Policy-based access control, no agents

Endpoint security solutions from vendors such as Check Point and Sygate protect the company LAN from unauthorized users and infected clients, using a combination of client-side agents and a central management server. Now available from ConSentry Networks is a hardware-based, transparent system for monitoring and managing user access that installs in the wiring closet and requires no client software.

ConSentry’s Secure LAN Controllers are based on what the company calls its LANShield Silicon Architecture, which consists of custom traffic processing ASICs that allow incredible real-time views into network traffic. Packets are decoded from Layer 4 all the way to Layer 7, allowing IT to truly “see” what network users are doing. During a recent demonstration, I was able to view both historical and real-time traffic for a single user and also a group of users. From the protocols used to the applications launched to the Web sites accessed, everything was laid out in report form.

The Secure LAN Controller is available in two models. The CS1000 comes with 10 ports and can handle as many as 200 users and 2Gbps of traffic; the CS2400 comes with 24 ports and scales to 1,000 users and 10Gbps. The controllers install transparently between workgroup switches and the core backbone switches. 

Creating policies and generating reports is the job of the Java-based management tool ConSentry InSight. InSight hooks into existing Active Directory or RADIUS to extract user and group information. Policies are defined based on group affinity, then pushed to the Controller for enforcement. It’s a powerful way to ensure users are obeying the rules.

ConSentry Secure LAN Controller
ConSentry Networks
Cost: $17,995 for CS1000; $27,995 for CS2400
Available: Now