Every where you go these days there seems to be a proliferation of appliances at the edge of the network dedicated to managing one element or another of the security infrastructure.
This makes sense given today's environments because these appliances essentially offload that specific task from the network. Otherwise, IT organizations would be required to refresh every device on the network to make it able to deal with all the potential security and compliance issues facing the organization. Obviously, that's prohibitively expensive approach to the problem.
But the end result of the appliance approach is a lot of clutter at the edge of the network that creates an expanding management headache with each new appliance added to the network. Worse yet, with each dedicated device handling a specific task, there is little coordination across the network appliances. This makes it easier for increasingly more sophisticated blended attacks to occur by exploiting the seams between various dedicated appliances.
These issues make a startup company called ConSentry Networks led by CEO Tom Barsi, which is scheduled to launch its first product this summer, very interesting. ConSentry is building yet another appliance, but this one is based on processor technology developed by ConSentry. Barsi and team claim that this offering allows this product to do a deep inspection of every packet on the network in real time without adversely affecting overall network performance.
This could mean that rather than trying to put our collective finger in the dike by deploying appliance at the edge of the network, we could in theory deploy appliances anywhere on the network to check for security threats in real time. That approach, in theory, could secure systems at the network, application and data level while reducing the number of actual security appliances that need to be deployed and managed.
Naturally, Juniper and Cisco expect to eventually embed similar technologies in their core offerings as part of an effort to create self-defending networks, but in the mean time ConSentry might offer a way to take a giant step in the right direction when it comes to developing a real defense versus continuing to throw hardware at the problem and hope for the best.
ConSentry hasn't revealed yet what their device will cost and still has to prove that it works. But the track record of company chairman and CTO Jeff Prince, who was one of the co-founders of Foundry Networks, gives is reason to hope this approach may actually represent a real security advance rather than overlaying yet another band-aid on what remains our collective gaping wound.