|
Introduction
Vulnerability Alert Services vary in the quality of
output considerably. My experience has seen between zero and
80 alerts in a day. The great diversity in features between
vendors should result in there being at least a few that meet your
needs. If you are evaluating a
vulnerability Service it may be worth considering the following
points:
Length of evaluation
Some alert services will only allow you to evaluate
their services for one week, in my opinion this is not sufficient
to fully gauge what they have to offer, aim for 30 days.
Some will not allow you to trial what they have to offer at all,
I'd ask, what are they hiding?
Analysis
The real value of an
alert service is to cut down on your workload, monitoring and
evaluating the threats on your behalf. When evaluating a service
do they provide information regarding the threat that the
vulnerability presents using terms like credibility of information
source, verification of reported information, an estimate of risk,
severity etc or are they merely regurgitating public information.
Some vendors will use bots to find the information ensure that
human process the information before it is transmitted.
Timing
Whilst some alert services claim to offer 24x7
alerts my experience has shown otherwise, plot the receipt times
of their alerts on a graph and see if they are truly a 24 hour
operation, I was very surprised with the results. If you
aren't interested in out of hours alerts and you are in the same
time zone as the provider then use their lack of out of hour
response to reduce the cost. If however you need 24x7 alerts
go elsewhere.
Latency
Ideally your alert service will advise you of a
vulnerability prior to it's public release, some do a good job at
this. However, more common is notification over 24 hours
after the public release, ie way, way too late.
Filters
Most Vulnerability alert services allow you to tune
the events you receive to your environment. The most common
method is to select those products you wish to see alerts for, for
instance NT4 service pack 6a or later. The selection is
usually based on an existing vulnerability database, see how
far back their database goes. If however one of your
products hasn't had a vulnerability discovered previously
then you may not be able to select it for it's first
vulnerability. If you look after a larger networking
environment it may be worth checking if the provider allows you to
select all products and exclude certain products that you don't
have. This may also get around the first vulnerability
problem mentioned earlier.
Emergency Alerts
Every now and the the carp really hits the fan, in
Europe this is usually 1730 on a Friday evening, (late morning in
the US) allowing our
American cousins enough time to address the problem before their
weekend. Does your alert service output emergency alerts to
a specified email address or SMS.
Value Added
Does the alert service also notify you about
malware and other crucial Internet intelligence. Does it
have access to live IDS feeds advising you about new port probe
trends, does it monitor IRC for what is happening in the badlands.
Cost
The cost of the alert services seems to vary
greatly, a higher price doesn't always indicate a better service.
|
 |
|
SecurityMob |
|
|
SecurityMob |
http://www.securitymob.com/products/ews.asp |
SecurityMob provides security professionals
with an attractive alternative, by aggregating the mass of information
and sending alerts to the organisation ONLY when it matters. SecurityMob
can help organisations further, by allowing the organisation to
prioritise what security information is important to them based on an
intuitive, real time, Early Warning System.
|
|
Duration - 24/7
|
Information Updated: 14 Mar 2006
|
|
Vigil@nce |
|
|
SILICOMP-AQL |
http://vigilance.aql.fr/accueil_en.php |
|
Vigil@nce, available in French and
English, tracks vulnerabilities, their solutions and major viruses and
worms.
A key of Vigil@nce is to separate
vulnerabilities from their solutions (patch, workaround). Indeed, a
vulnerability often has several solutions, and a solution corrects
several vulnerabilities. |
|
Duration - 11/5
|
Information Updated: 27 Mar 2006
|
|
FrSIRT |
|
|
FrSIRT.com |
http://www.frsirt.com/english/services/ |
|
FrSIRT is an independent organisation
providing real-time threat monitoring and alerting services to thousands
of organisations and professionals. The FrSIRT works 24x7x365 to
monitor, review, and research new vulnerabilities, threats and exploits
to offer a unique vulnerability notification service allowing system,
network, and security professionals to keep track of the latest security
threats. |
|
Duration - 24/7
|
Information Updated: 18 Jan 2005
|
|
|
|
iDefense Security Intelligence Services |
|
|
iDefense Labs |
http://labs.idefense.com/services/ |
|
Utilizing an experienced team of security experts, iDefense scours the Internet for potential cyber
threats including: new malicious code, zero-day exploits or hacker groups committing cyber crime or
threatening widespread cyber terror. iDefense combines this with technical and traditional intelligence
to deliver advanced warning and analysis of these threats to help protect an organization's critical
infrastructure.
