McAfee, Alcatel Tools Scope Nets for Rogue PCs

New offerings use policy-based frameworks and network monitoring to regulate which PCs are allowed onto networks.

As worms and viruses continue to ravage the Internet, a security vendor and an infrastructure provider are employing new strategies to try to prevent initial infections and limit the damage of compromised networked machines.

McAfee Inc. and Alcatel USA Inc. are each introducing offerings this week that use policy-based frameworks and network monitoring to regulate which PCs are allowed onto networks. Each offering can detect noncompliant machines in real time and take a variety of actions to bring them into compliance or remove them.

Such a need is especially acute for IT managers, as some viruses, such as last weeks Bagle.AQ, are beginning to evade anti-virus software and firewalls.

Alcatels Attack Containment Solution results from a partnership with security appliance and software vendor Sygate Inc. It combines Sygates host integrity technology with new Alcatel OmniSwitch dynamic VLAN (virtual LAN) capabilities, said Alcatel officials in Calabasas, Calif.

When a device attempts to connect to the network, Sygates Host Integrity checks the machines security configuration against the corporate policy, looking for information such as up-to-date anti-virus software, a personal firewall, updated patches and service packs. If the PC is not in compliance with any piece of the policy, the machine is assigned to an Alcatel quarantine VLAN.

The Automated Quarantine Engine also notifies the user and provides instructions on what needs to be fixed. Servers on the quarantine VLAN can distribute patches and anti-virus updates.

Administrators at organizations affected by infections said the Alcatel solution has relieved them of the worry over the prospect of another outbreak.

"We got hit hard with Blaster when all of our students came back last year," said Bob Neville, director of computing and network services at Abilene Christian University, in Abilene, Texas. "The impact was severe. Now, the students will have to register with the network, and if [their PCs are] missing anything at all, theyre being moved to a VLAN till theyre [fixed]."

Meanwhile, McAfee, of Santa Clara, Calif., has given its ePolicy Orchestrator 3.5 product the ability to monitor all connections to the network and look for machines that are not managed by ePO. The software treats any unmanaged device as a potential rogue machine and can push anti-virus software and updates to these devices as soon as theyre detected. EPO 3.5 is available now, as is Alcatels AQE.


Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page