Symantec hunts enterprise clients with new intrusion detection

Making good on the recent purchase of Recourse Technologies Inc., Symantec Corp. now offers intrusion detection systems. One industry observer, however, says the technology is easily compared to what lies ahead.

Symantec recently acquired Recourse, a security-software maker from Redwood City, Calif., whose claim to fame is ManHunt, an intrusion detection program that eschews the normal course of sniffing out unwanted network guests. The acquisition gave Symantec control of ManHunt and its “protocol anomaly detection” capabilities.

According to Mark Ungerman, Symantec’s director of product management in American Fork, Utah, ManHunt’s unusual detection method is more effective than run-of-the-mill, signature-based techniques.

ManHunt doesn’t rely on signatures to decide if incoming packets are malicious. Rather, the software considers the normal course of network traffic and compares new material with old. If a packet seems unusual (too large; too small; coming from an unfamiliar connection), ManHunt stops it in its tracks.

“One of the biggest limitations of a lot of the network intrusion detection products on the market today is their over-dependence on detection signatures,” Ungerman said. “If the product doesn’t have a detection signature in place, then it’s essentially blind and unable to detect certain types of attacks. That limitation is not present with the Recourse product.”

ManHunt provides quick assessments of incoming traffic for fast networks, Ungerman said, explaining that the product operates at speeds of up to 2Gbps.

Symantec sells ManHunt on its own right now, but in the future the company might bundle the software with other intrusion-detection products, such as the Symantec Gateway Security (SGS) appliance and the Symantec Client Security (SCS) software, Ungerman said.

However, it’s too soon to say when Symantec will release its combination ManHunt-SGS/SCS products, he said.

“We’re just focusing on getting the products integrated and getting everything operating smoothly.”

According to Victor Keong, a partner in Deloitte & Touche LLP’s security services practice, for Symantec “the easy part…is over. Now comes the hard part, to integrate the disparate business units together and come up with a convincing integrated story.”

Symantec this summer purchased Recourse, Riptech Inc. and SecurityFocus to bolster its product line for the enterprise space, Keong said.

Jack Gorrie, a professor in electrical and computer engineering, as well as the provost’s advisor on information technology at the University of Toronto, said Symantec has made a name for itself at his workplace.

“We’ve chosen their products over…McAfee and others – in terms of antivirus software.”

Would Gorrie consider ManHunt for the U of T?

Compared to the antivirus space, intrusion detection is “rather a different problem to deal with, but I think Symantec as a company has a pretty good understanding of what the threats are,” he said. “If I was looking for people I thought could do it right, I certainly would put Symantec on a short list. Of course, that’s without seeing their product…don’t take that as a testimonial.”

Ungerman said ManHunt pricing is not set in stone, although Symantec does plan to sell the software in tiers for 100Mbps, 500Mbps, 1Gbps and 2Gbps networks. Expect prices to range from US$12,000 to US$125,000. For more information, see Symantec’s Web site: