ConSentry's new correlation features help spot trouble

Clarifying issues surrounding this emerging security architecture

Recently, ConSentry added more analysis tools to management software for its intelligent switches that make them more of a general troubleshooting tool than just NAC devices.

The company has long said its LANShield switches and controllers could do more than just NAC and this latest release underscores that.

The devices gather a great deal of data about connections made on the network – who made them, when, via what access method, on what machine, through what port, using what protocol, etc. – and selectively culling that data can be valuable.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Recently, ConSentry added more analysis tools to management software for its intelligent switches that make them more of a general troubleshooting tool than just NAC devices.

The company has long said its LANShield switches and controllers could do more than just NAC and this latest release underscores that.

The devices gather a great deal of data about connections made on the network – who made them, when, via what access method, on what machine, through what port, using what protocol, etc. – and selectively culling that data can be valuable.

The company creates dashboards that slice up this data to give unique views of network usage. For example, one dashboard for NAC in particular displays the status of every device that is on the network or that is trying to get on – healthy, unhealthy, unscanned, unknown, etc.

So someone viewing the dashboard could see whether the devices were admitted despite flunking NAC endpoint checks and also see the reasons why they flunked.

The data gathered can be analyzed in other ways. For example, the Questionable Activity Dashboard, can check for unauthorized applications, rogue servers, access to unauthorized Web sites and protocol risks such as SSL connecting through non-standard ports. Any of these could indicate trouble and might warrant alerts to administrators to check out instances.

This new correlation engine expands the usefulness of ConSentry gear and points to the possibilities beyond traditional NAC that NAC products could evolve into. This seems like a natural progression that may be foretelling NAC’s future, being subsumed as one element in broader security schemes.

Read more about security in Network World's Security section.

Tim Greene is senior editor at Network World.