Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
Security /

Sniffer taking on new duties

<

Related linksToday's breaking news
Send to a friendFeedback

By Ellen Messmer
Network World, 02/11/02

SANTA CLARA - Network Associates, which ditched its intrusion-detection systems last spring, is planning a fresh assault on this market because of customers' heightened awareness of security threats.

The company's plan centers around adding threat-assessment capabilities to Sniffer, the packet-analysis product line that Network Associates says 100,000 customers use.

"Later this year we will have IDS software modules for all versions of Sniffer," says Rich Van de Groenekan, a product manager for Network Associates.

The company based its earlier proactive security technology effort on its CyberCop line of IDS appliances and software, most of which was discontinued last April due to slow sales, just three months after George Samenuk took over as the company's CEO. The IDS technology being built for Sniffer derives in part from CyberCop, which ironically was developed through a mid-1990s venture between WheelGroup (now part of Cisco) and Network General, the company that created Sniffer and later merged with McAfee Associates to form Network Associates.

While companies such as Internet Security Systems and Symantec (through its Axent acquisition) have jumped into the early lead in the $500 million market, observers say Network Associates should prove to be a competitor with its new strategy.

With the advent of dangerous computer worms, the IDS market has a lot in common with the antivirus market, where Network Associates is the leader and generates much of its $834 million annual revenue. Both antivirus and IDS businesses are constantly monitor for threats and update customers' software to recognize those threats.

Network Associates has been talking up the importance of returning to the IDS market for months in meetings with analysts and others, with Sniffer Technologies President Bakul Mehta pointing out it could be done by adding IDS to Sniffer.

Network Associates' infusion of IDS technology into Sniffer starts in a small way this week, with the unveiling of Sniffer Investigator, which is an $8,000 software/laptop computer combination that inspects and analyzes 280 protocols and produces reports based on that information. The device comes with filtering software that will watch for certain worm and Trojan horse threats, such as Nimda and MyParty.

"This filter won't do eradication of worms, but it will recognize them in the frame, and trigger an alert," Van de Groenekan says. "For small and midsized businesses that can't afford a full-fledged IDS, this will provide alerts for them."

Network Associates preinstalls the software on the laptop because it works best on dedicated hardware where other applications don't interfere, he says.

Network Associates intends to add IDS modules to its Sniffer Basic and Pro products later this year, but the biggest overhaul is expected to be for the Sniffer Distributed product, which is used mainly by large companies.

IDS graphic

Sniffer Distributed relies on protocol analyzers that sit across a network and present "big picture" views of traffic flows and network usage to a central monitor. Network Associates says it has yet to determine whether to roll out a new Sniffer Distributed with built-in IDS capabilities or just add software to the existing line.

Some customers are skeptical of Network Associates' plans.

Adding IDS into Sniffer "on the surface might appear to be a good decision," says Donald Woeltje, network manager with St. Elizabeth's Hospital in Belleview, Ill. "But you can bet that in doing so, they are going to raise the price of the product again." Or, he speculates that the company will introduce a new edition of Sniffer that won't be covered under existing maintenance agreements.

While some beta users like Sniffer Investigator, they balk at having to buy a separate laptop."I can't justify that when we buy new laptops every year and a half," says Jeff Talamini, vice president of IT at ISP LANLine Communications, in White Plains, N.Y.

RELATED LINKS

Contact Senior Editor Ellen Messmer

Other recent articles by Messmer

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.