The newly released Symantec Security Management System (SSMS) leverages security management technology from Riptech, incident management from MountainWave, vulnerability response technology from SecurityFocus and intrusion detection code from Recourse, all recent Symantec acquisitions.
The SSMS gathers alerts from antivirus software, firewalls, intrusion detectors and integrated protection systems and processes them with MountainWave's incident manager.
Symantec has written collector agents to work with its own products and those supplied by Checkpoint and ISS and has written relays to send the processed alerts to IBM's Tivoli and HP's OpenView.
Arthur Wong, founder of Symantec acquisition SecurityFocus and now Symantec VP for Security Response, said that enterprises were now flooded with alerts. “Enterprise customers are dealing with up to 9 million alerts every month, which might perhaps reveal two or three real threats,” said Wong. “The SMSS software is designed to analyse these events and deal with them in a way that allows a security team to focus on the real threats.”
“We collect and monitor alerts from 16,000 companies in 179 countries and the number of attacks has increased 64 percent this year,” said Wong. “So far all the worms and viruses have exploited known weaknesses that were preventable if companies had applied the patches already available. But we are faced with the real prospect that in the future attacks will exploit unknown vulnerabilities. We are seeing 50 new “holes” being discovered in operating systems and applications every week.”
John Thompson, Symantec chairman and CEO, said it was only a matter of time before a “designer attack” occurred. “We expect to see a targeted attack aimed at a particular company or government agency or a specific IP address,” said Thompson. “Today's tools will not cope as the internet doubles and quadruples. We need more spending on R&D across the sector to deal with future security threats. Washington expects physical attacks. We are working hard to get cyber security onto the national and worldwide agenda.”
“We're starting to see some awareness translated into action. The US government has set up www.staysafeonline.com to educate children about the basic security requirements of being connected to the internet by broadband,” said Thompson. “The US government has doubled its budget this year to US$4.5 billion to bring its own agencies up to a basic level of acceptable security.”
“To combat cyber threats we need public and private sector co-operation and the US has recently setup a number of Infrastructure Assurance Councils (ISAC) to make this possible. They've had to look at anti-trust and FOI rules to make this possible, so that companies that want to report incidents don't find themselves with a bigger problem due to public perception of weakness in any company that is attacked,” said Thompson.
In Australia, Symantec has been working with the National Office for the Information Economy (NOIE) and the Attorney-General's Department to raise cyber security awareness for consumers and enterprises on the Business-Government Critical Infrastructure Task Force.