Symantec's Realtime Manhunt Tracks Network Intrusions, Provides Protection

Those features prove to be valuable allies for detecting and mitigating network attacks. In many cases the prevention of denial-of-service attacks alone justifies investment in the product, especially for e-commerce and customer-service-related Web sites. Solution providers will find demonstrating the costs resulting from intrusions can help to ease the sales process. After all, a security product is often judged on what it can save a business rather than on its initial costs.

\

FRANK J. OHLHORST

Technology Editor

Manhunt is a software client/server product designed to run on a dedicated, Symantec-certified server hardware platform using either Solaris 8 (both 64-bit and Intel platforms are supported) or Red Hat Linux 8 (2.4 kernel, Intel-only) operating systems. The client portion of the product works over IP on Sun Java 2 Runtime Environment V1.4 (Windows/Solaris/Linux platforms). CRN Test Center engineers evaluated the product on a 64-bit Sun server running Solaris 8.

Initial setup of the product can be quite complex, mostly due to the intricacies put forth by a Unix platform. Installers familiar with the target OS should have no problem following Symantec's set-up guide, while those looking for the ever-familiar Windows-based install wizards might be stumped by the process. After installation, administrators need to activate product licenses, create user accounts and build the network topology database, which is the key to effectively deploying Manhunt. Installers will need to populate Manhunt's network topology tree with information about a network's connected and monitored devices.

Part of that process is defining hardware that is attached to particular NICs. Manhunt is designed for speed and can support as many as six Gigabit Ethernet interfaces or 12 10/100 Ethernet interfaces.

id
unit-1659132512259
type
Sponsored post

Manhunt uses a two-tier dedicated server console approach. The console system is where all of the management tasks take place. Requirements are light for a console system, but users will need to install Java 2 Runtime Environment V1.4 to run the consoles. Manhunt does not offer a browser-based console, which would simplify setup and management but could open the unit to unauthorized access.

Manhunt's main strengths lie in its ability to identify intrusions by using a combination of protocol anomaly detection and signature detection. For effective signature detection, administrators will have to manually update the signature database frequently. Future versions of Manhunt will employ Symantec's live update service, which will automate signature and product updates.

Administrators will need to define what styles of intrusions to look for and how to respond to those intrusions, which gives administrators a near infinite variety of options. Leveraging those options requires extensive security knowledge, creating both training and support opportunities for solution providers.

Manhunt offers extensive reporting capabilities; reports can be scheduled and automatically generated and delivered by e-mail in either text or HTML formats. Manual report generation offers PDF formats for those looking to package reports, which can be defined to illustrate most any occurrence or element encountered.

Manhunt starts at $8,995, depending on bandwidth, and a 20 percent margin is available.

Symantec's five-tier channel program, based on a partner's commitment to Symantec and technical capabilities, offers a number of leads, technical support, discounts and amount of interaction with support engineers. Field-based systems engineers provide support, assist in integrations and make joint-sales calls.

Symantec's partner Web site includes a co-branded marketing program, general technical training programs and technical facilitation packs, which train partners in designing specific, complex solutions. Solution providers must pass the Manhunt Technical Assessment test and achieve the Symantec Certified Security Engineer in intrusion protection certification to sell Manhunt.

Manhunt offers a robust platform for sites looking to document and prevent intrusions while fortifying security. Solution providers can offer Manhunt as part of an overall outsourced security service or choose to sell the product directly into enterprises.

CHANNEL PROGRAM SNAPSHOTS
>SYMANTEC MANHUNT 3.0

COMPANY: Symantec
Cupertino, Calif.
(408) 517-8000
www.symantec.com
DISTRIBUTORS: Arrow, Douglas Stewart, Ingram Micro, Synnex, Tech Data
TECH RATING:


CHANNEL RATING:

Note: Vendors can earn up to five stars for technical merit and five for their channel program. If the average of these two scores is four stars or greater, the product earns CRN Test Center Recommended status.