Symantec launches Web Security Monitoring to help companies deal with deluge of web threats

Helping enterprises deal with growing cyber threats, Symantec is launching its Web Security Monitoring service to give customers protection around the clock.

The 24-hour-a-day service aims to protect a company’s users and web presence from all sorts of online threats. As an early warning system, the service will provide monitoring and analysis as well as rapid reaction to threats that arise from the use of web applications.

But Symantec already offers various kinds of protection services. So why is this new service necessary?

Symantec estimated that 63 percent of 12,885 site-specific vulnerabilities in 2009 involved web applications. There were 15,197 new bot command-and-control servers, used by hackers to coordinate networks of computers infected with malware that lets them remotely assume command of the machines. Of those bot servers, 43 percent operate in Internet Relay Chat channels and 57 percent use HTTP, the technical protocol behind ordinary web traffic. That means that bots are masking much of their communications in web traffic. It’s very hard to identify those bots without using web monitoring techniques. Symantec tracks 3.7 million suspect web addresses, and the number is growing by the hour.

“There is a lot of bad traffic that is being hidden in a stealthy way,” said Grant Geyer, vice president of Symantec’s Global Managed Security Services, in an interview. “It’s like looking for a bad needle in a stack of needles.”

Corporations are fighting back with layered defenses. They use web proxy, web gateway and web application firewall technologies to find threats. What Symantec’s new service adds is real-time monitoring and notification from a team of live security analysts who can quickly zero in on compromised systems. They take a company’s log of web traffic and filter it through its known web threats database. They also watch for communication between a compromised system and the controlling botnet. Customers are notified when something is found, and the customer can immediately look at the incident report. The service is available now for a subscription fee “per device,” which depends on the extent of monitoring done.

Geyer said that a number of customers are already testing the software, which is formally avaialble today. One customer found 73 attacks in progress in one day. Those attacks would not have otherwise been detected, Geyer said.