Two of the products that it unveiled Monday fall into the major categories of intrusion-detection systems (IDSes): software that runs on and protects individual servers, known as a host-based IDS, and appliances that detect potentially hostile data traversing a corporate network, known as a network IDS. In addition, the company announced that it would enter the "honey pot" arena--offering software that detects attacks by emulating computers in hopes of attracting intruders.
Symantec believes that different companies will focus on different types of intrusion-detection capabilities, so it plans to broadly cover the market, said John Harrison, the company's product manager.
"We believe there is a place for IDS--that it plays a critical role in protecting organisations," Harrison said. "It needs to be flexible. There is not one type of solution for every company."
Intrusion-detection systems have a bad reputation for triggering alerts based on innocuous data and inundating security administrators with false alarms. The problem has led one analyst firm--Gartner--to declare the technology a failure. However, Symantec and other security companies continue to bet that improvements in the technology will solve the problems.
Symantec Manhunt 3.0, designed to protect corporate networks, can analyse network data at 2 gigabits per second and combines detection that's based on both attack signatures and program behaviour, the company said. It builds on technology that it acquired from Recourse Technologies, which Symantec bought last July. The new honey pot software, Decoy Server, comes from Recourse as well, based on that company's ManTrap system.
Symantec's host-based system has a longer history with the company, coming out of its purchase of Accent in early 2001. Symantec Host IDS 4.1 runs on servers, detecting attacks and intrusions. It is not unlike antivirus systems.
The company's main rival, Network Associates, is also looking to snare a part of the IDS market with two recent purchases. In April, the company bought Entercept, a maker of host-based intrusion detection systems, for US$120 million in cash. Earlier that month, Network Associates also announced that it would buy IntruVert Networks, a maker of network intrusion-detection systems, for $100 million.
