Real-time alert services are added to US-CERT portal
- By William Jackson
- May 13, 2005
The U.S. Computer Emergency Response Team is painting a bigger picture of Internet security by adding real-time threat and vulnerability information to the Web portal used by the government's cybersecurity first responders.
Under an agreement with Symantec Corp. of Cupertino, Calif., US-CERT is making available about 500 licenses for Symantec's DeepSight security services to members of G-FIRST, the Government Forum of Incident Response and Security Teams. US-CERT is integrating Symantec DeepSight Threat Management System and Symantec DeepSight Alert Services into the portal.
'It's part of our effort to enrich the quality of the information available to us,' said Andy Purdy, acting director of the Homeland Security Department's National Cyber Security Division. 'We are working hard to increase our cybersecurity awareness.'
US-CERT is a partnership between DHS and the CERT Coordination Center at Carnegie Mellon University. G-FIRST is made up of frontline systems chiefs from the 24-hour watch center in the National Cyber Security Division, US-CERT, the Pentagon and civilian agencies.
DeepSight Threat Management creates custom intelligence updates by aggregating attack data from 20,000 sensors managed and monitored by Symantec in more than 180 countries. DeepSight Alert tracks vulnerabilities in 10,000 products from 4,000 vendors. Users can configure thresholds and requirements for customized e-mail alerts about attack activity and new vulnerabilities.
The off-the-shelf service gives government users access to a global network of sensors and monitors that would be impractical, if not impossible, for DHS to duplicate, said Oliver Friedrichs, senior manager for Symantec Security Response.
Purdy said DeepSight data would be combined with other intelligence to create a more complete picture of Internet security status.
Some details of the DeepSight implementation have not yet been worked out. Officials said the applications will be embedded in the portal, and users should not need a separate set of credentials or separate sign-in to access them. But 'we have not finalized the details of the authorization to get the information,' Purdy said.
George Johnson, chief technical officer of portal host ESP Group LLC of Arlington, Va., said the implementation is 'not a tricky job at all.' All that is needed is agreement on a common credentialing scheme so tokens can be passed from the portal to the application.
Johnson said ESP is building its portals on the government's emerging e-authentication standards to ensure interoperability.
ESP Group specializes in hosting secure portals to allow collaboration and the sharing of sensitive but unclassified information across government agencies. In addition to the US-CERT portal, it hosts a DHS Federal Protective Service portal and the Cybercop Portal, sponsored by DHS for 5,500 law enforcement and emergency responder organizations from all 50 states and 40 countries.
'We're a trusted island,' he said. 'We're outside of everyone else's infrastructure. We don't provide content, we provide tools people can pass information through.'
William Jackson is freelance writer and the author of the CyberEye blog.