Endpoint Protection

 View Only

  • 1.  Risk Types

    Posted May 27, 2009 10:47 AM
    Can anyone point me to a doc, or explain in greater detail the Risk Types from the reports that are generated? In other words, if a risk is classified as Low or Moderate, what does that truly mean?

    Thanks


  • 2.  RE: Risk Types

    Posted May 27, 2009 10:52 AM
    If the Risk is Classified LOW that means it is found in less numbers in the Wild.
    For any risk to check its severity you can log check the website for it once you click on risk name it will tke you to its website

    eg:for Downadup.B

    http://www.symantec.com/security_response/writeup.jsp?docid=2008-123015-3826-99

    Threat AssessmentWildWild Level: Medium
    Number of Infections: 1000+
    Number of Sites: 10+
    Geographical Distribution: Medium
    Threat Containment: Moderate
    Removal: Moderate
    DamageDamage Level: Medium
    Modifies Files: Modifies the tcpip.sys file.
    DistributionDistribution Level: Medium


  • 3.  RE: Risk Types

    Posted May 27, 2009 11:09 AM
    Is there more specific information than that? I know that I can see the risk type, but I want to know the parameters for those risk. If I tell my manager that it is a "Moderate" risk, the first question will be " what do you mean by moderate?" I am not looking for concreate numbers, but more of some general guidelines about how the define each category.


  • 4.  RE: Risk Types

    Posted May 27, 2009 11:37 AM
    Once you click on a threat name it takes you its Write-up page that has a detailed information ( Summary ,Technical Details,Removal )
    Other than this there is no other parameter for defining a threat
    The severity to a threat is given by number of detections by Symantec Sensors or sample submissions done.So the severity is Global.

    Anyways if you see a worm on your network that should always be your first priority because only they spread.


  • 5.  RE: Risk Types

    Posted May 27, 2009 01:14 PM
    Maybe management is more interested in the damage level. It's 3rd to the last line from Vikram's post of a threat sample.

    You could convert this in terms: 
    low damage - not worth looking into
    medium - minor inconvenience with no loss in security (nothing stolen or broken)
    high level - your network is compromised and if there is an outbreak you should lockdown.


  • 6.  RE: Risk Types

    Posted May 27, 2009 01:38 PM
    I guess Im just looking to get a deeper understanding of the reporting so that I can speak with a reasonable amount of confidence about a particular risk.

    We have a large number of HackTool Rootkits that have been detected and mostly quarantined. When just looking at the raw numbers, our environment looks doomed. But when the the reports classify the risk as very low, and Symantec classifies it as Low from their site (http://www.symantec.com/security_response/writeup.jsp?docid=2002-011710-0057-99), I just want to be sure that I am spending my time where I need it.



  • 7.  RE: Risk Types
    Best Answer

    Posted May 27, 2009 01:49 PM
    Hi Umass

    Try look here

    http://www.symantec.com/security_response/severityassessment.jsp


  • 8.  RE: Risk Types

    Posted May 27, 2009 03:42 PM
    That is EXACTLY what I am looking for. Thanks Jrudbecka.