October 29, 1999 Web posted at: 9:21 a.m. EDT (1321 GMT) by Ellen Messmer

From...

(IDG) -- Desktop management vendor ClickNet Software is jumping into the security field with a product called Entercept that detects and prevents hacker attempts on servers and PCs.

Entercept seeks to prevent hacker activity through host-based server and desktop "agent" software that observes each request made to the operating system and checks to see if it's legitimate by comparing it to a list of known "attack signatures." The NT-based Entercept console can institute a security policy for up to 1,000 of these software agents and generate alerts if trouble is detected.

MORE COMPUTING INTELLIGENCE

IDG.net home page

Network World Fusion home page

Free Network World Fusion newsletters

ISS upgrades intrusion-detection product suite, 8/16/99

Top 5 intrusion detection downloads

Reviews & in-depth info at IDG.net

IDG.net's network management software page

Year 2000 World

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletter for network experts

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

ClickNet didn't develop the Entercept product but rather bought it by acquiring Israeli-based start-up Corekt earlier this year for an undisclosed price, acknowledges Christopher Tomlinson, ClickNet's vice president of marketing.

"Corekt was still in the research phase, and their 15 security experts joined our staff," Tomlinson says.

ClickNet will continue marketing its traditional desktop management software, but the firm wants to remake itself into a security firm, he adds. The reason? "The growth in the security market," says Tomlinson, citing an International Data Corp. report predicting that the $2 billion market will triple in three years.

Can a 5-year-old privately held firm such as ClickNet, without known security expertise, convince the corporate world to give it a chance? Aberdeen Group analyst Eric Hemmendinger is ready to give the firm the benefit of the doubt. "A company that has a history already and knows how to run a business probably has a leg up on a start-up that's unknown," he says.

The Entercept product will be formally unveiled in mid-November. A few companies, including EMC, say they are preparing to beta test it.

Entercept will ship with NT and Solaris agent software that can evaluate every incoming request for system resources, such as opening a file, read-write, or a request to access a device. The user names and privileges are defined by the NT domain controller in the NT-based Entercept console, says Oace Dada, senior product manager for security at ClickNet.

At present, Entercept knows about 300 types of attacks, such as buffer overflows and Trojan horses like BackOrifice. As new attacks are identified, the Entercept console can download them in encrypted fashion from the clicknet.com Web site. The agent software can communicate with the Entercept console every 30 seconds as a default setting to get the attack signature updates. If the agent software on the server sees an attack, it can terminate the session, log it or send an alert.

The Entercept console will cost $5,000, with server agents costing $1,000 and desktop agents $95 each.