ConSentry Bolsters Security at Networks Edge

The startup's new line of Ethernet switches are designed to control user access and secure every port on the network for enterprise branch offices.

Many networking vendors are pushing the idea of moving more intelligence to the edge of the network. But ConSentry Networks is taking that idea to a greater extreme when it comes to securing access at the networks edge.

The startup on May 7 introduced a new line of Ethernet switches built to control user access and secure every port on the network in an economical way for enterprise branch offices.

Declaring death to the wiring closet as it is known today, ConSentry also announced a new universal endpoint interoperability initiative to work with different endpoint vendors to ensure that a user coming into the network is identified and that the appropriate policies are applied to that user.

/zimages/4/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

"How [wiring closets] have been built is now under siege. They have open access on all ports, theres no automated way to separate guests and contractors from employees, theres no control over how and what users are accessing, theres no knowledge of the endpoint—whether its managed or unmanaged, safe or healthy—and there is no ability to contain the threat of malware," said Dan Leary, vice president of marketing for ConSentry, in Milpitas, Calif.

ConSentrys universal endpoint interoperability initiative is intended to cover all types of endpoint, managed or unmanaged, without the requirement to add more agents. It allows customers to leverage their existing investments in endpoint security but centralize control over access.

For managed endpoints, ConSentrys secure switching architecture works with security and access frameworks such as Microsofts Network Access Protection and the Trusted Computing Groups Trusted Network Connect; anti-virus offerings from Symantec/Sygate, McAfee and Trend Micro; and client endpoints from regional providers such as Criston in France and NTT Data Intellilink. In addition, the ConSentry third-generation security and control software provides enforcement for those vendors products.

ConSentry also extended its architecture to embrace unmanaged desktops, including Linux and Mac client operating systems as well as Windows, through a dissolvable agent.

/zimages/4/28571.gifClick here to read an eWEEK Labs review of ConSentry Networks LANShield Controller CS2400.

ConSentrys security software, embedded in its LANShield switches and in its centralized InSight Command Center console, "starts with knowing who the user is and making sure their PC posture is good," Leary said.

Then application fluency adds the ability to perform user and behavior analysis. It works by going back to the identity store and learns as the user enters the network "their role in the organization, and [it can] understand the applications that are running. The intersection of that data builds a picture of whats happening on the network," Leary said.

Such understanding, which can be used as a foundation for creating access policies, is "a missing piece from others that just look at IP addresses or ports. This allows that policy decision to be made," he said.

The new LANShield CS-4024 24-port switch for branch offices provides Gigabit Ethernet connectivity and POE (power over Ethernet). It is due in the third quarter and starts at $5,995.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.