Our intelligence and analysis provide advanced warning with actionable recommendations, delivered to
customers as critical alerts, weekly summaries, and in real-time discussions with analysts. Our in-depth
research reports examine current security issues from technical and business process or strategy points
of view to help protect an organization's critical infrastructure.
|
|
Duration - 24/7
|
Information Updated: 03 Oct 2007
|
|
TraceAlert |
|
|
TraceSecurity, Inc |
http://www.tracesecurity.com/products/trace-alert.php |
When a vulnerability is
discovered, the TraceSecurity engineering staff immediately
researches the threat, checks the validity, enters the
information into the proprietary TraceAlert security engine
and delivers specific, easy-to-understand security
vulnerability information to the proper individual or group
at the customer site.
|
|
|
Duration - n/k
|
Information Updated:14 Mar 2006
|
|
Symantec Deepsight Alert Services |
|
|
Symantec Corporation. |
http://www.symantec.com |
|
Symantec DeepSight Alert Services provide early warning
of potential security threats. Delivered via email, SMS, voice, fax, and
a secure website, these alerts are designed to help your enterprise
maintain business continuity and improve adherence to emerging security
regulations.
Tracks vulnerabilities in more than 18,000 operating systems,
applications, and technologies from 2,200 vendors.
Complete personalization enables users to receive only those alerts that
are relevant to their business units, geographical locations, and skill
sets.
Secured and hardened failover, research, and dispatch resources ensure
persistent guidance and intelligence to enable your business continuity.
Consistently delivers timely alerts whose guidance is in the framework
of best security practices and includes mitigating strategies and
workarounds when available. |
|
Duration - 24/7
|
Information Updated: 14 Mar 2006
|
|
|
|
SecurityTracker |
|
|
SecurityGlobal.net LLC |
http://www.securitytracker.com/server/info?9550+learn/premium.html |
|
SecurityTracker is a service that helps you to keep
track of the latest security vulnerabilites. We monitor a wide variety
of Internet sources for reports of new vulnerabilities in Internet
software, hardware, and/or services. We provide our customers with a
timely and reliable source for vulnerability notification. |
|
Duration - 24/7
|
Information Updated:15 Mar 2006
|
|
Cybertrust
Vulnerability/Threat Management
|
|
|
Cybertrust |
http://www.cybertrust.com/solutions/vulnerability_threat_management/ |
|
Our threat and vulnerability management services
provide your organization with the preventative, detective, and
corrective measures you need to help limit the frequency and impact of
security incidents. Any vulnerability identified will be
confirmed by our information security analysts to ensure there are no
false positives. In addition we will share all results and details
immediately with your team to expedite any remediation needs. Finally,
we can provide detailed data analysis that will evaluate risk accounting
for both the impact an event could have on your operation and the
likelihood that an attack attempt would be successful. |
|
Duration - 24x7
|
Information Updated: 15 Mar 2006
|
|
Vulnerability
Tracking Service |
|
|
Secunia |
https://ca.secunia.com/?page=aboutsecuniacustomerarea |
|
The Secunia Customer Area is the commercial part of
Secunia. It allows IT professionals to configure their own customised
setup in order to provide only relevant security information for their
specific network setup. |
|
Duration - 24/7
|
Information Updated: 20 Mar 2006
|
|
X-Force
Threat Analysis Service |
|
|
Internet Security Systems |
http://xforce.iss.net/xftas/ |
|
Internet Security Systems (ISS)' X-Force Threat
Analysis Service (XFTAS) is a security intelligence service that
delivers customized information about a wide array of threats that could
affect your network security. |
|
Duration - 24/7
|
Information Updated:20 Mar 2006
|
|
E-Secure-IT |
|
|
Co-Logic Security Ltd |
https://www.e-secure-it.com/ |
|
E-Secure-IT is a global IT Security
Vulnerability and Threat Early Warning Service. Site specific alert
notifications from over 2500 products and subjects. Access to
the IT security knowledgebase. Core service from
New Zealand (GMT +12) has the time zone in its favour thereby delivering
alerts prior to the start of the workday in other countries.. |
|
Duration - 24/7
|
Information Updated:09 Mar 2003
|
|
|
