Responding to a virus outbreak or network intrusion or attack can take hours and sometimes days -- time your company likely can't afford to be offline or functioning at diminished capacity. Such attacks are increasing, with twice as many discovered so far in 2001 as in 2000, according to Arthur Wong, chief executive officer of SecurityFocus Inc., which has a new product that will function as "an early warning system for impending attacks," he said.
The new offering, called ARIS (Attack Registration and Intelligence Service) Predictor, is an alerts, patch and information service that melds the information and strengths of SecurityFocus' Bugtraq vulnerabilities e-mail list with specialized information to provide customized security advice before attacks happen, Wong saidTo perform its prognostications, ARIS Predictor draws on two sources of information: Bugtraq and the IDS (Intrusion Detection System) logs of more than 7,700 companies in 138 countries, Wong said. By monitoring Bugtraq and drawing from the accumulated knowledge of that community, SecurityFocus is able to quickly identify newly discovered vulnerabilities and attack tools, Wong said. The real strength of ARIS Predictor, however, lies in its aggregation of IDS logs.
The companies that give their log information to SecurityFocus do so through the ARIS Extractor tool, which sends their logs to SecurityFocus computers, Wong said. SecurityFocus then uses the combined data to understand what types of attacks are being launched and at what systems and industries, as well as from where, Wong said.
In return for sharing their IDS logs, companies are given the ARIS Analyzer software, a tool that helps administrators understand attacks against the networks, he said. Companies sharing their IDS information are not required to sign up for the ARIS Predictor service.
Once SecurityFocus has compiled the Bugtraq and IDS information, it uses the data to provide alerts and code customized to each subscriber company's network, which has been scanned to determine its setup and what systems are used when the company signed up. By doing this, SecurityFocus is able to only send alerts to companies about systems they have, Wong said. Not only can alerts be customized by network configuration, they also can be sent based on industry, Wong said.
If a bank were to be an ARIS Predictor customer, SecurityFocus might send them an alert saying "there are 15 other banks being hit this way. Do this to fix it," Wong said.
Alerts are sent as PDFs (Portable Document Format), e-mail, faxes, SMS (short message system) and more. The ARIS console, which is currently Web-based, provides up-to-date information on attacks, including details such as from which countries the most attacks are originating and where they are headed, what IP addresses and ISPs (Internet service providers) are attacking most frequently and what products are coming under the heaviest fire. This information can be viewed across various date and time ranges. Reports can be automatically generated on a weekly or monthly basis or for tracking specific incidents, Wong said.
Services like ARIS Predictor, which Wong calls "proactive security," are ideal for many companies, he said. Managed security services are more appealing as the rate of attacks and incidents increases, because "it's clear you can't go it alone."
ARIS Predictor starts at US$100,000 per year and is available immediately worldwide.