Symantec Connect Posts Round Up #5

So its been a couple of weeks since my last round up and there are ton of links/posts from Symantec Connect that I thought were very interesting.  I hope you find these interesting, if you do, please drop me a note in the comments section so I know someone is reading them

So the first one is not a Connect Post but comes from the Symantec Knowledge Base…

• Symantec Encryption Management Server and DLP Integration Guide:  I haven’t had a chance to walk through this in my test lab yet, but I’m waiting for some time off from engagements to implement this.  Once that’s done I’ll try to provide some feedback.  Symantec has laid out a pretty aggressive roadmap for integration between the 2 products and I’m hoping they can deliver on it.  Talk to your Symantec Rep for more information on what’s being talked about.

And back to the Connect Posts

• What to consider for a DLP 11.6 and SEP 12.1 upgrade:  This person is looking for help on upgrading to the current versions of the SEP and DLP products.  The best recommendation is to read the user guides for both products before upgrading.  Also reach out to your Symantec Partner (you do have one don’t you?) as they would love to help out with the upgrade to the new products.
• Extending DLP Agent for Google Drive monitoring:  The reason for linking to this post is there is frequent conversations around how to extend DLP monitoring for various cloud based storage systems (Dropbox, Box.net, etc) and preventing data from leaving from those vectors.
• SEP and Vshield integration: I’m pretty excited about what SEP 12.1.2 brings to the virtualized infrastructure one might use.  This post has a bunch of links in it for setting up the VShield integration that VMware uses.  VShield integration reduces overhead in scanning in your Virtual Environment.
• SEP support for Ubuntu: So this is a long and somewhat confusing thread to follow.  The original poster is asking what support there is for SEP on Ubuntu.  The confusion comes down to the naming of the product.  SAV (Symantec Antivirus) is the product supported for Linux devices.  As of this post SAV for Linux runs in an unmanaged state but can be installed on Ubuntu 12.04 LTS.
• Sending CSP information to Splunk: Good article on sending info ration to Splunk from Symantec Critical Systems.  The answer is that if you have access to the database you can get the information that you would like out and be able to send that information to Splunk.
• Is PGP supported for Windows 8?:  A lot of posts around whether or not Symantec supports Windows 8.  On the PGP side this is not the case and at least on a touch device, the pre-boot authentication is not supported.  See http://www.symantec.com/docs/TECH199095 for more information or subscription for when this supported is added.  On a side note are you seeing Windows 8 in the Enterprise?
• Can DLP inspect an email header?:  Short answer Yes… Long answer read the linked articles in the answers.
• Creating a rule for tracking registry key modification:  The poster is looking for help in writing a rule to help him track changing of registry keys.  If you know the answer to this question, it would be greatly appreciated.

Thanks for reading these (if you are?) and post me a message or a comment if you actually are.

Jonathan

Symantec Connect Posts Round Up #4

This is week #4 of clearing out the various Symantec Connect Posts that I’ve found interesting (Week #3, Week #2, and Week #1).  If you have found these interesting or like reading them, please let me know.  Hope you are finding these interesting and learning something, maybe even answering some of these questions/posts yourself.

So without further ado here’s this weeks (actually last week but got a little behind):

• Register for Vision 2013 and get a discount and Connect posts:  Are you going or interested in going to Symantec Vision, if you sign up using the Connect code get a discount off it and some points.  I’ve enjoyed the couple of times I’ve been to Vision and have learned a lot.  Hope to see you there
• ITA ports for SEP 11 SQL Database:  IT Analytics seems to be a pretty popular discussion point around Symantec Connect and this person is looking for specific ports and configuration information.  Drop me a note if you are interested in learning more about IT Analytics and how it can help you with reporting around Symantec Security products
• An Illustrated Guide to Installing Symantec Mobile Security 7.2: So I haven’t wrapped my brain around Symantec Mobile Security and need to.  This article covers installing/configuring the product.  Great article, give this dude lots of votes on this post
• 2 Tier Install of DLP 11.6 needs more than 2 servers?: This is an interesting article about how to setup a 2 Tier install of Symantec DLP and what type of servers are needed.  I’ve been doing a lot of work (consulting and architecture) around Symantec DLP so drop me a note if you need any help.
• DLP false positive incident: This is a common question when it comes to Symantec DLP.  How can I reduce the # of false positives that I’m getting within the system.  You will spend your entire DLP life working on incident count and how many you have.  A lot of time it comes to just changing the breadth of an incident or adding additional keyword requirements.  This might become a separate blog post in and of itself
• PGP Desktop and DLP Scanning: Yet something else I haven’t quite figured out… The person would like to scan encrypted SMTP traffic when the keys are stored at the Universal Server.  I have heard there is further integration coming along between DLP and Universal Server that might help the person out.  Also there is a KB article that might help out as well.  Will have to spend sometime figuring this out
• Do I have to use the Enterprise version of SQL for CSP?: No you don’t have to use SQL Enterprise for Critical Systems Protection.  There is an embedded Database that can be used but then you will not have access to IT Analytics for reporting.  SQL Standard edition is a supported database version as well.
• Migrating SCSP and DB:  This link is more of a place holder for me in case I ever have to deal with this.  The associated KB’s and links within the answers are the best place to get started.
• SEPM alerts if GUP is unreachable:  This Connect question is looking for a report for notification if the GUPs are unreachable and is a pretty interesting question.  The good part is the tool linked out of the comment created by the SEP product team (will be looking into it as well) found at this article.  Also one of the answers has a report that might be useful to do what the poster is asking for
• Embedded to SQL: A lot of people when they install SEP and the SEP Manager use the default install of the embedded database and then want to move to full SQL.  We at ITS always recommend using a full SQL database when doing an install.  This allows for better performance and also use of IT Analytics for reporting.  There a lot of links within this forum question on the best way to transition from the embedded database to a full SQL db.  Also this is something that we can help out from a services opportunity.  Drop me a note if you need help or interested.

