Symantec ThreatCon provided by Emagined Security

Emagined Security uses a variety of Information Security Alert Services to monitor the current threat landscape. We conduct monitoring 24x7x365 and are ready to notify you the instant we are aware of a threat, as when dealing with Information Security threats, every minute counts. We then guide our clients through the process of strategically responding to a threat and guide them through the Incident Response Life Cycle. Emagined Security currently relies on Symantec Products forThreat Notification. The following outlines the Symantec ThreatCon levels and their meaning:

• ThreatCon Level 1 ( Low - basic network posture )
This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.

• ThreatCon Level 2 ( Medium - increased alertness )
This condition applies when knowledge or the expectation of attack activity is present, without specific events occurring or when malicious code reaches a moderate risk rating. Under this condition, a careful examination of vulnerable and exposed systems is appropriate, security applications should be updated with new signatures and/or rules as soon as they become available and careful monitoring of logs is recommended. Changes to the security infrastructure are not required.

• ThreatCon Level 3 ( High - known threat )
This condition applies when an isolated threat to the computing infrastructure is currently underway or when malicious code reaches a severe risk rating. Under this condition, increased monitoring is necessary, security applications should be updated with new signatures and/or rules as soon as they become available and redeployment and reconfiguration of security systems is recommended. People should be able to maintain this posture for a few weeks at a time, as threats come and go.

• ThreatCon Level 4 ( Extreme - full alert )
This condition applies when extreme global network incident activity is in progress. Implementation of measures in this Threat Condition for more than a short period probably will create hardship and affect the normal operations of network infrastructure. Symantec™ DeepSight™ Threat Management System provides actionable intelligence covering the complete threat lifecycle, from initial vulnerability to active attack. With personalized notification triggers and expert analysis, the system enables enterprises to prioritize IT resources in order to better protect critical information assets against a potential attack. Patches, countermeasures, workarounds, and additional references are also provided, reducing the hours spent searching through Web sites and emails. Optional custom reports provide the ability to trend data by time, country, industry, IP address, target ports, and other parameters. Powered by the Symantec Global Intelligence Network, the service is an authoritative source of tailored information about known and emerging vulnerabilities, threats, risks and global attack activity.

We offer Symantec's DeepSight services as well as other customized services for our clients. To find out more about how we can assist you with Incident Planning and Response, please call us at 888.235.1906 or request additional information by emailing info@emagined.com