ConSentry improves threat detection

A maker of network access control switches has honed its software to give network managers alerts to questionable applications and activities.

ConSentry Networks said Tuesday its new alerting and correlation engine, part of the InSight Command Centre that runs its appliances, and a new permanent endpoint agent, will help organizations keep their data safer.

“The whole idea is to identify potential risk activity on the network very, very quickly, identify non-business use on the network so the IT person can troubleshoot quickly and then make decisions,” said Derek Granath, the company’s vice-president of marketing.

Headquartered in Milpitas, Calif., ConSentry makes LANShield Switches and Controllers that watch activity after users have been authenticated. Both units include an ASIC packet processing chip that gathers network data and, through InSight, gave alerts. However, until now it could only issue one alert at a time.

The latest version of InSight includes a correlation engine and a rules-based database that examines that data more closely for suspicious behavior or trends, and then displays the information in a series of dashboards.

The engine can look at inputs such as the user application, LAN protocol, data destination, L4 port, bandwidth, URLs, file names and time of day, then correlates these against a set of pre-set rules that highlight risks.

There are two main displays:

–An NAC Dashboard show a range of data, including identifying unhealthy devices that have been authorized to log on to the network. The engine has Layer 7 visibility tied to user names.

–A Questionable Activity Dashboard identifies risky applications, rogue servers and protocol risks.

Also improved is what ConSentry calls its Posture Check software for watching devices connecting to the network. Until now the appliances only used a temporary or dissolvable agent that scans PCs, laptops, handhelds and the like. This type of agent has the advantage of not residing on the device, which is good for guest users on the network. However, it has to be installed through a browser.

The latest option is a permanent agent, which lets managers leave the agent on the device. This agent also gives end uses the ability to remediate any problems found by clicking on a button to perform a range of functions, from turning on a firewall to directing the user to a Web site for updating antivirus software.

Paula Musich, an Ashland, Oregon-based senior analyst for enterprise security at Current Analysis, noted the improvements give a level of data loss prevention without costing “an arm and a leg.”

The fact that many of the updates add automation will help network managers, she said, who today are being asked to do more with less. “Conventional data loss prevention solutions are expensive and time-consuming,” she said in an interview, “so they [ConSentry] are addressing a real need now.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now