'Go-To' Sites for Threat Updates

A short list of the best bets for up-to-date threat reports and analysis

January 4, 2008

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

3:07 PM -- Keeping abreast of the latest threats and active attacks such as botnets and zero-days can be difficult. So I've put together a list of sites that are great to check on a couple of times a day to know what's going on, and to get updates on what you can do to protect your valuable IT resources.

The Internet Storm Center, operated by the SANS Institute, is one of the best sources of up-to-date information on cutting-edge threats. They have a “handler” on duty each day that keeps the site updated with information, as well as a mailing list the handlers monitor so they can respond quickly with their expert analysis. The handlers are located around the globe, so someone is always keeping watch.

Arbor Networks has put together a really nice dashboard, ATLAS, that tracks the top attacks and lists “interesting” vulnerabilities based on age, probes, and severity, as well as the top scanned services and top threat sources. Arbor leverages its extensive knowledge through its ties with service providers to know what is going on around the world. If the name Jose Nazario doesn’t ring a bell, Google him and you’ll see why the analysis coming out of ATLAS is top-notch.

Having experienced several situations where an IDS vendor hasn’t kept its signatures updated for the latest attacks (like the ever-changing Storm worm and 0days), I’ve been a big fan of the IDS signature research from Matt Jonkman and crew. The IDS rules used to be available from Bleeding Threats, but have now been mirrored and are being updated at Matt’s new project, Emerging Threats. The names may be a little confusing for some, but take the time and look through the available rules. They are updated regularly and developed for Snort, but can be easily adapted to work with other IDS products -- provided you have the know-how and your IDS solution supports custom-rule creation.

I wanted to keep the list short with only the most active pages that keep track of threats of all types, but if you have some suggestions of other sites, let me know.

– John H. Sawyer is a security geek on the IT Security Team at the University of Florida. He enjoys taking long war walks on the beach and riding pwnies. When he's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading

Read more about:

2008
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox
Sign-Up

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

Enterprises investing in new infrastructure to support AI will have to choose between InfiniBand and Ethernet
Enterprise Connectivity
The Impact of AI on The Ethernet Switch MarketThe Impact of AI on The Ethernet Switch Market
byPam Baker, Contributing Writer
Sep 16, 2024
5 Min Read
Blue and purple digital cloud connecting apps and services with campus NaaS.
NaaS
Campus NaaS: Remaking the Campus NetworkCampus NaaS: Remaking the Campus Network
bySalvatore Salamone, Managing Editor, Network Computing
Jul 31, 2024
4 Min Read
DPUs are extensively used to accelerate AI and ML workloads by offloading tasks such as neural network inference and training from CPUs and GPUs.
Network Infrastructure
Harnessing DPUs & How DPUs are Changing Data CentersHarnessing DPUs & How DPUs are Changing Data Centers
byBob Wallace, Featured Writer
Jul 30, 2024
10 Min Read
Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports
Live Events
More Live Events