I want to try to keep this as non-spam as possible, but Symantec acquired a company about 5 years ago called TurnTide that did almost *exactly* that.
Take the reputation of the sending address, and shape the TCP/IP packets to slow down the rate of mail into the system. Symantec touts a 70% reduction in mail volume and an 80% reduction in the amount of spam that hits a mail server. I've had it in production in one environment where the customer went from approximately 5 million messages/day to 500,000 messages/day.
Actually, the story I submitted was around their detection of spam levels coming back up to the pre-McColo shutdown. I commented on this one since it seemed that someone thought that Symantec was trying to "look better" than their competitors.
Statistics has taught me one thing: Having a larger sample set gives you better results.
"The Symantec Global Intelligence Network encompasses worldwide security intelligence data gathered from a wide range of sources, including more than 40,000 sensors monitoring networks in more than 180 countries through Symantec products and services such as Symantec DeepSightâ Threat Management System and Symantec Managed Security Services, and from other third-party sources."
Further down in that link, lets see...
Malicious Code Reports from over 120 million clients, 25,000 vulnerabilities from over 20 years affecting 55,000 different technologies, from 8,000 vendors. Oh yea, they also operate BugTraq.
How does this compare to Arbor?
Oh that's right, they didn't state their capabilities in the article or on their website that I could see.
Actually, if you think about it, Symantec has significantly more systems to look at, as there are over 40,000 sensors in over 200 countries, whcih are generating over 2 billion events a day, so yea, I think they can tell if there's an increase in port traffic.
All the consumer products report back anonymous data on things the products are protecting against as well, so add those alerts too.
Slashdot Mirror
I want to try to keep this as non-spam as possible, but Symantec acquired a company about 5 years ago called TurnTide that did almost *exactly* that. Take the reputation of the sending address, and shape the TCP/IP packets to slow down the rate of mail into the system. Symantec touts a 70% reduction in mail volume and an 80% reduction in the amount of spam that hits a mail server. I've had it in production in one environment where the customer went from approximately 5 million messages/day to 500,000 messages/day.
Actually, the story I submitted was around their detection of spam levels coming back up to the pre-McColo shutdown. I commented on this one since it seemed that someone thought that Symantec was trying to "look better" than their competitors.
Statistics has taught me one thing: Having a larger sample set gives you better results.
My source for numbers in my comment: http://www.symantec.com/about/profile/technology.jsp
"The Symantec Global Intelligence Network encompasses worldwide security intelligence data gathered from a wide range of sources, including more than 40,000 sensors monitoring networks in more than 180 countries through Symantec products and services such as Symantec DeepSightâ Threat Management System and Symantec Managed Security Services, and from other third-party sources."
Further down in that link, lets see...
Malicious Code Reports from over 120 million clients, 25,000 vulnerabilities from over 20 years affecting 55,000 different technologies, from 8,000 vendors. Oh yea, they also operate BugTraq.
How does this compare to Arbor?
Oh that's right, they didn't state their capabilities in the article or on their website that I could see.
Actually, if you think about it, Symantec has significantly more systems to look at, as there are over 40,000 sensors in over 200 countries, whcih are generating over 2 billion events a day, so yea, I think they can tell if there's an increase in port traffic. All the consumer products report back anonymous data on things the products are protecting against as well, so add those alerts too.
Ah yes, you're right... Good to know for future reference.
Printable view -- http://www.tomshardware.com/2007/10/25/windows_server_2008_reviewed/print.html No ads either :P