Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

'Go-To' Sites for Threat Updates

3:07 PM -- Keeping abreast of the latest threats and active attacks such as botnets and zero-days can be difficult. So I've put together a list of sites that are great to check on a couple of times a day to know what's going on, and to get updates on what you can do to protect your valuable IT resources.

The Internet Storm Center, operated by the SANS Institute, is one of the best sources of up-to-date information on cutting-edge threats. They have a “handler” on duty each day that keeps the site updated with information, as well as a mailing list the handlers monitor so they can respond quickly with their expert analysis. The handlers are located around the globe, so someone is always keeping watch.

Arbor Networks has put together a really nice dashboard, ATLAS, that tracks the top attacks and lists “interesting” vulnerabilities based on age, probes, and severity, as well as the top scanned services and top threat sources. Arbor leverages its extensive knowledge through its ties with service providers to know what is going on around the world. If the name Jose Nazario doesn’t ring a bell, Google him and you’ll see why the analysis coming out of ATLAS is top-notch.

Having experienced several situations where an IDS vendor hasn’t kept its signatures updated for the latest attacks (like the ever-changing Storm worm and 0days), I’ve been a big fan of the IDS signature research from Matt Jonkman and crew. The IDS rules used to be available from Bleeding Threats, but have now been mirrored and are being updated at Matt’s new project, Emerging Threats. The names may be a little confusing for some, but take the time and look through the available rules. They are updated regularly and developed for Snort, but can be easily adapted to work with other IDS products -- provided you have the know-how and your IDS solution supports custom-rule creation.

I wanted to keep the list short with only the most active pages that keep track of threats of all types, but if you have some suggestions of other sites, let me know.

– John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

  • The SANS Institute
  • Arbor Networks Inc.