Firm eyes safe nets

Enterasys Networks Inc. embarked on a campaign last month to win customers with a message and new products centred around network security.

Enterasys’s security message harkens back to the concept of policy-based networking, originally introduced by its predecessor Cabletron in the mid-1990s with its SecureFast products.

With networks constantly under threat from worms, viruses and people accessing sensitive information both from outside the company walls and from within the company, networks need to know how to operate under duress, said John Roese, Enterasys’s chief technology officer. Networks that aren’t an active part of a company’s security system will no longer suffice.

“The next network you implement has to think not just about the content of the packet, but the context of the packet,” Roese said. “Who sent it? Where did it come from? Where is it going? When did it get sent? How many packets preceded it? How many followed it? What conversation is it a part of?”

Policy-based networking generally refers to a mix of network management tools and switch smarts, designed to assign priority to and monitor network traffic. During the late 1990s, the network industry thought policy-based networking would be required to support real-time traffic like voice or video. Real-time network traffic, however, has yet to explode, and on networks that do run real-time traffic, it’s often easier to throw more bandwidth at any congestion problems than it is to manage the network traffic beyond the assigning of priority queues.

Now Enterasys believes it has found a new need for policy-based networking: security. And the company feels its combination of network management tools and security-centric Application Specific Integrated Circuits (ASICs) running proprietary algorithms gives it a leg up on competitors.

What Enterasys means by security is more than just setting up user profiles and assigning permissions in a Lightweight Directory Access Protocol (LDAP) database. It includes monitoring traffic flows, identifying unusual patterns and isolating trouble spots before they spread to other parts of the network, according to the firm.

With government privacy regulations such as the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada and the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. coming into effect, there are serious legal and financial ramifications for enterprises that don’t have proper network security in place, Roese noted. Companies that want to conduct business securely are going to have to lock down their networks from within and without, he said.

As part of the security strategy, Enterasys unveiled a new product called Dynamic Intrusion Response, which is designed to allow customers to implement an automated system for intrusion detection, network management and intrusion response. Dynamic Intrusion Detection uses a combination of Enterasys’s Dragon intrusion defence system, NetSight Atlas network management system and a policy-based network infrastructure.

Enterasys also announced a partnership with network services provider Lucent Worldwide Services designed to deliver Enterasys Secure Networks to enterprise customers and a global awareness campaign centred around Secure Networks.

Dan McLean, an analyst with research firm IDC Canada Ltd. in Toronto, said security is a good focus for Enterasys.

“Their reputation and their history is that of a company that is really good on the technology side,” he said. “So security is a good fit, because it’s a technology subject.”

Other infrastructure vendors will also push security, McLean noted, so Enterasys won’t have an easy time differentiating themselves.

“All of them will say they can provide secure networks,” McLean said. “Enterasys, to their credit, is saying they can provide those networks and they want to find a neutral way to prove it.”

McLean was referring to Enterasys officials’ calls to the analyst community to come up with a means to measure competing hardware vendors’ network security capabilities.