Early Warning Alerts

By Craig Rode  |  Posted 2003-04-29 Print this article Print

Early warning alerts
Symantecs Internet Security Threat Report—an analysis of more than 30 terabytes of attack data gathered in real time from the worlds most extensive network of intrusion detections systems (IDSs) and firewalls—found the average-size enterprise is being attacked 32 times per week, up from 25 times per week last year and a 28 percent increase from the previous six months. Annualized, this represents 64 percent growth rate in attacks on organizations. While it is clear that security threats are on the rise, consider the complex revelation of the following analysis of one of Symantecs mid-size customers:

Nine-point-five million log entries and alerts were generated each month by the firewalls and intrusion detection devices across the customers enterprise. After correlating the data from various sources, 620 security events were identified for further investigation. After removing false positives, 55 events were determined to constitute security threats to the enterprise. Further analysis showed that just two threats posed a risk critical enough to require immediate action.

The fraction of legitimate critical security risks to events is miniscule—two out of millions—but imagine the time, resources and expertise necessary to arrive at such a determination.

To eliminate the complexities of such a task, organizations require an alerting system that provides early warnings about threats that exist in the computing environment, along with possible tools to prevent those threats from impacting the network. In order for security threat information to be accurate and credible, early warning systems should literally include thousands of global touch-points backed by sound statistical analysis and methodologies. Alerts should be delivered quickly through a variety of media, and mitigation steps such as patches and countermeasures must be provided immediately.

Integrated security protection
Business-critical information resides at each level of the network-gateway, server and client—and as security threats continue to increase, each of these tiers is a viable target for the entrance of malicious code and exploitation of vulnerabilities.

In the past, organizations have addressed this issue through a collection of point-products, each working independently. Because each product must be purchased, installed, deployed, managed and updated separately, this approach has proven to be an inefficient use of IT staff and a costly remedy to the complexities of security.

In contrast, integrated security solutions eliminate these inefficiencies at each tier of the network by combining key technologies-antivirus, firewall, VPN, intrusion detection, content filtering and vulnerability assessment-to offer more comprehensive protection while reducing the complexity and cost of securing enterprises.

Continued on Next Page


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel