The spiraling cost and damage of intrusions has also led to the creation of some early warning systems, such as those by SecurityFocus and the nonprofit SANS Institute. They represent intrusion detection clearinghouses providing information on vulnerabilities and attack techniques. Both collect and analyze data from monitoring devices around the world, dispersing alerts via the Internet to thousands of customers and subscribers. The SecurityFocus Deep-Sight Threat Management System gathers and correlates data from over 15,000 network intrusion detection, firewall, and router devices from thousands of private, public, and academic networks in 150 countries. The annual subscription for DeepSight is $50,000. Educational institutions that agree to feed their data get a discount.
SANS is a nonprofit educational group for security professionals. SANS accepts logs for analysis. Other security services, such as aris.securityfocus.com, allow victims to also upload IDS logs for purposes of analyzing attacks. McAfee's Visual Trace service can map attacks, offering time and place information like caller ID, and is capable of tracking down attackers by geographic region, IP address, and even street address. Check Point Software Technologies, a firewall maker, allows customers to block traffic from IP addresses SANS lists as attackers.