Intrusion-detection firms push for unified management

Leading network security software vendors Internet Security Systems Inc. and Symantec Corp. are separately developing management systems that work across their product lines. Currently, the companies supply management consoles for products in their expanding vulnerability-assessment and intrusion-detection software portfolios.

Each company is pursuing a unified management strategy in light of significant acquisitions. ISS is about a month away from finalizing a US$195 million purchase of Network Ice Corp., a maker of desktop intrusion-detection software. Symantec last year spent $975 million on Axent Technologies Inc., a vendor of firewall, VPN, vulnerability-assessment and intrusion-detection products.

By the third quarter, ISS plans to ship RealSecure Fusion Sensor, software that collects data from the four separate RealSecure database, Web server, operating system and network-based intrusion-detection tools, producing an aggregated presentation of alerts. Currently, alerts can only be collected at separate management consoles.

By year-end, the company plans to help customers dispense with multiple management consoles altogether with a system called RealSecure Site Protector.

A more organized set of management offerings will be important as ISS looks to expand the role played by its intrusion-detection tools.

Mark Woods, director of product management, says ISS wants to enable the Network Ice desktop intrusion-detection software to flag more than just hacker attempts or vulnerabilities. Rather, ISS wants the technology to take on new jobs, such as preventing an end-user's desktop from joining the corporate network until it's been assessed for integrity.

That might mean an intrusion-detection system would need to scan the user's desktop during the authentication process to remotely check it for denial-of-service Trojans or computer viruses. While intrusion-detection software typically checks for Trojans, it usually doesn't scan for viruses. ISS will look at partnering with firewall/VPN vendors and antivirus software makers to extend its new Network Ice products.

Symantec is working to extend the capabilities of its antivirus products, Axent intrusion-detection software and Raptor firewalls, and deliver a common management platform in the next few months.

"With the technologies in our portfolio, we think we can be a lot smarter in how we can get information to our customers," says Gail Hamilton, a Symantec senior vice president.

For example, Hamilton says the company's Raptor firewalls will soon be able to detect a new virus coming through a port and shut down that port if that's what a security policy calls for.

In addition, Symantec is combining features from the Axent network- and host-based intrusion-detection systems to protect applications at the desktop and server.

The efforts under way at ISS and Symantec come as Network Associates is backing out of the intrusion-detection market.

While Network Associates will con- tinue to sell the CyberCop Scanner for vulnerability assessment, it will no longer develop or seek new sales of CyberCop Monitor for sensing hacker activity.

Join the newsletter!

Error: Please check your email address.

More about AxentInternet Security SystemsISS GroupNetwork IceSecurity SystemsSymantec

Show Comments

Market Place