Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    All The Threat Information You Want, And Then Some

    Written by

    Larry Seltzer
    Published October 24, 2003
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      As the editor of the Security Center, I have to stay informed on vulnerabilities and malicious code. Hey, its my job. I subscribe to a large number of mailing lists, and vendors and analysts regularly send me information. So I thought I was well informed. Then along came Symantecs DeepSight Alert and Threat Management Services.

      Security junkies will overdose on these services quickly. If all you did was to monitor Symantecs public research resources, such as the Symantec Security Response site, you might be impressed with Symantecs research. But thats only a small window onto the full picture of the information they release for a hefty fee. How hefty? Alert Services is $5,000 per year. Threat Management Services starts at $15,000 per year, per user, albeit with volume discounts.

      The DeepSight Alert Services keep you informed on vulnerabilities in excruciating detail. Its highly-configurable Web-based interface allows you to control the products about which you wish to be informed, the amount of data you wish to for each vulnerability, and how you wish to receive it.

      Naturally, I first signed up for alerts on Windows, where its always busy season. In the course of two weeks I received 88 messages, most of them either announcing or updating reports on vulnerabilities.

      For example, Ive received (so far) 9 alerts relating to the Microsoft Messenger Service Buffer Overrun problem. Each alert lists:

      • an ID for tracking it on SecurityFocuss BugTraq (Symantec owns SecurityFocus; and this bugs ID was 8826);
      • a CVE code for those who track vulnerabilities that way;
      • the dates of original publishing and last update;
      • whether the vulnerability is remote and/or local; and
      • a classification of the type of bug it is (for instance, the Messenger bug is a “Boundary Condition Error”).

      Symantec also adds interpretive value to these facts. They assess the credibility of the report. In this case, the Messenger bug was “Vendor Confirmed,” but others might have “Multiple Sources,” “Conflicting Details,” “Reliable Source,” “Single Source,” or just “Conflicting Reports.” You can make up your own mind how seriously to take reports with these various classifications, or choose only to receive them at or above a certain level.

      In addition, there are two quantitative measures on which you can filter reports: Impact, which is based on the potential threat to the system by the vulnerability; and Urgency, which is based on the severity, ease of exploitation, and credibility of the report.

      Each report also lists all the vulnerable products, short and detailed technical descriptions of the vulnerability, attack scenarios, available exploits, as well as mitigating strategies and solutions. If you want to deal with a vulnerability its hard to imagine needing more information than this.

      The breadth of products covered is arguably more impressive than all this detail. You could spend your whole day just understanding the Windows reports, but theres much much more.

      Take for example a remotely-exploitable Denial of Service attack on Mac OS X (currently vulnerable in Version 10.2.7 and maybe fixed in Panther?). Or a bug in NetBSD that can cause a kernel panic or potentially divulge sensitive information? (Note that the BugTraq links Im providing here dont provide any detail on the bugs; you need to be a DeepSight subscriber for that.) And its not just operating systems, but a large collection of applications, critical hardware such as routers, databases, games, computer systems.

      I receive my alerts via e-mail, but you can also receive them via fax (why would anyone want this?), a voice interface, or SMS text messaging. Subscribers can create multiple sets of rules for alerts, receiving most via e-mail, but the most serious ones covering the most crucial products via SMS.

      The Threat Management Services provides a series of reports and statistics on threats worldwide that are collected from a large network of honey pots and other monitoring systems.

      Symantec uses this data to generate a series of reports that describe increases in intrusions based on levels. The big picture is in Symantecs “ThreatCons,” which range from Level 1 (“Basic Network Posture”) to Level 4 (“Extreme : Full alert … extreme global network incident activity is in progress”). These are plays on the DefCon or Defense Condition levels used by the Defense Department (to tell the truth, however, the DefCon scale actually goes from 5 down to 1).

      While I was testing, on October 15, Symantec raised the ThreatCon level from 1 to 2 because of the announcement of multiple remotely-exploitable Windows vulnerabilities (including the Messenger problem described above), and increased port scanning activity from certain sites in China. They recently put ThreatCon back down to Level 1.

      Im impressed with this service and if I were responsible for the security of a large and critical IT infrastructure I would seriously consider an investment in it. While most of this information could be found elsewhere, it would take a lot of research. Of course, were all too busy for that, which is why this service is worth paying for. But is it worth all those thousands of dollars? No doubt you need to be a Fortune 1000 company to be in this league.

      Discuss this in the eWEEK forum.

      Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

      More from Larry Seltzer

      Larry Seltzer
      Larry Seltzer
      Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement— He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.