View From The Bunker
A blog about security and availability by Guy Bunker at Symantec

• Home
• About
• RSS

• Recent Posts

  • Me, Me, Pick Me…
  • Halt. Who Goes There?
  • Transformational Government 2008
  • Tape Glorious Tape, There’s Nothing Quite Like It
  • Not Waving But Drowning

• Categories

  • announcements
  • Application
  • Availability
  • Complexity
  • Compliance
  • Consumerization
  • data-loss
  • Education
  • Information Policy
  • Insider
  • IT equipment
  • Miscellaneous
  • Regulation
  • Reputation
  • SaaS
  • security
  • Spam
  • Speaking
  • Uncategorized

• Tags

  Bank & Finans BERR CEO CNI Compliance data-gain data-loss data destruction Education email encryption financial loss fix fraud Identity theft information cost InfoSec ISTR IT department Las Vegas new process no data-loss PCI DSS People Phishing pictures policy PricewaterhouseCoopers Regulation Reputation RUSI SaaS SLA security security breaches sensitive information social networking Software as a Service Spam Speaking strangers usability USB virtual machine Vision Work practice

• Blogroll

  • Bruce Schneier’s Blog
  • Get Safe Online (The Blog)
  • Gizmodo Gadget Blog
  • Jonathan Schwartz’s Blog
  • Phil Windley’s Technometria
  • Toby Stevens’ Data Trust Blog

Vote for me in
IT Security Blogs

One Week To Go

I’ll be in Las Vegas in a week’s time for the Symantec user conference, Vision. I remember the first Vision, which was also in Las Vegas more than a decade ago, there were 250 of us, our partner ‘hall’ was just outside the main room. Times have changed and there will be 1000s of delegates and the partner hall will be the size of a few football pitches. Keynotes, BOFs, a huge array of parallel sessions, robotics challenges, tutorials, the list seems endless.

For me it is all about customers and partners… old and new. There will no doubt be a couple of customers there who have been coming since the first one (I look forward to seeing you Jean-Louis and Bill!) alongside those who have only just become members of the Symantec family. So many of my partner meetings are carried out over the ‘phone it is always good to meet face-to-face, even if it is just once a year, couple this with the fact that many ex-colleagues now work for partners and you can see we will be in for a great week. 

It’s Out Today…

Symantec released its Internet Security Threat Report (ISTR) today. This is volume XIII and as per usual there are some interesting numbers in there - you can download the report from symantec.com. The data is collected from the Global Intelligence Network which operates in 180 countries with more than 40,000 sensors and 2,000,000 managed dummy email accounts.

Some of the new metrics are:

• Malicious attacks on ISPs. These are targeting new subscribers who perhaps don’t have security on their machines that they should.
• Site specific cross-site scripting. Targeting well known sites with invisible changes which downloads trojans on unwary visitors. This is now the most common attack.
• Malicious code which modifies web pages. This is on the increase - and is making it increasingly difficult for the visitor to distinguish a real site from a fake one.

While there is no silver bullet to prevent this from happening - the main watchword is caution. If a site is asking for more information than you are willing to give (do you really need to give your birthday or mother’s maiden name - to any website?) then navigate away unless you are sure that there is a genuine reason for them to have it. Social network sites are springing up and some are not all that they seem to be - just be wary. Also, make sure that you have a personal firewall, anti-virus, anti-phishing toolbar installed and up to date.

I will post some more articles over the next week - highlighting some of the other interesting data points that the report has shown up.

In the meantime hear my views on a podcast: http://www.bitebroadcast.com/symantec/istr08_01/

Life Is Like Waiting For A Bus…

… Nothing for ages and then three come along at once (or in this case four). I do speak at various conferences on a regular basis, but not usually as often as in the last couple of weeks. So… I am out and about speaking again this week with the Symantec Data Loss Prevention (DLP) seminars. We have one in Manchester on Tuesday 11th March and one in London on Wednesday 12th March. See http://www.conferencepage.com/DLP08/ for more information.

Hello and welcome to View From The Bunker

Well it has finally happened, I have been persuaded to write a blog. At Symantec I am responsible for Technical Strategy for the Security and Compliance products. Since the merger of Symantec and Veritas (I came from the Veritas side of the house)  it has become increasingly apparent that security and availability are inextricably linked. I had just written the Utility Computing strategy for Veritas and we needed a strong security story - so the Symantec merger was ideal.

Two years plus into the merger and several more acquisitions along the way, coupled with the various high profile data losses ensures that we live in interesting times. Progress on all fronts (threats & security, governance, compliance and availabilty) is rapid and that’s what makes life at work interesting for me. So, without more ramblings, its time to make a start - and I leave you with the following thought.

You cannot have ‘good’ data if you cannot guarantee its security and its availability. One without the other makes no sense.

• Subscribe

  

  Enter your email address:

  Delivered by FeedBurner

• Podcasts

  
  Detach Player
  

   

• Symantec Security Response Weblog

• Links, downloads and other resources

  Symantec UK
  Symantec Podcast Directory
  Symantec Security Response