Extreme teamed up with Internet Security Systems to create a prototype for implementing intrusion prevention within the Extreme BlackDiamond core switch.
The prototype exploits the ExtremeXOS switch operating system, which provides XML interface hooks to allow integration of third-party technology with the BlackDiamond switch, to allow the switch to monitor all traffic flows and direct those flows requiring deeper inspection to the ISS Proventia Intrusion Prevention System.
Such integration allows intrusion prevention to scale across the enterprise network at speeds of up to 100G bps.
It also makes it possible to apply IPS security to traffic within the internal enterprise network.
Beyond the ISS prototype, Extreme partnered with StillSecure to add another Sentriant integrated security appliance to its growing line—this time adding strong authentication and network access management.
From the partnership Extreme developed the Sentriant Access Guard appliance, which provides authentication and hardware-level policy enforcement.
The Sentriant AG tests end points attempting to access the network to insure they comply with security policies.
Using Extremes implementation of the IEEEs 802.1x standard in its BlackDiamond switches, the new security appliance puts end points on appropriate virtual LANs based on the test results.
End points can be put into quarantine VLANs, guest VLANs or production VLANs, or they can be denied access.
The security tests can be extended to users coming from the LAN, from a virtual private network or from a remote access system.
Extreme also partnered with CipherOptics to bring policy-based strong encryption to Extremes growing Virtual Security Resource appliance line.
The result of their work is the new Sentriant CE150, which can apply encryption only to sensitive data—ignoring unimportant traffic so that precious cryptographic resources are not wasted.
The policy-based security can be applied across the entire network as an on-demand service.
Extreme Networks CEO Gordon Stitt said he believes that by opening its Extreme XOS operating system up to closer integration of best-of-breed advanced services functions, such as these new security offerings, it can offer customers better alternatives to closed, proprietary single vendor offerings.
"We virtualize security with partners. No one else is doing it this way. Others put security inline. The economics are astounding," Stitt said.
And Extreme is not done yet. "Well add [partners] as new threats emerge," he said.
In separate news, Extreme and its premier partner Avaya both broadened their joint commitment to three standards around securing and configuring IP telephony.
The standards include the IEEE 802.1AB specification that allows LAN end points to inform each other of their configurations and the IEEE 802.1X secure authentication protocol for traffic on converged voice and data networks.
The two vendors also committed to implementing the Telephone Industry Association 1057 specifications allowing IP phones, media gateways and servers to send and receive media-related data.