Name of tool: Deep Sight Threat Management System (TMS) and Alert Services
Company name: Symantec Corp.
Price: TMS starts at $15,000; Alert Services start at $5,000 and increases, depending on the number of users.
Platforms supported: A browser-based service that runs on Version 5 or higher. You'll also need PGP, an e-mail account and Acrobat reader to take full advantage of the various features. Strom-meter:
*** = Hey, not bad. One notch below very cool. Key features:
Offers the ability to monitor worldwide threats and attacks in near-real time, as well as the ability to be as informed as possible about the state of vulnerabilities that are part of your technology portfolio -- all coming to you via a simple Web browser and e-mail alerts of your choosing. Pros:
Ever wish you had the bucks to assemble one of those cool network command centers with dozens of big displays monitoring what is going on with your networks and with the Internet at large across the globe? The trouble is, who has the time to sit and watch over all that stuff, and who has the money these days to put it together and staff it 24x7? Well, Symantec does and is willing to share its center and expertise with you.
Now you can be there virtually, courtesy of two services from Symantec's DeepSight division. The two services complement each other and while you can purchase either independently, they work best if used in tandem. They are a heck of a lot cheaper than building your own command center, yet give you the opportunity to take advantage of all the expertise that the company has assembled to analyze and fight cyber threats around the world.
The Alert Services package looks inward. It is geared towards keeping up with the particular portfolio of products that you have to maintain as part of your overall IT infrastructure and new security vulnerabilities that keep you after hours patching code and updating products. First, you specify how you wish to receive alerts. This can be via e-mail, fax, text or voice messages to a phone number. Next, you specify the technologies for which you want to receive alerts. This can be as specific as a particular version of Windows or all technologies from a particular vendor. Third, you set up the notification monitoring service. This involves choosing either a vulnerability or (new to this version) a malicious code situation along with the thresholds at which to send the alerts and the device to which you want the alerts sent. There is also a database of vulnerabilities and malicious code that is searchable by vendor or product name.
The Threat Management System (TMS) looks outward. It is used to monitor what is happening to the world's computers and networks that have been instrumented with sensors by Symantec over the past several years. This includes ISPs, corporate networks and individual users. In near real-time (you're notified of warnings and threats in a timely fashion, within hours or minutes of them actually happening), you can keep current with the latest attacks and view statistics on what new exploits have occurred on the Internet in the past days or weeks.
TMS is divided into several sections: statistics on various threats and activities that Symantec has observed across its network of sensors; analysis collecting various pre-written reports and research papers that analyze various attacks and hacks along with daily and weekly attack summaries; reports that can be customized for particular needs (I'll get to these in a moment); notifications of particular attacks in progress; and account information where you can change your e-mail address and password.
The key to TMS and new to Version 5.0 are these custom reports. They are sent to you via PGP encrypted messages and can specify what kind of attacks have been observed on particular IP address ranges, or over particular port numbers or types of exploits. The reports have so many custom options that getting them right the first couple of times will take some skill and perhaps some help from Symantec engineers.
I liked both services and think they should be a part of any corporate IT bag of tricks. I wish the navigational elements received a little more attention during development, including placing the Alert Services items in the order that I described them above and a better home page nav bar for TMS. But these are minor complaints.
With both services, the idea is to be better informed and be able to take action before the bad guys take over your networks and your weekends. While the multiple-thousand dollar price tag isn't cheap, given the time spent tracking down attacks and fixing things in their aftermath, it could be money well spent.
**** = Very cool, very useful
*** = Hey, not bad. One notch below very cool.
** = A tad shaky to install and use but has some value.
* = Don't waste your time. Minimal real value.
About the author
David Strom is the technology editor for VARBusiness magazine. He has tested hundreds of computer products over the past two decades working as a computer journalist, consultant and corporate IT manager. Since 1995 he has written a weekly series of essays on Web technologies and marketing called Web Informant. You can send him e-mail at email@example.com.
This was first published in October 2003