Nortel Networks has added intrusion-prevention capabilities to its Alteon application switch so that the load-balancing and traffic-shaping machine can provide defence against several hundred known vulnerabilities.
The intrusion-prevention feature for the Nortel application switch, expected to be available next month, is based on technology from Symantec.
Under the partnership, Symantec will provide security software updates for the application switch via Symantec’s online service, LiveUpdate.
Analysts say this is the first time this type of vulnerability protection has been added to an application switch.
“Competitors such as Radware have delivered that kind of intrusion protection as separate products but not as part of the application switch,” says Cindy Borovick, director of data centre networks at IDC.
Borovick says Nortel’s approach is primarily aimed at protecting servers because the application switch typically sits in front of data centre servers to increase performance.
The Nortel Application Switch with Symantec Intelligent Network Protection, as the product is called, doesn’t include the kind of comprehensive intrusion-prevention system that would be found in a stand-alone IPS appliance because that could adversely affect the switch, according to Nortel.
“There are probably 8,500 known signatures used for vulnerabilities, and if you scan for all of them there’s the risk of slowing down traffic and of false positives,” says Dan Schrader, director of product marketing and application switches at Nortel.
The Nortel application switch will instead target a few hundred of the most high-risk vulnerabilities and attacks that could affect the environment in which the switch is typically used.
Schrader says there are 50,000 Nortel application switches in use, and they are typically found in data centres in front of databases, e-mail servers and Web farms in midsize to large corporations and carriers. The goal in adding the Symantec intrusion-prevention technology to the switch is to block attacks aimed at vulnerabilities found in software in those environments.
The Symantec-based IPS monitoring and blocking capability will be controlled through the Java-based manager that’s part of the Alteon application switch. Nortel is suggesting customers start out using IPS on a monitoring-only basis before turning on the full blocking mode. That way, data centre managers can gain experience with the IPS detection before letting it have any impact directly on corporate traffic through blocking.
The Nortel Application Switch with Symantec Intelligent Network Protection costs US$15,000 to $35,000 per switch, with the intrusion-prevention capability available as a $5,000 licence upgrade.