Product: SecurityFocus's ARIS Predictor

From...

By Sam Costello

(IDG) -- Responding to a virus outbreak or network intrusion or attack can take hours and sometimes days -- time your company likely can't afford to be offline or functioning at diminished capacity.

Such attacks are increasing, with twice as many discovered and/or reported so far in 2001 as in 2000, according to Arthur Wong, CEO of SecurityFocus Inc. The company has a new product that will function as "an early warning system for impending attacks," he says.

The new offering, called ARIS (Attack Registration and Intelligence Service) Predictor, is an alerts, patch and information service that melds SecurityFocus' Bugtraq vulnerabilities e-mail list with specialized information to provide customized security advice before attacks happen, Wong says.

IDG.net INFOCENTER IDG.net's main page Free daily newsletters PC World.com Product Finder Computerworld Communities Related IDG.net Stories Security flaw in Symantec's anti-virus software Senate committee proposes homeland security bill Exodus security team's roots run deep Features Cool gifts for cool nerds! Your complete guide to broadband DSL bloodbath continues Visit an IDG site Choose a site: IDG.net CIO Computerworld Darwin Dummies.com GamePro.com The Industry Standard ITWorld.com InfoWorld.com JavaWorld LinuxWorld Macworld Online Network World Fusion PC World Publish.com UnixInsider IDG.net search

To perform its prognostications, ARIS Predictor draws on two sources of information: Bugtraq and the IDS (Intrusion Detection System) logs of more than 7,700 companies in 138 countries, Wong says. By monitoring Bugtraq and drawing from the accumulated knowledge of that community, SecurityFocus is designed to quickly identify newly discovered vulnerabilities and attack tools, Wong says. The real strength of ARIS Predictor, however, lies in its aggregation of IDS logs.

The companies that give their log information to SecurityFocus do so through the ARIS Extractor tool, which sends their logs to SecurityFocus computers, Wong says. SecurityFocus then uses the combined data to predict what types of attacks are being launched and at what systems and industries, and from what site, Wong says.

In return for sharing their IDS logs, companies are given the ARIS Analyzer software, a tool that helps administrators understand attacks against the networks, he says. Companies sharing their IDS information are not required to sign up for the ARIS Predictor service.

Once SecurityFocus has compiled the Bugtraq and IDS information, it uses the data to provide alerts and code customized to each subscriber company's network, which has been scanned to determine its setup and what systems are used when the company signed up. By doing this, SecurityFocus sends alerts to companies only about systems they have, Wong says. Not only can alerts be customized by network configuration, they also can be sent based on industry, Wong says.

If a bank were an ARIS Predictor customer, Wong says, SecurityFocus might send it an alert saying, "There are 15 other banks being hit this way. Do this to fix it."

Alerts are sent as PDFs (Portable Document Format), e-mail, faxes, SMS (short message system) and more. The ARIS console, currently Web-based, provides updated information on attacks, including details such as from which countries the most attacks are originating and where they are headed, what IP addresses and ISPs (Internet service providers) are being used to attack most frequently and what products are coming under the heaviest fire.

This information can be viewed across various date and time spans. Reports can be automatically generated on a weekly or monthly basis or for tracking specific incidents, Wong says.

Services like ARIS Predictor, which Wong calls "proactive security," are ideal for many companies, he says. Managed security services are more appealing as the rate of attacks and incidents increases, because "it's clear you can't go it alone."

ARIS Predictor starts at $100,000 per year and is available immediately worldwide.