Trusted Networks Updates Access and Audit Software

The software company says its network access and security package trumps increasingly popular NAC systems that aim to do the same job of protecting against external intrusions.

Trusted Network Technologies rolled out a revamped version of its flagship network access and security auditing software on Dec. 4, and said the Identity 3.0 release of the product provides greater systems protection than many NAC technologies.

While the Identity 3.0 package offers to carry out many of the same functions as NAC (network access control) systems being marketed by Cisco Systems, Juniper and other vendors, TNT officials refuse to identify their software under the same product grouping.

By including additional layers of security scanning and behavior auditing technology to the software, the company maintains its product does far more than those systems, for less money.

The Atlanta-based company said that in addition to verifying information about devices attempting to gain access to a network, as NAC products offer to do, Identity 3.0 protects companies from within by comparing data about both the computer logging onto a network and the user assigned to the machine.

Correlating the device data with user information gives customers an additional checkpoint for determining potential attacks that try to defeat security systems, said Wain Kellum, chief executive of TNT.

While some NAC systems are expensive and hard to install, the companys alternative, which starts at $15,000, can be deployed within a matter of days to solve the same problems, he said.

The companys software also claims to be able to tailor network access on a more granular level than NAC applications, and can be used to manage admission to enterprise applications and other internal systems.

Network partitioning lies at the heart of NAC, but it can be used more effectively to seal off critical areas of a companys infrastructure, the CEO said.

"The problem with most NAC systems is that noncompliant devices are still allowed onto the network to go through remediation to try and gain access, so theyre allowing people who dont belong on the network to come in the front door anyway," said Kellum.

"Those products have created a great amount of demand for new access management technologies, but our approach takes a much more sophisticated snapshot of device health, and employs more rigid partitioning in the network to keep unwanted users out."

/zimages/4/28571.gifClick here to read more about network security threats.

When a device fails to meet the requirements of Identity 3.0, the user involved is instantly quarantined on the network, with the software walling off any applications and servers from being accessed by the machine.

In this manner, unlike some NAC systems, the TNT product ensures that vulnerable systems and unauthorized users cannot access critical portions of the network, according to Kellum.

By providing additional internal network security tools, the system also provides better protection against so-called botnets, which aim to use infected PCs to carry out other types of malware attacks, TNT said.

Among the end users already working with the updated TNT software is the state of Georgias Henry County Department of Education. Matt Bowen, network administrator for Henry County schools, said that Identity 3.0 has allowed the department to significantly improve security of the mainframe system it uses to store students grades and other sensitive information.

Bowen said it took less than one business day to install the software on its IBM AS/400 system, to which only teachers and administrators are only allowed to have access.

"For us the internal physical security aspect of controlling access is the biggest challenge, we know that there have been people trying to mess around with the machines, and we needed to do something, because I dont want to be the guy in the news story when a student breaks in and changes their grades," said Bowen.

"We have plenty of external firewalls and a lot of perimeter tools to protect against Web-based access, but internally we didnt really have anything," he said.

"We were really surprised by what we saw when we turned it on and we have far greater control over who is accessing the system today."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.