Symantec Corp. on Monday released a new security product designed to help network managers identify bugs and manage vulnerabilities in operating systems and applications.
The Symantec Vulnerability Assessment 1.0 is Web-based software that is installed on a server and scans the network for weaknesses, and because it is Web-based it can be managed remotely.
“Organizations are struggling mightily, dealing with vulnerabilities…one understanding vulnerabilities and two, understanding them and remediating them from their environment,” said Ronald Van Geijn, director of product management for Symantec in Washington D.C.
“That’s where Symantec Vulnerability Assessment comes in. [It] helps organizations deal with vulnerabilities, identify them, and weed them out of their environment.”
The product is compatible with Sun Microsystems Inc.’s Solaris platform, Hewlett Packard Co.’s UX, IBM Corp.’s AIX, Red Hat Inc.’s Linux and Microsoft Corp.’s Windows 2000, NT and XP. The company said it would also be supporting Windows Server 2003.
Using information from Symantec’s Vulnerability Database – a repository of information about known viruses, worms and vulnerabilities – the offering discovers them in an effort to stymie attacks on the network and defeat unnecessary downtime.
The database indexes information from two sources – Bugtraq and Common Vulnerabilities and Exposure (CVE). Both are lists that detail known software vulnerabilities. Bugtraq was acquired by Symantec when it purchased the Cupertino, Calif.-based SecurityFocus in August 2002. The Manchester Institute of Telematics and Employment Research (MITER) compiles the CVE at the Manchester Metropolitan University in Manchester, England.
The Vulnerability Assessment tool is built upon Symantec’s Enterprise Security Architecture (SESA), an open-standards-based architecture used to manage security devices across the network.
Once the vulnerability information is discovered it is stored on a Microsoft Corp. SQL database that is part of SESA. Security information from other Symantec security products is also stored on SESA’s SQL.
If any vulnerabilities are detected they are placed in a priority sequence which is pre-determined by the user such as by urgency or by affected platform. This way, users can remove or reinforce the weak link by, for example, installing a patch, or employing new management techniques to minimize risk.
Symantec’s LiveUpdate technology is also incorporated into the Vulnerability Assessment – it automatically and rapidly deploys new security updates and modules into the vulnerability database so networks can be easily repaired and secured, the company said.
As well, the Vulnerability Assessment Tool is tightly integrated with Symantec’s Incident Manager v2.0, which was also made available on Monday.
Incident Manager is an engine that correlates and prioritizes security incidents, and provides network administrators with a course of action how to resolve the incident. A security event is a single occurrence that triggers a response from a security sensor, whereas an incident is usually one or more related events, and is more likely to indicate a security breach.
Usually security sensors generate millions of events each month, Symantec says, so the Incident Manager is a way of sifting through these events, using a set of pre-determined criteria to look for incidents.
In July 2002, Symantec acquired Mountain View Inc., based in Falls Church, Va. which possessed what Van Geijn called “top-notch” correlation technology named Cyber Wolf.
With the integration of Cyber Wolf, Incident Manager’s correlation features have been improved so it can automatically correlate events in real-time, and tracking features have been added so administrators can identify redundant incident reports. And with integration to the new Vulnerability Assessment Tool, incidents can be related to vulnerabilities.
Incident Manager correlates security events from disparate security systems, and helps network managers determine the impact that business security incidents could cause.
Symantec Vulnerability Assessment Tool costs US$795 per server, and includes one year of maintenance, upgrade insurance and support, whereas workstation licenses cost US$150. The price of Incident Manager starts at US$75,000, and varies upon number of systems to be monitored and customer needs.