SSL VPN vendor AEP expands security role with partners

SSL VPN vendor AEP is expanding its security role into network access control, application firewalling and other technologies via licensing agreements with two security vendors.

The company is partnering with Lockdown Networks, which makes NAC gear, and Zeus Technology, which makes load-balancing, application firewalling, application performance and clustering software.

Initially at least, AEP says it will issue these capabilities as separate add-on appliances to its NSP appliances that support SSL VPNs. Later, depending on how customers receive the gear and requests they make, the company may blend more than one of them onto a single piece of hardware, says Reggie Best, AEP's executive vice president.

Best says that many businesses will want more than one of these technologies to protect their networks and applications, "We don't expect that all our customers will buy all the pieces from us," he says. "A customer that wants intrusion prevention behind an SSL VPN doesn't necessarily look for that stuff in one box."

More immediately, AEP will be working on unified management for all the technologies so customers can centrally set policies and push them to the various platforms that execute them.

AEP already supports SSL VPNs via its NSP gateways. Lockdown will add the ability to perform NAC in a consistent way, Best says, by screening endpoints for compliance with security policies and quarantining devices that don't pass. It adds remediation to bring those machines up to par via Lockdown's patch management capabilities, he says.

Via a licensing agreement with Zeus, AEP will initially make it possible to tie together up to 10 of its NSP gateways that terminate SSL VPN tunnels. That means customers will be able to expand the capacity of their VPN tenfold to more than 10,000 concurrent users, according to the company.

It also means the clustered devices can back each other up so if one fails, the rest pick up the load and the downed machine can be removed without taking the rest of them offline.

The overall push for AEP is to support secure networking based on personal identities as opposed to based on machines or how the machine is attached to the network, Best says. "We plan to bring this all together as customers try to apply policy to the LAN and branch office - exactly the same things we've been doing over the WAN," he says.