CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

Firm looks to lure hackers

Network Associates is readying a suite of "intrusion protection" tools, including one that creates a decoy network that draws hackers in, then "stings" them.

Network Associates announced Friday a new suite of "intrusion protection" tools, including one that creates a decoy network that draws hackers in and then "stings" them.

"We are creating a network for hackers to break into. It's a virtual network, but it has all the services of a real network," Art Wong, former chief executive of Secure Networks (a Canadian firm acquired last month by Network Associates), said in an interview earlier this month.

"When they are in this virtual network, they are not in your real data. Once they go in, you can collect information on who they are, where they come from, and what vulnerabilities they try to exploit," Wong added. "You have to make it sweeter for them to access. They'll look for accounting information, secretive data, personal data--anything with passwords on it. So you put things in there that hackers would think are sensitive."

The "honey pot" software, slated for release by the end of the year, will be part of Network Associates' new CyberCop family of intrusion protection software. The security tools are designed to help network administrators detect and then ward off unauthorized users from both inside and outside the organization.

The intrusion detection market has been active in the first half of this year, with Cisco Systems, Security Dynamics, and others making forays into the space.

Network Associates also announced CyberCop Labs, researchers from the various companies it has acquired. With antivirus researchers from its core McAfee business and TIS Labs for firewall research, Network Associates has more than 150 researchers in its NAI Security Labs group.

The individual pieces in Network Associates' upcoming suite are not unique to the company, although no one else has announced a product on the "honey pot" model. Axent Technologies has several anti-intruder products. Internet Security Systems has focused on similar tools as have smaller vendors including Centrax, AbriNet, and Netect.

Like Secure Networks' "honey pot," Network Associates' CyberCop "intrusion protection" suite resulted from a string of acquisitions over the last seven months. Other elements include the following:

  • CyberCop Scanner, formerly Ballista and acquired with Secure Networks, is a network scanning tool to probe networks from the outside for security weaknesses. It recognizes 320 kinds of hacker attacks and is now shipping.

  • The existing CyberCop software, acquired in the December merger with Network General, will be rechristened CyberCop Network when version 2.0 ships in August. Dubbed a "high-tech burglar alarm," it monitors networks with software sensors at critical intersections. It also includes software licensed from WheelGroup, an intrusion detection player that Cisco bought in February.

  • CyberCop Server is another kind of intrusion detection software that guards individual servers, rather than sitting on a network, as CyberCop Network does. Formerly called Stalker and due to ship in late August, the technology is called host-based intrusion detection. It came to Network Associates in the firm's February acquisition of Trusted Information Systems, which had earlier purchased the technology from Haystack Labs.

    The individual pieces in Network Associates' upcoming suite are not unique to the company, although no one else has announced a product on the "honey pot" model. Axent Technologies has several antihacker products. Internet Security Systems has focused on similar tools, as have smaller vendors including Centrax, AbriNet, and Netect.