Extreme Networks Brings Security to Network Core

The company adds a security rules engine to its 10 Gigabit Ethernet switch and introduces an adjunct security appliance aimed at preventing both first-order and second-order attacks.

Extreme Networks Inc. on Monday introduced its biggest security push to date with the addition of a security rules engine for its BlackDiamond 10K 10 Gigabit Ethernet switch and an adjunct security appliance.

Together the new Clear-Flow security rules engine and Sentriant Virtual Security Resource, or VSR, appliance are designed to thwart both first-order and second-order attacks.

Together the new offerings bring security to the core of the network, operating at Gigabit Ethernet or 10 Gigabit Ethernet speeds, and they can mitigate the threat of zero-day attacks in minutes, according to Suresh Gopalakrishnan, vice president of worldwide marketing at Extreme in Santa Clara, Calif.

"Were introducing in our core switch the rules engine and the ability to attach a centralized security appliance to the core switch and make that device cover an entire network. The advantage of that is if an inline device is attacked, normally itll go down. But with the core switch in the way, itll do the heavy lifting and make sure any denial-of-service attack is stopped there and only pass suspicious traffic to the VSR," he added.

The Clear-Flow security rules engine exploits counters in the core switch to track packet types, source and destination addresses, to which addresses packets are being sent and so on. Using the rules, thresholds can then be set on the counters or two counters can be compared. Once a threshold is triggered, action can be taken such as permit and deny, or traffic can be throttled or sent to the VSR for deeper inspection.

The appliance creates decoys in unused address space, so that if an attacker queries a decoy, it can slow an attacker down by mimicking how an end point behaves and "keep the attacker busy while trying to figure out what theyre trying to do," Gopalakrishnan said.

The VSR can also be configured to continue to ask the core switch to continuously send the traffic toward it so it can discard it, or have the core switch throttle or deny the traffic or just generate a trap.

By protecting the high-speed links in the core of the network, the security rules engine and appliance can lower the cost of securing the network by reducing the number of security devices required, he asserted.

The rules engine is free with the BlackDiamond 10k switch, and the appliance is $42,000. Both are due in June.

/zimages/3/28571.gifClick here to read about an Extreme Networks switch and companion software that enables VOIP on wireless networks.

Meanwhile, rival Enterasys Networks Inc., which bills itself as the secure networking company, added a new member to its line of secure, stackable switches.

The new SecureStack B2 entry-level switch provides Layer 2 switching with 20G-bps capacity. It has an optional policy upgrade that allows customers to apply more granular policy control at the networks edge. It is a firmware upgrade that allows users to build policy into the network on a switch-by-switch basis. It is due at the end of May in five different models, supporting 24 or 48 ports with varying connectivity options.

Enterasys also introduced a new secure wireless offering. The new RoamAbout wireless switch system provides access points, a wireless switch, mobility system software and switch manager software. It is due in June.

/zimages/3/28571.gifCheck out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.