Security: Being Informed on Worldwide Virus Threats
|
Security: Being Informed on Worldwide Virus Threats |
|
|
In the ever more connected world, companies have frequently been threatened by viruses and other malware programs. Thus, every IT user (as a company or as an individual) needs to protect itself against such attacks by installing a set of IT security products: antivirus, firewall, anti-spyware, auto-updates, etc. While such security tools are efficient for most known threats, they are vulnerable to yet-unknown attacks or new attacks for which no protection has been provided by IT manufacturers. Example: Late December 2005, a security issue was discovered in the image rendering component of Windows. This vulnerability was being widely used by malicious programs and Web sites for 2 weeks without any way to protect against such attacks. Even with a daily updated antivirus, firewall and anti-spyware software, your IT infrastructure was at serious risk! The only way to protect your IT infrastructure and users from such threats is to be aware of such security issues and keep your users and administrators informed of what they must do to avoid any infection. Principle A very efficient way to automatically check for known worldwide virus threats is to setup our monitoring framework, BMC Performance Manager, to connect to an IT security software vendor Web site like Symantec and check their latest threat report. Symantec, the leading vendor in IT security, maintains a Web page with the current level of security risk for your IT (called “Symantec ThreatCon”). The Symantec ThreatCon level can be:
Additionally, this Symantec ThreatCon Web page provides a one-line description of the current threat. Configuring BMC Performance Manager to retrieve the Symantec ThreatCon level In order to monitor this risk level as reported by Symantec, we only need to configure BMC Performance Manager Monitoring Studio to:
Since this Web page gives additional textual information about the current threat, we could also configure BMC Performance Manager Monitoring Studio to retrieve this information and report it to administrators. As explained above, we need to configure a new Web request analysis in BMC Performance Manager Monitoring Studio for the Symantec ThreatCon Web page (http://www.symantec.com/avcenter/threatcon/learnabout.html).
This creates a new Web request analysis icon in our PATROL Console. Then, we only need to extract the Symantec ThreatCon level from this Web page content. The ThreatCon level is basically located in the first line of the page, after the string “ThreatCon Level is”:
As we would like to be alerted when ThreatCon level is 3 (high) or 4 (extreme), we set the alert thresholds as follows:
This creates a new graph in our PATROL Console that represents the IT security risk level, on a worldwide basis, as reported by Symantec. As soon as Symantec raises this security risk rating to 3 or 4, we will get an alarm. This will let us take immediate preventive action against the newly identified threat.
Summary To be alerted automatically on worldwide IT security threats, we have configured BMC Performance Manager Monitoring Studio to:
Note that we could have configured Monitoring Studio to retrieve some background information about the current threat very easily. Also, we could have used other security information sources (other vendors or security organizations). |
