Symantec Launches Attack Preparation Service

Combining elements of Symantec's defense applications and professional services, the package promises to help companies remain on guard against zero day attacks and other emerging IT threats.

Security applications maker Symantec introduced a new package aimed at helping companies prepare for emerging attacks such as so-called zero day exploits on June 28.

Tabbed as the Symantec Threat and Vulnerability Management Program, the offering combines elements of the software manufacturers latest anti-virus and network intrusion applications with expertise garnered from its professional services division.

The goal of the service is to create a process for dealing with new attacks as they happen, rather than attempting to address the fallout from such threats after they have already arrived.

By allowing enterprise customers to create a strategy for managing their network defenses against todays rapidly-evolving forms of malware, and tailoring the plan to meet the logistics of a companys specific infrastructure, the anti-virus market leader believes it can greatly improve customers preparation for dealing with new threats.

Company executives said that a prime example of how the service might be used is in helping companies get ready to deal with the list of security updates issued by Microsoft for its Windows products each month.

While customers typically scramble to distribute the patches and update user machines, the Threat and Vulnerability Management Program will allow firms to be ready to address whatever types of issues Microsoft may report, said Ted Donat, group product manager at Symantec.

The software maker decided to create the program based on experiences working with two customers, a U.S. state government and a large multinational corporation, who had asked the firm to help them create a set of guidelines for responding to attacks.

Donat said that Symantec has offered services that deliver some of the same capabilities in the past, such as via its Global Intelligence Service, but the new package aims to provide a more comprehensive collection of technology and vulnerability response best practices.

"We heard over and over from customers that our software is great for identifying threats and recommending resolution, but that this is only the beginning of the problem and companies need help addressing these attacks across business lines," said Donat.

/zimages/2/28571.gifSymantec cuts staff, reshapes appliance investment. Click here to read more.

"Companies need help organizing a way to effectively respond to any type of attack without putting increased demands on their networks and personnel. They want us to show them what works best for others and let them mirror that."

The service addresses four specific areas of threat response planning and security software customization: assessment, design, implementation and management.

The assessment piece of the service aims to test clients IT environments to help gauge their existing threat and vulnerability response capabilities, and provide a report that summarizes the findings and details the organizations current standing compared to Symantecs best practices.

The design piece of the service revolves around retrenching customers defenses to better respond to attacks.

In installing the system, Symantec, based in Cupertino, Calif., said that it helps create a network defense framework that is customized to a customers specific needs and existing resources.

The underlying technology used in the package includes an open-source platform which combines threat notification alerts, a knowledge base of vulnerabilities, libraries of malicious code, exploits and fixes, as well as a reporting engine to help companies meet regulatory compliance goals.

The management piece of the offering aims to help companies create resources for a TVMO (threat and vulnerability management officer), who can either be trained by the software maker and staffed internally or provided to the customer as a consultant from Symantec.

Using the security companys best practices, the TVMO is made responsible for coordinating all forms of threat response across an organization.

The Threat and Vulnerability Management Program will start at a price of roughly $100,000 and increase based on the size and complexity of the organizations using the package, company executives said.

"We want to allow companies to prevent and remediate threats in a consistent manner every time, as intelligence comes in from Symantec and is applied in a way that doesnt hog resources or put people in such demand that they cant do their usual work," said Donat.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.