Symantec DeepSight Threat Management System tracks security events on a global basis, providing early warning of active attacks. With personalized notification triggers and expert analysis, the system enables enterprises to prioritize IT resources in order to better protect critical information assets against a potential attack.

To track security threats, it continuously correlates IDS and firewall attack data from the security systems of over 20,000 partners in over 180 countries, plus virus statistics from the Symantec Digital Immune System and many other human intelligence resources. Experts at Symantec analyze the information to identify active attacks and deliver advanced warning with actionable analyses and countermeasures.

The Symantec ThreatCon rating is a measurement of the global threat exposure, delivered as part of Symantec DeepSight Threat Management System. Powered by Symantec’s Global Intelligence Network, this tool provides website visitors with up-to-the-minute information on the latest Internet security threats, risks, and vulnerabilities.

ThreatCon is a system used by computer security company Symantec in order to assess how dangerous a software or networking exploit is to the global internet and communications network. There are four levels of ThreatCon in this manner:

ThreatCon Level 1 — Low: Basic network posture
Level 1 describes a situation where there are no threats of malicious coding or exploits that can affect the global network. The only precautions needed are basic security systems that can detect and remove simple bugs that are of no serious threat. This condition applies when there is no discernible network incident activity and no malicious code activity with a moderate or severe risk rating. Under these conditions, only a routine security posture, designed to defeat normal network threats, is warranted. Automated systems and alerting mechanisms should be used.



ThreatCon Level 2 — Medium: Increased alertness
Level 2 describes a situation where an exploit of moderate concern is apparent and exposed systems may be vulnerable. Updating security software with new virus definitions is a priority. This condition applies when knowledge or the expectation of attack activity is present, without specific events occurring or when malicious code reaches a moderate risk rating. Under this condition, a careful examination of vulnerable and exposed systems is appropriate, security applications should be updated with new signatures and/or rules as soon as they become available and careful monitoring of logs is recommended. Changes to the security infrastructure are not required.


ThreatCon Level 3 — High: Known threat
Level 3 describes a situation where a known threat is either imminent or starting to affect the global network. Updating virus definitions and rules is a must, and increased monitoring is necessary as well, as well as reconfiguring security and firewall settings. This condition applies when an isolated threat to the computing infrastructure is currently underway or when malicious code reaches a severe risk rating. Under this condition, increased monitoring is necessary, security applications should be updated with new signatures and/or rules as soon as they become available and redeployment and reconfiguration of security systems is recommended. People should be able to maintain this posture for a few weeks at a time, as threats come and go.


ThreatCon Level 4 — Extreme: Full alert
Level 4/4 describes a situation where a known threat in the form of malicious coding or an exploit is currently underway and is heavily affecting the global network. Taking measures against a threat of this level will most likely affect and cause hardships for the global computing infrastructure. This condition applies when extreme global network incident activity is in progress. Implementation of measures in this Threat Condition for more than a short period probably will create hardship and affect the normal operations of network infrastructure.

If you want to implement this free widget on your site/blog, follow next steps:

1. Go to page ThreatCon Widget;
2. Agree to Terms of Service;
3. Modify the style properties according to the needs of your site/blog;
4. Paste the HTML-code of ThreatCon Widget into your site/blog;