Protect LANs From The Inside Out With Consentry

Case in point: Security vendors have focused on protecting LANs from intrusion and malicious behavior by applying technology once reserved for the WAN.

In general, those firewalls and other intrusion prevention systems have worked quite well to protect networks from the outside. But those very same technologies have become cumbersome and unwieldy when it comes to protecting networks from the inside. The demons of administrative overhead and bandwidth usage are only two of the shortcomings.

Milpitas, Calif.-based ConSentry Networks took a hard look at these failings when creating its Secure LAN Controller, a security device designed to work on the inside of the network. Its development challenges were myriad: ConSentry determined existing processor technologies could not keep up with internal traffic generated by the typical enterprise LAN, especially considering the load that deep-packet inspection can put on a security appliance. ConSentry&s answer was to develop its own processor, a proprietary piece of silicon that can handle as many as 128 simultaneous threads, a massive improvement over the typical CPU. ConSentry also added a pair of ASIC controllers that further help speed packet processing. What does this all mean? Simply put, the device can scale up to 10-GBps speeds, while servicing as many as 1,000 users. While speed is an important consideration with any security appliance, the real news is how the ConSentry device works in a LAN. Designed for simple deployment, it mimics a typical Ethernet switch. Installers drop the device into the network infrastructure between the main switch and the departmental Ethernet switches. For all intents and purposes, the device remains transparent to the other network switching equipment on the network, further simplifying installation.

The Secure LAN Controller&s job is to monitor all internal network activity, apply policies to the traffic and log it. For example, by using deep-packet inspection technology at Layer 7 of the protocol stack, the unit can monitor every access request by a user. That allows detailed policies to be put in place to control and monitor all internal user requests. The device provides powerful reporting and auditing capabilities along with threshold and event alerts.

id
unit-1659132512259
type
Sponsored post

It&s very rare to see a security device as easy to use as the Secure LAN Controller. Setup is plug-and-play simple, while the unit&s browser-based interface, aptly called Insight, provides an intuitive launching point into the controller&s capabilities. Administrators can monitor all activity in realtime and then drill down further to the most minute details about an individual user session. Policy control allows automated actions to take place and proves quite powerful when one considers the requirements of HIPAA and the Sarbanes-Oxley Act.

As a new company that is well-funded, ConSentry has put a lot of effort into developing a partner-friendly program. It promises 100 percent channel commitment and will directly distribute products only to authorized partners. The program is divided into three tiers that all offer 15 percent margins on product. Premier partnerships will be limited to three solution providers per region, while Alliance relationships will be limited to five per region. ConSentry will not limit the number of Associate partners. All partners have secure access to a partner dedicated extranet, while Premier and Alliance partners are assigned dedicated account resources. MDFs are readily available to Premier partners, while Alliance partners will be funded on a case-by-case basis. Premier partners also have access to demo facilities.

Some solution providers may consider the entry points to the channel program steep. Premier partners must have two dedicated system engineers and two sales representatives on staff. Alliance partners have the same staffing requirements, while Associates need one system engineer and one sales representative. There are no revenue requirements for the Associate level, but Alliance partners must have $100,000 per year in sales and Premier partners must achieve $500,000 per year in sales. ConSentry offers extensive training opportunities for all levels of partners. This is free for Premier partners, but other levels have to pay.

Currently, ConSentry offers two versions of its unit: The CS 1000, which lists for $17,995, supports 2 Gbps and 200 users; and the CS 2400, priced at $27,995, scales up to 1,000 users and runs at 10 Gbps. With both devices, ConSentry offers solution providers a new avenue to secure corporate LANs. Although the company&s channel program may be hard to swallow for smaller VARs, the technology behind the products makes partnering more than worthwhile.