SANTA CLARA, CALIF. - Network Associates next Monday will ship CyberCop Monitor. It is an NT-based intrusion-detection product that not only watches for attacks or unauthorized use of system files, but also restores them in the event of tampering.
According to CyberCop product marketing manager Andrew McGuire, CyberCop Monitor for NT looks at system events, event logs and checks for NT authorization.
"You can set it up to prevent any changes in specific files, according to your own security policy," says McGuire. "For the Web server, it can look for attacks specific to Microsoft's Internet Information Server. If the user or system files are changed, it would implement a rollback to substitute the original file for the changed one."
Network Associates calls this feature auto restore. The CyberCop Monitor is a product which replaces an earlier entry called CyberCop Server, which "wasn't robust enough for production systems," McGuire acknowledges. "CyberCop Server only looked at the host-based events. CyberCop Monitor looks at host-based events and the network."
CyberCop is said to be able to spot about 300 different attack signatures that indicate hackers are trying to break in or trying to bring down an NT-based network with denial-of-service attacks.
"It's only looking at traffic coming in to the NT server, so it's looking for NT-based attacks," McGiure says. "We are in the process of developing a Solaris version of the product, too." CyberCop Monitor for Solaris 2.6 and HP-UX should be available later this fall.
CyberCop Monitor, priced at $114 per node, will be shipped as a free evaluation copy next week to all customers of Network Associates NetShield antivirus product for NT. The plan is to ship CyberCop Monitor with NetShield in the future.
CyberCop will join two other security products in what will be known as the CyberCop Security Suite. The two products are the CyberCop Scanner for scanning networks for vulnerabilities, and the hacker decoy called Sting.
RELATED LINKS
