Symantec Adds Needed Features to Host IDS With Recourse Acquisition

Company working to give companies unified vision of entire security architecture.

• By Matt Migliore
• 10/02/2002

The integrated product is the first major step in an effort by Symantec to bring its entire solution set together under a single management interface.

Rather than deploying a proprietary console for each security device, Symantec says it is working to give enterprises a unified vision of their entire security architecture. The initiative, which has yet to be officially launched, is called the Symantec Enterprise Security Foundation.

Mark Ungerman, director of product management for Symantec, says, “Most security solutions have a common three-tier architecture—agents or sensors, management tools, and a console for monitoring events on the network.” Given that, Ungerman says it makes sense to unify the management and console elements of network security.

Furthermore, a common security foundation may help Symantec assimilate the products of some of the other companies it has acquired this year. In addition to Recourse, Symantec announced in July the acquisitions of Mountain Wave Inc., Riptech Inc., and SecurityFocus.

By combining HID 4.0 and ManHunt, Symantec is extending the capabilities of its IDS, specifically by adding features for analyzing high-speed networks.

According to a recent report by IT analyst firm Gartner Inc., Recourse’s ManHunt IDS fills a hole for Symantec, giving it the ability to detect intrusions on multi-gigabit networks. However, the report says, despite the Recourse acquisition, Symantec will face growing market pressure as the shift away from detection systems and toward prevention systems continues.

Beyond the functionality for high-speed scanning, Ungerman says ManHunt adds a number of key elements to Symantec’s IDS offering. With ManHunt, he says Symantec can now monitor multiple networks using a single sensor. “It’s not economically feasible anymore to buy a sensor for every network in your enterprise.” He notes that ManHunt will allow Symantec to find intrusions without signatures. Ungerman cites this a major benefit, as the constant flow of new signatures has made signature-based systems difficult to manage.

Along with ManHunt, Symantec is also gaining access to Recourse’s ManTrap deception IDS. A decoy system used to attract and gather information on attacks, ManTrap is expected to help Symantec be more proactive in detecting new intrusion types.

The integrated ManHunt/HID 4.0 is slated for a December release. An official announcement on the Symantec Enterprise Security Foundation is expected “very soon,” according to Ungerman.