Top 100 Computer Companies
Network Associates Announces CyberCop 5.0
With Decoy 'Sting' Capabilities and Real-Time Intrusion Protection
Real-Time Response and Decoy Sting Capabilities Added to Industry's Most Highly Rated
Solution for Proactive Vulnerability Assessment
OAKLAND, Calif., April 5 /PRNewswire/ -- Network Associates, Inc.
(Nasdaq: NETA) today announced the next generation of its industry-leading CyberCop family
of intrusion protection products. The CyberCop Intrusion Protection suite encompasses
three applications, including the new CyberCop Sting, a unique new "decoy"
server that traces and tracks hackers who attempt to break in and gathers critical audit
information on their activities.
The suite also includes CyberCop Monitor, a new real-time intrusion detection
application that monitors critical systems and networks for signs of attack. CyberCop
Monitor's innovative architecture breaks new ground for intrusion detection technology
with its unique ability to catch break-in attempts even on today's fastest high-speed
networks. CyberCop Scanner, the industry's most powerful network vulnerability scanner and
recent winner of multiple industry awards, is now "Active Security enabled." The
CyberCop products are a core component of Network Associates' new Active Security product
line, which integrates best-of-breed security products, like Gauntlet, PGP and CyberCop,
to address the growing complexity of enterprise networks. This announcement was made today
before an audience of customers, press, analysts, partners and industry luminaries at
"The Net," the newly-christened Network Associates Coliseum in Oakland, Calif.
CyberCop products address the need for a comprehensive solution to capture information
about users' actions and compare it to established security policies. Current security
offerings are ill-equipped to meet an enterprise's need to track actions taken on
high-speed networks, or to slow the spread of self-propagating information-gathering
agents that blur the lines between viruses and sophisticated stealth hacking tools.
Increased network speeds, encrypted traffic and savvy hackers are some of the challenges
facing those who deploy first-generation network-based intrusion detection products. In
contrast, CyberCop's next-generation agents track activity directly at the server level,
where the data lives and the damage is done.
CyberCop Sting -- Tracing and Tracking Hackers
CyberCop Sting addresses the most unfulfilled need: the need for reliable information
on what a hacker is trying to do on a specific network. CyberCop Sting is an innovative
new "decoy" server designed to let corporations catch potential snoopers in the
act, effectively keeping them "on-the-line" while Sting records all activity and
gathers information about the session. CyberCop Sting operates by placing fictitious
corporate data on a specially outfitted server that combines low security protection with
sophisticated monitoring technology. This combination allows IS managers to monitor
suspicious activity on their corporate network and identify potential problems before any
real data is jeopardized.
CyberCop Monitor -- Real-Time Intrusion Detection for High-Speed Networks Intrusion
detection products solve a real problem by tracking actions taken once an intruder finds a
way on to a network, or an internal employee begins exploring. By monitoring packet flow
across a network, network-based intrusion detection products attempt to reconstruct and
understand a user's actions. Today's first generation intrusion detection systems,
however, cannot reliably detect intrusions on networks faster than 10-20 Mbps. Nor can
they reliably detect suspicious activity on modern switched networks or encrypted lines.
Furthermore, because network-based intrusion detection systems have limited visibility
into the actual systems hackers are attempting to break into, many attacks go completely
unnoticed. Experts have identified at least 26 important attack techniques, in fact, that
typically elude detection by network-based intrusion detection systems. In other words,
with network-based intrusion detection, the odds favor the hacker every time. (A technical
white paper addressing the shortcomings of first-generation network intrusion detection
systems is available at http://www.nai.com/activesecurity/whitepapers.asp).
CyberCop Monitor, a new addition to the CyberCop family, is a groundbreaking
agent-based intrusion detection product that monitors desktops, servers, and network
communications throughout the enterprise in real-time for signs of attack. CyberCop
Monitor's unique "intelligent agent" technology overcomes the limitations that
have plagued first-generation intrusion detection products through its use of a highly
scalable and secure manager-agent architecture. This approach combines the deployment of
intelligent agents on desktops and servers with centralized management and rapid hacker
signature updates. By tracking all types of intrusion activity directly at the point of
attack instead of attempting to scan the network at large, CyberCop Monitor offers
significantly more accurate and comprehensive protection against attempted security
CyberCop Scanner -- #1 Rated Vulnerability Assessment Scanner Gets
The CyberCop Intrusion Protection suite builds on the success of CyberCop Scanner, the
industry's most flexible and powerful network vulnerability scanner. The new CyberCop
Scanner 5.0, now shipping, proactively scans corporate networks for vulnerabilities,
offering a prioritized overview of current security risks, graphical trend analysis
reports, and specific instructions on how to fix each vulnerability detected. The new
version includes a wide range of additional vulnerability checks, advanced new reporting
capabilities, and the industry's only fully automated update technology, ensuring that
customers are always up-to-date with the latest hacker attack signatures from NAI Labs,
the security research division of Network Associates, Inc. CyberCop Scanner's
market-leading capabilities have lead to a string of recent industry awards, including a
win over previous market leader ISS (Nasdaq: ISSX) in the industry's first head-to-head
comparison of the leading intrusion protection scanners. (Complete text of the review is
available online at http://www.infoworld.com/cgi- bin/displayTC.pl?/990208comp.htm).
