During an attack. An early warning system also provides warning of attacks that are under way. With personalized notification triggers and expert analysis, the system enables enterprises to prioritise IT resources in order to better protect critical information assets against attack. Using statistically reliable attack information, an early warning system must deliver automated, prioritised notifications. Patches, countermeasures, workarounds, and additional references are also provided.
The bottom line: an early warning system is vital in light of today's increasingly sophisticated threats, which demand superior response capabilities.
Getting the word out on Blaster and Slammer
Recent events underscore the value of early warning systems' response to cyber attacks. For example, it was an early warning system that alerted customers in July to the RPC DCOM Windows vulnerability and the patch from Microsoft. By continuing to monitor global attack activity, early warning systems were able to issue additional alerts as activity levels rose. (For example, an intrusion-detection signature that protected against this kind of attack was released.) The vulnerability eventually resulted in the Blaster worm, which began spreading in earnest on August 11. In between the vulnerability announcement and the worm, the threat increased daily as the new tools to exploit the vulnerability were publicly disclosed, as we saw above.
In January, it was an early warning system that first picked up the fast-moving Slammer worm, which doubled its infection rate every 8.5 seconds in its early stages and wreaked an estimated $1 billion in lost productivity. Automatic analysis of sensor-generated data identified Slammer as a global threat. Customers were notified of the threat and were advised to block traffic on the targeted port. Additional alerts were issued when further analysis pinpointed the threat as a worm, when the vulnerability that Slammer targeted was identified, and when patches that eliminated the vulnerability were available.
A federal case
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.