Symantec sharpens intrusion protection

Symantec has updated a number of software products under the guise of a security framework it calls Symantec Intrusion...

Symantec has updated a number of software products under the guise of a security framework it calls Symantec Intrusion Protection.

The company refreshed its ManHunt network intrusion detection system (IDS) product, as well as the Intruder Alert host-based IDS and ManTrap "honeypot" products. Intruder Alert is now known as Symantec Host IDS and ManTrap is branded as Symantec Decoy Server.

The centrepiece of Symantec's announcements is Symantec ManHunt 3.0, which updates the IDS technology that Symantec purchased from Recourse Technology last year.

The latest version of ManHunt includes a feature that delivers security updates to ManHunt sensors in response to emerging threats. Those updates use information from Symantec's Security Response research organisation to update the ManHunt devices, providing updated vulnerability information, attack signatures and rules to refine event data and spot attacks.

Previous versions of ManHunt permitted attack signature updates, but not modifications to the sensors.

ManHunt will now run on Red Hat's Linux 8 platform and Sun Microsystems' Solaris operating system.

For companies looking for host-based intrusion detection and prevention, Symantec updated its Intruder Alert product, rebranding it as Symantec Host IDS version 4.1.

The product includes improved "process management" features which make it easier to harden applications against attacks, according to Matt Rodgers, senior product manager at Symantec.

For example, for a web server the process management features would allow administrators to create security policies which enforce a core set of capabilities out of a much larger set of supported capabilities, blocking the server from spawning non-essential processes.

Those policies can be applied to individual hosts or groupings of servers based on operating system, department or other internal designations, Rodgers said.

Symantec also expanded the number of supported platforms for Host IDS. In addition to Sun's Solaris 8 and 9 operating systems, it now supports Microsoft's Windows XP, 2000 and NT 4.0 operating systems.

Recourse's ManTrap product was relaunched Monday as Symantec Decoy Server 3.1, with a new user interface and look and feel.

Version 3.1 contains a number of improvements over earlier versions of ManTrap, including the ability to spawn multiple decoy environments or "cages" from a single Decoy Server.

By simulating multiple honeypots, Decoy Server increases the odds of catching hackers and makes it easier to obscure an organisation's actual servers.

In addition, version 3.1 adds new attack alerts through pagers or SMS, improved logging and attack play-back capabilities, and tighter integration with the ManHunt product.

The new software updates are all part of a technology framework Symantec is calling Symantec Intrusion Protection. The idea is to tie together the company's disparate technologies into a system of complementary technologies that use a common architecture and management interface.

The system encompasses a number of Symantec's recent technology purchases in the intrusion detection and prevention areas, including the Recourse technology and vulnerability information from its purchase of SecurityFocus in August 2002.

Paul Roberts writes for IDG News Service

Read more on IT strategy