Symantec manhunt delivers enhanced protection against network intrusions
Announcement posted by Symantec (Consumer) 02 Jul 2003
A component of Symantec intrusion protection, Symantec ManHunt 3.0 accurately and effectively identifies attacks at multi-gigabit speeds while reducing false positives
Symantec, the world leader in Internet security, today announced the release of Symantec ManHunt 3.0, which provides multi-gigabit network intrusion detection, real-time threat analysis, and proactive prevention and response capabilities to protect organisations against emerging threats and denial-of-service attacks. "Symantec's intrusion detection technologies provide a sophisticated solution that can outpace new and emerging security threats to protect critical business assets," said John Donovan, Symantec's Managing Director for Australia and New Zealand. "Symantec ManHunt offers one of the fastest and most comprehensive network intrusion detection solutions available with flexible deployment options that help reduce total cost ownership for an enterprise."
Symantec ManHunt monitors network traffic at speeds of up to two gigabits per second on up to six-gigabit interfaces, dependent upon system configuration. Its multi-layered detection architecture combines protocol anomaly detection, signature detection, denial-of-service and scan detection, and IDS evasion detection to accurately and effectively identify attacks.
Protocol anomaly detection allows administrators to identify and respond to emerging threats, such as new, variant and polymorphic exploits. It focuses on the structure and content of the communications, detecting previously unknown and new attacks as they happen. Many of today's attacks target application protocols such as HTTP, FTP, RPC, SMTP and DNS. Symantec ManHunt sensors model protocol rules to identify traffic that violates protocols, such as unexpected data, extra and invalid characters, and possible buffer overflow conditions. While similar attacks are bypassing intrusion detection solutions that are solely signature-based, Symantec ManHunt recognises such attacks as protocol anomalies and reports them to the system administrators, giving them an upper hand to respond to the new threat.
In addition, Symantec ManHunt offers extensive signature detection to enhance its multi-layered detection architecture. It also couples protocol anomaly detection with event refinement to accurately identify known attacks and exploits using well recognised industry-assigned names, which enables accurate responses to further protect networks.
Symantec ManHunt prevents attacks from damaging an organisation's critical assets through proactive response capabilities. It can be customised to terminate TCP sessions, trace the attack back to the source, enforce flow policy compliance, initiate a custom response, and send email and SNMP notifications to allow administrators to contain and control intrusions and denial-of-service attacks in real time.
To alleviate the burden of event management, Symantec ManHunt provides a state-of-the-art analysis and correlation engine. For most organisations, IDS products generate mass volumes of data, which requires both security expertise and time to sort through to find the relevant information, assess the problem, take action and merge data for reporting. Symantec ManHunt filters out redundant data and analyses only relevant information, providing attack awareness without the data overload.
Symantec ManHunt also offers comprehensive security coverage from Symantec Security Response, the world's leading Internet security research and support organisation. Regular Symantec Security Updates provide the latest security context and vulnerability information, signatures and event refinement rules to protect against ever-increasing threats. Further, Symantec ManHunt now offers additional OS support for Red Hat Linux, providing a cost-effective, easy-to-deploy and manageable enterprise security solution.
Symantec ManHunt is a key component of Symantec Intrusion Protection, which offers the flexibility to implement the appropriate technology to
anticipate, detect, prevent, and mitigate attacks from internal and external intruders. Symantec Intrusion Protection consists of products and services that evolve with an organisation to meet its changing security needs as the business grows. Elements of Symantec Intrusion Protection may include network- and host-based intrusion detection and prevention, integrated appliances, early warning services, and analysis and mitigation services. Unlike point-product security vendors that provide only a single element of this strategy, Symantec offers all of these elements for comprehensive intrusion protection.
