ConSentry Networks

ConSentry Networks offers a single-platform for complete Network Access Control. ConSentry’s LANShield product family provides the pre- and post-admission control capabilities needed for solid LAN security. With ConSentry’s purpose-built devices based on custom silicon, Information Technology staff can control who is allowed onto the LAN, restrict what users can do on the LAN, and prevent threats from disrupting network services or compromising data. The LANShield Controller works with existing LAN infrastructure and authentication databases to provide these capabilities.

The ConSentry LANShield architecture delivers four key features:

1. Network Admission Control (NAC) – authentication and posture check to control who can enter the LAN. As a first step in LAN security, enterprises need to verify that users are who they say they are and that the machine they’re using to enter the LAN complies with corporate standards, running an approved operating system with current patches and fixes and an updated anti-virus program. Without both sets of admission controls, authorized users may unwittingly unleash malware that anti-virus software would have removed from their laptop. ConSentry supports NAC by leveraging an organization’s existing AAA servers and identity stores as well as its host integrity infrastructure. Where applicable, the LANShield Switch and LANShield Controller can actively participate in user authentication and host posture checks, without the need for 802.1X or an installed host agent.
   

2. Comprehensive Visibility – visualize traffic and tie it to users and applications for auditing and reporting purposes. To be effective, a LAN security platform must provide visibility into LAN traffic in a way that’s useful to IT staff and allows for appropriate levels of control. While auditing requires the tracking and storage of large volumes of data, day-to-day security management depends on having information that enables fast incident response. We need the ability to manage by exception – to have visibility into what has changed on the network or what has happened out of the ordinary. Through stateful deep packet inspection with full Layer 7 application decode, the ConSentry LANShield product family is able to provide this level of traffic visibility. The data enables security-related control, incident response, auditing, and trend analysis. 
   
   The ConSentry InSight command center is IT’s window into all users, LAN traffic, and violations, and is also the means by which IT defines and distributes policies centrally. With InSight, IT can see and control all traffic on a per-user, per-flow basis, as well as define role-based access control policies and malware control policies. Likewise, InSight’s comprehensive traffic tracking allows for rapid troubleshooting, auditing, reporting, and forensics. 
   

3. Identity-Based Control – role-based access control to for LAN resources. Properly implemented, identity-based control can be a powerful tool, giving IT a rich and flexible way to define and enforce role-based access control. As a baseline, an identity-based control system must tie all LAN activity back to specific users and support universal access control. The LANShield Switch and LANShield Controller can apply access controls to everything they see. The platforms give IT technicians the ability to define policies that limit a user’s access to networked resources based on his or her role in the organization. Once policies are defined, they are downloaded to enforcement devices, which monitor LAN traffic to apply those policies. This identity-based access control applies universally, regardless of where or how a user connects to the network. 
   

4. Threat Control – detect and block propagation of worms and other malware. IT personnel need a way to control threats that originate on the LAN. Such protection must detect any malicious code that may appear on the network and prevent it from propagating. It must alert IT staff to unusual traffic and block it immediately, detect and block any sources of threats that might indicate an attack, minimize false positives and tuning, operate close to the host, and recognize and block attacks launched from non-user network devices.
   
   The LANShield product family protects against both known and unknown threats, providing more accurate detection with blocking at a finer level of granularity than security tools operating at lower layers. Incident reporting is based on knowledge of user transactions, and the LANShield Switch and LANShield Controller can stop traffic on a per-user or per-application basis if malware is detected. ConSentry can also limit the protocols that printers, phones, or other devices can run and restrict which network destinations they can reach.

ConSentry delivers a holistic approach to securing your LAN, providing inline enforcement for NAC and identity-based control in a single platform with no switch upgrade. This combination of full visibility and access control ensures that enterprise assets are protected and network availability remains high. The programmability of the LANShield silicon enables ConSentry to keep pace with changes in applications and security requirements. Visit the ConSentry website for a complete breakdown of how these tools work.