Forwarded From: William Knowles <erehwon@kizmiaz.dis.org>
[News.com] (6.26.98) Network Associates is expected to announce
Monday a new suite of "intrusion protection" tools, including
one that creates a decoy network that draws hackers in,
then "stings" them.
"We are creating a network for hackers to break into. It's a
virtual network, but it has all the services of a real network,"
Art Wong, former chief executive of Secure Networks, a Canadian
firm acquired last month by Network Associates, said in an
interview earlier this month.
"When they are in this virtual network, they are not in your
real data. Once they go in, you can collect information on who
they are, where they come from, and what vulnerabilities they
try to exploit," Wong added. "You have to make it sweeter for
them to access. They'll look for accounting information, secretive
data, personal data--anything with passwords on it. So you put
things in there that hackers would think are sensitive."
The "honey pot" software, slated for release by the end of the
year, is due to be announced Monday with Network Associates'
intrusion protection suite, according to sources familiar with
the announcement.
The security tools are designed to help network administrators
detect, then ward off unauthorized users from both inside and
outside the organization who are trying to break into data or
networks without permission.
The intrusion detection market has been active in the first half
of this year, with Cisco Systems, Security Dynamics, and others
making forays into the space.
Like Secure Networks' "honey pot," many of the technologies in
the "intrusion protection" suite came to Network Associates in
a string of acquisitions in the last seven months. Other elements
expected to be announced in the suite include the following:
* The existing CyberCop software, acquired in the December merger
with Network General. Dubbed a "high-tech burglar alarm," it
monitors networks with software sensors at critical intersections.
It also includes software licensed from WheelGroup, an intrusion
detection player Cisco bought in February.
* Ballista, a network scanning tool to probe networks from outside
for security weaknesses. It was Secure Networks' first product.
* Stalker, another kind of intrusion detection software that
guards individual servers, rather than sitting on a network,
as CyberCop does. Called host-based intrusion detection, this
technology came to Network Associates with its February
acquisition of Trusted Information Systems, which had earlier
purchased the technology with Haystack Labs.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Jun 29 10:24:31 1998