Start-up takes aim at low-cost security offerings
By
Tim Greene
,
Network World
, 07/18/2005
- Share/Email
- Tweet This
- Print
A new vendor is expected to come out this fall with an appliance it says will provide similar but less-expensive protection
to comprehensive schemes laid out by established network vendors.
The well-funded start-up ConSentry Networks , with an distinguished leadership team, has built three custom chips to give the device the processing power it needs to
parse packets to Layer 7, keep track of sessions and enforce access policies.
For example, the device will be able to deny individuals or groups access to applications chosen by network executives, as
well as shut down connections that exhibit the behavior of worms and viruses in accordance with policies, says Tom Barsi,
ConSentry's president and CEO.
The device would sit between workgroup switches and core routers, monitoring traffic and enforcing policies. Protecting a
network would require multiple ConSentry devices, Barsi says. That is less expensive than upgrading switches so they can enforce
policies with 802.1x authentication and installing a battery of software on each client machine to protect it from attacks,
he says.
The appliance, whose name and price the company has declined to reveal, secures a network from within, instead of assuring
that the devices accessing the network are secure, as is the case with initiatives by Cisco (NAC), Juniper (JEDI) and Microsoft
(NAP), says Andreas Antonopoulos, founding partner of Nemertes Research. "They require a high level of software complexity
instituted on the clients," he says.
By contrast, ConSentry's device moves the protection off the clients toward switches. "It gives you an additional hardware
perimeter within the enterprise LAN," he says. The main benefit is that if network-based security can respond fast enough,
it can stop the rapid propagation of new threats on the network, he says.
The downside is that businesses with a lot of mobile workers will need to install protective software on laptops to protect
them when they are not attached to the corporate LAN, he says. Network-based security is a good and probably less-expensive
choice for businesses primarily using fixed desktops such as call centers.
"My gut reaction is that it is cheaper to do LAN-based security than to update the software on every endpoint," Antonopoulos
says. But many businesses will need both network-based and client-based security because of their high number of mobile workers,
he says.
The ConSentry device seems a good choice to protect VoIP phones, which are vulnerable to many PC-type attacks but generally
lack security software, he says.
The appliance will enforce policies set within other platforms, such as Active Directory or RADIUS, so policies can be applied
to individuals or groups depending on what customers define.
The company's three founders - Barsi, chairman and CTO Jeff Prince, and chief scientist Mario Nemirovsky - all have created
successful start-ups before (see graphic). They have attracted $31.1 million in venture capital. The long-term goal of the
company is to sell its technology as blades that network companies can install in their switches, Barsi says.
Comment