Symantec Scares the BeJeebus Out of Its Customers
The Deepsight Threat Management system, owned and operated by Symantec, is a valuable tool for many large enterprises. It is essentially core analysis on the state of the threat to the internet. Cyber response teams use the information from it to build blacklists of known attackers, plan patch cycles, and even build custom intrusion detection signatures. Customers of TMS include many large banks, medical communities and even the military.
So when Symantec fires off an email alert at 8 PM east coast time on Friday night, warning that the Internet is about to have a meltdown, quite of few enterprises had to scramble to cancel weekend plans and react to the new threats.
But it was a false alarm. Seems Symantec was testing new alerting software.
From the Reg here:
Symantec inadvertently warned enterprise customers of a full-scale internet meltdown on Friday.
An erroneous alert from Symantec’s DeepSight falsely warned that a devastating attack was underway. The message, which went out at 8:40pm Eastern time, contained a subject line that stated: “DeepSight Increased ThreatCon from 1 to 4 Alert.”
The ThreatCon scale – whose moniker mimics the defense readiness condition (DEFCON) system used by the military – runs from one (all calm on the Western Front) to four (meltdown).
Symantec moved back down to ThreatCon 1 and hour after issuing its Chicken Little-style alert on Friday. The security giant blamed the erroneous alert on “product testing”, Computerworld reports.
Symantec has never moved to threatcon 4. The last time it was at 3 was during the Sasser worm outbreak of 2004.
The part that’s most hilarious to me: We didn’t get this alert because we’re in the process of re-evaluating AV/anti-malware vendors and our contract lapsed. I’m absolutely certain that, even if it handn’t, only having “GOLD membership” would mean I wouldn’t get the alert because only “PLATINUM membership” gave you privileges.
(To be fair, they’ve changed their support model, but I still like to make fun of them for not giving away info that everyone should have except to the people who pay through the nose.)
Yeah, and its VERY expensive. But given the state of the “threats” out there, you do have to question its value nowadays. Worms are by and large becoming a thing of the past. Most threats revolve around phishing attacks and ID theft. I don’t know what value they add other than “oh looky, this botnet now has this new feature.”