Looking to address the challenge of managing remote access to the corporate network, Aventail has released the latest version of its SSL VPN platform, boasting new features to help IT managers secure a network’s potential weak point.
The updated offering from Seattle-based Aventail, called ST2, offers improvements grouped around three areas: detection, protection and connection.
Among the new features is device “watermarking”, which sees a certificate pre-installed on the connecting device, whether it’s a PC or a PDA, to certify its integrity before allowing it to connect to the network.
“When a user attempts to make a connection to the SSL VPN it will do a check to make sure the certificate on that device is valid,” said Chris Witeck, director of product marketing for Aventail.
The check includes ensuring that the certificate is valid and issued by that company, and ensuring the that device is running appropriate security software. If it passes muster, the device is granted a level of network access based company policies.
Witeck said the advantage of device watermarking is that if a device gets lost or stolen, it’s the certificate that gets revoked and not the user’s credentials, allowing the user to still gain limited network access via another device, such as a computer in a hotel’s business centre.
ST2 also allows IT managers to set access policies for devices connecting without a certificate, tailored to the level of risk that unit poses. Granting limited network access, for tasks such as checking e-mail, could be granted but only if proper security tools are running. Witeck added that device watermarking gives assurance to IT managers that employees working from home or business partners accessing the network with their own devices do not pose threats.
If the integrity of the device is questioned, the user could be directed to ST2’s new quarantine zone. Instead of reaching the corporate network, the user would be redirected through ST2’s Web-based system to a page informing them of what they need to do to be granted network access, such as updating their antivirus software.
Other additions include the extension of end-point control to mobile devices and a new feature, called session persistence, that lets a mobile device move from network to network without having to re-authenticate its SSL VPN session.
James Richardson International (JRI), an agricultural business company in Winnipeg, used Aventail’s earlier offering and is a beta tester of the ST2 product. With over 800 users in 97 offices across Canada connecting to its corporate network, the company said it needed a better way to give its sales people, executives, staff and suppliers access to its network and still maintain appropriate security protocols.
“The old way was to not [let them have network access],” said Paul Beaudry, director of technical services for JRI. In the past, the company used a point-to-point tunnelling protocol that Beaudry said was difficult to manage and provided an all-or-nothing connection. “Once you were connected, you got full access to the entire network, which was not necessary.”
Beaudry said he has been pleased with the solution Aventail provided for that challenge, and with ST2 he said he’s particularly interested in the improvements made to the endpoint controls and device watermarking that allows him to better determine a user’s identity. Another option that ST2 lets JRI explore, he added, is the ability to let employees connect to the network using their PDAs.
One analyst said the mobility aspect is the key to Aventail’s ST2 offering over competitors such as Juniper Networks.
“Aventail has been aggressive in the mobile space. It has taken SSL VPN, which has been typically a remote access phenomenon, and extended it to be a mobile phenomenon,” said Robert Whiteley, a senior analyst with Forrester Research in Cambridge, Mass.
Whiteley said that while Juniper has the market lead in share and units shipped, the company has not been as innovative as Aventail in terms of its SSL VPN offerings.
“Mobile access is changing how companies are doing business and if you are trying to specialise your product, then you need to have mobility. I expect [Juniper and other vendors] to follow [Aventail’s] suit,” he said.