Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Networking

In Networking:
News
Reviews
Features
How-tos
Slideshows

Top How-Tos / Advice articles

ConSentry adds network audit and control software

Tracks activity as well as applying rules, roles and policies.

By Bryan Betts | Techworld | Published: 10:55, 16 February 2009

Network access control specialist ConSentry is moving away from pure NAC, and towards providing wider visibility and control over the network. It has developed software that uses the deep packet inspection chips built into its switches and controllers to track and audit all sorts of network activity.

The company has added real-time alerting and correlation capabilities to its InSight Command Centre software, with the aim of identifying questionable applications, devices and network traffic, said CTO Jeff Prince.

A new network monitoring and control dashboard gives the IT manager an overview of the data gathered, plus the ability to drill down to user, application or device level, he added.

"We use the corporate directory for role derivation, and have visibility into the LAN at layer 7 and above," he said. "That includes what files you touch and the messages you send over the network. It is stateful and it tracks flows, so it is also useful for compliance."

Speaking at the NetEvents industry forum in Barcelona, Prince said that potential applications for the new software include regulatory compliance, network management, feeding questionable traffic to an IPS for checking, controlling which applications and servers a user can access according to their role, their location, the time of day, and enforcing security policies on email and IM.

The new software would also have been able to detect traffic generated by the Conficker/Downadup worm, he claimed, although he stressed that it is not designed or intended to be an IDS/IPS.

"The system can also run in monitor mode as well, to test your security policies," he said. "It relies on our high-performance silicon to get deep packet inspection at a low price. That chip means our switch is competitive with HP, Foundry and Cisco, say, but also does deep packet inspection."

ConSentry increasingly finds itself at the point where network management, security management and application management are converging, according to Prince.

He added that network control is far broader now than just PCs - there's increasing numbers of other devices, and compliance is adding the need to trace activity back to users as well.

"We're now focused on providing visibility into the network," he said. "It's not uncommon for a company with 2000 employees to have 5000 or 6000 devices on the network."

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.