The Former Cisco Five's Revolutionary Firewalls

If you haven't heard of Rohati Systems Inc., you're probably not alone. But that could change soon. Founded by five former Cisco Systems Inc. engineers, startup Rohati Systems Inc., Sunnyvale, Calif., recently made its entrance onto the network security stage, with the goal of entirely revamping traditional firewall solutions.

Their core competency? High-performance entitlement control for applications. According to the founders, these are not your mother's traditional firewalls.

CSS Callout -->

Rohati Systems Inc. • Shane Buckley • CEO • (408) 400-8106 • Shane@rohati.com

"Rohati is not a perimeter firewall solution," said CEO Shane Buckley. "And Rohati is not attempting to replace the perimeter threat mitigation devices. We, along with many others, believe that the nature of the network perimeter is being redefined and that traditional approaches are ineffective."

Executives contend that their aim was to fill in the gaps created by firewalls, which are often limited by lack of depth and relevance of controls. While firewalls do a "pretty good job" of threat mitigation at the network perimeter, they don't always provide a depth of defense that would allow companies to manage and control access and authorization to applications and networks, Buckley said.

Launching Pad To highlight its debut, the company has launched its first network-based entitlement control solution, Transaction Networking System (TNS), designed to limit users' access to applications based on their authentication credentials.

Specifically, the appliance is designed for F500 data center environments—intended to reside in the data center and close to the applications it protects. It also enables enterprise businesses to authenticate each session and authorize each transaction based on their individual business policies and security needs.

"The coarse-grained Layer 4 controls that firewalls provide were fine in the 1990s when users were tied to an IP address," Buckley said. "But those days are gone."

Now companies require both in-house "insiders" and outsourced "outsiders" and a diverse array of mobile devices, making it almost impossible to tie an IP address to a specific user, Buckley explained.

And partners say that the solution is unique in that it provides Layer 7 ACLs for granular entitlement and enforcement capabilities, with the ability to support new business security and authentication trends by expanding policy controls to allow businesses to specifically hone access based on users' credentials.

In addition, the TNS platform provides entitlement control on a per-transaction basis across a wide array of applications and resources, including Microsoft SharePoint.

Partners say that this is not a commoditized market. Tom Shaw, president of Wide Area Management Services (WAMS), Santa Clara, Calif., said that while the device is best suited for an enterprise environment, it is targeted toward any vertical that has "pain in supporting multiple applications."

"A lot of CEOs are deploying SharePoint for compliance reasons to allow secure access with login function," Shaw said. "Companies are making investments in applications. ... Yet [executives] are at the mercy of consultants to write them into the application to gain access to them. It could take weeks, and potentially months."

Shaw also said the device's centralized management console, and low latency and management, gave him the ability to talk about budget, compliance and other concerns with C-level executives. The TNS device can also be implemented with no changes to the server, users or network.

"With this device, we're able to talk about securing the applications but can also cross-sell to application acceleration and compliance," Shaw said. "We're not just sticking a faster, better switch out here."