Intrusion response dips down to end-user level

The need for companies to respond in real time to both external and internal network attacks is fueling interest in automated intrusion-response technologies.

Enterasys Networks Inc. this week started shipping new software that’s designed to allow companies to drive this response down to individual users without disrupting the rest of the network.

Enterasys’ new NetSight Atlas Automated Security Manager (ASM) works with the Andover, Mass.-based company’s Dragon intrusion-detection system and its network switches.

Together, the products allow companies to automatically identify the network port from which an attack originates, quarantine individual users’ machines that are vulnerable and make policy changes without broad disruption.

The ASM technology is the first to give companies this sort of granular control when responding to network attacks, according to Stan Schatt, an analyst at Forrester Research Inc. in Cambridge, Mass.

“This is a pretty powerful kind of improvement,” Schatt said. With this technology, he added, “you are not going to have to cut off an entire port if you see an intruder.”

The new capability builds on the intrusion-response functions already enabled by Enterasys, said Bob Hartland, director of IT at Baylor University in Waco, Tex.

The university is using Enterasys technology to apply policies and block certain kinds of traffic on its dormitory networks. “We apply policy to ports that blocks everyone with the policy group equally,” Hartland said.

The more sophisticated response enabled by ASM will allow Baylor to apply such policies as needed at an individual user level, he said.

Eaton Vance Distributors Inc. in Boston is planning to use Enterasys’ dynamic intrusion-response capabilities to monitor core applications.

“As a financial services company, we have to be very careful about who has access to what,” said Vinnie Cottone, Eaton Vance’s vice-president of infrastructure services.

Enterasys’ technology will help the company become more proactive by “letting us know who’s on our network, what kind of access they have and what they are doing with that access,” Cottone said.

Enterasys’ moves to incorporate more security functions in its network technology are similar to those being made by other vendors, most notably Cisco Systems Inc.

“What they are doing is integrating security into the infrastructure itself from a switching perspective,” Schatt said.

Pricing for Enterasys’ NetSight ASM v1.0 technology starts at US$17,000 and includes the NetSight Atlas Console v1.4.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now