Start-up targets security response

By Ellen Messmer, Network World
August 29, 2005 12:02 AM ET

. What's this?

Start-up Enira Technologies this week plans to roll out software that lets users respond to security problems by applying filters or shutting off access to LAN segments to protect desktops and servers .

The Network Response System can quarantine desktops, servers and any device assigned an IP address by switching ports, turning them off and applying a media access control filter, or moving a device to a virtual LAN according to policy-based decisions. The policy is applied based on information sent to the Network Response System by multi-vendor intrusion-prevention systems (IPS), and security information management (SIM ) and other gear. Enira's product represents yet another approach to network quarantine to exert tighter network control. Cisco's Network Admission Control program, which includes about 60 separate vendors, is another.

The Network Response System, installed in the corporate intranet, must first be configured to know the corporate network topology, says Axel Tillmann, Enira vice president. That includes the firewalls, routers, and location of desktops and servers and other equipment.

In addition, the network manager must decide what installed security products - the corporate IPS, SIM, anti-virus or firewalls - will be the source of security-event information.

Related Content

Tillmann says Enira's software can be added to current products so that security-event data is sent directly to Enira's Network Response System in order to develop a policy of automated response to specific events such as worm attacks.

He adds that the response doesn't have to be automated - the Network Response System can be set up to advise actions to be carried out after a review in which the security manager decides the actions are appropriate.

This is the course preferred at Boston Medical Center, which has been using Enira's Network Response System for about 10 months.

"We rarely use it but it's not the quantity of events that's important, it's the quality," says Darren Dworkin, CTO at Boston Medical Center. "Security is very critical.

"We prefer a manual intervention because in the hospital we have machines storing patient data and medical devices such as MRI machines on the network," Dworkin says.

The hospital uses several types of prevention, including firewalls and anti-virus, but added Network Response System as another line of defense. "I can't stop everything all the time," Dworkin says. "The Enira tool will show me things aren't right and help me isolate it. It might simply be a PC misbehaving."

The Network Response System is used by 14 organizations, including the U.S. Department of the Interior, the Department of Transportation, the Department of the Treasury and the Department of Energy, Tillmann says. This level of interest in the government sector reflects the background of Enira's founder, Chris Key, who for several years has been an IT consultant in the Washington, D.C., area.

Pricing for the Network Response System ranges from $45,000 to $395,000.

Read more about security in Network World's Security section.