Wireless company sells secure wired ports

Wireless security must be getting competitive (see recent stories): one of the start-ups in the area is spreading out to sell wired security as well. Aruba Networks has launched a version of its wireless "grid point" product - but without the wireless.

The Ethernet grid point is a £150 Ethernet socket that is controlled by a central Aruba Networks switch, much like the company's wireless access points and so-called grid points, launched in August. The benefit over existing sockets is that it allows authentication and IDS, without having to invoke 802.1x, explained the company (read the press release).

"Users were asking us to adapt our solution to wired ports," said Keerti Melkote, vice president of marketing at Aruba. The Aruba wireless solution includes the means to quarantine laptops, and companies want to extend this to wired ports where laptops - both their own and those owned by visitors - might be connected.

Although 802.1x authentication is available for free on most wired switches, he believes that this solution is needed because of issues in rolling out the solution: "802.1x only goes so far in meeting the requirements," he said. "There are many issues: once you upgrade a port to 802.1x, you pretty much disable every other kind of user, so customers have to carve up their networks." Also, he claimed that employees upgraded to get 802.1x access can no longer get access to non-802.1x ports: "Security starts to break mobility."

Because of the variety of users (guests and contractors for instance), most corporate LANs have some VLANs with no 802.1x, he says, and these need securing by other means. Putting IDS and other boxes into every wiring closet is expensive and doesn't scale, whereas the Aruba switch can hand control of those ports right to a specialist switch, where authentication, IDS, anti-virus and other services can be centralised - many of them provided by third parties, such as Fortinet for anti-virus, or Sygate for integrity checks.

Why go non-wireless? "We're certainly not doing a wireless exit strategy," says Melkote> "It extends mobile security to wired ports. It's a really easy way to get into a larger market." He reckons that most companies only need to add the £150 Ethernet grid point to between 10 and 20 percent of their ports, particularly those in public areas. "We do believe in the primary connection becoming wireless over time [Just as well Keerti, because that's what your boss says - Editor], but today's environment is a mixed environment."

Despite fierce debate, Melkote is backing the "wireless grid" idea of putting in a lot of access points without a site survey: "There's a lot of FUD coming out, saying the access point needs to be up in the ceiling. The wireless grid does work - we have had some deployments. If you don't optimise for floor deployments, it will not work."

Other vendors were keen to keep up the criticism: "They are taking over the play that Bluesocket started," said Alan Cohen, marketing manager of Airespace, likening the approach to the security gateway/firewall technique promoted by Blusocket. "Are they asking the user to terminate every perimeter access in their box? That could be a bit of a bottleneck."

"It's not a bottleneck if you cluster these boxes," responded Aruba communications director David Callisch. In other words, users will need to buy lots of boxes from Aruba? "For some reason, we don't have a big problem with that."

Previous Aruba campaigns have less successfully blurred the boundaries between wired and wireless. In July the company alerted the industry to a "wireless" security breach - that in fact requires access to the wired management VLAN.