Network Associates ships intrusion detection and response tool

Network Associates has begun shipping network-based intrusion-detection equipment that works with its Gauntlet firewall Version 5.0 to shut down hackers or take other action when trouble strikes.

Each CyberCop 5.0 intrusion-detection monitor looks at traffic for signs of trouble and reports back to the so-called Event Orchestrator, an NT-based event manager that the corporation uses to set its own security policy. The Event Orchestrator takes incoming security alerts and filters them against the security policy, then coordinates a response based on the type of risk.

Dubbed "Active Security," the Network Associates intrusion-detection gear allows for many types of responses to would-be intruders.

"You can just hang up on them" by having the Gauntlet firewall shut them off, or "you may want to find out who they are," suggests Gene Hodges, vice president of product management of security products at Network Associates.

For instance, you can set up a "decoy network," Hodges says. This is "a fake network where you can send a hacker, letting them nose around in fake data." A specialized decoy server called the CyberCop Sting sets the decoy network. CyberCop Sting traces and tracks hackers attempting to break into your network.

To understand your network's vulnerabilities, Network Associates is also shipping the CyberCop Scanner, which checks for about 575 known vulnerabilities in host operating systems and applications.

All the Active Security products are shipped as part of Net Tools Secure, a $64,000 package for 1,000 users. Another component in Net Tools Secure is the Network Associates' Pretty Good Privacy client and server for encrypting e-mail and digitally signing documents.

Network Associates has added an IP Security-based virtual private network feature to PGP VPN 6.5 so it can set up an encrypted VPN tunnel to the IPSec-enabled Gauntlet firewall or other IPSec server gear. This would include firewalls from Cisco or Check Point Software Technologies.

Since IPSec makes use of X.509 digital certificates to prove the user's identity, Network Associates is also shipping a certificate manager called the Net Tools PKI for issuing digital certificates for PGP's VPN client.

Even as Network Associates gets its Active Security suite out the door, the company is emphasizing that it is working with industry partners to get them to support Active Security in their products as well.

Specifically, Network Associates says Novell's Border Manager firewall will work with the Event Manager for Active Security in the future, though no release date has been set.

Also, Network Associates is working with Microsoft to integrate some intrusion-detection features into Windows 2000 and future versions of SQL Server, Exchange and Internet Information Server.

"We're developing WBEM-based schemas for intrusion detection so there can be standard ways to log events related to security attacks," Hodges says.

In addition, Network Associates now has systems integrators Ernst & Young, PriceWaterhouse Coopers and KPMG on board to use the Active Security business rules to help corporations set up security policies.

>