Symantec Connect Posts Round Up #3

I’ve really enjoyed writing these posts and hope you are finding something interesting from the various Symantec Connect posts that I’ve been linking to.  IF you are wondering why most of them (if not all) focusing on the Security Community within Symantec Connect it is because that is the focus of my job.

So here’s week #2 and week #1 and without further ado, here is week #3

• Update the DLP system from version 10.5 to version 11.5 – This one goes on the record for longest connect post that I’ve seen in a long time (I actually shortened it for this blog post).  But it covers the process for updating your DLP system as you move from version 10.5 to 11.6 along w/ updating the server that everything runs on.  Remember if you are using 10.5 Windows Server 2008 R2 was not supported for hosting the Enforce platform on it.  Now with the latest version (11.6.1) Server 2008 R2 is supported and recommended for running the DLP Product on.  Read along with how to set this up.
• Choice of Symantec product for business security — what programs – While this is not as long as the other post listed above it i interesting.  What we have hear is someone who uses Backup Exec and is looking to understand what security products Symantec has to help him/her out
  • This is something I help out my customers with each day.  Let’s sit down and have a conversation about how Symantec can help you out and advance your security posture.  What is the real question or goal of your organization as it becomes more mature in your security practice.  Drop me an email, would love to help you out.
• SCCM (Systems Center Configuration Manager) – In this post the customer is looking to understand the best way to deploy Symatnec Endpoint Protection (SEP) by leveraging System Center for the deployment solution. Take a look at this article for a more complete answer to the question.  I know that my company will have a video up shortly about deploying SEP w/ both Altiris and Systems Center.
• Implementing change management and configuration management for vontu – So this is going to be a full article/blog post and once I post it I’ll link it here as well.  Stay tuned but this is VERY IMPORTANT to handle and take care of
• How to install DLP Client – This person is looking for help on deploying the Endpoint Agent on various machines in his/her organization.  There are numerous links in the comment section that can help out.  Also my company will putting up a video on this shortly as well.
• Comparing Symantec cMobile Security 7.2 and Norton Mobile Security   – This one fascinates me and I haven’t spent any time reading or digging into the differences between the products.  This article is more of an FYI to myself so I can further figure out what the two products are
• DLP – Let the User Decide – This post is still looking for answer, so if you can help awesome…  The end user is looking to see if there is a way to allow the end user to decide if an email that is blocked should be released or not.  I’m not quite sure if this is the best way to setup DLP but if you can help out this questioner let me know and I’ll try to give you extra Connect points.
• GnuPg PGP Desktop Email – This is a question that I have long wondered about as well and the answer is MAYBE.  That is it depends on the version of GnuPGP and PGP Desktop.  Try it out it should work.

So that’s that… I hope you are finding these links interesting and maybe can help some people out still looking for support.

Drop me a note and let me know if you find them worthwhile or not.

Symantec Connect Post Round Up #2

Last week I posted a round up of various articles or posts that I’ve found interesting or exciting or something I wanted to save. One of the items that I posted here has since been solved so that’s pretty exciting.

This week was pretty light, not quite if it was due to me being busy or not finding a lot of information that made me excited.  One of the posts will warrant a further blog entry here.  So off to the round up…

• eWeek agrees with Symantec: Server Security is different than Laptop Security: I’m not sure why “Laptop Security” and “Server Security” is capitalized but whatever.  The important thing here is the article from eWeek that talks about reasons why securing a server is different than securing a laptop.  While it is pretty basic stuff, the article does bring up some good points.  Interested in securing your critical systems (not just servers)?  Look into Symantec Critical Systems Protection
• Search for a SSN inside DLP incidents:  The poster is looking if there is a specific way to search for a particular social security number within a bunch of incidents. As one poster mentions this might be possible with exporting the XML of all of incidents and then dumping it into a query.  Another person says you might be able to do it with IT Analytics.  ANyone have any great ideas for this person?
• Standard Operating Procedure — Where to Start?: So this is a fascinating question to me, something that I’ve helped many many customers with.  Where does one start with during an implementation of a DLP product?  This forum post has spawned another blog post and I will link it, once I got it up and going (maybe the football games tomorrow will be boring and I’ll have a chance to be productive?).
• How does DLP work with Images?: This is an interesting question and address within another forum entry.  Long story short I can fingerprint (IDM) a document or image to help track it down.  However Symantec DLP does not track specific images (flesh tones, colors, etc) but some products attempt to do tis.  Tracking down data stored in images is a complex tasks.

Well this was bit light on the round up, but some of the things I was looking at/reading on Symantec Connect.  Would like some feedback if you find this helpful or even interesting.

Jonathan

Symantec Connect Post Round up #1

I have been using Evernote for awhile but was recently introduced with the Chrome extension Evernote Clipper and this has changed how I browse the web and more importantly how I browse Symantec Connect.  So I started clipping various blog entries, articles and other information stored on the site to save for later.  In order to help share this information I will be creating a round up of various posts I’ve found interesting or important and post them to both my blog and also Symantec Connect.  Since I’m focusing on Symantec Security this year, these posts will be filed under the security portion of Connect.

So let’s get started on Round Up #1 (maybe 1 day I’ll come up with a better name or title)

• What’s new in Symantec PGP 10.3: This is a forum post looking for information on Symantec PGP and the new release.  The answer links to the release notes for Symantec Encryption Desktop 10.3.  Some cool new things in PGP 10.3 besides renaming it include support for Symantec File Share Encryption and Dropbox on Apple iOS device along with WinPE 64-bit support.  For more information read the release notes and also test things before upgrading.
• Is there a way to choose what response the DLP sends based upon the sender’s email address?:  The author of this post is looking to do some routing based on a sender’s email address.  I’m not quite sure what exactly is happening here, but found the question pretty interesting.  One of the limitations of Symatnec DLP is routing based on attributes or other items.  This is something my company is working on with more information to come.
• Does SCSP support reverse-proxy between agent and management server: This post is looking for a good answer so if you know Symatnec Critical Systems Protection and can give a good answer feel free to take a stab at this one.  The user is looking to see if a reverse proxy would work for communication between the agent and the management server.  If you have answer send me a note and I’ll mark it as answer.
• The Password Problem: A Call for Stronger Authentication: While this is not a Connect Post it does provide some very interesting information and a great starting part for conversations.  So its all about how passwords suck and must die.  This might lead to a further blog post so this is also a placeholder for more information.
• PGP Email support for iOS:  In the PGP 10.3 some new things are released, see the release notes linked above. The person is asking what he is missing when it comes to leveraging the Symantec PGP Viewer of iOS.  The answer is the customer must leverage universal server which is now renamed the Symantec Encryption Management Server.
• Symantec Positioned as a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms:  This is pretty exciting as Gartner has named Symantec and SEP 12.1 as a leader in the Magic Quadrant for Endpoint Protection Platforms.  Along with SEP, Symantec CSP is part of this report as well.  CSP employs a combination of HIDS and HIPS to help protect various environments.  Congrats to Symantec on this….
• A ton of IT Analytics posts have been coming out from David Prager from Bay Dynamics and here are some that are specific to Symantec Security products
  • Working with Cubes in the IT Analytics DLP Content Pack – A video that covers using the DLP report pack and a basic overview of IT Analytics as well
  • Working with Cubes in IT Analytics SEP Content Pack – Same as above but focused a bit around
  • Publishing IT Analytics Dashboards in Microsoft SharePoint – One of the cool things is that if you use IT Analytics you can publish the reports to SharePoint or another site.  This Connect Post covers how to do.

