Enterasys Broadens Security Portfolio

Enterasys is branching out into security areas such as network access control and the detection of behavior anomalies.

Enterasys Networks will jump into the network access control fray early in May at Interop when it launches what officials claim is the first federated NAC offering.

Enterasys, a networking hardware and network-based security provider, will introduce its new Sentinel family of agentless NAC products on May 1 in Las Vegas.

The line is unique in its ability to assess and verify an end system without having to rely on an agent.

The agentless capability allows security managers to assess and verify systems such as printers, security video systems, RFID devices, guest users and other devices that cant accommodate an agent, according to Royce Stegman, product manager for the Andover, Mass., company.

"People are hacking things like printers to propagate whatever they want. You need to look at all those other systems and determine if you will allow them onto the network," he said.

It also reduces the total cost of ownership and makes it possible to extend assessment, authentication and authorization to a larger population of devices.

Beyond authentication and authorization for network access, the Sentinel line will allow users to create more granular trust levels that vary according to location.

For example, in teaching hospitals, while it may be important to provide doctors with access to patient records from within the patients room, such access would not be appropriate from the classroom.

The Sentinel family uses several authentication methods to control access and can quickly assess the threat level of devices trying to link to the network.

Initial offerings in the line include a Trusted Access Gateway appliance that relays IEEE 802.1x, MAC or Web-based authentication services as well as assessment services.

It assesses operating systems, patch levels and applications, and either grants access or places the devices trying to access the network in remediation mode.

/zimages/4/28571.gifTo read more about Enterasys Dragon security offerings, click here.

The Sentinel line also includes the Trusted Access Manager, a plug-in to the Enterasys NetSight Automated Security Manager.

Trusted Access Manager provides centralized configuration and monitoring of Trusted Access Gateways, while Automated Security Manager provides dynamic reconfiguration of network devices in response to security events.

"It gives us an integrated solution. It inherits configurations of all network devices and works with our Policy Manager for defining role-based privileges," said Stegman. "And it can work with the [Enterasys] Dragon [intrusion prevention] products so if Dragon sees something, it can talk to Sentinel and together they can knock someone off the network, give them the ability to remediate themselves [through a patch or anti-virus upgrade] and do it all automatically," he added.

Enterasys also built out its Dragon IPS (intrusion prevention system) with a new behavioral-based event detection system.

The new Dragon Network Defense offering, introduced on April 17, detects behavioral anomalies rather than signatures to detect Day Zero, Distributed Denial of Service and other types of attacks besides viruses and worms.

Dragon Network Defense, made up of a security processor and behavioral flow sensor, gathers flow-based information, creating a baseline of normal behavior, and then monitors the network to watch for deviations from whats normal.

With it, security managers can detect "malicious insider behavior," such as "users that dont normally go to a financial or human resources server," said Mark MacDonald, product marketing manager at Enterasys.

The Dragon Network Defense line also includes a Security Command Console that acts as a Security Information Manager for multiple security devices on the network. It gathers, correlates and normalizes security data from third-party firewalls, switches, routers, anti-virus or network scanning tools and puts the data into a standard format.

It can take millions of events generated on large networks and "boil those down to five or six actionable events," and eliminate false-positives, according to MacDonald.

The rest of the events are archived, can be sorted and reported on for compliance purposes.

Both new offerings are available now.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.