Symantec expands early warning system

Symantec has upgraded the DeepSight Threat Management System, which it acquired with its purchase of SecurityFocus in July.

Symantec has upgraded the DeepSight Threat Management System, which it acquired with its purchase of SecurityFocus in July.

DeepSight Threat Management System is an early warning system that uses a worldwide network of firewall and intrusion detection systems maintained by more than 19,000 data partners to aggregate and correlate attack data.

The system provides security administrators with analysis of emerging threats, customising those alerts to a customer's network configuration.It is designed to prevent or reduce the effect of attacks with the help of advanced warning and targeted countermeasures.

Version 4 includes a number of new features, including:

  • The addition of firewall data to the threat information tracked by the system, allowing Symantec's DeepSight security analysts to detect impending attacks from anomalous traffic and port activity.
  • Customisation features that allow security administrators to filter DeepSight notifications by severity, impact, or affected software version. Administrators can also choose a  format in which notifications will be sent, such as e-mail, fax, telephone or short message service.
  • Expanded reporting tools and statistics. Security administrators can break out threat activity based on specific IP addresses, events and ports to better understand emerging Internet attacks. In addition, a new reporting wizard will help security administrators set up their own customised reports. 

The release of DeepSight Threat Management version 4 follows the November release of Version 4 of the related DeepSight Alert Services, which notifies customers about emerging threats.

Symantec is marketing the DeepSight technology as a hedge against fast-spreading threats such as the Slammer worm.

However, Gartner analyst  John Pescatore was sceptical that subscribing to DeepSight to get early warning of widely publicised outbreaks would be a worthwhile investment.

"It doesn't really help if at midnight you're notified [by DeepSight] that there's a huge attack taking place, because these days you're probably hearing about it from your local news."

Pescatore added that the flood of early warnings about Slammer available within hours of the outbreak for free, undermines the value of the DeepSight subscription for widespread outbreaks.

However, Pescatore believed the service would be more valuable for low-profile and targeted attacks, where companies could determine whether an attack they are experiencing is part of a larger Internet attack, or whether it is targeting their network.

Read more on Antivirus, firewall and IDS products