../../graphics/grm52-3.gif

Background & Trends
    Internet Background
    Silicon Valley History
    Silicon to Internet Valley
    Bay Area Regional Guide

Industry Leaders
   Top 100 Banks
    Top 100 Companies
    Top 100 Magazines

E-commerce  Services
   Case Study: IBM
    Criteria

    iFactor
    Web Influence
    Hyperlink Mechanics
    FAQ & Contact Info

Internet Valley, Inc.
    HyperBook
    Community
    Feedback

Mirrors
    Mountain View
    San Francisco #1
    San Francisco #2
    European Mirror

 

Top 100 Computer Companies

Company News

 

Network Associates Announces CyberCop 5.0 With Decoy 'Sting' Capabilities and Real-Time Intrusion Protection

 

Real-Time Response and Decoy Sting Capabilities Added to Industry's Most Highly Rated Solution for Proactive Vulnerability Assessment

OAKLAND, Calif., April 5 /PRNewswire/ -- Network Associates, Inc. (Nasdaq: NETA) today announced the next generation of its industry-leading CyberCop family of intrusion protection products. The CyberCop Intrusion Protection suite encompasses three applications, including the new CyberCop Sting, a unique new "decoy" server that traces and tracks hackers who attempt to break in and gathers critical audit information on their activities.

The suite also includes CyberCop Monitor, a new real-time intrusion detection application that monitors critical systems and networks for signs of attack. CyberCop Monitor's innovative architecture breaks new ground for intrusion detection technology with its unique ability to catch break-in attempts even on today's fastest high-speed networks. CyberCop Scanner, the industry's most powerful network vulnerability scanner and recent winner of multiple industry awards, is now "Active Security enabled." The CyberCop products are a core component of Network Associates' new Active Security product line, which integrates best-of-breed security products, like Gauntlet, PGP and CyberCop, to address the growing complexity of enterprise networks. This announcement was made today before an audience of customers, press, analysts, partners and industry luminaries at "The Net," the newly-christened Network Associates Coliseum in Oakland, Calif.

CyberCop products address the need for a comprehensive solution to capture information about users' actions and compare it to established security policies. Current security offerings are ill-equipped to meet an enterprise's need to track actions taken on high-speed networks, or to slow the spread of self-propagating information-gathering agents that blur the lines between viruses and sophisticated stealth hacking tools. Increased network speeds, encrypted traffic and savvy hackers are some of the challenges facing those who deploy first-generation network-based intrusion detection products. In contrast, CyberCop's next-generation agents track activity directly at the server level, where the data lives and the damage is done.

CyberCop Sting -- Tracing and Tracking Hackers

CyberCop Sting addresses the most unfulfilled need: the need for reliable information on what a hacker is trying to do on a specific network. CyberCop Sting is an innovative new "decoy" server designed to let corporations catch potential snoopers in the act, effectively keeping them "on-the-line" while Sting records all activity and gathers information about the session. CyberCop Sting operates by placing fictitious corporate data on a specially outfitted server that combines low security protection with sophisticated monitoring technology. This combination allows IS managers to monitor suspicious activity on their corporate network and identify potential problems before any real data is jeopardized.

CyberCop Monitor -- Real-Time Intrusion Detection for High-Speed Networks Intrusion detection products solve a real problem by tracking actions taken once an intruder finds a way on to a network, or an internal employee begins exploring. By monitoring packet flow across a network, network-based intrusion detection products attempt to reconstruct and understand a user's actions. Today's first generation intrusion detection systems, however, cannot reliably detect intrusions on networks faster than 10-20 Mbps. Nor can they reliably detect suspicious activity on modern switched networks or encrypted lines. Furthermore, because network-based intrusion detection systems have limited visibility into the actual systems hackers are attempting to break into, many attacks go completely unnoticed. Experts have identified at least 26 important attack techniques, in fact, that typically elude detection by network-based intrusion detection systems. In other words, with network-based intrusion detection, the odds favor the hacker every time. (A technical white paper addressing the shortcomings of first-generation network intrusion detection systems is available at http://www.nai.com/activesecurity/whitepapers.asp).

CyberCop Monitor, a new addition to the CyberCop family, is a groundbreaking agent-based intrusion detection product that monitors desktops, servers, and network communications throughout the enterprise in real-time for signs of attack. CyberCop Monitor's unique "intelligent agent" technology overcomes the limitations that have plagued first-generation intrusion detection products through its use of a highly scalable and secure manager-agent architecture. This approach combines the deployment of intelligent agents on desktops and servers with centralized management and rapid hacker signature updates. By tracking all types of intrusion activity directly at the point of attack instead of attempting to scan the network at large, CyberCop Monitor offers significantly more accurate and comprehensive protection against attempted security breaches.