This is a starting point for my series on awesome Connect articles.  Hoping more will come

Ubuntu and take your device to work

This week I attended through work a presentation about Endpoint Management with a focus around the whole “bring your device to work” megatrend the experts are talking about.  In case you haven’t heard this discussion is all about allowing an end user to purchase or use their own device instead of a corporate device.  Examples given in this presentation are large New York City based banks encouraging people to use their own devices (usually a Mac) as a recruiting tool to help attract top talent.  The presentation focused on how will IT manage these devices (patch, deliver software, track inventory, etc) on a non-corporate device.  In the past someone in IT decided what version of desktop/laptop (either a Dell or an HP) and then decided on an operating system (Microsoft and still for a lot of shops XP).  Now we are seeing a growth of whatever type of device the end user wants (anyone have this at their work?).

The interesting part about the discussion was the focus on Mac and how companies are managing them.  Macs in the corporate environment are growing and growing (heck I moved to one) and companies have to figure out what to do w/ them.  Thankfully the product I consult around (Altiris Client Management Suite) has perhaps the best Mac management outside of Apple. When asked about where the expers see Linux in the corporate world the expert replied it still exists within the walls of the datacenter (whether on premises or off premises in some form of cloud) and it really doesn’t exist in the corporate desktop (at least in the US).

This is a large frustration I have with Ubuntu is that it could focus on the corporate environment and potentially increase market share but instead chooses to focus on TVs and potentially mobile devices.  Canonical could partner with the various Endpoint Management software vendors (Microsoft, IBM, CA, Symantec, Dell, etc.) to support Ubuntu.

When I show up w/ my own laptop running Ubuntu there are certain things I’m required to have or report on including up to date with patches, has up to date antivirus and definitions and is able to be managed by the corporate management solution.  So Canonical, fire up those partnership agreements or whatever is needed and get your operating system supported by more vendors so the corporate desktop market share can grow

A review of ITSM 7.1 Beta: ZOMG it’s a new console

The beta everyone has been waiting for is here, the release where Altiris finally joins the 64-bit age, the release everyone has been waiting for. The screenshots in this guide reference the beta and can and will probably change before release. This is not an exhaustive review of the system, but quick impressions.

The big change is the requirements software/operating system wise that are required:

• Windows Server 2008 R2
  • This is 64-bit only
• SQL Server 2005 and SQL Server 2008
• Microsoft Silverlight
• Microsoft .NET 3.5 SP1 or higher

The biggest thing to note is finally we are moving to a 64-bit platform and I can stop cringing before I explain that Altiris still runs on Windows 32-bit only. There are some minor gotchas during the install but the Install Readiness Check should take care of all of them for you.

Let’s get on to the cool stuff…

The above screenshot covers the new console shown from the computers point of view. The first thing I noticed was it looks a bit like Outlook, but overall pretty excited about the change.

The computer section is broken down into Saved Searches and All Computer Views. Saved Searches is prepopulated with New Computers and Installed Agent. Other saved searches can be created and saved in this location. The All Computer Views is built from the Organizational View and Groups and utilizes what you have setup there.

By clicking on the computer (in this case Beta7) it provides a basic resource manager view on the device (same view as the Resource Summary page in Resource Manager). All other functionality is similar in this section including right click options.

New to the computer view is the fly-out on the right side of the console that include options such as the Resource Manager, Installed Software Reports, and other right click options (see the following screenshot).

The Jobs and Tasks and Policies sections are similar to navigating to Manage -> Jobs and Tasks or Manage -> Policies. See the following screenshot.

The other that has gone through a lot of change is the “Software” portion of the console (see the next screenshot) and is broken into three sections: Installed Software, Metered Software, and Deliverable Software.

All of the software listed here is either from the software catalog or from software inventory. Since I have Asset Management installed, I have the ability to add or manage my license for the particular piece of software. Metered Software allows me to leverage Usage Tracking and create new Application Metering policies. Deliverable Software is where I work w/ the Software Catalog and have the ability to create software delivery policies.

When I select a piece of software and click on “Manage this software” a new window opens:

From here I can define the inventory information, whether or not I am metering the software, configure the software delivery information, and then if you are using Asset what software licenses.

Adding a new software resource is done through managing the software catalog.

One of the cool things I haven’t figured out is the changes to Workflow in ITSM 7.1. The following screenshot shows some of the changes.

The Workflow Enterprise Management provides health of your different workflow servers. But I don’t know much more about it and looking forward to learning more.

 

I hope this brief overview of some of the changes to ITSM 7.1

Upcoming DLP Webcast: DLP 10.5 & Data Insight

One of the things my company does is webcasts hosted twice a month.These are free and provide information about upcoming Symantec products or can provide training on how to use one of the Symantec products.

In June, I am presenting a webcast on DLP 10.5 and the new feature Data Insight.

