Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Symantec Endpoint Protection 2014 (Manzaitest)
Message
<blockquote data-quote="cruelsister" data-source="post: 266656" data-attributes="member: 7463"><p>Nico- I pretty much agree with what you wrote with the exception of blaming the recent breaches at both Target and Home Depot on human error. I'm sure that it is no secret to you that malware can be coded and tested to ensure that it would be undetected by SEP. This was indeed done in both cases (why that disguised the malware as a Mcafee service is still curious to me).</p><p> </p><p>The firewall did indeed note occasional connections to the Steppes of Central Asia but sadly was buried in the logs. Considering both retail establishments have about 2000 stores with at the very least 1000 transactions daily (each with their own log entry) it can be easily seen that a sporadic unusual connection can be lost. In both cases the massive network volume resulted in such high alert volumes that the malicious connection alert was ignored as a FP. Some would say that here was the human error, but this is like giving someone Encyclopedia Britannica, telling them to read it in 24 hours and then deriding them for not picking out one misspelled word (I can’t believe I’m actually defending IT…).</p><p> </p><p>I also must add a rant about the disingenuous post breach analysis statements by Symantec. They made the point that HD was using 11.5 (still supported) instead of 12.1. They obviously wanted one to infer that this was the cause of the malware remaining undetected. Seems plausible, but what they didn’t say is that the previous Target breach (caused by essentially by the same malware vector) occurred on a system protected by SEP 12.1.whatever.</p><p> </p><p>But to the point, I agree with you:</p><p> </p><p>1). SEP is not for Home use</p><p>2). For maximum effectiveness it must be set up and administered by those with extensive knowledge of the product.</p><p> </p><p>Meghan</p></blockquote><p></p>
[QUOTE="cruelsister, post: 266656, member: 7463"] Nico- I pretty much agree with what you wrote with the exception of blaming the recent breaches at both Target and Home Depot on human error. I'm sure that it is no secret to you that malware can be coded and tested to ensure that it would be undetected by SEP. This was indeed done in both cases (why that disguised the malware as a Mcafee service is still curious to me). The firewall did indeed note occasional connections to the Steppes of Central Asia but sadly was buried in the logs. Considering both retail establishments have about 2000 stores with at the very least 1000 transactions daily (each with their own log entry) it can be easily seen that a sporadic unusual connection can be lost. In both cases the massive network volume resulted in such high alert volumes that the malicious connection alert was ignored as a FP. Some would say that here was the human error, but this is like giving someone Encyclopedia Britannica, telling them to read it in 24 hours and then deriding them for not picking out one misspelled word (I can’t believe I’m actually defending IT…). I also must add a rant about the disingenuous post breach analysis statements by Symantec. They made the point that HD was using 11.5 (still supported) instead of 12.1. They obviously wanted one to infer that this was the cause of the malware remaining undetected. Seems plausible, but what they didn’t say is that the previous Target breach (caused by essentially by the same malware vector) occurred on a system protected by SEP 12.1.whatever. But to the point, I agree with you: 1). SEP is not for Home use 2). For maximum effectiveness it must be set up and administered by those with extensive knowledge of the product. Meghan [/QUOTE]
Insert quotes…
Verification
Post reply
Top