CyberCop Scanner -- #1 Rated Vulnerability Assessment Scanner Gets "Active"

The CyberCop Intrusion Protection suite builds on the success of CyberCop Scanner, the industry's most flexible and powerful network vulnerability scanner. The new CyberCop Scanner 5.0, now shipping, proactively scans corporate networks for vulnerabilities, offering a prioritized overview of current security risks, graphical trend analysis reports, and specific instructions on how to fix each vulnerability detected. The new version includes a wide range of additional vulnerability checks, advanced new reporting capabilities, and the industry's only fully automated update technology, ensuring that customers are always up-to-date with the latest hacker attack signatures from NAI Labs, the security research division of Network Associates, Inc. CyberCop Scanner's market-leading capabilities have lead to a string of recent industry awards, including a win over previous market leader ISS (Nasdaq: ISSX) in the industry's first head-to-head comparison of the leading intrusion protection scanners. (Complete text of the review is available online at http://www.infoworld.com/cgi- bin/displayTC.pl?/990208comp.htm).

"We chose CyberCop Scanner as the best tool on the market to help check networks periodically for possible security vulnerabilities as it gave the most useful and accurate results of all the security scanners we tested," said Jay Chaudrhy, executive vice president and general manager of VeriSign, Inc.'s SecureIT division. "CyberCop has already proven itself on our customers' networks, and the potential for active response capabilities has fundamentally changed the way we plan network security."

The new 5.0 version of CyberCop is also "Active Security" enabled, allowing it to automatically communicate with other security and management products on the network when critical vulnerabilities are discovered. For example, if CyberCop Scanner detects an important vulnerability on a critical web server at 2 a.m., it can automate enforcement of the corporate security policy by instructing the firewall to immediately restrict access to that server until the problem can be fixed. Because Active Security integration also includes management applications like the help desk, CyberCop Scanner can also automatically generate, assign and populate help desk work tickets for less-critical vulnerabilities, giving security administrators the ability to systematically manage down their overall risk profile using existing business processes.

CyberCop Scanner ships with the industry's most comprehensive database of security vulnerabilities, each of which it can scan for, identify and provide information to fix. In addition, the product contains Network Associates' patent-pending AutoUpdate technology, which allows customers to continually add new updates to the local database as they are discovered by NAI Labs. Unlike competitors who expect their customers to perform full software upgrades once per quarter to keep products current with the latest hacker threats, Network Associates supports its customers with automatic monthly updates to its signature database, and rapid-response updates available in real-time as serious threats come to light. This proven model, based on Network Associates' VirusScan technology, keeps CyberCop customers protected from critical vulnerabilities as they are found both "in the wild" and by NAI Labs researchers.

CyberCop Scanner, Monitor and Sting are core components of the Network Associates Active Security product line. Network Associates' integrated Active Security solution, announced and shipping today, addresses the growing complexity of enterprise networks - challenging the current state of affairs whereby security products work as standalone components, allowing threats to "fall through the cracks." The Net Tools Secure suite from Network Associates combines best-of-breed security products like Gauntlet, CyberCop, PGP and VirusScan. All integrated communications between the component products occur through an authenticated, standards-based secure communication coordinator known as Event Orchestrator. This revolutionary "hub and spoke" integration method helps make the long sought-after goal of central security policy and event correlation a practical reality for corporations of all sizes.

Pricing and Availability

The new Active Security enabled version of CyberCop Scanner 5.0 is available and shipping today. CyberCop Monitor and CyberCop Sting will be available in the second quarter of 1999 as both standalone products and as part of the CyberCop suite. The entire CyberCop suite is priced at $17 per seat for a 1,000 user license. The CyberCop suite can also be purchased as a component of Net Tools Secure, Network Associates' comprehensive security offering of anti-virus, intrusion protection, firewall, encryption, authentication, VPN and PKI solutions. Pricing for Net Tools Secure begins at $64 a seat for 1,000 users. All new CyberCop upgrades ship free of charge to existing customers under Network Associates' subscription pricing model.

With headquarters in Santa Clara, Calif., Network Associates, Inc. is a leading supplier of enterprise network security and management software. Network Associates' Net Tools Secure and Net Tools Manager offer best-of- breed, suite-based network security and management solutions. Net Tools Secure and Net Tools Manager combine to create Net Tools which centralizes these point solutions within an easy-to-use, integrated systems management environment. For more information, Network Associates can be reached at 408-988-3832 or on the Internet at http://www.nai.com.

PGP, CyberCop, VirusScan, Event Orchestrator and Net Tools are registered trademarks of Network Associates, Inc. and/or its affiliates in the US and other countries. All other registered and unregistered trademarks in the document are the sole property of their respective owners.

 

Network Associates Contact
Tony Welz
408-346-3021

 

 

calif210.gif (13517 bytes)

Suggestions, comments,  questions? Contact us

 

Copyright 1995-1999, InternetValley Inc.