Security vendor Symantec has updated its intrusion detection and prevention systems while renouncing claims that IDS is a failed technology. Symantec Australia and New Zealand managing director John Donovan said that traditionally intrusion detection has been implemented as a point product solution.
“Security is not good from a point product nature,” Donovan said. “Enterprises can’t just deploy an IDS at the gateway as it is needed at all points of the network.”
Donovan said Symantec disagrees with the recent Gartner report that labelled intrusion detection as obsolete.
“We don’t agree with the Gartner report as IDS goes deeper than the report analysed,” he said. “IDS is about protecting assets and requires a holistic view.”
Donovan said that managed security services can go a long way to proving the worth of intrusion detection.
“Sometimes management of data is not a core competency of the organisation,” he said. “For companies with limited data management experience, it makes sense to outsource the technology.”
Symantec’s Security Management System collates and analyses data from multiple sources, Donovan said.
The company also enhanced the debate by releasing updated version of three IDS tools.
Symantec ManHunt 3.0 is a gigabit netowork-based IDS that features real-time analysis and correlation of data.
Symantec Asia Pacific technical director Tim Hartman said ManHunt has enhanced management and is cross platform.
“ManHunt’s centralised management makes scheduling updates easy,” Hartman said. “We’ve expanded the platform support to include Linux as well as Solaris, and the performance of both platforms is comparable.”
Also updated are the Decoy Server and Host IDS.
“The beauty of the Decoy Server is there are no false positives,” Hartman said. “If something touches the Decoy, something is wrong.” Version 3.1 of the Decoy Server now features improvements in threat response, and in reporting and logging.
The Host IDS product, according to Hartman, is flexible and has extended platform support.
“Version 4.1 of Host IDS now co-exists with our Intruder Alert 3.6 and has enterprise-class management capabilities,” he said.