Risk Types

This issue has been solved. See solution.
umms_admin's picture
umms_admin
May 27th, 2009

Can anyone point me to a doc, or explain in greater detail the Risk Types from the reports that are generated? In other words, if a risk is classified as Low or Moderate, what does that truly mean?

Thanks

Filed under: , , ,
0 votes
Vikram Kumar-SAV to SEP's picture
Vikram Kumar-SAV to SEP
26 weeks 1 day ago

Check on symantec website.

If the Risk is Classified LOW that means it is found in less numbers in the Wild.
For any risk to check its severity you can log check the website for it once you click on risk name it will tke you to its website

eg:for Downadup.B

http://www.symantec.com/security_response/writeup.jsp?docid=2008-123015-3826-99

Threat AssessmentWildWild Level: Medium
Number of Infections: 1000+
Number of Sites: 10+
Geographical Distribution: Medium
Threat Containment: Moderate
Removal: Moderate
DamageDamage Level: Medium
Modifies Files: Modifies the tcpip.sys file.
DistributionDistribution Level: Medium

Celebrating 2 years as a community member....

0 votes
umms_admin's picture
umms_admin
26 weeks 1 day ago

Is there more specific

Is there more specific information than that? I know that I can see the risk type, but I want to know the parameters for those risk. If I tell my manager that it is a "Moderate" risk, the first question will be " what do you mean by moderate?" I am not looking for concreate numbers, but more of some general guidelines about how the define each category.

0 votes
Vikram Kumar-SAV to SEP's picture
Vikram Kumar-SAV to SEP
26 weeks 1 day ago

That would be it

Once you click on a threat name it takes you its Write-up page that has a detailed information ( Summary ,Technical Details,Removal )
Other than this there is no other parameter for defining a threat
The severity to a threat is given by number of detections by Symantec Sensors or sample submissions done.So the severity is Global.

Anyways if you see a worm on your network that should always be your first priority because only they spread.

Celebrating 2 years as a community member....

0 votes
mon_raralio's picture
mon_raralio
26 weeks 1 day ago

Maybe management is more

Maybe management is more interested in the damage level. It's 3rd to the last line from Vikram's post of a threat sample.

You could convert this in terms: 
low damage - not worth looking into
medium - minor inconvenience with no loss in security (nothing stolen or broken)
high level - your network is compromised and if there is an outbreak you should lockdown.

0 votes
umms_admin's picture
umms_admin
26 weeks 1 day ago

I guess Im just looking to

I guess Im just looking to get a deeper understanding of the reporting so that I can speak with a reasonable amount of confidence about a particular risk.

We have a large number of HackTool Rootkits that have been detected and mostly quarantined. When just looking at the raw numbers, our environment looks doomed. But when the the reports classify the risk as very low, and Symantec classifies it as Low from their site (http://www.symantec.com/security_response/writeup.jsp?docid=2002-011710-0057-99), I just want to be sure that I am spending my time where I need it.

0 votes
jrudbecka's picture
jrudbecka
26 weeks 1 day ago

Hi Umass Try look

Solution

Hi Umass

Try look here

http://www.symantec.com/security_response/severityassessment.jsp

+1 (1 vote)
SOLUTION
umms_admin's picture
umms_admin
26 weeks 1 day ago

That is EXACTLY what I am

That is EXACTLY what I am looking for. Thanks Jrudbecka.

0 votes