Homeland Security Signs Up For Symantec's Threat Network Data

Symantec adds the Department of Homeland Security's US-CERT -- the U.S. Computer Emergency Readiness Team -- to its customer list for its DeepSight threat alert and management system.

Gregg Keizer, Contributor

May 5, 2005

2 Min Read
InformationWeek logo in a gray background | InformationWeek

Symantec on Wednesday added the Department of Homeland Security's US-CERT -- the U.S. Computer Emergency Readiness Team -- to its customer list for its DeepSight threat alert and management system.

Homeland's Information Analysis and Infrastructure Protection Directorate (IAIP) inked the deal with Symantec to add the Cupertino, Calif.-based company's data -- acquired in large part from its global network of some 20,000 sensors deployed in 180 countries -- to the information already collected and analyzed by the federal agency, which is tasked with the chore of improving computer security preparedness and responding to cyber attacks in the U. S.

"We're building out our cyber-situational awareness," said Andy Purdy, the acting director of the National Cyber Security Division of Homeland Security. "We believe that the [Symantec] DeepSight alerts and services will help enrich the information sources to the federal government and its stakeholders."

Data from both Symantec's DeepSight Alert Services and DeepSight Threat Management System will be integrated within the US-CERT Portal, a secure site accessible only to federal information security officers. The off-the-shelf DeepSight data -- it's not being tweaked for the feds, said Symantec executives -- provides early warning of developing cyber-threats and analysis of both in-the-wild exploits and vulnerabilities in more than 18,000 different pieces of software.

"The time that organization have to respond to a threat is constantly shrinking," said Oliver Friedrichs, the senior manager of Symantec's security response team. The window Friedrichs referred to is the time between the disclosure of a vulnerability and the appearance of the first exploit leveraging that vulnerability. "Right now that window averages just a bit more than six days," he added.

Friedrichs touted Symantec's DeepSight data as something difficult for a government agency like US-CERT to reproduce on its own. "Although DeepSight is just one of a number of data contributors to US-CERT, its sensor network isn't that easy for just anyone to build. There are certain areas, whether geographic or in private industry, where a government agency might have difficult gaining access."

The data from DeepSight will also be used, said Purdy, by US-CERT's analysts to broadcast alerts to businesses and the public about specific cyber-threats. One of US-CERT's missions is to publicize outbreaks via its own e-mail based alerts.

In the end, however, Symantec's addition to the CERT data stream is just another feed. By combing as much data as possible, said Purdy, CERT has a better chance of being on the mark.

"We're adding this to enhance our cyber-situational awareness," said Purdy, "which at the end of the day helps us be more prepared for cyber attacks."

About the Author

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights