 10.13 High Sierra which is set for release at the end of September.
SKEL has been introdcuced for non MDM devices.
Hwever I'm interested to know which version of Endpoint is supported for MDM devices where SKEL is off.
In Proxy AV environment upgrade to Symantec Endpoint Security is there any risk in expiring AV subscriptions? Will Proxy AV continue to operate but without AV updates? Will the Proxy AV fail if no subscription updates?
Is necesary and urgent linux update definitios from symanantec endpoint protection manager, any servers cannot update from liveupdate on internal networks, reverse proxy o symantec liveupdate servers.
how to upgrade Protection Engine for NAS 7.8 to Protection Engine 7.9 upgrade with 7.8 license?
Symantec offers live, instructor-led training for CloudSOC.
The Symantec CloudSOC R1 course is intended for IT professionals who wish to develop the knowledge and skills to deploy and manage Symantec CASB/s solution, CloudSOC. This course is intended for users who want to apply Symantec CloudSOC's capabilities to control Shadow Data and Shadow IT in cloud applications.
Symantec offers live, instructor-led training for CloudSOC.
The Symantec CloudSOC R1 course is intended for IT professionals who wish to develop the knowledge and skills to deploy and manage Symantec CASB/s solution, CloudSOC. This course is intended for users who want to apply Symantec CloudSOC's capabilities to control Shadow Data and Shadow IT in cloud applications.
For some reason, my domains (all on the same server) have been blacklisted when sending emails sent to AT&T properties. Investigating the issue led me here, where I discovered the following about my IP:
The IP address 162.214.0.132 was found to have a negative reputation. Reasons for this assessment include:
The host has been observed sending spam in a format that is similar to snow shoe spamming techniques.
I am not sure why/where this happened. What can I do to correct the problem?
Hi All, does anyone know if importing a solution pack will turn on any policies? I don't want it to break anything. Any links to symantec documentation would be appreciated.Thanks!
Hi Peeps.
Need help current scenario is we have clients that are showing offline, different OU (we are sync in AD) and different hostname.
Per checking on those machines they are communicating to symantec, uses correct sylink, has online status, updated AV.
Dont know what to check anymore?
Ive search and created support ticket waiting on thier updates. So far i found this but no help on getting solve.
https://www.symantec.com/connect/forums/long-names...
Hi everybody, we add multiple users in a laptop but only the last one user who used the laptop is the only one user can log again!!
All users are registered in SEE
Thanks
************************************************************************************************************************************************
Tenemos una portatil multiusuario y a pesar que varios usuario etan registrados solo el ultimo que la utilizo es quien puede volverser a loguear de nuevo.
Alguna sugerencia?
Gracias