Secure Switching - Universal Endpoint Interoperability


		HOME \| EN GARDE BLOG \| HOW TO BUY \| EXTRANET LOGIN \|

Overview

LANShield Switches

LANShield Controllers

ConSentry InSight

ConSentry Posture Check

LANShield OS

LANShield Technology

Intelligent Switching

Analyst and Media Quotes

Press Kit

Awards and Reviews

Support Services

Training and Certification

Product Registration

Technical Assistance Center



	Intelligent Switching
	What is Intelligent Switching Refreshing Your Switches Secure Your LAN in Phases Endpoint Interoperability

	NAC+LAN Segmentation

	IT Initiatives

	Industry Solutions

	Customers

	Free LAN Assessment



Stay informed. Sign up to receive the “Intelligent Switching Informer.”




	Universal Endpoint Interoperability A key component of secure switching – the ability to control every user and secure every port – is validating that connected endpoints meet the enterprise’s security requirements. A compromised laptop can unintentionally expose the network to debilitating viruses, worms, and other malware. Understanding the health and security posture of the endpoint, not only when it enters the network but throughout its entire session, is key to network access control and determining the appropriate access to grant a user. As malicious software continues to become stealthier and more elusive to avoid detection, determining health posture has evolved far beyond simple network-based scans looking for suspicious open ports. The process now requires a multifactor approach, looking at OS patch level, anti-virus patch level, firewall state, and a number of other variables to determine the health of the endpoint Typically enterprises have a mix of managed machines – those maintained by IT – and unmanaged machines – those brought in by guests and contractors. To support both machine types, as well as various OS types and versions, enterprises need multiple ways to gather health posture. The network access control solution should adapt to the enterprise network – not the other way around. Consistent with ConSentry’s philosophy of secure switching with simple network integration, ConSentry provides three different ways for health posture to be gathered: The ConSentry LANShield device can dynamically distribute a dissolvable posture check agent that gathers posture status and then leaves no traces on the endpoint once the session is completed. The LANShield can interoperate with standard-based NAC frameworks. The LANShield device can passively snoop health status by monitoring endpoint security or patch suites with embedded posture agents. Unmanaged machines – dissolvable agent. Dissolvable posture checking agents provide the most value for guests and contractors trying to gain access to the network. In this case, the LANShield device dynamically downloads a robust posture checking agent to the laptop, one that leaves no trace once the user has finished the network session. Dissolvable agents increase the productivity of contractors – when IT had no way to confirm posture status of an unmanaged PC, acess was limited to Internet access. Now that a contractor’s machine posture can be validated, contractors can be given access to appropriate internal resources. Managed machines – NAC frameworks. Network access control standards are evolving to facilitate interoperability, and ConSentry is committed to supporting them. We’re a Microsoft Network Access Protection (NAP) partner, and our software already interoperates with the NAP framework. We also support the Trusted Computer Group’s Trusted Network Computing initiative. As these standard agents become more widely available, ensuring posture check will be even simpler for IT. Managed machines – AV suite vendors. Anti-virus and other endpoint security suite vendors have evolved their products to include more comprehensive endpoint checking. These products communicate machine status to a central policy server. ConSentry is able to transparently tap into this communication and determine posture status. With this posture check method, IT is able to leverage software already deployed on the endpoints, getting in-depth knowledge of the endpoint to apply in network access control without any new software. Managed machines – regional endpoint vendors. In many countries throughout the world, regional vendors have made significant inroads in supporting customers with localized endpoint products. As our customers require it, we will work with these vendors to integrate with the posture check capabilities into the broader ConSentry network access control solution. To date, we work with products from Criston (headquartered in France) and NTT Data Intellilink (headquartered in Japan) to support joint customers, and we’ll continue these regional developmenst. Universal Endpoint Interoperability – a cornerstone of ConSentry’s Intelligent Switching

Online Demo

		Learn more about our LANShield solution in this two-minute Flash demo.

	» Watch the Demo

Customers


	"ConSentry gives us a simple, cost-effective way to make sure only the right people get onto the LAN and conduct only allowed operations." » More Customers

White Paper

		Network Admission Control: ConSentry's First Line of LAN Security Defense.

	» Download White Paper




	Network Access Control \| LAN Segmentation \| Network Visibility and Control \| Intelligent Switching
	Home \| Products \| Solutions \| Partners \| News \| Support \| Site Map \| Privacy \| En Garde Blog
	Copyright © 2008, ConSentry Networks. All rights reserved. \| 1690 McCandless Drive, Milpitas, CA 95035 \| +1 408-956-2100 \| 1-866-841-9100