Many customers have asked me when looking at network switching manufacturers, who has the best security solution for my network? Rather than posting a very long story and having everyone bash me for my views, I took it to the people who build the switches. That's right, we sent each major manufacturer a list of 10 questions that customer ask me on a consistent basis. Below are the companies who replied to me and will be part of this multi post story:
HP ProCurve, Enterasys Networks, Juniper Networks, Foundry Networks (See Part 1: Entersys, Part 2 Juniper Networks and Part 3 ProCurve Networking.)
A few companies did not give us a reply those companies were:
Cisco, Nortel, 3Com, Force 10, Extreme Networks
I would like to thank each company that took the time to give our readers more information on their security solutions for network switches. This week we are going to look at ProCurve Networking and a special thanks to Val Oliva, Director of Product Strategy for Foundry Networks for answering these questions below. We have made no changes any of the answers provided.
Security Switch Questions
1. Why is the vision for your switch security solution better than other vendors?
Our security solution deployed in our network products is better than other vendors because it combines all of the following:
sFlow or RFC 3176 is available in all of Foundry's products, giving our customers network visibility and network traffic metering in hardware. Having it avialable in all of Foundry's products ensures that a consistent networking security solution is deployed.
This technology is also leverage in other network management facet such as capacity planning, network troubleshooting, and performance management.
For network-wide security monitoring and prevention, our customers can use sFlow with various IPS package from freeware packages like SNORT, ARPWatch or Ethereal to high-end, zero-day anomaly products such as Arbor and Lancope. Giving this flexibility allows our customes to balance financial with security level required.
Combining these products with Foundry IronView Network Manager, customers can take automatic and immidiate actions such as turning a port(s) off, configuring an ACL to the port(s), rate limiting network flows on port(s), or moving network flows to a "monitoring" VLAN for further analysis of the attack.
Included in the Foundry's products are key embedded security solutions that can stop an attack at the network equipment level, and not just network-wide. In addition, the embedded security includes solution that performs "Secure, Ondemand, Policy Assignments".
Foundry's products include key features such as the following:
2. Do you feel that open standards are best for security solutions and how does it play in your solution?
Open standards is always best in any networking requirement such as switching, security, and others. Standards are key in ensuring that the customer gets products that work well together, even across vendors.
For example, Foundry's networking products work with Microsoft's (MS) Network Access Protection (NAP) flawlessly. With MS's NAP, users connected to a Foundry product can be authenticated using 802.1X in MS's Network Policy Server (NPS), assigned to the right VLAN (again, using MS's NPS), and a user's traffic can be accounted using sFlow.
3. What is the most important security feature of your solution?
All of our security solution is equally important and being able to enable them together delivers the complete network security solution.
4. Why is your Network Access Control solution and important part of your security solution?
NAC is important and in Foundry's solution it allows us to deliver "Secure, Ondemand, Policy Assignment". What makes us differ from other vendor is that our NAC solution combines sFlow to deliver user-based (or 802.1X username) traffic accounting.
5. How does mobility security play into your security solution and why is it better than other vendors?
Because mobility security uses 802.1X, our solution becomes consistent with mobility.
6. How does your security solution adapt to a customer changing environment?
sFlow, because it delivers the packet information and the packet, gives complete network visibility of the network traffic. This network visibility is required by zero-day anomaly solution.
7. So a company can save money on existing equipment, how does your switch security solution work with a customer's SIM,NAC, IDS, Anti-Virus or general network management tools that are from different vendors?
Foundry has launched a partnership program that enables our products to work with best-of-breed security solutions. This enables our customers to pick from a variety of security solutions that fits their need.
8. Customer are now looking at VOIP and Convergence security, which starts at the switch. Why is your solution better than other vendors?
Foundry's VoIP and Convergence solution is better than other vendors because it combines the following:
Foundry's FastIron SX 1600 supports up to 384 full Class 3 ports with redundant PoE power supply, giving customers the highest density and high availability VoIP and Convergence solution.
Foundry's FastIron GS with two redundant removable power supply can support up to 48 full Class 3 ports. With one power supply, the FastIron GS can support up to 48 ports each with 10W for PoE output or PD usage.
Foundry's solution includes support of key VoIP vendors such as Mitel, Avaya, Seimens HiPath, and ShorTel. Included as well are closed-VoIP vendors such as Nortel and Cisco.
See answers to question #1.
9. Customers want proactive security so problems are taken care of in real time, does your solution fix problems in real time, how does it work and why is it better than other vendors?
We have a solution called IronShield 360 that proactively resolves network security problems that occurs in a customer's network. IronShield 360 combines the following:
10. In the next five years what switch security solution will customers have to deal with and how is your company looking to the future?
In the next five years, customers will be demanding higher speed networking and the security solution must work in those environment. Snooping, a big element in network attacks, needs to stopped and encryption is going to be required.
IPv6 is also on the horizon in the next five years and security solution, including VoIP and Convergence solutions, must support IPv6.
Larry Chaffin Ph.D is the CEO/Chairman and founder of Pluto Networks, a consulting and VAR partner specializing in WDS, VoIP, WLAN, Telepresence and Security. Pluto Networks is a leader in WDS-Application Acceleration, Full Disk Encryption, End Point Security and Telepresence. While specializing in the needs of large and enterprise companies, Pluto Networks has been concentrating on the SMB customers to provide them with the same great service as larger companies. Pluto Networks holds SMB specializations from our partners to service all their needs. Pluto Networks has become a leader in SMB VOIP using Cisco and Linksys to service customers.
Managing Cisco Secure Networks, Skype Me, Practical VOIP Security, Configuring Check Point NGX VPN-1/Firewall-1, Configuring Juniper Networks NetScreen & SSG Firewalls, Essential Computer Security: Everyone's Guide to Email, Internet, and Wireless Security, How to Cheat at Microsoft Vista Administration, Microsoft Vista for IT Security Professionals, Asterisk Hacking, 2008 VoIP and Video Conferencing, Infosecurity 2008 Threat Analysis and author of Building a VOIP Network with Nortel's MS5100, along with co-authoring/ghost writing eleven other technology books for VIOP, WLAN, security and optical technologies. Larry is currently working on a follow up to Building a VoIP network with Nortel's MCS 5100 Book as well as new books on Cisco Telepresence Networks, Practical VoIP case studies and WAN Acceleration with Riverbed.
Larry has more than 29 vendor certifications and has been working on many others. Larry has been a principal architect around the world in 22 countries for many Fortune 100 companies designing VoIP, security, wireless and optical networks. He has expanded over time also to include application acceleration or WDS. Larry is working with major vendors now on updating current certification tests to make them real world focused.
The opinions expressed in this Weblog are those of the writer and may not represent the opinions of Network World.
|
|
Post new comment