These vulnerabilities recently allowed Eastern European hacking groups to exploit top e-commerce sites in the largest series of hacks to date.
The two most common methods used to break into systems are exploiting unpatched operating system holes and cracking weak passwords. These latest attacks are obvious examples of the first case, said Rob Clyde, vice president and chief technologist for Symantec’s Enterprise Solutions Division. Eighty percent of attacks could be prevented if sites made sure they kept their patches up to date and their passwords were not easily guessed. ESM ensures sites are protected against both of these threats and Symantec has tremendous resources behind it to keep ahead of the latest vulnerabilities, ensuring our customers have the most current protection available.
Symantec customers worldwide utilize the award-winning ESM solution to automatically check, manage and enforce sound security practices across the enterprise, including workstations, file servers, Web servers, and other key Internet access points worldwide. Symantec has developed new ESM patch and registry templates, available now to more specifically identify all four vulnerabilities at the host level.
Through ESM’s sophisticated file monitoring and host-based assessment capabilities, customers can proactively manage and detect these and many other threats as part of a comprehensive security policy. ESM’s startup files module detects running services in violation of an organization’s security policy, and the password strength module detects inadequate passwords. The file watch and file attributes modules of ESM track changes and security settings in critical files that are exploited in the majority of Internet attacks to enable the customer to quickly respond and rectify potential security threats. Only ESM’s scalability and automation let organizations easily assess thousands of systems for security compliance, including the most recent security patches and configurations for popular operating systems.
ESM is key components of Symantec Enterprise Security that provides corporations with a comprehensive and modular Internet security solution. The solution allows customers to manage the complete security lifecycle of their computing environment from assessment and planning to implementation and monitoring.
Symantec Enterprise Security enables customers to build the best security solution for their organization by choosing from Symantec’s best-of-breed, multi-platform Internet security products; manageability and administration tools; and world-class professional services and support. Symantec Enterprise Security also includes the Digital Immune System, Symantec’s unique technology for automatic detection and cure of security threats.
