prevention

Accomplished hackers will always perform some sort of reconnaissance on a target network before mounting an attack - finding out details such as operating system types, application version, etc. The idea behind ActiveScout is that if the application can detect this activity it can later prevent it. Bogus host or port data traffic is marked, and the application responds to any future activity it thinks is coming from an attacker with such marked data. It then blocks the packets and stops any damage ever occurring.

Top Layer Networks' Attack Mitigator lies at the traditional end of intrusion prevention. It aims to defend against both internal and external hackers using denial-of- service (DoS) and distributed denial-of-service (DDoS), as well as giving broad protection against other well-known attacks. This is done using a mixture of stateful inspection hardware and packet inspection software.

Primary Response is the first product to come from Sana Security (formerly Company 51). The software is based on research that began in the mid-nineties and uses techniques more akin to the human immune system than conventional network security.

This product essentially takes over from where BlackICE Guard left off. The current version offers greater protocol analysis pattern-based detection and a few bug fixes thrown in for good measure.

One thing that cannot be overlooked in network security is the ability to test weaknesses like a hacker. The RETINA Network Security Scanner is one such tool - and probably one of the fastest ones on the block.

Most of the products tested in the round up for this Group Test have been primarily aimed at the larger enterprise, as they tend to have the largest pockets and more need for protection. Barbedwire Technologies aims at the more modest-sized organization with its STAR Engine intrusion prevention product.

The main idea behind this piece of technology is controlling who or what makes calls to the operating system kernel. This protects file and registry from attackers and is particularly effective when software patches are unavailable.

This suite of applications consists of the main Sygate Management Server, Security Agent for servers and workstations, a VPN and wireless security application. These enforce security policies at those particular entry points onto the corporate LAN. The idea behind this is to secure as many points of the network from one suite of applications, and it certainly appears to work well enough.