CyberCop wards off hackers
Network Associates' new intrusion detection software indicates a trend: Network and security management are merging under the control of corporate IS departments.
CyberCop also is the first new product to emerge from Network Associates since it was created last fall in the merger of McAfee Associates and Network General.
The product spotlights the premise behind the merger--that network and security management are merging under the control of corporate IS departments.
"It represents the direction--we think we're going to be a large player in security," said Katherine Stolz, CyberCop product manager for Network Associates. "In the past, there has been a feeling that intrusion detection is the realm of the hacker or ex-hacker--that it's a black art. We see security moving from that niche concept to a standard IS function."
Originally announced in September as a hardware device, CyberCop is now pure software but requires a PC host, a move that is consistent with the former McAfee's software orientation. When the deal was announced, some observers questioned the compatibility of McAfee's software orientation with Network General's product line.
"It's a pretty big deal," said Forrester analyst Ted Julian, noting that the entry of a big player like Network Associates validates the market for users, making it easier to get funding for products in the intrusion detection category.
"It's an indication of Network Associates' interest in security products--they could have spun that technology in several different ways, but CyberCop is a very security-focused product," he added.
Network Associates calls CyberCop a "high-tech burglar alarm" to guard networks from outside as well as internal attacks. The product monitors networks with software sensors at critical intersections; the sensors then notify a management server. If there is an intrusion, the software sounds an alarm and can send an email or pager message to the network manager.
For Network Associates, CyberCop is a crossover product that combines the network management orientation of Network General with the budding security focus of McAfee, best known for its antivirus software but making a play into the broader security space.
Network Associates also plans to provide a "scanning tool" that will proactively probe networks for security weaknesses, Stolz said, as opposed to just passively monitoring the network for untoward activity. The unnamed scanning software will be linked to CyberCop.
CyberCop includes technology created for Network General's Sniffer network management software plus code licensed from intrusion detection player WheelGroup.
The tool is designed for ease of use and offers browser-based remote management, according to the company. It can be deployed in stealth mode so hackers and internal users don't know it's running. Its sensors can reconfigure a device when an intrusion is noticed, thus cutting off an attack.
CyberCop comes with six profiles for common places where sensors would be placed on networks--modem pools for remote connections, Internet gateway, direct connections to customers, and so on.
But for other intrusion detection vendors, Network Associates' entry ups the stakes. "And it probably won't stop here either," Julian predicted.
Internet Security Systems, which filed last month for an IPO, is generally regarded as the market leader for intrusion detection, with an estimated 35 percent market share, according to the Aberdeen Group in a report released last month.
Axent, which last week closed its acquisition of firewall vendor Raptor, has 23 percent share, Aberdeen estimated, followed by Intrusion Detection Incorporated at 12 percent, TIS/Haystack with 8 percent, then SAIC, AbriNet, and WheelGroup with 5 percent apiece.
The software ships on February 27 for a list price of $8,995 per sensor and $14,995 for a central server. Both also require dedicated hardware, and Network Associates has certified specific PCs from Dell as recommended hosts.