Symantec Press Publishes Cryptography in the Database

Authoritative Book Provides Established Cryptographic Techniques and Algorithms to Protect Information Stored in Databases

CUPERTINO, Calif. - Nov. 16, 2005 - Symantec Corp. (Nasdaq: SYMC) today announced “Cryptography in the Database - The Last Line of Defense,” (Addison-Wesley, ISBN 0321320735, $44.99), published by Symantec Press. Author Kevin Kenan, leader of Symantec’s IT application and database program, wrote the book for IT managers and administrators responsible for protecting sensitive information in a database. The book covers database security, the attacks databases face, database cryptosystem design, and development practices necessary to implement a cryptosystem securely, including working code examples.

Databases serve as a vital and powerful repository for critical consumer and business data, supporting a huge range of online information and commerce activities, such as banking, shopping, healthcare, and travel services. According to Privacy Rights Clearinghouse, there have been almost 100 reported data breaches (databases hacked or compromised) this year at prominent corporations, universities, and government agencies. As a result, more than 51 million Americans have had their personal information compromised since February 2005.

Symantec Corporation noted in its most recent Internet Security Threat Report that 75 percent of the top 50 threats in 2005 targeted confidential information. From an attacker’s point of view, cracking a database is far more lucrative than the alternative: eavesdropping on network connections. Cracking a database yields refined information in one accessible location. An attacker with database access might be able to simply query the database and retrieve every item of interest, from credit card numbers to customer or employee information.

“Like thieves that rob banks because ‘that’s where the money is,’ computer attackers target databases because that’s where the data is,” said Kenan. “Ironically, most organizations spend more resources protecting data in its temporary form as it transits the network. Technologies such as HTTPS, SSH, and VPNs all use encryption to keep data safe from packet sniffing. However, once the data arrives at its destination, the packets are decrypted, processed, and then stored in a convenient, readable format in a database.”

While some organizations proactively encrypt their databases to protect proprietary information, many more face external policies that require encryption. These policies originate in privacy and security legislation, corporate compliance agreements, and trade regulations. An attack against the confidentiality of stored information is one of the most fundamental threats to an organization’s database.

“Cryptography in the Database - The Last Line of Defense” is the fifth book published by Symantec Press, the publishing arm developed by Symantec in collaboration with Addison-Wesley Professional that features books focused on critical and valuable information security topics. Purchasing information for the book and additional information on other books scheduled to be published by Symantec Press can be found at www.ses.symantec.com/symantecpress. The book is also available on www.awprofessional.com and www.amazon.com, along with mass retail chains and bookstores.

About the Author
As a member of Symantec’s office of the Chief Information Security Officer, Kevin Kenan works with application development teams to ensure that the applications and databases Symantec deploys internally are secure. This work includes specifying cryptographic solutions to protect information wherever it is stored. Kenan holds a Bachelor of Science in mathematics from the University of Oregon.

About Addison-Wesley Professional
Addison-Wesley Professional is the leading publisher of high-quality and timely information for programmers, developers, and system administrators. The company’s mission is to provide educational materials concerning new technologies and new approaches to current technologies written by leading authorities. Addison-Wesley Professional is a division of Pearson Education, the global leader in integrated education publishing. Pearson Education is part of Pearson plc (NYSE: PSO), the international media company. Visit us at www.awprofessional.com.

About Symantec
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec’s Web site. All prices noted are in US dollars and are valid only in the United States.

Symantec, the Symantec logo, VERITAS, and the VERITAS logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and certain other countries. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.

Contact Information

Kelly Schwager

Corporate Public Relations

Symantec Corp.

Contact via E-mail