Symantec Releases Decoy-Based Intrusion Detection System
A Component of Symantec Intrusion Protection, Symantec Decoy Server 3.1
Provides Early Detection and Prioritisation of Threats
SYDNEY --NSW - 1 July, 2003 -- Symantec, the world leader in Internet
security, today announced the release of Symantec Decoy Server, a "honeypot"
intrusion detection system (IDS) that detects, contains and monitors
unauthorised access and system misuse as it happens. As a complement to
host- and network-based IDS, Symantec Decoy Server diverts attacks from key
resources while also providing early detection of internal and external
attacks.
"Honeypots supplement security solutions such as firewalls and other
intrusion detection systems, providing advanced decoy technology and early
detection sensors. In addition to the forensic elements, honeypots can be
used as a tool for reducing false positives," said Charles Kolodgy, research
director for Security Products at International Data Corporation (IDC).
"Symantec has a competitive advantage with Symantec Decoy Server, offering
all the elements required for comprehensive protection against intrusions."
"Symantec's honeypot approach is the only real enterprise decoy solution
available today, providing a layer of protection from internal, external and
unknown attacks," said John Donovan, Symantec's Managing Director for
Australia and New Zealand. "Symantec Decoy Server is not a real system, so
all traffic directed towards it is likely to be suspicious. By focusing on
legitimate attacks, system administrators can respond much more effectively
allowing them to focus on legitimate attacks."
Symantec Decoy Server provides early detection of threats and enables attack
diversion and confinement by actually becoming the target of the attack.
The decoy sensor acts like a fully functioning server, and can simulate
email traffic between users in the organisation to mirror the appearance of
a live mail server. When attacks are directed at the decoy sensor, Symantec
Decoy Server delivers comprehensive attack detection through a system of
data collection modules. Every action is recorded for analysis, allowing
administrators to prioritise and understand the threat and respond
appropriately.
Since the decoy server is not a real system, all traffic directed towards
Symantec Decoy Server is likely suspicious and should be considered a
prelude to an attack. This helps eliminate the nuisance of false negatives
and positives, allowing system administrators to focus on legitimate attacks
and respond much more effectively.
Symantec Decoy Server is not signature-based, so it automatically detects
unknown attacks without any need for security signature updates or dynamic
policy configurations. It also detects both host- and network-based
attacks, unauthorised use of passwords and server access for increased
network protection.
Once a decoy server has been attacked, it covertly monitors the activities
of an attacker in real-time using Session Replay, a live session analysis
tool. Sessions may be recorded and played back for further analysis to help
organisations understand the tools and tactics used against them.
"Symantec Decoy Server is an excellent technology for not only detecting
unauthorised activity, but for capturing detailed information on the
attacker, their tools and their identity," said Lance Spitzner, founder of
the Honeynet Project and author of Honeypots: Tracking Hackers. "As a
honeypot solution, Symantec Decoy Server has capabilities few other
technologies can match."
Symantec Decoy Server is a key component of Symantec Intrusion Protection,
which offers the flexibility to implement the appropriate technology to
anticipate, detect, prevent, and mitigate attacks from internal and external
intruders. Symantec Intrusion Protection consists of products and services
that evolve with an organisation to meet its changing security needs as the
business grows. Elements of Symantec Intrusion Protection may include
network- and host-based intrusion detection and prevention, integrated
appliances, early warning services, and analysis and mitigation services.
Unlike point-product security vendors that provide only a single element of
this strategy, Symantec offers all of these elements for comprehensive
intrusion protection.
Availability
Symantec Decoy Server is available through Symantec's worldwide network of
value-added authorised resellers, distributors and systems integrators.
Organisations can be connected with Symantec's resellers and distributors in
their areas by visiting the Symantec Solution Provider locator at
http://www.symantec.com.au/region/au_nz/partners/.
About Symantec
Symantec Corp. (Nasdaq: SYMC), the world leader in Internet security
technology, provides a broad range of content and network security software
and appliance solutions to individuals, enterprises and service providers.
The company is a leading provider of client, gateway and server security
solutions for virus protection, firewall and virtual private network,
vulnerability management, intrusion detection, Internet content and e-mail
filtering, remote management technologies and security services to
enterprises and service providers around the world. Symantec's Norton brand
of consumer security products is a leader in worldwide retail sales and
industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide
operations in 36 countries. For more information, please visit
www.symantec.com.au
NOTE TO EDITORS: If you would like additional information on Symantec
Corporation and its products, please view the Symantec Press Centre at
http://www.symantec.com.au/region/au_nz/PressCenter/ on Symantec's Web site.
Symantec and the Symantec logo are trademarks or registered trademarks, in
the United States and certain other countries, of Symantec Corporation.
Additional company and product names may be trademarks or registered
trademarks of the individual companies and are respectfully acknowledged.
|
