Stay informed. Sign up to receive the “Intelligent Switching Informer.”

ConSentry InSight Command Center

The command center for Intelligent Switching

ConSentry Networks delivers intelligent switching, making it easy for IT to control users and applications on the LAN. The ConSentry LANShield platforms — the LANShield Switch and LANShield Controller — tie together user, device, role, application, and destination, sending that information to the InSight Command Center for aggregation and display. As a result, IT gains a level of business context not possible with legacy switch architectures which enables IT to more easily align the LAN to the business and deliver the services needed to make enterprises more efficient, accountable, and agile.

» ConSentry InSight Datasheet (605K PDF)  » LANShield Visio Icons (367K ZIP)  » Intelligent Switching Overview (Flash)

In addition to aggregating all user and application flows, InSight presents IT with actionable information, showing key events in at-a-glance summaries and drill-down, detailed views. InSight enables rapid incident response, auditing, and reporting. InSight’s GUI-based tools also simplify policy creation and distribution.

InSight includes templates that make it easy for IT to create policies and deploy them on LANShield devices. The LANShield platforms automatically derive users’ roles, and InSight uses that role information as the basis for intelligent switching policies. InSight also supports filters that let IT treat policies as building blocks and layer on multiple levels of control more easily. The flexible exception rules, combined with the policy filters, let IT create unique controls by role without creating a separate policy for each variation.

Visibility Features

InSight provides IT with a view of the overall health of the LAN, all security incidents, and per-user, per-role, and per-application aggregated views. The LANShield products bind users to their addresses and applications, so InSight is able to display all LAN status information, incidents, and policy violations by username.

InSight retains statistics about all flows, including both real-time and historical data. This information includes such details as the packets and bytes in and out by application and protocol; the individual file name involved in a Windows file sharing (CIFS), instant messaging, or FTP operation; the usernames of users who accessed particular files; and the duration of all sessions.

The Network Awareness dashboard provides a quick snapshot of network usage by user, role, or application.

InSight also provides an aggregated view of the LAN security health — the InSight dashboard displays:

• the overall network threat level
• user counts by authenticated, unauthenticated, and guests
• authentication failures
• incidents for unauthenticated users
• policy, malware, and posture incidents
• the top user or device roles responsible for incidents

Other dashboard views such as Network Awareness show network resource usage, with data including top network users, top applications by bandwidth and instance, top destinations, and top URLs being accessed during the course of the day.

InSight provides a range of other statistics that can be selected to create custom dashboard views and reports. IT can select from data such as top policy violators, top FTP file transfers, top IM files, top policy incidents, and malware incidents by type.

Detailed forensic drill-down is available from the dashboard views that provide information on user activity, applications and hosts used, and policies enforced. IT can also use InSight to track individual application flows for a user. IT can select which traffic InSight should make visible. For example, an IT administrator may choose not to see details on traffic related to a management VLAN. IT can also set filters for InSight’s visibility by application and role.

To protect privacy, InSight supports a four-eye mode that requires two IT staff be involved when accessing information such as usernames and IP addresses.

The Security Incidents dashboard enables quick response to policy, malware, and posture violations.

Custom queries allow IT to view specific data when troubleshooting performance, user, application, or security issues. Among the possible queries are:

• new applications (by bandwidth) seen over a period of time specified by IT
• new network users seen over a period of time specified by IT
• network users seen over a specific time period but not currently visible

Policy Creation GUI

InSight command center incorporates a rich graphical user interface for identity-based policy creation. With it, IT can easily create:

• network zones
• hierarchical policies and role mapping
• Layer 4 and Layer 7 application filters and groups
• role definitions and user-to-role mapping
• Active Directory, RADIUS, and LDAP interface configuration

Reporting Features

InSight provides comprehensive reporting on the visualized data. Built-in reports include the Daily File Access Report and the Enterprise Security Report, which includes user asset and incident information. IT can also generate custom reports to meet a variety of needs, from technical to business issues. For example, an administrator could build a report that showed all users that have incidents associated with a given policy during a specified time period or all users that accessed a particular application during a specified time period. An IT administrator can also add graphical charts from the InSight dashboard to report templates to enhance their visual presentation.

Reporting Features

InSight provides centralized management and configuration of all LANShield devices deployed in a network. Capabilities include:

• central policy management: InSight enables IT to configure policies just once and then push them out to all applicable LANShield devices.
• software updates of multiple LANShield devices: IT can use InSight to distribute updated LANShield OS releases to all deployed devices.
• LANShield device health: This configuration view provides status on a LANShield device’s CPU usage, memory usage, fan speeds, current temperature, and power supply status.
• custom captive portal: Using InSight, IT can distribute a customized captive portal page to multiple LANShield devices.
• distribute posture check configuration file: IT can use InSight to send these endpoint files to multiple LANShield devices.
• audit logging: IT can track all actions done via InSight, with the associated users, time, and status of each activity.
• archiving data: InSight is RAID capable and data can be exported to an SQL database.

	ConSentry InSight can configure and manage multiple LANShield devices from a centralized location.

InSight Server Minimum Requirements

InSight Client Minimum Requirements

Ordering Information

"What I need is total and persistent visibility into and control over who gets access to my resources in order to maintain business continuity. This is exactly what I get from the ConSentry solution."

Jim Hallden
Director of IT
HydroQual

» More Customers

"It's very rare to see a security device as easy to use as the Secure LAN Controller. Setup is plug-and-play simple, while the unit's browser-based interface, aptly called InSight, provides an intuitive launching point into the controller's capabilities."
Read the Review.

» More Awards