Enira Automates Security Incidence Response

The vendor makes a bid for the network access control space with its new Incidence Response System appliance.

Enira Technologies on Monday will try to get a leg up in the fast-growing and confusing network access control space when it introduces the latest version of its Network Response System.

The NRS appliance is designed to allow security teams to respond faster to security threats such as worms or viruses by helping them quarantine or shut down network access in a more automated fashion.

The system automates response strategies based on pre-defined threat levels.

Based on the potential risk, security administrators can quickly shut down an entire network or a network port with a mouse click, or they can quarantine specific users, rather than network nodes.

The NRS is based on a fully automated network policy manager that allows customers to use plain language to execute provisioning functions. In the new release, users can create a range of different labels.

/zimages/4/28571.gifClick here to read more about how startups are rushing to fill the void in network access control.

"Behind a given label you can configure any number of policy settings, such as quarantine node or quarantine subnets," said Axel Tillmann, vice president of marketing at the Reston, Va. company.

According to one user who sees hundreds of attacks every month, the offering allows operators to rapidly block out or quarantine incoming threats.

"It really works in a matter of seconds if you know exactly where the threats are coming from," said the user, who asked not to be identified.

/zimages/4/28571.gifFor advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

"You can section off a VLAN [virtual LAN] or the whole thing and continue to research where [the problem] is. For any anomalies it sees, it automatically generates a report and we block it off. If its a false positive, we allow that node or network segment back on. We perform these blocks almost routinely," the user added.

Also new in release 4.0 is the ability to quarantine users rather than network nodes. Administrators can search by user, click on a check box and quarantine the specific user, according to Tillmann. "Universities love this. If the student doesnt pay the bill, click and hes off the network," he said.

/zimages/4/28571.gifJuniper Networks heats up the network access control race. Read more here.

Enira also boosted the multiuser systems ability to handle multiple types of user accounts, allowing for every task to be subdivided within the system. "You can select, for each user, whether they are allowed to do something, not allowed, or require authorization," Tillmann said.

That makes it better suited for the way most IT organizations work in delegating responsibilities across network operations and the security group, according to Robert Whiteley, an analyst at Forrester Research Inc. in Cambridge, Mass.

"Enira is better positioned for todays environment, where IT security still tries to implement access control," he said.

The NRS does not prevent or detect security breaches, but it can be integrated with intrusion detection and prevention systems. NRS 4.0 will be available next week.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.