Methodology

VeriSign® iDefense® Security Intelligence Services deliver timely, proactive intelligence using our proven methodology for discovery and analysis. The existence of a vulnerability does not always pose a threat to the enterprise. With finite resources and more organized attackers, defense of critical IT assets requires security intelligence — knowing which vulnerabilities pose the greatest risk to critical infrastructures.

Discovery

We discover vulnerabilities and track the development of tools to exploit them. Our vulnerability teams filter data from mailing lists, Web sites, and proprietary sources into consolidated views of new publicly disclosed vulnerabilities related to more than 10,000 products. Our threat intelligence teams monitor activities related to cyber security globally and track the development of tools to exploit vulnerabilities.

Contributors to the Vulnerability Contributor Program (VCP) work independently and notify VeriSign of unpublished vulnerabilities and exploit code.

Analysis

Our cutting-edge research and development teams conduct detailed analysis of vulnerabilities, exploit code and malicious code to find out how they work and who created them. Organized attacks from known actors pose a greater risk of organized assault on valued systems than independent hackers. We develop scan checks, IDS signatures and workarounds to protect threatened systems.

Alerts, Reports, and Briefings >>

Our teams prioritize and categorize intelligence for delivery in regularly scheduled advisories and updates or as alerts requiring immediate attention. We have discovered more vulnerabilities than any other organization, and our discoveries becomes part of our analysis, which our customers receive, on average, 68 days before vendors make them public.

Research and Response Teams >>

VeriSign® iDefense® Security Intelligence teams uncover vulnerabilities and identify threats from sources in more than 30 countries and 12 languages. Our highly specialized teams of security experts scour the Internet for potential cyber threats from known and undisclosed vulnerabilities, malicious code threats, cyber terrorism plots, zero-day exploits, and organized cyber crime activities.