Symantec Refines Early Warnings

By Cameron Sturdevant  |  Posted 2003-10-27 Print this article Print

Symantec's DeepSight Threat Management System 5.0—released last month—adds anti-virus data to its mix.

Discuss This in the eWEEK ForumSymantec Corp.s DeepSight Threat Management System has added anti-virus data to its mix, bringing the product up to par with competitors. IT managers at large corporations that traditionally mine application and operating system vendor sites for known vulnerabilities should consider adding DTMS 5.0 to their security assessment tools.

DTMS 5.0, which is an early-warning vulnerability and malicious code monitoring system, is based on data gathered from more than 20,000 sensors scattered throughout the world. The product was released last month at a base price of $15,000. Costs rise depending on the number of users, and Symantec has also released an optional $9,995 custom reports module that let us ably slice and dice vulnerability data in tests.

The biggest weakness we saw in the product is that it required us to manually select the technologies in our network. We want to see DTMS integrate with any number of inventory systems currently on the market to automate configuration. DTMS should also be integrated with any number of vulnerability assessment tools.

DeepSight Threat Management System 5.0
Symantecs threat monitoring service provides a nice extension to vulnerability assessment tools, even if it lacks integration with systems and inventory management tools. Despite its integration shortcomings, which competitors also possess, we think the heads-up information DTMS 5.0 provides outweighs the configuration headaches.

  • PRO: Consolidates information from thousands of sources to warn of threats that are easy to miss.

  • CON: Lack of integration with other management tools.
    Internet Security Systems X-Force Threat Analysis Service

    To be clear, though, DTMS is an early-warning system, and, as such, it attempts to recognize potential threats for which no attack signature or published exploit yet exists. Because vulnerability scanners rely on known signatures and configuration profiles, DTMS is a nice complement to vulnerability assessment tools that may be in use.

    For comparison, we recommend IT managers look at Internet Security Systems Inc.s X-Force Threat Analysis Service. Although we think the X-Force services forecasting features arent very useful, the service has had anti-virus information for some time. In addition, ISS is a stickler for detail, and the expert analysis it provides is top-notch.

    Sign In, Please

    In some respects, it couldnt be easier to set up DTMS. All we had to do was point our browser at the product URL and sign in with account credentials. However, large organizations should factor in plenty of time to set up the system to monitor for vulnerabilities and malicious code because each operating system and application must be hand-entered into what DTMS calls a technology list.

    The list is is populated with pick lists, which made it relatively easy for us to define the product and version that we wanted the system to track.

    After setting up our technology lists and our urgency (as ranked by Symantec) and reliability (ranging from conflicting reports to confirmed by vendor), operating the product was easy. However, keeping the system up-to-date as applications and operating systems change is likely to be difficult.

    DTMS 5.0 augments threat and vulnerability assessment rankings by adding anti-virus information, so IT managers should be able to spot threats more accurately than when using the previous version of the service. A statistical engine works over the data using information from field sensors. DTMS issues an alert if more than one sensor starts to read more than three times the standard deviation of its base line.

    Discuss This in the eWEEK Forum Senior Analyst Cameron Sturdevant can be reached at cameron_sturdevant@

    Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel