ConSentry improves threat detection

A maker of network access control switches has honed its software to give network managers alerts to questionable applications and activities.

ConSentry Networks said Tuesday its new alerting and correlation engine, part of the InSight Command Centre that runs its appliances, and a new permanent endpoint agent, will help organizations keep their data safer.

“The whole idea is to identify potential risk activity on the network very, very quickly, identify non-business use on the network so the IT person can troubleshoot quickly and then make decisions,” said Derek Granath, the company’s vice-president of marketing.

Headquartered in Milpitas, Calif., ConSentry makes LANShield Switches and Controllers that watch activity after users have been authenticated. Both units include an ASIC packet processing chip that gathers network data and, through InSight, gave alerts. However, until now it could only issue one alert at a time.

The latest version of InSight includes a correlation engine and a rules-based database that examines that data more closely for suspicious behavior or trends, and then displays the information in a series of dashboards.

The engine can look at inputs such as the user application, LAN protocol, data destination, L4 port, bandwidth, URLs, file names and time of day, then correlates these against a set of pre-set rules that highlight risks.

There are two main displays:

–An NAC Dashboard show a range of data, including identifying unhealthy devices that have been authorized to log on to the network. The engine has Layer 7 visibility tied to user names.

–A Questionable Activity Dashboard identifies risky applications, rogue servers and protocol risks.

Also improved is what ConSentry calls its Posture Check software for watching devices connecting to the network. Until now the appliances only used a temporary or dissolvable agent that scans PCs, laptops, handhelds and the like. This type of agent has the advantage of not residing on the device, which is good for guest users on the network. However, it has to be installed through a browser.

The latest option is a permanent agent, which lets managers leave the agent on the device. This agent also gives end uses the ability to remediate any problems found by clicking on a button to perform a range of functions, from turning on a firewall to directing the user to a Web site for updating antivirus software.

Paula Musich, an Ashland, Oregon-based senior analyst for enterprise security at Current Analysis, noted the improvements give a level of data loss prevention without costing “an arm and a leg.”

The fact that many of the updates add automation will help network managers, she said, who today are being asked to do more with less. “Conventional data loss prevention solutions are expensive and time-consuming,” she said in an interview, “so they [ConSentry] are addressing a real need now.”

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now