"We chose CyberCop Scanner as the best tool on the market to help check networks
periodically for possible security vulnerabilities as it gave the most useful and accurate
results of all the security scanners we tested," said Jay Chaudrhy, executive vice
president and general manager of VeriSign, Inc.'s SecureIT division. "CyberCop has
already proven itself on our customers' networks, and the potential for active response
capabilities has fundamentally changed the way we plan network security."
The new 5.0 version of CyberCop is also "Active Security" enabled, allowing
it to automatically communicate with other security and management products on the network
when critical vulnerabilities are discovered. For example, if CyberCop Scanner detects an
important vulnerability on a critical web server at 2 a.m., it can automate enforcement of
the corporate security policy by instructing the firewall to immediately restrict access
to that server until the problem can be fixed. Because Active Security integration also
includes management applications like the help desk, CyberCop Scanner can also
automatically generate, assign and populate help desk work tickets for less-critical
vulnerabilities, giving security administrators the ability to systematically manage down
their overall risk profile using existing business processes.
CyberCop Scanner ships with the industry's most comprehensive database of security
vulnerabilities, each of which it can scan for, identify and provide information to fix.
In addition, the product contains Network Associates' patent-pending AutoUpdate
technology, which allows customers to continually add new updates to the local database as
they are discovered by NAI Labs. Unlike competitors who expect their customers to perform
full software upgrades once per quarter to keep products current with the latest hacker
threats, Network Associates supports its customers with automatic monthly updates to its
signature database, and rapid-response updates available in real-time as serious threats
come to light. This proven model, based on Network Associates' VirusScan technology, keeps
CyberCop customers protected from critical vulnerabilities as they are found both "in
the wild" and by NAI Labs researchers.
CyberCop Scanner, Monitor and Sting are core components of the Network Associates
Active Security product line. Network Associates' integrated Active Security solution,
announced and shipping today, addresses the growing complexity of enterprise networks -
challenging the current state of affairs whereby security products work as standalone
components, allowing threats to "fall through the cracks." The Net Tools Secure
suite from Network Associates combines best-of-breed security products like Gauntlet,
CyberCop, PGP and VirusScan. All integrated communications between the component products
occur through an authenticated, standards-based secure communication coordinator known as
Event Orchestrator. This revolutionary "hub and spoke" integration method helps
make the long sought-after goal of central security policy and event correlation a
practical reality for corporations of all sizes.
Pricing and Availability
The new Active Security enabled version of CyberCop Scanner 5.0 is available and
shipping today. CyberCop Monitor and CyberCop Sting will be available in the second
quarter of 1999 as both standalone products and as part of the CyberCop suite. The entire
CyberCop suite is priced at $17 per seat for a 1,000 user license. The CyberCop suite can
also be purchased as a component of Net Tools Secure, Network Associates' comprehensive
security offering of anti-virus, intrusion protection, firewall, encryption,
authentication, VPN and PKI solutions. Pricing for Net Tools Secure begins at $64 a seat
for 1,000 users. All new CyberCop upgrades ship free of charge to existing customers under
Network Associates' subscription pricing model.
With headquarters in Santa Clara, Calif., Network Associates, Inc. is a leading
supplier of enterprise network security and management software. Network Associates' Net
Tools Secure and Net Tools Manager offer best-of- breed, suite-based network security and
management solutions. Net Tools Secure and Net Tools Manager combine to create Net Tools
which centralizes these point solutions within an easy-to-use, integrated systems
management environment. For more information, Network Associates can be reached at
408-988-3832 or on the Internet at http://www.nai.com.
PGP, CyberCop, VirusScan, Event Orchestrator and Net Tools are registered trademarks of
Network Associates, Inc. and/or its affiliates in the US and other countries. All other
registered and unregistered trademarks in the document are the sole property of their