Symantec Enhances Early-Warning System

DeepSight 4.0 integrates firewall data and includes new reporting and analysis capabilities.

Symantec Corp. on Wednesday released the newest version of its DeepSight Threat Management System, which now integrates firewall data and includes new reporting and analysis capabilities.

The system, which Symantec acquired in its purchase last year of SecurityFocus, is designed to be a comprehensive, early-warning system for administrators and security analysts. It gathers incident and threat data from firewalls and IDSes (intrusion-detection systems) installed on thousands of networks around the world.

As the data is collected and normalized, Symantecs analysts look for patterns that indicate a widespread attack. The analysts then notify customers of their findings.

DeepSight 4.0 gives customers the ability to customize the content of these alerts and choose how they would like Symantec analysts to contact them. The alerts can be customized down to the current version level of each customers software, and can be delivered via e-mail, phone, SMS or fax.

The new version also includes more statistical analysis capabilities, allowing users to quickly find the most active firewall and IDS events. Theres also a new Analyst Watch page that lists potential problems, as identified by Symantec security analysts.

In addition, Symantec, based in Cupertino, Calif., has added more reporting and analysis capabilities to DeepSight 4.0. The software now enables customers to run reports against specific IP addresses, events or port numbers.

The new version is available now.

  • More Security News
  • Search for more stories by Dennis Fisher