Infrastructure Vendors Target Security At Interop

Announcements from Extreme, Enterasys, and leading infrasructure vendors today at the Interop show will highlight the divergent architectural approaches that traditional infrastructure and emerging security-centric infrastructure upstarts are taking towards access control and application layer security.

The traditional infrastructure vendors are centralizing security resources onto their existing switching and routing product portfolios. They trap new traffic flows at the ingress to corporate networks and divert them to centralized security engines within the core of the corporate network for further analysis. Those security engines then make decisions whether to admit, reject, or quarantine those flows, defining Access Control Lists (ACLs) that are pushed out to the switches for enforcement.

New security-centric players, such as Consentry, DeepNines, Lockdown Networks, Nevis, InfoExpress, Radware, and Vernier, distribute intelligence embedding deep packet inspection capabilities within the core or distribution switches. Consentry went even further earlier last month by extending deep packet inspection into its new access switch, the Secure LAN Switch. The 44-port 10/100/1000 POE switch lists for $14,995 or $341 per port.

While the security-centric players will have broader appeal in new installations, they'll have a tougher time penetrating existing installations. This is particularly true with Consentry's Secure LAN Switch, which will require companies to commit upfront to the higher costs of security switching. On the other hand, security-centric players offer the ability to work inline, not just at flow initiation, enabling companies be more vigorous in their security enforcement.

The Traditional Approach

Cisco was the first infrastructure vendor to deliver on a centralized security architecture, but the product solution is 'really expensive,' says Don McVittie, technology editor for security at Network Computing magazine, a sister publication to NetworkingPipeline. Competing solutions will have to do better than that promising a better price point and doing something 'extra' if they're to succeed against Cisco. (Click here for information about Cisco's Interop announcements.) Extreme will showcase the ability to extend its switches with what Extreme calls its "Virtual Security Resources." The first VSR will come through relationships with Internet Security System (ISS), CipherOptics and StillSecure.

ISS and Extreme will demonstrate the ability to pass traffic flows from Extreme switches to the ISS's IDS/IPS appliances for further analysis. The ISS appliances will connect to the Extreme 10K core switch and communicate using a proprietary protocol developed by the two vendors. Extreme access switches will perform a first-order analysis on the traffic, passing suspicious flows to the ISS appliance. The appliance will be able to define ACLs that close the port or quarantine the connected appliance for remediation. Both companies are expected to ship products later this year.

Meanwhile, Extreme will enhance its Sentriant security traffic management appliance, announced last year, with StillSecure's access control and CipherOptics's encryption capabilities. With the Sentriant Access Guard (AG), Extreme will use StillSecure technology to place incoming users in appropriate VLANs on the corporate networks. The technology is based around 802.1x access control standards. Users not complying with security policies are directed to a quarantine V-LAN for remediation. Flows requiring further encryption are directed to the Sentriant CE 150, the CipherOptics encryption engine, for on the fly encryption.

Enterasys will expand its Dragon Security Suite with Dragon Network Defense and introduce its new Enterasys Sentinel line. Dragon Network Defense sits in the network, defining baseline network behavior that can then be used to detect anomalous behavior. Dragon Network Defense consists of two products. The Dragon Security Processor sits in the core of the network and integrates the Dragon Security Command Console (Security Information Manager), the Dragon Flow Anomaly Processor, and the Dragon Behavioral Management Server . The Dragon Security Processor lists for $65,000 to $159,000.

Dragon Behavioral Flow Sensors sit at the edge and collect flow-based, application-layer information. The information is sent back to the Security Processor for analysis. Each sensor lists for $18,000 to $45,000 and can accommodate data rates from 100 Mb/s to 1 Gbits/s.

The Enterasys Sentinel line gives Enterasys 802.1x based access control and consists of two products. The Trusted Access Gateway is a hardware appliance that sits in the core of the network and Relays Authentication Services to a security engine for further analysis. The gateways can accommodate from 500 to 1250 end stations. The Trusted Access Manager is that software package that allows IT to configure and monitor the Gateway. With Trusted Access Manager, IT can configure security domains, and authorized assessment services and Radius servers, and monitor the Gateway for usages, statistics, and accounting.