Nortel adding IPS feature to Alteon application switch

The capability — called a first for such switches — is provided by Symantec.

Nortel today is set to announce the addition of intrusion-prevention capability to the Nortel Alteon application switch so that the load-balancing and traffic-shaping switch can provide defense against several hundred known vulnerabilities and attacks.

The intrusion-prevention feature for the Nortel application switch, expected to be available next month, is based on technology from Symantec. Under the partnership, Symantec will provide security software updates for the application switch via Symantec's online service, LiveUpdate. Analysts say this is the first time this type of vulnerability protection has been added to an application switch.

"Competitors such as Radware have delivered that kind of intrusion protection as separate products but not as part of the application switch," says Cindy Borovick, director of data center networks at IDC.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Nortel today is set to announce the addition of intrusion-prevention capability to the Nortel Alteon application switch so that the load-balancing and traffic-shaping switch can provide defense against several hundred known vulnerabilities and attacks.

The intrusion-prevention feature for the Nortel application switch, expected to be available next month, is based on technology from Symantec. Under the partnership, Symantec will provide security software updates for the application switch via Symantec's online service, LiveUpdate. Analysts say this is the first time this type of vulnerability protection has been added to an application switch.

"Competitors such as Radware have delivered that kind of intrusion protection as separate products but not as part of the application switch," says Cindy Borovick, director of data center networks at IDC.

Borovick says Nortel's approach is primarily aimed at protecting servers because the application switch typically sits in front of data-center servers to increase performance.

The Nortel Application Switch with Symantec Intelligent Network Protection, as the product is called, doesn't include the kind of comprehensive intrusion-prevention system that would be found in a stand-alone IPS appliance, because that could adversely affect the switch, according to Nortel.

"There are probably 8,500 known signatures used for vulnerabilities, and if you scan for all of them there's the risk of slowing down traffic and of false positives," says Dan Schrader, director of product marketing and application switches at Nortel.

The Nortel application switch will instead target a few hundred of the most high-risk vulnerabilities and attacks, such as worms, that could affect the environment in which the switch is typically used.

Schrader says there are 50,000 Nortel application switches in use, and they are typically found in data centers in front of databases, e-mail servers and Web farms in midsize to large corporations and carriers. The goal in adding the Symantec intrusion-prevention technology to the switch is to block attacks aimed at vulnerabilities found in software in those environments.

The Symantec-based IPS monitoring and blocking capability will be controlled through the Java-based manager that's part of the Alteon application switch. Nortel is suggesting customers start out using IPS on a monitoring-only basis before turning on the full blocking mode. That way, data-center managers can gain experience with the IPS detection before letting it have any impact directly on corporate traffic through blocking.

The Nortel Application Switch with Symantec Intelligent Network Protection costs $15,000 to $35,000 per switch, with the intrusion-prevention capability available as a $5,000 license upgrade.

Read more about security in Network World's Security section.