Take one of the founders of Foundry Networks, add in the former vice president of software engineering at Extreme Networks, then mix in a former Juniper vice president and top off with a former senior director at Cisco - what do you get? You get ConSentry - the newest contender for the role of building the next replacement for the firewall.

Despite the billions of dollars being poured into perimeter security technology, security breaches continue unabated. The new focal point of network attacks is emanating from the inside. And no wonder; companies are creating a Catch-22 of sorts by providing more points of access to their networks while trying to ensure that systems and data aren't compromised.

Even though corporate PCs are routinely armed with virus scanning software to make sure they aren't carriers of malicious viruses before they log on to an enterprise network, companies are still vulnerable to security compromises by users camouflaging their identities to gain access to unauthorized company resources and assets. Just because you check someone's ID at the door (which is often phony) doesn't mean you know what their intentions are once they enter the club.

ConSentry wants you to think "Harrison Ford movie" when you hear the word firewall, not network security device. Instead, it wants the phrase "network security device" to lead you to its product, the identity-based Secure LAN Controller. Beginning with network access control before allowing access to the network, ConSentry can provide either passive or active authentication via RADIUS or LDAP-compliant directory services. But there are three more aspects of ConSentry once a user has been authenticated and allowed access. These are:

* Visibility - The Secure LAN Controller is Layer 2-7 aware. It provides in-depth packet inspection with full Layer 7 decode, so the platform can distinguish between applications using the same port or attempting to mask themselves using a port not typically associated with that application.

* User Access Control - Because it links user identity to the network, the Secure LAN Controller gives IT the ability to define role-based policies that limit a user's access based on their role in the organization.

* Threat Control - As an application-aware platform, the Secure LAN Controller protects against both known and unknown threats, providing more accurate detection than security tools operating at lower layers, with blocking at a finer level of granularity.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.