3Com Debuts Quarantine Protection System at RSA

The new system provides integration between 3Com and TippingPoint gear, using the LAN to isolate infected devices.

3Coms TippingPoint division on Feb 13 addressed the internal, LAN-based security threat faced by enterprises when it launched its new TippingPoint Quarantine Protection system.

The end-point security offering, making its debut at the RSA conference in San Jose, Calif., delivers integration between 3Com and TippingPoint gear, using LAN infrastructure to isolate infected devices.

The clientless Quarantine Protection offering, designed to provide client protection and remediation, can secure voice, data and wireless end points, according to Jason Wright, product manager at the TippingPoint division in Austin, Texas.

A new software release for the TippingPoint Intrusion Prevention System, the system works now with 3Com switches as well as Cisco Systems Catalyst 6500 switches. 3Coms professional services team can be used to help create scripts to work with other switches.

The offering can be deployed in three ways.

As an IPS-only deployment, the offering blocks malicious traffic from an infected host and serves a page back with instructions on how to remove the infection. No new traffic from the infected hosts IP address is allowed through the IPS.

/zimages/4/28571.gifClick here to read about the new IPS appliance that resulted from the 3Com-Huawei deal.

In that deployment method, users can log in locally to the IPS and configure policies.

"You can set policy to recognize certain filter triggers. When it recognizes specific attacks, we can set an action to invoke quarantine and drop that malicious traffic. You can also set to quarantine on specific filters," Wright said.

A second option adds to the IPS TippingPoints Security Management System.

"With the SMS, we aggregate all alerts from the IPS systems. When we receive that alert at the SMS, we can look at it and see if it is a quarantineable offense.

"If it is, we can send an SNMP trap back to the switch and then we can close the port completely, or push them off the switch for a second and when they try to come back on, well put them in a VLAN so they cant communicate with other nodes on the switch," Wright said.

The third option adds support for a customers existing network management system. That allows users to work with existing, predefined policies and leverage their existing network management systems for a single point of control.

"You can configure the NMS to do what our SMS does. It helps to keep the network guy and security guy from stepping on each others toes," Wright said.

The new Quarantine Protection offering is available now.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.