Symantec Pushes Deeper Into Threat Management

Symantec Corp. on Monday plans to introduce the next generation of its DeepSight Threat Management System.

Symantec Corp. on Monday plans to introduce the next generation of its DeepSight Threat Management System, which now pays more attention to developing threats and early warnings.

DeepSight 5.0 is the second major revision of the product since Symantecs acquisition of SecurityFocus, the company that developed the technology. The system relies on a network of sensors around the world that feed vulnerability, attack and other security data into a central correlation point. Symantec then analyzes the information and uses it to send out alerts about emerging threats and ongoing attacks.

Using the data-mining tools and correlation capabilities in DeepSight, customers can then determine whether a new vulnerability or worm attack affects any systems in their particular environment.

"Customers want to understand the threat associated with a vulnerability. They want to get more out of their investments in IDS and firewalls," said Dee Liebenstein, senior product manager at Symantec, based in Cupertino, Calif.

The biggest change in the new release is the addition of virus information. Customers will now have access to data from Symantecs Digital Immune System, which provides some context around the severity of a virus outbreak and its potential consequences.

Symantec has also made the extensive set of custom reports in DeepSight an add-on to version 5.0. Liebenstein said that many customers simply didnt have the time to drill down into the minutiae of their security postures on a regular basis, so Symantec decided to offer the detailed reporting as an extra. Among the options available in the custom reports are views that show the top attacks in a given industry and how a companys security history matches up with those of its peers.

Version 5.0 will be available next week and is sold on a subscription basis. Symantec has also added a flexible licensing option for the new release, which allows customers to extend the use of the system throughout the organization.