Extreme Networks and Reconnex recently partnered to help network managers enforce security policies.

Reconnex offers iGuard, an appliance that the company says protects both inbound and outbound traffic at gigabit speeds. Enterprise companies can use it to discover, monitor and capture network traffic, and then search the captured traffic for security threats.

The companies say the iGuard will communicate directly with the ExtremeXOS operating system in Extreme's high-end LAN switching chassis, the BlackDiamond, via XML. In this way, the switch could take actions on any security violations as they happen.

For example, if the appliance detects that an end user is attempting to send confidential corporate data - such as intellectual property or other confidential data - outside of the company, the BlackDiamond could stop it before it leaves.

The iGuard looks at the content and the user, and determines if either is "suspicious." If not, it still monitors the content. If the content leaving the company network violates a security policy or the user is suspicious, the iGuard uses XML-based APIs offered by ExtremeXOS to create access control lists that block traffic from the user.

Extreme says the Reconnex iGuard is one of the few content-protection appliances out there that provides enforcement of security policies for sensitive data in real-time.

Reconnex says it has to work with infrastructure vendors like Extreme to actually enforce policies in real-time. Obviously, the flexibility of Extreme's APIs would make that integration easier.

The combination of Extreme's and Reconnex's gear was demonstrated at last week's Interop trade show in New York.

Jeff Caruso is site editor at Network World.