Symantec updated its DeepSight Threat Management System on Monday to provide customers with warnings of attacks specifically targeting their Internet domains.
Symantec Monday updated its DeepSight Threat Management System to provide customers with warnings of attacks specifically targeting their Internet domains.
The long-running vulnerability and exploit warning service will move up to version 7.0 later this month to account for the increasing number of narrow-cast attacks, said Dee Liebenstein, group program manager for DeepSight.
"The threat landscape is changing," Liebenstein said. "We haven't seen the kind of [massive] outbreaks as in past years, but we have seen an increase in the total number of attacks. The increase is coming from targeted attacks done for financial gain."
Most security vendors have noted similar findings: that the drop in large-scale events in the league of, say, MSBlast or Zotob, is due to attackers conducting more one-on attacks against specific companies or Web sites.
Lots of current DeepSight users, said Liebenstein, are using its research database to find those threats targeting their domains, so this move is not so much leading as following customers. "They're querying the database looking for those types of worms and backdoors, but with the volumes of malicious code, that's difficult. So we're now going to proactively alert them."
The new feature doesn't examine Net traffic patterns to determine targets, but instead looks inside malware to find the Internet domains embedded in the code. It may not be a perfect solution, Liebenstein said, but it's a start.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.