Symantec goes on the hunt for intruders

Symantec Corp. claims its users will have a better chance of preventing previously unseen types of network attacks with its latest intrusion detection release.

With ManHunt 3.0, the Cupertino, Calif.-based firm says IT managers will be better protected not just against the viruses, hacks and other security threats that they’ve seen before, but also against the new and unpredictable threats forever being devised by network ne’er-do-wells.

“Attackers are coming up with attacks daily, and many are variations on an old theme,” said John Harrison, group product manager for Network IDS (intrusion detection systems) Products at Symantec. “[ManHunt 3.0] is designed to protect against those that are known and those that are unknown.”

Harrison said the product is able to accomplish this because it doesn’t focus solely on detecting the signatures of incoming and potentially harmful data packets. It also examines packet protocols and judges whether they are a risk to the network. Elements that could raise red flags include extra and invalid characters and possible buffer overflow conditions, according to Symantec. These are reported to network administrators.

The product also uses traditional IDS preventative tools, such as signature detection and “proactive response capabilities.” The latter could include automatically terminating a TCP session if a threat is detected, or tracing an attack to its source.

Symantec says it has also improved the product’s reporting process with its analysis and correlation engine. The feature sifts through the data that is generated about incidents, filters out redundant information and merges anything left over into easily digestible reports.

Harrison touted other enhancements, such as a centralized management console whereby customers will be able to forego the process of going to each IDS node on the network to make changes.

ManHunt is part of Symantec’s IDS suite of products, known as Symantec Intrusion Protection. Elements of a setup using the framework might include network- and host-based intrusion detection and prevention, integrated appliances and analysis and mitigation services.

For Andrew Berkuta, network and physical security manager at HomeBanc Mortgage in Atlanta, features such as ease of use and clear reporting capabilities are two of the most important elements in choosing an IDS product. If a product isn’t easy for everyone to use, it can be a wasted investment, he said. “If the operations folks don’t know how to use it, it will end up at the back of a data centre collecting dust.”

After an intensive process of sussing out the players in the IDS space, HomeBanc went with San Jose-based IntruVert, which recently rolled out the latest version of its IntruShield IDS System.

“[IntruVert] seemed to be six to eight months ahead of the learning curve and were that far ahead of what anyone else was doing in this space,” Berkuta said.