Symantec goes on hunt for intruders

Symantec Corp. claims its users will have a better chance of preventing previously unseen types of network attacks with its latest intrusion detection release.

With ManHunt 3.0, the Cupertino, Calif.-based firm says IT managers will be better protected not just against the viruses, hacks and other security threats that they’ve seen before, but also against the new and unpredictable threats forever being devised by network ne’er-do-wells.

“Attackers are coming up with attacks daily, and many are variations on an old theme,” said John Harrison, group product manager for Network IDS Products at Symantec. “[ManHunt 3.0] is designed to protect against those that are known and those that are unknown.”

Harrison said the product is able to accomplish this because it doesn’t focus solely on detecting the signatures of incoming and potentially harmful data packets. It goes further by also examining packet protocols and judging whether they are a risk to the network. Elements that could raise red flags include extra and invalid characters and possible buffer overflow conditions, according to Symantec. Any such anomalies are reported to network administrators to give them a chance to respond to the threat.

The product also uses traditional IDS preventative tools, such as signature detection and “proactive response capabilities.” The latter category could include such measures as automatically terminating a TCP session if a threat is detected, or tracing an attack back to its source.

Symantec says it has also improved the product’s reporting process with its analysis and correlation engine. The feature sifts through the data that is generated about incidents, filters out redundant info and merges what’s left over into easily digestible reports.

Harrison touted other enhancements, such as a centralized management console whereby customers will be able to forego the tedious process of going to each IDS node on the network to make changes. Customers also will enjoy the benefits of a team of Symantec researchers, distributed worldwide, who are on the lookout for any developing viruses, worms or other kind of network security threats.

“You’re not just getting a hardware product,” said Harrison.

The ManHunt offering is part of Symantec’s overall IDS suite of products, known as Symantec Intrusion Protection. Elements of a setup using the framework might include network- and host-based intrusion detection and prevention, integrated appliances, early warning services and analysis and mitigation services. The company believes this overall package betters its competitors by offering a more comprehensive IDS package.

For Andrew Berkuta, network and physical security manager at HomeBanc Mortgage in Atlanta, features such as ease of use and clear reporting capabilities are two of the most important elements that his firm looks for in choosing an IDS product. If a product isn’t easy for everyone to use, it can be a wasted investment, he said.

“If the operations folks don’t know how to use it, it will end up at the back of a data centre collecting dust,” Berkuta said.

After an intensive process of sussing out the players in the IDS space, HomeBanc went with San Jose-based IntruVert, which recently rolled out the latest version of its IntruShield IDS System offering.

“[IntruVert] seemed to be six to eight months ahead of the learning curve and were that far ahead of what anyone else was doing in this space,” said Berkuta.