Sygate’s new devices batten down net endpoints

Sygate this week is announcing new hardware that can discover unauthorized devices on networks and check known devices periodically to ensure they are functioning and continue to comply with security policies.

Sygate this week is announcing new hardware that can discover unauthorized devices on networks and check known devices periodically to ensure they are functioning and continue to comply with security policies.

Called Sygate Magellan, the new gear consists of Sygate Discovery Engine, which gathers data from devices on networks, and Sygate Correlator, which gathers, stores and analyzes the data that the Discovery Engine collects.

Discovery Engine ascertains any network-addressable devices, and Correlator can determine whether they meet corporate security policies. The data can be exported to asset management systems made by other vendors, overarching network management systems and vulnerability scanners.

With existing Sygate products Sygate Secure Enterprise (SSE) and Sygate On-Demand (formerly Sygate Security Portal), Magellan can protect networks from internal and external attacks by making sure computers meet security standards before being granted access to corporate networks. Sygate calls its security system Continuous Protection.

The Sygate line lets companies protect corporate networks from potentially infected machines that are connected to the LAN and that are accessing the network via VPNs or Secure Sockets Layer (SSL) remote access, says Chris Christiansen, an IDC analyst.

Continuous Protection will compete with security-compliance gear from Internet Security Systems, InfoExpress and Preventsys, and individual security vendors such as Check Point that are adding some similar features to their products, Christiansen says. Security services from iPass and GoRemote Internet Communications also will compete, he says.

Magellan interrogates machines on a network and correlates the data it gathers to give a view of what devices are connected to a netSSE can deny access and refer the machine to servers where they can get software updates to bring them into compliance with corporate policies using the Layer 2 authentication standard 802.11x. Support for 802.1x is new with the latest SSE Version 4.0. work. Separately, SSE uses Sygate Security Agent software on each machine to probe whether it is configured properly.

The new software also adds support for Trusted Computing Group chips that store security keys, passwords and certificates on many IBM and HP computers and servers.

Sygate On-Demand is software that can scan and enforce policies on devices that access corporate networks via SSL remote access but that are not owned by the corporation.

These On-Demand software agents ensure security by creating virtual desktops on these devices that are purged when the remote session ends so subsequent users can’t access data retrieved during the session.

The new software also includes an application programming interface that partners can include in their SSL gateway products to enforce Sygate-controlled policies.

The latest version of On-Demand adds support for custom rules and creation of rule groups that can check for applications, operating system configuration and patches on remote machines.

SSE Version 4.0, On-Demand 2.0 and Magellan are scheduled to be available next month.

Pricing for SSE starts at $70 per machine and for On-Demand at $40 per seat. One of each Magellan 1.0 appliances plus a management GUI costs $80,000.