Move is part of an industry trend that turns threat intelligence data into actionable information.
Symantec is bolstering its DeepSight service and integrating its VeriSign acquisition.
The company recently announced its new Intelligent Authentication platform, which addresses secure access to web-based applications and services. Symantec is also releasing new feeds for its DeepSight Threat Management system, improving the platform’s ability to block known malicious IPs and website URLs.
The Symantec VIP Intelligent Authentication services is a rebranding of the VeriSign’s authentication business it acquired last year for $1.28 billion. Symantec is integrating the VeriSign services to offer cloud-based authentication services for Web-based applications and remote access via mobile devices.
The VIP Intelligent Authentication gives Symantec users the ability to provide two-factor authentication and monitor devices, scoring them based on their reputation and user behavior. The system works b y using the VeriSign reputation database to assign a risk score to devices. Companies can set policies that issue an additional challenge to high risk devices, either via an SMS text message, email or phone call.
Analysts said VeriSign’s cloud-based strong authentication is a mature service. The company anticipated the need for the authentication services long before its competitors.
Symantec’s beefed up DeepSight Threat Management service now has IP reputation and URL reputation data feeds. The XML feeds enable companies to use them in Web security gateways and other incident management systems to blacklist up to 100,000 malicious IP addresses and thousands of known malicious websites. The company is following one of its chief competitors, RSA, which announced in August that it wasadding malicious malware domain feeds to its CyberCrime Intelligence Service.
“This helps customers stay ahead of cybercriminals in a way that doesn’t burden their internal security teams,” said David Doroson, director of product marketing at Symantec. “It also lets end users continue to do what their supposed to do.”
Security vendors have been expanding their intelligence services in recent years, according to Scott Crawford, managing research director of security and risk at Boulder, Colo-based Enterprise Management Associates. Crawford told Information Security magazine that a variety of services exist enabling companies to customize vulnerability alerts (Secunia) or threat feeds (Cyveillance, iDefense, Vigilant) so the information can be fed into security informaiton and event management SIEM systems, vulnerability management platforms or governance, risk and compliance (GRC) suites.
“This suggests the rise of a new approach to security practice, one where defense becomes a function of visibility, and where automation is more dynamically and responsively defined by investigative expertise,” Crawford wrote.
In our recent Eye On CISO Management Issues, we tried to explain how IT security pros are turning threat data into actionable information. Certainly, threat management services and the XML feeds provided by the services could help bolster systems already in place if they are carefully applied.