PGP Security, a business unit of Network Associates Inc., has introduced a network-based intrusion-detection tool, CyberCop Network 5.0, and an enhanced version of CyberCop Monitor 5.0, offering a comprehensive intrusion-detection system for companies that want to spot potential hacker activity as it occurs.
Kara Stanislawczyk, a marketing manager at PGP Security, says CyberCop Network 5.0 is the first version of CyberCop to detect potential hacker activity at the network level. Previous versions detected intrusions at the host or at the desktop computer. CyberCop Network monitors devices running multiple operating systems, and CyberCop Monitor protects Windows NT, Windows 2000, and Solaris systems. Both, says Stanislawczyk, identify common attacks, including denial-of-service attacks. Also, CyberCop's management console, which receives reports from the network and desktop agents, has been enhanced. Previously, the database was based on Microsoft Access; now the data warehouse used for storing and evaluating information is based on Microsoft SQL Server 7.0.
Analyst reaction to the release is mixed. "The latest release of CyberCop is a step in the right direction," says analyst John Pescatore of Gartner Group. "It adds network-based intrusion detection to their existing host-based and improves the management capability of previous CyberCop releases." But Pescatore says CyberCop doesn't measure up to similar offerings from competitors such as Internet Security Systems Inc. "It doesn't integrate attack signatures across host and network-based sensors, it just lets you manage both from one management console. So it isn't a major advance, but brings Network Associates closer to ISS."
Pescatore says Network Associates is late to market with its network-based intrusion-detection system, saying it's a feature that's been offered by ISS and Cisco Systems for several years. Plus, CyberCop fails to offer support for an appliance-based sensor, forcing companies to use only PC-based sensors. Still, Pescatore cited CyberCop's competitive pricing and its ease of management, installation, and deployment, which are "often problem points with companies trying out intrusion detection."
CyberCop Network and Monitor 5.0 are available now. A one-year license for one to four sensors of CyberCop Network is $4,700, and a single-year license of Monitor 5.0 is $67 per node.