In-Depth

Briefs: Bytware's Native iSeries Antivirus; Symantec Updates IDS Software

Bytware introduces native IBM iSeries virus detection; Symantec updates three intrusion detection system products

• By Mathew Schwartz
• 07/09/2003

Security software company Bytware Inc. released native virus detection for the IBM eServer iSeries and OS/400. The product, StandGuard Anti-Virus, is the first, and only, native iSeries virus detection solution. It uses the latest-generation scanning engine from antivirus vendor McAfee (a business unit of Network Associates Inc.). StandGuard includes virus signature detection, heuristic analysis, and virus-cleaning capabilities.

Previously, iSeries administrators needed to use a PC to scan for any viruses in the Integrated File System (IFS). Because of performance, security and stability concerns associated with using a PC to scan the IFS, however, it was not an ideal solution. Bytware says that in addition to increasing antivirus scanning security and performance, the product is more stable because it runs natively. The scanning engine can also scan compressed files, decompress files to scan them, and detect many kinds of polymorphic viruses, Trojan executables, worms, and other malicious software.

For more information, see www.bytware.com/.

Symantec Updates IDS Software

Symantec announced improvements in three of its intrusion detection system (IDS) products: Symantec ManHunt 3.0, Symantec Decoy Server, and Symantec Host IDS 4.1.

The 3.0 ManHunt release includes improved detection capabilities, enhanced management, comprehensive security coverage, and expanded platform support.

Symantec ManHunt 3.0 monitors network traffic at speeds of up to two gigabitsper second, provides real-time threat analysis, and proactive prevention and response capabilities for protecting against both new threats and denial-of-service attacks. To protect against new, variable, and polymorphic attacks, the software blocks traffic that violates protocols, such as unexpected data, extra and invalid characters, andpossible buffer overflow conditions.

Given the threat of “complex attacks on corporate networks,” companies need “a sophisticated solution that can outpace new and emerging security threats, protect networks, and ensure the safety of critical business assets," notes Sandeep Kumar, director of product management at Symantec.

Symantec’s honeypot software, Decoy Server, also sports new features: improved threat response mechanisms, an improved decoy environment, and improved logging and reporting.

Decoy Sensor is an add-on to Symantec’s intrusion detection software. Since no legitimate traffic should approach the Decoy Sensor, any traffic equals suspicious traffic, which can warn administrators of an attack in progress. “Honeypots supplement security solutions such as firewalls and other intrusion detection systems, providing advanced decoy technology and early detection sensors. In addition to the forensic elements, honeypots can be used as a tool for reducing false positives," says Charles Kolodgy, a security research director at International Data Corp.

Finally, Symantec added new features to its Host IDS 4.1 software, including improved intrusion prevention, additional platform support, new management capabilities, and mostly notably, real-time prevention capabilities. To lower the total cost of ownership, Host IDS integrates with Symantec’s common data collection, logging, reporting, and security management software, the Symantec Security Management System.

For additional product information, visit www.symantec.com/.