In a sign that it is continuing to digest the technology it swallowed with three high-profile purchases last July, Symantec Corp. has announced an upgrade to the DeepSight Threat Management System, which it acquired with its purchase of SecurityFocus Inc.
DeepSight Threat Management System is an early warning system that uses a worldwide network of firewall and intrusion detection systems maintained by more than 19,000 data partners to aggregate and correlate attack data.
The system provides security administrators with analysis of emerging threats, customizing those alerts to a customer’s network configuration. The system is designed to prevent or mitigate the effect of attacks with the help of advanced warning and targeted countermeasures, according to Symantec.
Symantec is marketing the DeepSight technology as a hedge against fast-spreading threats such as the recent W32.Slammer worm. DeepSight began tracking the Slammer worm hours before it began propagating and issued alerts and procedures to administrators to prevent infection, according to Symantec. Symantec did not provide specific examples of DeepSight preventing infection by the Slammer worm in its announcement, however.
The flood of early warnings about Slammer that were available within hours of the outbreak, for free, undermines the value of the DeepSight subscription for widespread outbreaks, said John Pescatore, an Internet security researcher at Gartner Inc. The service is more valuable for low profile and targeted attacks, according to Pescatore.
“Symantec can say ‘We’ve got 19,000 companies, and we’re seeing attacks targeting financial services companies or energy companies or banks,'” Pescatore said.
Companies can also determine whether an attack they are experiencing is part of a larger Internet attack, or whether it is targeted specifically at their network, according to Pescatore.
Symantec’s DeepSight service competes against similar services from other antivirus and security vendors such as Trend Micro Inc., Vigilinx Inc. and iDefense Inc.