Gear guards networks against infected laptops

New CyberGatekeeper works on LAN instead of remotely.

InfoExpress is coming out with packages to protect LANs from infections brought in by laptops that have been used outside a network.

CyberGatekeeper LAN (CG LAN), which is expected to be available in January, makes sure LAN workstations have the proper security in place before they are allowed access to the local network. This is similar to the company's original CyberGatekeeper Remote, which protects networks from WAN attacks coming through corporate-issued computers that access business networks via the Internet.

The difference is that CG Remote must be placed between the WAN gateway and the LAN, and blocks that path to any unsecure machine. CG LAN is attached anywhere to the LAN and enlists LAN switches to block particular ports to keep unsecure machines from accessing the LAN at large.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

InfoExpress is coming out with packages to protect LANs from infections brought in by laptops that have been used outside a network.

CyberGatekeeper LAN (CG LAN), which is expected to be available in January, makes sure LAN workstations have the proper security in place before they are allowed access to the local network. This is similar to the company's original CyberGatekeeper Remote, which protects networks from WAN attacks coming through corporate-issued computers that access business networks via the Internet.

The difference is that CG Remote must be placed between the WAN gateway and the LAN, and blocks that path to any unsecure machine. CG LAN is attached anywhere to the LAN and enlists LAN switches to block particular ports to keep unsecure machines from accessing the LAN at large.

Laptops that access the Web or personal e-mail accounts outside the LAN run the risk of being infected if appropriate security software has been disabled. If they are equipped with CyberGatekeeper, such laptops are audited for compliance with corporate security policies when they attempt to log on to the LAN. If a laptop is non-compliant, CyberGatekeeper denies access and informs the user why and can redirect the user to a secure virtual LAN where the necessary updates can be obtained.

One interested executive is the vice president of IT at a major investment firm. "Our intranet is wide open today to employees, and we have infections coming in from roaming laptops," says the vice president, who spoke on condition of anonymity. His company uses the WAN version of CyberGatekeeper.

Before using CG LAN, he would want to make sure of two kinds of interoperability. First, he would want to automate downloads of updates needed by the machines that required them to use software distribution tools the company uses. He says it is important to make the added security CG LAN would provide as transparent as possible to end users. He said he would also want to make sure it was integrated with 802.1x LAN authentication, which his company uses.

Because enforcement of the policies relies on CG LAN talking to LAN switches, updating CG LAN as switch vendors update their code could result in more work for administrators, says Mark Bouchard, senior program director for technology research services at Meta Group.

The new InfoExpress gear is suited to networks requiring the highest security, but the added administrative burden might be beyond the needs of mainstream corporations, says Jason Wright, an analyst with Frost & Sullivan.

In addition to the CyberGatekeeper Agent and Server, CG LAN includes CyberGatekeeper Policy Manager, software that lets network security executives set the policies and upload them to the server for enforcement.

CG LAN software is sold bundled with hardware. The appliances come in two models: the 1000, which handles up to 10,000 concurrent connections; and the 2000, which handles up to 20,000. Base models, including a license for 100 simultaneous users, costs $10,000 for the LAN1000 and $30,000 for the LAN 2000.

Read more about security in Network World's Security section.