|
|
 |
Building the Secure LAN
A New Model for Protecting Your Business
The Secure LAN Controller provides: |
|
 |
Network Admission Control (NAC)
The Secure LAN Controller supports NAC by leveraging an organization’s existing AAA servers and identity stores as well as its host integrity infrastructure. ConSentry can provide either passive or active authentication via RADIUS or LDAP-compliant directory services such as Active Directory. Likewise, it interoperates with a variety of host posture check agents, such as the Cisco Trust Agent (CTA), Microsoft Network Access Protection (NAP), agents compliant with the Trusted Computing Group’s Trusted Network Connect (TNC) specification, or the platform can send dissolvable agents to perform a posture check on desktops the organization does not own or control. By performing the 802.1X “authenticator” role, the Secure LAN Controller eliminates the need for companies to upgrade all their wiring closet switches to support 802.1X. |
|
Visibility
The Secure LAN Controller is layer 2-7 aware. It provides in-depth packet inspection with full layer 7 decode, so the platform can distinguish between applications using the same port or attempting to mask themselves using a port not typically associated with that application. The ConSentry platform can also filter traffic based on content in the data portion of packets, such as specific FTP files or phrases in telnet communications. In addition, by leveraging an organization’s identity store, the LANShield OS binds a user’s name to IP and MAC addresses as the user authenticates to the LAN. As a result, the Secure LAN Controller can tie all LAN traffic back to the user. Alternatively, IT can view traffic by user group, application, host or other resource, protocol, port, transaction, or file access, giving IT unprecedented visibility into LAN traffic. |
|
User Access Control
The Secure LAN Controller can apply access controls to everything it sees. Most importantly, because it links user identity to the network, the Secure LAN Controller gives IT the ability to define role-based policies that limit a user’s access based on their role in the organization. For example, IT could restrict access to the finance server to employees in the finance department or limit guests to Internet access.
Because the Secure LAN Controller operates pervasively across the LAN, policies apply universally, regardless of where – or how – a user connects to the network. IT can define policies ranging from coarse to granular by user, user group or role, application, host or other resource, protocol, port, transaction and file access, and the Secure LAN Controller will enforce those policies, eliminating the need to configure ACLs or VLANs in switch hardware. As soon as that backdoor shell Joe the contractor installed tried to launch, for example, it would be blocked at the LAN edge since its protocol would not be permitted by that machine’s authenticated user |
|
Threat Control
As an application-aware platform, the Secure LAN Controller protects against both known and unknown threats, providing more accurate detection than security tools operating at lower layers, with blocking at a finer level of granularity. The first line of denfense for malware is the NAC process, with host posture check looking for the presence of a known worm. The second line of defense are ConSentry’s patent-pending application behavioral algorithms that detect zero-day or zero-hour worms.
The ConSentry algorithms are highly discriminating, able to differentiate worm traffic from normal user behavior, for example. As a result, the Secure LAN Controller is a robust malware detector, capable of providing zero-day protection while requiring almost no tuning or maintenance. |
|
|
| Contact salesinfo@securematics.com for more information. |
|
|