ITS will answers questions like:
- “Whose Data Is It Anyway?”
-  "Who owns the data?"
- " How is the data used?"
- "How do I protect the data?"
Data Insight and Data Loss Prevention
Data Insight will first be available as part of Symantec Data Loss Prevention and will be the only data loss prevention solution to deliver an integrated data owner and remediation capability. Unstructured data on shared file systems is a large source of critical business information, and over-exposed content presents a significant risk for data breaches. Data Insight with Symantec Data Loss Prevention helps organizations identify their most critical information and enables simplified data clean-up and remediation through automated data owner identification. Data Insight also provides continuous monitoring and auditing of data usage to help ensure adherence with corporate policies and regulatory compliance. In addition, the technology monitors who has accessed or modified individual files, and can notify information security teams and data owners that data has been exposed. Armed with visibility into who is accessing and using the information, organizations can make rule-based ownership inferences and alter access to stored data in order to prevent data breaches.

 

Data Insight provides information on unstructured data, data that sits in a file share and provides information on how that data is used, who is using, etc.

Join us for the webcast and learn about this great product

What is missing from Ubuntu?: Manageability

A recent blog post on planet.ubuntu.com, argues the one thing that is missing is manageability of the Ubuntu system.  I couldn’t agree more with this post.  In the post the author argues the problem with Ubuntu adoption in business is not how shinny things look, or how well the software works in the cloud, the problem is management of systems.

A little background here:  For the last 4 years or so I have been an endpoint management consultant (laptops/desktops/severs).  I have clients that manage anywhere between 50 desktops and 150,000 desktops.  For Windows desktops there are numerous companies that allow you to manage those machines and reduce full time equivalencies (FTE’s).  Some examples are:  Altiris, Landesk, Kace, etc.  Canonical has created its own solution Landscape instead of working with the existing companies to get their product (Ubuntu) supported.

What really stands out from this entry is this section:

And so, Microsoft continues to win on the desktop. Not because an individual PC running Windows is easier for most people to use, but because its easier to set up Active Directory to work with Outlook and Exchange than it is to roll your own directory service with the tools available out of the box on Ubuntu. Bug #1 will never be solved until directory services and authentication are integrated into every aspect of Ubuntu.

And he couldn’t be more correct.  Until there is a true competitor to Active Directory, Exchange, Outlook, and the MANAGEMENT of the machines Ubuntu will not succeed in the Enterprise.

Take a look at the blog and all the blueprints that have withered without focus in regards to the issue:  (List taken from the blog)

• Turnkey identity management
• Identity management reference/test config
• Default LDAP DIT for user and group management
  
• implement simply DIT for Ubuntu server
• Make Ubuntu authenticate against Network Authentication services
• Single User Interface to Join and Participate in Microsoft Active Directory Domains
• Architecture of a directory infrastructure
• Enable user login to leverage a directory infrastructure
• Identity management and network authentication in Hardy
• Integrated Active Directory Logon
• 389 Directory Server Inclusion in Karmic
• Directory service included in Ubuntu Server
• Configuration of services to integrate with a directory
• Enable services to leverage a directory infrastructure
• Open Directory Service package
• Integrate OpenDS in Jaunty
• Search for a published printer in an Active Directory
• EdubuntuUserManagement
• Easy active directory integration for EDUbuntu
• An integrated directory server for Ubuntu-server
• LDAP Integration
• Ubuntu Server MS Integration Proxies
• Seamless integration into a Windows domain environment (Active Directory)
• Make a LDAP Server as easy to install as a LAMP Server
• Managing the directory
• System Security Services Daemon for Ubuntu
• Make LDAP the default configuration backend for Ubuntu
• Create new tasksel tasks for common server use cases
• Free Identity Policy Audit infrastructure for Ubuntu as the freeipa.org project
• Authentication/Authorization/Access control/Accounting/Auditing services in the cloud
• Extend mail stack in Ubuntu-server
  

Catching up on DLP Links

There’s been a lot of discussion on the web these days in regards to DLP and also some of the moves Symantec made in regards to its purchase of PGP Corporation and also GuardianEdge:  Press Release here

Here are some more links that I’ve come across recently:

1. Cisco Security Services and also Cisco’s Risk Assessment Service:  Didn’t even know that Cisco offered a DLP Solution, but it is based around the IronPort product.  I don’t know anything in regards IronPort but will plan to learn more as we have one customer who is looking at it instead of Symantec DLP
2. Whitepaper released: Quick Wins with Data Loss Prevention:  This links to a whitepaper sponsored by McAfee and you can download the white paper from that link as well.  It is an interesting white paper and have added it to my collection
3. How to shape an effective DLP policy:  An Information Week article that talks about how an organziation should write DLP policies.  More on this later.
4. Breakout session from Symantec Vision: