- Kindle back orders stretch 3 months at Amazon
- Cisco shutting down between holidays
- Smartphone smackdown: Storm vs. iPhone
- 12 myths about how the Internet works
- Google layoffs: 10,000 jobs being cut
A new vendor is expected to come out this fall with an appliance it says will provide similar but less-expensive protection to comprehensive schemes laid out by established network vendors.
The well-funded start-up ConSentry Networks , with an distinguished leadership team, has built three custom chips to give the device the processing power it needs to parse packets to Layer 7, keep track of sessions and enforce access policies.
For example, the device will be able to deny individuals or groups access to applications chosen by network executives, as well as shut down connections that exhibit the behavior of worms and viruses in accordance with policies, says Tom Barsi, ConSentry's president and CEO.
The device would sit between workgroup switches and core routers, monitoring traffic and enforcing policies. Protecting a network would require multiple ConSentry devices, Barsi says. That is less expensive than upgrading switches so they can enforce policies with 802.1x authentication and installing a battery of software on each client machine to protect it from attacks, he says.
The appliance, whose name and price the company has declined to reveal, secures a network from within, instead of assuring that the devices accessing the network are secure, as is the case with initiatives by Cisco (NAC), Juniper (JEDI) and Microsoft (NAP), says Andreas Antonopoulos, founding partner of Nemertes Research. "They require a high level of software complexity instituted on the clients," he says.
By contrast, ConSentry's device moves the protection off the clients toward switches. "It gives you an additional hardware perimeter within the enterprise LAN," he says. The main benefit is that if network-based security can respond fast enough, it can stop the rapid propagation of new threats on the network, he says.
The downside is that businesses with a lot of mobile workers will need to install protective software on laptops to protect them when they are not attached to the corporate LAN, he says. Network-based security is a good and probably less-expensive choice for businesses primarily using fixed desktops such as call centers.
"My gut reaction is that it is cheaper to do LAN-based security than to update the software on every endpoint," Antonopoulos says. But many businesses will need both network-based and client-based security because of their high number of mobile workers, he says.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment