Enterasys Switches Speed Security Response

A pair of enhancements in Matrix N-Series multilayer switches and network management software allow network operators to thwart attacks more quickly.

Network switch provider Enterasys Networks Inc. is addressing the danger of worms and viruses breaching enterprise networks with new security functions designed to provide more granular responses to threats.

The Andover, Mass., enterprise switch provider, which bills itself as a secure network provider, further wed security to its Matrix N-Series multilayer switches and network management software with a pair of enhancements that allow network operators to thwart attacks more quickly.

The latest release of the policy-based Automated Security Manager for the Matrix N-Series switches, announced at NetWorld+Interop in Las Vegas last week, adds the abilities to identify, authenticate and manage individual users, applications or devices, no matter where or how they entered the network.

The software uses standard SNMP to disable ports on third-party switches, such as those from Cisco Systems Inc. It extends to users accessing the network via wireless access points, IP phones and server farms.

The software uses the flow-based architecture of the multilayer switches to embed security into the network fabric, and it takes a policy-based approach to security rather than using less flexible Access Control Lists or VLANs (virtual LANs) at the edge of the network, according to officials. The role-based policy architecture simplifies security setup and control by binding security policies to a users or devices role and by allowing a single policy to combine multiple access levels.

/zimages/1/28571.gifFor insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.

The latest release provides multiuser policies that allow administrators to establish policies for specific users so they can define and disable network traffic when worms or DoS (denial of service) attacks are suspected. It allows specific traffic to be shut out of a physical port rather than cutting off all traffic sharing that port.

Enterasys also at N+I introduced NetSight Atlas Automated Security Manager, which combines intrusion detection with network switching to automate the detection, location and disablement of threats on the port from which they emanate.

ASM works with Enterasys Dragon Intrusion Defense System and the Atlas network management software to locate the physical port that a virus or worm is using to attack the network automatically. ASM obtains the IP address, then locates and turns off the port to disable the attack.

Enterasys users at the city of Anaheim, Calif., see ASM as a way to respond more proactively to attacks, according to Technical Operations Manager Jeff Rapini.

"The dynamic-response feature allows us to respond to situations much faster," Rapini said. "It sees [an attack] before we do and sees it on a wider scale. We have a lot of vendors that come on-site. In the past, weve been vulnerable to the viruses those vendors laptops had. This limits the ability of guests [on their network] to hurt us in a digital way."

ASM and the new software release are available now.

/zimages/1/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis. Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: /zimages/1/19420.gif http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif