Symantecs ISTR Makes Some Good Points

Opinion: Naturally, the Internet Security Threat Report paints a bleak picture, but there's some good news as well.

Even though Symantec has a vested interest in painting as bleak a security picture as possible, its latest Internet Security Threat Report does a good job of providing a well-researched overview of everything bad on the Internet.

The ISTR, compiled by a team of Symantec experts, uses mountains of data collected by the company from around the world.

/zimages/1/28571.gifRead details here about Symantecs purchase of an anti-phishing vendor.

The reports (this is the eighth one) are issued at six-month intervals. This allows enough time for the data to show trends, while being frequent enough to provide IT managers with actionable information. The report released on Sept. 19 covers the period from January to June 2005.

Its hardly surprising that sections in the reports often conclude with a suggestion to buy a service or product offered by Symantec, and IT managers should take the ISTR with a bit of salt.

However, Symantec has done a good job of explaining the ups and downs of the threat landscape. I think the conclusions are interesting and well worth paying attention to.

/zimages/1/28571.gifSymantec patches its AntiVirus Corporate Edition. Click here to read more.

Just one example from the report illustrates the point. The average time lapse between the disclosure of a vulnerability and the publication of an associated exploit was 6.0 days, according to Symantecs ISTR. This compares to 6.4 days in the previous report.

Symantec combined this disclosure with a new measure that shows the average patch development and availability time. The report says that on average in 2005, 54 days elapsed before a vendor patch was available for a published exploit.

This is useful information, but IT managers need to correlate the general numbers about exploits and patches to assets including machines, operating systems and applications to get a business-focused idea of the actual risk faced in an enterprise.

An accurate inventory of IT assets, along with the general trend information provided by the ISTR, will likely help IT managers make better security decisions.

eWEEK Labs Technical Director Cameron Sturdevant can be reached at

/zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.