Symantec ManHunt Delivers Enhanced Protection Against Network Intrusions.Business Editors/High-Tech Writers CUPERTINO, Calif.--(BUSINESS WIRE)--June 23, 2003 A Component of Symantec Intrusion Protection, Symantec ManHunt man·hunt n. An organized, extensive search for a person, usually a fugitive criminal. manhunt Noun an organized search, usually by police, for a wanted man or fugitive Noun 1. 3.0 Accurately and Effectively Identifies Attacks at Multi-gigabit Speeds While Reducing False Positives Symantec Corp. (Nasdaq:SYMC SYMC Symantec Corporation (stock symbol) ), the world leader in Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. , today announced the release of Symantec ManHunt 3.0, which provides multi-gigabit network intrusion detection See IDS and IPS. , real-time threat analysis, and proactive prevention and response capabilities to protect organizations against emerging threats and denial-of-service attacks. "The ever-increasing number of high visibility, complex attacks on corporate networks has advanced the need for a sophisticated solution that can outpace new and emerging security threats, protect networks, and ensure the safety of critical business assets," said Sandeep Kumar, director of product management at Symantec. "Symantec ManHunt offers one of the fastest and most comprehensive network intrusion detection solutions available with flexible deployment options that help reduce total cost ownership for an enterprise." Symantec ManHunt monitors network traffic at speeds of up to two gigabits per second on up to six-gigabit interfaces, dependent upon system configuration. Its multi-layered detection architecture combines protocol anomaly A deviation from the standard protocol. An intrusion detection system (IDS) may look for protocol anomalies in order to identify attacks without a signature. Protocol anomalies reduce false positives with well-understood protocols, but may cause false positives with poorly understood or detection, signature detection, denial-of-service and scan detection, and IDS evasion detection to accurately and effectively identify attacks. Protocol anomaly detection allows administrators to identify and respond to emerging threats, such as new, variant and polymorphic polymorphic - polymorphism exploits. It focuses on the structure and content of the communications, detecting previously unknown and new attacks as they happen. Many of today's attacks target application protocols such as HTTP HTTP in full HyperText Transfer Protocol Standard application-level protocol used for exchanging files on the World Wide Web. HTTP runs on top of the TCP/IP protocol. , FTP FTP in full file transfer protocol Internet protocol that allows a computer to send files to or receive files from another computer. Like many Internet resources, FTP works by means of a client-server architecture; the user runs client software to connect to , RPC (Remote Procedure Call) A programming interface that allows one program to use the services of another program in a remote machine. The calling program sends a message and data to the remote program, which is executed, and results are passed back to the calling , SMTP (Simple Mail Transfer Protocol) The standard e-mail protocol on the Internet and part of the TCP/IP protocol suite, as defined by IETF RFC 2821. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail. and DNS (Domain Name System) A system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol. For example, when a Web site address is given to the DNS either by typing a URL in a browser or behind the . Symantec ManHunt sensors model protocol rules to identify traffic that violates protocols, such as unexpected data, extra and invalid characters, and possible buffer overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. conditions. While similar attacks are bypassing intrusion detection solutions that are solely signature-based, Symantec ManHunt recognizes such attacks as protocol anomalies and reports them to the system administrators, giving them an upper hand to respond to the new threat. In addition, Symantec ManHunt offers extensive signature detection to enhance its multi-layered detection architecture. It also couples protocol anomaly detection with event refinement to accurately identify known attacks and exploits using well recognized industry-assigned names, which enables accurate responses to further protect networks. Symantec ManHunt prevents attacks from damaging an organization's critical assets through proactive response capabilities. It can be customized to terminate TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. sessions, trace the attack back to the source, enforce flow policy compliance, initiate a custom response, and send email and SNMP (Simple Network Management Protocol) A widely used network monitoring and control protocol. Data are passed from SNMP agents, which are hardware and/or software processes reporting activity in each network device (hub, router, bridge, etc. notifications to allow administrators to contain and control intrusions and denial-of-service attacks in real time. To alleviate the burden of event management, Symantec ManHunt provides a state-of-the-art analysis and correlation engine. For most organizations, IDS products generate mass volumes of data, which requires both security expertise and time to sort through to find the relevant information, assess the problem, take action and merge data for reporting. Symantec ManHunt filters out redundant data and analyzes only relevant information, providing attack awareness without the data overload. Symantec ManHunt also offers comprehensive security coverage from Symantec Security Response, the world's leading Internet security research and support organization. Regular Symantec Security Updates provide the latest security context and vulnerability information, signatures and event refinement rules to protect against ever-increasing threats. Further, Symantec ManHunt now offers additional OS support for Red Hat Linux Red Hat Linux, assembled by Red Hat, was a popular, "middle-aged" Linux distribution (not as old as Slackware but older than Ubuntu) upon its discontinuation in 2004.[1] Red Hat Linux 1.0 was released on November 3, 1994. , providing a cost-effective, easy-to-deploy and manageable enterprise security solution. Symantec ManHunt is a key component of Symantec Intrusion Protection, which offers the flexibility to implement the appropriate technology to anticipate, detect, prevent, and mitigate attacks from internal and external intruders. Symantec Intrusion Protection consists of products and services that evolve with an organization to meet its changing security needs as the business grows. Elements of Symantec Intrusion Protection may include network- and host-based intrusion detection and prevention, integrated appliances, early warning services, and analysis and mitigation services. Unlike point-product security vendors that provide only a single element of this strategy, Symantec offers all of these elements for comprehensive intrusion protection. Availability Symantec ManHunt is available through Symantec's worldwide network of value-added authorized resellers, distributors and systems integrators. Organizations can be connected with Symantec's resellers and distributors in their areas by visiting the Symantec Solution Provider locator at http://www.symantec.com/partners/partners_frames.html. About Symantec Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering Email filtering is the processing of e-mail to organize it according to specified criteria. Most often this refers to the automatic processing of incoming messages, but the term also applies to the intervention of human intelligence in addition to artificial intelligence, and to , remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 36 countries. For more information, please visit www.symantec.com. NOTE TO EDITORS: If you would like additional information on Symantec Corp. and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States. Symantec and the Symantec logo are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corp. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion