18 Introduction
About the Symantec Network Security foundation
of protocol anomaly detection, stateful signatures, event refinement, traffic
rate monitoring, IDS evasion handling, flow policy violation, IP
fragmentation reassembly, and user-defined signatures.
■ Zero-Day Attack Detection: Symantec Network Security's protocol anomaly
detection helps detect previously unknown and new attacks as they occur.
This capability, dubbed “zero-day” detection, closes the window of
vulnerability inherent in signature-based systems that leave networks
exposed until signatures are published.
■ Symantec SecurityUpdates with LiveUpdate: Symantec Network Security
now includes LiveUpdate, allowing users to automated the download and
deployment of regular and rapid response SecurityUpdates from Symantec
Security Response, the world's leading Internet security research and
support organization. Symantec Security Response provides top-tier
security protection and the latest security context information, including
exploit and vulnerability information, event descriptions, and event
refinement rules to protect against ever-increasing threats.
■ Real-Time Event Correlation and Analysis: Symantec Network Security's
correlation and analysis engine filters out redundant data and analyzes only
the relevant information, providing threat awareness without data overload.
Symantec Network Security gathers intelligence across the enterprise using
cross-node analysis to quickly spot trends and identify related events and
incidents as they happen. In addition, new user-configurable correlation
rules enable users to tune correlation performance to meet the needs of
their own organization and environment.
■ Full packet capture, session playback and flow querying capabilities:
Symantec Network Security can be configured on a per-interface basis to
capture the entire packet when an attack is detected so that you can quickly
determine if the offending packet is a benign event that can be filtered or
flagged for further investigation. Automated response actions can initiate
traffic recording and flow exports, and you can query existing or saved flows
as well as playback saved sessions to further assist in drill-down analysis of
a security event.
■ Proactive Response Rules: Contains and controls the attack in real-time and
initiates other actions required for incident response. Customized policies
provide immediate response to intrusions or denial-of-service attacks based
on the type and the location of the event within the network. Symantec
Network Security implements session termination, traffic recording and
playback, flow export and query, TrackBack, and custom responses to be
combined with email and SNMP notifications to protect an enterprise's most
critical assets.