Partner Engage 2009 - Let us know what you think
As Symantec's Partner Engage 2009 kicks off this week in Orlando, FL we're anticipating an action packed agenda and an exciting line-up of speakers to share our directionand talk about the business opportunity for Partnerswhoinvest in Symantec.As always, we're alsolooking forward to creating excellent engagement opportunitiesbetween Symantec leadership and our Partner Communityover the nextfew days. If you are attending the conference this week, I hope to see you there. As always, feel free topost your thoughts and feedback on Connect as well.We'd love to hearfrom you! Sue Smith Director, Channel Programs Office911Views0likes1CommentWelcome to Symantec's Partner Community
Welcome to Symantec’s Partner community - an online business environment where our partners and Symantec can share information with each other related to business topics including Partner Incentive Programs, Specializations, Training, and Partner-to Partner Collaboration.705Views0likes2CommentsRecent Hydraq cyberattack - What you need to know
A zero-day vulnerability recently identified in Microsoft Internet Explorer was used as an entry point for a coordinated set of cyber attacks that has been carried out on dozens of large enterprises. Please be advised that Symantec is working to keep our partners and customers informed of these cyberattacks known as Hydraq (also known as Aurora, Google Attacks, and the Microsoft IE Vulnerability (advisory number 979352)). The malware behind most of these attacks, "Trojan.Hydraq" appears to have been part of a sophisticated attack pattern designed to steal large amounts of intellectual property. Your customers may have become aware of this event from the heavy media coverage about the attacks on Google. The underlying vulnerabilities used in this attack are now widely known and likely to be exploited by other cybercriminals even though the Command and Control infrastructure behind this coordinated attack has been taken down. It is important that all computer users take action to prevent themselves from future attacks. Symantec partners and their customers with current antivirus definitions and IPS signatures are already protected. Symantec partners are encouraged to visit our Hydraq Threat Outbreak page <http://www.symantec.com/outbreak/index.jsp?id=trojan-hydraq&tabId=3> and the Symantec Security Response blog <http://www.symantec.com/business/security_response/weblog/index.jsp> . These are the best resources for you and your customers. Security Blog: The Trojan.Hydraq Incident <http://www.symantec.com/connect/blogs/trojanhydraq-incident> Security Blog: Protect Yourself Against Exploit Targeting New IE Zero-Day Vulnerability <http://www.symantec.com/connect/blogs/protect-yourself-against-exploit-targeting-new-ie-zero-day-vulnerability> Security Response Report: Trojan.Hydraq <http://www.symantec.com/security_response/writeup.jsp?docid=2010-011114-1830-99&tabid=2> To stay abreast of the latest security threats and receive timely information on risks, vulnerabilities and virus definitions, we encourage our partners to follow the Symantec Channel account on Twitter <http://www.twitter.com/symantecchannel> , as well as sign up for threat alerts via RSS feeds <https://partnernet.symantec.com/Partnercontent/News/ThreatAlerts.jsp> . We encourage you to reach out to your customers and reassure them that these threats are currently under control and continue to monitor the Hydraq Threat Outbreak page <http://www.symantec.com/outbreak/index.jsp?id=trojan-hydraq&tabId=3> for the latest information. FAQ’s Q. Are Symantec customers protected? A. Symantec customers with current antivirus definitions and IPS signatures are already protected against attacks that leverage this vulnerability. In particular, Symantec endpoint products provide the following protection: IPS Protection: For the Client Intrusion Prevention System (IPS) capability within Symantec Endpoint Protection and Symantec Client Security, Symantec has released the following signatures: · To block the IE zero-day exploit HTTP MSIE Memory Corruption Code Exec (23599) <http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=23599> – January 16, 2010 · To block the Adobe Acrobat, Reader and Flash vulnerability HTTP Acrobat PDF Suspicious File Download 4 <http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=23412> - July 17, 2009 Antivirus Protection: For all in-field antivirus products, Symantec has released or updated the following AV signatures associated with the malware known to have played a role in this attack: · Trojan.Pidief.G <http://www.symantec.com/security_response/writeup.jsp?docid=2009-072209-2512-99> - July 2, 2009 Trojan Horse <http://www.symantec.com/security_response/writeup.jsp?docid=2004-021914-2822-99> - July 13, 2009 Bloodhound.Exploit.266 <http://www.symantec.com/security_response/writeup.jsp?docid=2009-080301-5619-99> - August 2, 2009 Trojan Horse <http://www.symantec.com/security_response/writeup.jsp?docid=2004-021914-2822-99> - July 13, 2009 Trojan.Hydraq <http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-011114-1830-99> - January 11, 2010 Trojan.Hydraq!gen1 <http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-011411-3125-99> - January 14, 2010 Q. Are customers who use Internet Explorer 6 still vulnerable? A. Our data shows that many corporate customers are still using versions of IE 6. Customers who are still using IE6 are vulnerable to the newly disclosed Microsoft IE vulnerability and will continue to be vulnerable until they take the following actions: · Follow the Microsoft recommended actions to increase their security posture · Patch their IE with the soon-to-be released patch from Microsoft (Microsoft announced it will release an out-of-band patch on Jan. 21) · Have an IPS deployed and active in their environment Q. Why is using an Intrusion Prevention System (IPS) important? A. If your customer is not using a Symantec IPS product, they may continue to be vulnerable to the IE exploit unless they have taken explicit remedial measures as recommended by Microsoft. Although they will have antivirus protection against the known pieces of malware in this attack, they are likely still vulnerably to future attacks. This should be an opportunity to explain to your customer the value of having a Symantec IPS product deployed on their endpoint machines. An IPS will protect them against all future attempts to exploit the known vulnerabilities. Q. Which other Symantec products are relevant in the defense against these targeted attacks? · Symantec Protection Suite · Symantec Security Information Manager · DeepSight Early Warning Services · Symantec Managed Security Services · Symantec Critical Systems Protection · Altiris Total Management Suite · Symantec Hosted Services · Symantec Data Loss Prevention For more information on these products and how they protect customers, please visit the Hydraq Threat Outbreak page <http://www.symantec.com/outbreak/index.jsp?id=trojan-hydraq&tabId=3> . Q. My customer wants a lot more information about this. What do I do? A. We are producing collateral and events for detailed briefings on these matters. We will soon deliver a PowerPoint presentation deck for one-on-one overviews with affected and/or vulnerable enterprises. Also, we are planning a larger event around Hydraq to give customers focused attention on this critical matter. Please stay tuned. Q. My customer believes they have been targeted as part of this attack. What do I do? As you would with any other incident or outbreak at a customer, please engage Symantec Support to help any customers who have been impacte518Views0likes0Comments- 387Views2likes2Comments