Availability
Symantec ManHunt is available through Symantec's worldwide network of value-added authorised resellers, distributors and systems integrators. Organisations can be connected with Symantec's resellers and distributors in their areas by visiting the Symantec Solution Provider locator at http://www.symantec.com.au/region/au_nz/partners/
About Symantec
Symantec Corp. (Nasdaq: SYMC), the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 36 countries. For more information, please visit www.symantec.com.au
###
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Centre at http://www.symantec.com.au/region/au_nz/PressCentre/ on Symantec's Web site. Symantec and the Symantec logo are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged
Symantec ManHunt monitors network traffic at speeds of up to two gigabits per second on up to six-gigabit interfaces, dependent upon system configuration. Its multi-layered detection architecture combines protocol anomaly detection, signature detection, denial-of-service and scan detection, and IDS evasion detection to accurately and effectively identify attacks.
Protocol anomaly detection allows administrators to identify and respond to emerging threats, such as new, variant and polymorphic exploits. It focuses on the structure and content of the communications, detecting previously unknown and new attacks as they happen. Many of today's attacks target application protocols such as HTTP, FTP, RPC, SMTP and DNS. Symantec ManHunt sensors model protocol rules to identify traffic that violates protocols, such as unexpected data, extra and invalid characters, and possible buffer overflow conditions. While similar attacks are bypassing intrusion detection solutions that are solely signature-based, Symantec ManHunt recognises such attacks as protocol anomalies and reports them to the system administrators, giving them an upper hand to respond to the new threat.
In addition, Symantec ManHunt offers extensive signature detection to enhance its multi-layered detection architecture. It also couples protocol anomaly detection with event refinement to accurately identify known attacks and exploits using well recognised industry-assigned names, which enables accurate responses to further protect networks.
Symantec ManHunt prevents attacks from damaging an organisation's critical assets through proactive response capabilities. It can be customised to terminate TCP sessions, trace the attack back to the source, enforce flow policy compliance, initiate a custom response, and send email and SNMP notifications to allow administrators to contain and control intrusions and denial-of-service attacks in real time.
To alleviate the burden of event management, Symantec ManHunt provides a state-of-the-art analysis and correlation engine. For most organisations, IDS products generate mass volumes of data, which requires both security expertise and time to sort through to find the relevant information, assess the problem, take action and merge data for reporting. Symantec ManHunt filters out redundant data and analyses only relevant information, providing attack awareness without the data overload.
Symantec ManHunt also offers comprehensive security coverage from Symantec Security Response, the world's leading Internet security research and support organisation. Regular Symantec Security Updates provide the latest security context and vulnerability information, signatures and event refinement rules to protect against ever-increasing threats. Further, Symantec ManHunt now offers additional OS support for Red Hat Linux, providing a cost-effective, easy-to-deploy and manageable enterprise security solution.
Symantec ManHunt is a key component of Symantec Intrusion Protection, which offers the flexibility to implement the appropriate technology to
anticipate, detect, prevent, and mitigate attacks from internal and external intruders. Symantec Intrusion Protection consists of products and services that evolve with an organisation to meet its changing security needs as the business grows. Elements of Symantec Intrusion Protection may include network- and host-based intrusion detection and prevention, integrated appliances, early warning services, and analysis and mitigation services. Unlike point-product security vendors that provide only a single element of this strategy, Symantec offers all of these elements for comprehensive intrusion protection.
Availability
Symantec ManHunt is available through Symantec's worldwide network of value-added authorised resellers, distributors and systems integrators. Organisations can be connected with Symantec's resellers and distributors in their areas by visiting the Symantec Solution Provider locator at http://www.symantec.com.au/region/au_nz/partners/
About Symantec
Symantec Corp. (Nasdaq: SYMC), the world leader in Internet security technology, provides a broad range of content and network security software and appliance solutions to individuals, enterprises and service providers. The company is a leading provider of client, gateway and server security solutions for virus protection, firewall and virtual private network, vulnerability management, intrusion detection, Internet content and e-mail filtering, remote management technologies and security services to enterprises and service providers around the world. Symantec's Norton brand of consumer security products is a leader in worldwide retail sales and industry awards. Headquartered in Cupertino, Calif., Symantec has worldwide operations in 36 countries. For more information, please visit www.symantec.com.au
###
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Centre at http://www.symantec.com.au/region/au_nz/PressCentre/ on Symantec's Web site. Symantec and the Symantec logo are trademarks or registered trademarks, in the United States and certain other countries, of Symantec Corporation. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged