ABOUT SYMANTEC

Press Release

LinkedIn Facebook Twitter RSS

Symantec Releases Decoy-Based Intrusion Detection System

A Component of Symantec Intrusion Protection, Symantec Decoy Server 3.1 Provides Early Detection and Prioritization of Threats

CUPERTINO, Calif. - June 23, 2003 - Symantec Corp. (NASDAQ: SYMC), the world leader in Internet security, today announced the release of Symantec Decoy Server, a "honeypot" intrusion detection system (IDS) that detects, contains and monitors unauthorized access and system misuse as it happens. As a complement to host- and network-based IDS, Symantec Decoy Server diverts attacks from key resources while also providing early detection of internal and external attacks.

"Honeypots supplement security solutions such as firewalls and other intrusion detection systems, providing advanced decoy technology and early detection sensors. In addition to the forensic elements, honeypots can be used as a tool for reducing false positives," said Charles Kolodgy, research director for Security Products at International Data Corporation (IDC). "Symantec has a competitive advantage with Symantec Decoy Server, offering all the elements required for comprehensive protection against intrusions."

"Decoy-based intrusion detection solutions are gaining popularity, and Symantec offers the only real enterprise decoy solution in the market today," said Frank Huerta, vice president, IDS product delivery at Symantec. "Symantec Decoy Server is a superior detection solution that extends a layered security infrastructure to protect customers from internal, external and unknown attacks."

Symantec Decoy Server provides early detection of threats and enables attack diversion and confinement by actually becoming the target of the attack. The decoy sensor acts like a fully functioning server, and can simulate email traffic between users in the organization to mirror the appearance of a live mail server. When attacks are directed at the decoy sensor, Symantec Decoy Server delivers comprehensive attack detection through a system of data collection modules. Every action is recorded for analysis, allowing administrators to prioritize and understand the threat and respond appropriately.

Since the decoy server is not a real system, all traffic directed towards Symantec Decoy Server is likely suspicious and should be considered a prelude to an attack. This helps eliminate the nuisance of false negatives and positives, allowing system administrators to focus on legitimate attacks and respond much more effectively.

Symantec Decoy Server is not signature-based, so it automatically detects unknown attacks without any need for security signature updates or dynamic policy configurations. It also detects both host- and network-based attacks, unauthorized use of passwords and server access for increased network protection.

Once a decoy server has been attacked, it covertly monitors the activities of an attacker in real-time using Session Replay, a live session analysis tool. Sessions may be recorded and played back for further analysis to help organizations understand the tools and tactics used against them.

"Symantec Decoy Server is an excellent technology for not only detecting unauthorized activity, but for capturing detailed information on the attacker, their tools and their identity," said Lance Spitzner, founder of the Honeynet Project and author of "Honeypots: Tracking Hackers." "As a honeypot solution, Symantec Decoy Server has capabilities few other technologies can match."

Symantec Decoy Server is a key component of Symantec Intrusion Protection, which offers the flexibility to implement the appropriate technology to anticipate, detect, prevent, and mitigate attacks from internal and external intruders. Symantec Intrusion Protection consists of products and services that evolve with an organization to meet its changing security needs as the business grows. Elements of Symantec Intrusion Protection may include network- and host-based intrusion detection and prevention, integrated appliances, early warning services, and analysis and mitigation services. Unlike point-product security vendors that provide only a single element of this strategy, Symantec offers all of these elements for comprehensive intrusion protection.

Availability
Symantec Decoy Server is available through Symantec's worldwide network of value-added authorized resellers, distributors and systems integrators. Organizations can be connected with Symantec's resellers and distributors in their areas by visiting the Symantec Solution Provider locator at http://www.symantec.com/partners/partners_frames.html.

About Symantec
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.

NOTE TO EDITORS: : If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States.

Symantec, the Symantec logo, VERITAS, and the VERITAS logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and certain other countries. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.

@Symantec