Symantec Hong Kong
 global sites
products
purchase
service and support
security updates
downloads
about symantec
search
feedback


© 1995-2006 Symantec Corporation.
All rights reserved.
Legal Notices
Updated Privacy Policy
press centre

Symantec releases decoy-based intrusion detection system

A component of Symantec Intrusion Protection, Symantec Decoy Server 3.1 provides early detection and prioritisation of threats

Hong Kong -- 15 July 2003 - Symantec, the world leader in Internet security, today announced the release of Symantec Decoy Server, a "honeypot" intrusion detection system (IDS) that detects, contains and monitors unauthorised access and system misuse as it happens. As a complement to host- and network-based IDS, Symantec Decoy Server diverts attacks from key resources while also providing early detection of internal and external attacks.

"Honeypots supplement security solutions such as firewalls and other intrusion detection systems, providing advanced decoy technology and early detection sensors. In addition to the forensic elements, honeypots can be used as a tool for reducing false positives," said Charles Kolodgy, research director for Security Products at International Data Corporation (IDC). "Symantec has a competitive advantage with Symantec Decoy Server, offering all the elements required for comprehensive protection against intrusions."

"Decoy-based intrusion detection solutions are gaining popularity. Leverage on our security expertise and proved technology, Symantec is able to offer enterprises one of the best decoy solutions in the today's marketplace," said David Sykes, North Asia Director at Symantec. "Symantec Decoy Server is a trusted solution that extends a layered security infrastructure to protect customers from internal, external and unknown attacks.

Symantec Decoy Server provides early detection of threats and enables attack diversion and confinement by actually becoming the target of the attack. The decoy sensor acts like a fully functioning server, and can simulate email traffic between users in the organisation to mirror the appearance of a live mail server. When attacks are directed at the decoy sensor, Symantec Decoy Server delivers comprehensive attack detection through a system of data collection modules. Every action is recorded for analysis, allowing administrators to prioritise and understand the threat and respond appropriately.

Since the decoy server is not a real system, all traffic directed towards Symantec Decoy Server is likely suspicious and should be considered a prelude to an attack. This helps eliminate the nuisance of false negatives and positives, allowing system administrators to focus on legitimate attacks and respond much more effectively.

Symantec Decoy Server is not signature-based, so it automatically detects unknown attacks without any need for security signature updates or dynamic policy configurations. It also detects both host- and network-based attacks, unauthorised use of passwords and server access for increased network protection.

Once a decoy server has been attacked, it covertly monitors the activities of an attacker in real-time using Session Replay, a live session analysis tool. Sessions may be recorded and played back for further analysis to help organisations understand the tools and tactics used against them.

"Symantec Decoy Server is an excellent technology for not only detecting unauthorised activity, but for capturing detailed information on the attacker, their tools and their identity," said Lance Spitzner, founder of the Honeynet Project and author of "Honeypots: Tracking Hackers." "As a honeypot solution, Symantec Decoy Server has capabilities few other technologies can match."

Symantec Decoy Server is a key component of Symantec Intrusion Protection, which offers the flexibility to implement the appropriate technology to anticipate, detect, prevent, and mitigate attacks from internal and external intruders. Symantec Intrusion Protection consists of products and services that evolve with an organisation to meet its changing security needs as the business grows. Elements of Symantec Intrusion Protection may include network- and host-based intrusion detection and prevention, integrated appliances, early warning services, and analysis and mitigation services. Unlike point-product security vendors that provide only a single element of this strategy, Symantec offers all of these elements for comprehensive intrusion protection.

Availability
Symantec Decoy Server is available through Symantec's worldwide network of value-added authorised resellers, distributors and systems integrators.

About Symantec
Symantec, the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, California, Symantec has worldwide operations in 36 countries. For more information, please visit www.symantec.com.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States.

Symantec and the Symantec logo are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.