Symantec Turns Intrusion Protection Up A Notch

\

Decoy Server 3.1 features better logging, enhanced alerting capabilities.

The products are core components of Symantec's new Intrusion Protection framework, which allows customers to pick and choose the solutions that best suit their needs, said Sandeep Kumar, Symantec director of product management. The framework also includes Symantec's multifunction Gateway Security appliance, Deep Sight Alert Services and other solutions, Kumar said.

"Customers don't like an all-or-nothing approach," he said. "They like flexibility."

The new version of Symantec's network-based intrusion-detection product, ManHunt 3.0, is designed for ease of use and management, Kumar said. New features include enhanced protocol anomaly detection with "event refinement," which identifies attacks by name, such as Code Red. Management enhancements include a traffic playback tool and roles-based administration.

Symantec acquired ManHunt last year when it bought Recourse Technologies. It also acquired Recourse's honey pot technology, called ManTrap, which Symantec rebranded as Decoy Server.

id
unit-1659132512259
type
Sponsored post

Decoy Server 3.1 includes enhancements in the decoy environment, such as automated e-mail generation that can make it look like a live e-mail server, said John Harrison, Symantec group product manager. It also features improved alerting capabilities and better logging.

For solution providers, honey pots provide service opportunities in customizing decoy environments for specific companies, he said.

Meanwhile, Symantec's Host IDS 4.1 has a new feature that allows an administrator to contain an attack but permit applications on a server to continue operating, said Matt Rodgers, senior product manager at Symantec, based here. The product, formerly named Intruder Alert, also has expanded platform support. In addition to Windows 2000, it supports Windows NT, XP and Solaris 8 and 9.

"We've been really happy with Symantec's intrusion-detection products and the competitive advantage they've given us," said Heath Tow, security solutions manager at Subject, Wills & Company, a solution provider based in Oak Brook, Ill.

ROI is generally difficult to figure for intrusion-detection products, but ManHunt's ability to manage multiple network segments provides a clear cost differential vs. competing solutions.

"It truly is a product where you can realize an ROI in a competitive situation," Tow said.

All of the new products are now shipping. ManHunt is priced by bandwidth starting at $8,995. Decoy Server costs $9,000 for two cages, or virtual servers, and $16,000 for four cages. Host IDS costs $995 per agent.