Faced with a seemingly nonstop flow of new cybersecurity threats, software vulnerabilities and successful malware campaigns, keeping track is a huge challenge. Lately, security advocates have been calling for a more open community, declaring that easily shared data on security threats is the key to limiting the damage they can inflict and preventing future risks from emerging. Here's a look at some of the most useful tools for keeping you current on the constantly changing security climate. Feel free to bring up others in our comments section.
Security threat data advisory tools
Faced with a seemingly nonstop flow of new cybersecurity threats, software vulnerabilities and successful malware campaigns, keeping track is a huge challenge. Lately, security advocates have been calling for a more open community, declaring that easily shared data on security threats is the key to limiting the damage they can inflict and preventing future risks from emerging. Here’s a look at some of the most useful tools for keeping you current on the constantly changing security climate. Feel free to bring up others in our comments section.
nCircle Patch Priority Index
Released at the end of February, the nCircle Patch Priority index not only shows the latest security bulletins released by Microsoft, Oracle and Apple, but it also organises them by priority to advise users which should be patched first.
McAfee Labs' Threat Intelligence
McAfee Labs provides a full arsenal of tools, ranging from geographic and historic threat data to recent malware updates and a search engine. It also doesn't hurt to provide an RSS feed of updates from the US Computer Emergency Readiness Team, the SANS Internet Storm Center and of course Computerworld.
Cisco Cyber Risk Reports
Unlike some vendors, Cisco crafts its weekly Risk Reports around the most pertinent threats facing computer users at large. Although some appear to be slightly more consumer-focused than Cisco customers may need, such as Facebook and Google privacy speculation, the depth of information beyond the top highlights can be valuable. An RSS feed and a podcast series bring additional useful elements as well.
Check Point Update Service
Check Point Software Technologies' Update Service is quite extensive, providing information on vulnerabilities in web browsers, enterprise software and server technology. In addition to its breaking news display and prioritised list of the top three current vulnerabilities, the Check Point Update service also conveniently provides a list of the latest product updates.
Symantec Security Response
Symantec's real-time data feed is basically an amateur security researcher's haven. Separate tabs display threats, risks and vulnerabilities, with an overview tab bringing it all together. Another tab even presents spam levels in three (!) different graphs. The information is quite extensive as well, covering mobile devices just as well as PCs. With all those links, the only problem is the amount of time it could take out of your day.
Multi-State Information Sharing & Analysis Center
The cyber equivalent of the terror alert system, the Multi-State Information Sharing and Analysis Center updates its colour indicator based on the severity of the overall cyber climate. Based on how the MSISAC describes it, the scale varies based on the severity of vulnerabilities that have been revealed and the time it will take for them to be patched. This one is less useful as something to watch for a steady stream of information, but the ability to embed the cyber alert graphic on websites makes it good for those looking to add another feature to their blog or website. Also, with an RSS feed, the cyber alert level graphic could be a great way to let you know when it's OK to panic.
Microsoft, Adobe, Oracle, Apple security bulletin advisories
If all else fails, which would be a pretty traumatic event for the aforementioned government agencies and security vendors, you of course can get pertinent software threat updates from the vendors themselves. All are a bit difficult to navigate, at least in comparison to some of the real-time updated sites, but essentially get the job done. For those who would rather have that news come to them, Microsoft, Adobe and Oracle all offer email notification systems. But for Apple users, it looks like you're on your own.
Government to upgrade interception capability
National Security Strategy warns of cyber threat to 2012 London Olympics