Symantec DeepSight Reputation DataFeeds Identify Malicious Activity Sources in Real-Time
Symantec Corp. recently announced two new DeepSight datafeeds -- Symantec DeepSight IP Reputation DataFeed and Symantec DeepSight URL Reputation DataFeed, which provide critical intelligence about known attack actors in a format that enterprises can use to automatically trigger systems for active protection or incident management.
Both new datafeeds are Web services, which provide enterprise applications with up-to-date and actionable intelligence about malicious activity on the Internet, such as malware distribution and botnet command and control. These datafeeds are derived from observed activity on the Internet over a 24-hour period, and can be automatically integrated into a wide variety of enterprise security and incident management systems to reduce exposure to emerging threats.
Cyber threats are more frequent and sophisticated than ever before, and capable of doing great damage to critical systems and information. For enterprise security teams, it is a challenge to keep pace with the changing threat landscape. Sixty-eight percent of enterprises surveyed in the upcoming 2011 Threat Management Survey identified the lack of threat intelligence as one of their top two concerns.
Derived From the Symantec Global Intelligence Network By performing deep proprietary analysis of billions of events from the Symantec Global Intelligence Network, DeepSight Reputation DataFeeds identify the 100,000 most malicious IP addresses and thousands of malicious URLs during a 24-hour period. Malicious activity is categorized by the type of behavior observed by sensors in the Global Intelligence Network. A hostility score is calculated based on the frequency of activity and a confidence rating is assigned based on the number and types of sensors detecting the activity. The XML formatted datafeeds allow enterprise security teams to easily integrate this intelligence into their security applications and tune their responses based on their organization's risk profile.
"Our new DeepSight Reputation DataFeeds are designed to deliver critical intelligence to help our customers get ahead of new threats," said Samir Kapuria, senior director, Symantec Security Intelligence Group. "Combining Symantec's real-time global security intelligence with our customer's internal visibility enables them to be more focused and prevent attacks before critical systems and information have been compromised."
Tapping Into DeepSight Intelligence Symantec DeepSight Intelligence includes DeepSight Early Warning Services, DeepSight DataFeeds as well as the direct integration of DeepSight intelligence into a range of Symantec solutions. DeepSight Early Warning Services deliver tailored information, analysis and mitigation strategies to address known and emerging threats and vulnerabilities, accessible through the DeepSight Services Portal. DeepSight DataFeeds deliver actionable intelligence in formats which are easily integrated into a wide variety of enterprise security systems.
Many Symantec solutions directly integrate DeepSight intelligence to deliver more proactive and effective security, including Symantec Managed Security Services and Symantec Protection Center. The new Symantec VIP Intelligent Authentication solution integrates the Symantec DeepSight IP Reputation DataFeed to identify high-risk login attempts from suspected malicious sources, and invokes additional out-of-band authentication methods such as an SMS text message, phone call or email to mitigate this risk.