Network Associates Inc. on Monday announced new versions of its two intrusion prevention (IPS) products, IntruShield and Entercept, that it says will make it easier to protect corporate networks from so-called “zero day” attacks, attempts to break in to networks using previously unknown vulnerabilities.
IntruShield Version 2.1 and Entercept Version 5.0 will be released in July and will add features such as protection for attacks hidden in encrypted network traffic, internal firewalls to stop attacks that slip past an organization’s perimeter defenses and an integrated management console that makes it easier to respond to perimeter and host-based attacks, NAI said.
The new versions of IntruShield and Entercept are major updates to technology NAI acquired in April 2003 when it laid out US$220 million for two San Jose companies: IntruVert Networks Inc., a maker of hardware-based firewalls and network intrusion detection systems, and Entercept Security Technologies Inc., which made intrusion protection technology that runs on network servers or “hosts” such as application and Web servers.
The updated products are more tightly integrated with each other and will allow administrators to manage and correlate reports of attempted intrusions at both the network perimeter and on hosts from a single, IntruShield management console, said Vimal Solanki, director of product marketing for McAfee IPS.
Together, the new products will allow companies to stop even novel attacks targeting previously unknown vulnerabilities in a network’s defenses, as opposed to having to wait for security companies to spot, analyze and develop an attack signature to spot an attack, he said.
“The rule of the game have changed. (Intrusion detection) technologies that were sufficient 12 or 18 months back are necessary, but not sufficient today,” he said.
Among the new security tools NAI is promoting is an IntruShield feature called Encrypted Attack Detection and Prevention, which can stop attacks hidden in secure sockets layer encrypted network traffic. Historically, such attacks were impossible for intrusion detection and IPS products to spot, often passing unnoticed in Web traffic, Solanki said.
Using special encryption processor chips embedded in the IntruShield product, IntruShield 4000 and 2600 appliances running the new 2.1 software will be able to decrypt, inspect and forward encrypted traffic, spotting hidden attacks without slowing the network or compromising the integrity of the encrypted traffic, he said.
IntruShield 1200 devices will not have the Encrypted Attack Detection and Prevention feature, he said.
A new internal firewall feature with virtualization in IntruShield 2.1 will allow network administrators to set up network firewalls on the inside of their networks, just as they do on the network perimeter. A virtualization feature for the internal firewall allows administrators to create up to 1,000 internal firewalls for application servers, Web servers and desktop systems, tailoring firewall policies for the specific needs of a host or group of similar hosts, Solanki said.
With internal firewalls, viruses and other malicious threats that penetrate an organization’s perimeter defences will find it harder to spread between hosts on the inside of a network, he said.
For the Entercept product, NAI added a firewall feature to Entercept 5.0, which it said will provide added protection from network or Internet attacks. The company also improved the product’s management features, with an “at a glance” dashboard feature that simplifies presentation of security status information.
NAI will also offer integration of Entercept 5.0 with its ePolicy Orchestrator (ePO) Version 3.5 network security management console in the third quarter. That integration will allow administrators to use ePO to quickly deploy new Entercept agents to hosts on their network, NAI said.
McAfee Entercept 5.0 and McAfee IntruShield 2.1 will be available in July. Existing customers who have software maintenance agreements will receive the new features at no additional cost, Solanki said.