This article can also be found in the Premium Editorial Download "Information Security magazine: Keeping on top of risk management and data integrity essentials."
Download it now to read this article plus other related content.
Price: Starts at $9,000
|EdgeWall 7000 series|
Sitting in front of switches and wireless APs, the EdgeWall 7000 series of high-throughput appliances provides dynamic, granular access control based on identity and vulnerability assessment to protect critical apps and data from dangerously vulnerable or compromised devices. It allows normal business where risk exposure is acceptable. For example, critical re-sources, like financial records, must be protected at all costs, while an intranet page listing corporate polices or events can still be accessed by clients that have security flaws.
The appliance scans each device for vulnerabilities, performs a signature-based check for device traffic malware, and (if integrated with PatchLink's automated patching) determines patch level. This information is used for creating a security profile. Its decision-making is based on predetermined access policies, which match security profiles with identity profiles (defined groups of users or devices with common characteristics, e.g., wireless users).
Access rights can be granted or the device quarantined for remediation based on threat assessment.
The granularity of access policy creation is perhaps EdgeWall's greatest strength. Security managers determine what rights the user has to pass through to the appliance and what resources on the network will be made available. Access policy can be based on connection location, VLAN tags, time and date, client authentication, and identity.
Be warned: This isn't an appliance that gets dropped in front of your network and configured using a few wizards. Security mangers must have a comprehensive understanding of rights, authentication mechanisms, and vulnerability and patch management before tackling EdgeWall. That said, the interface for creating profiles and setting rights is straightforward and easy to navigate.
In our tests, we were able to authenticate only bug-free systems. Using the same credentials, our spyware- and worm-infected desktop was denied network access, and all further traffic from it was dropped.
We redirected questionable traffic to a VLAN for later analysis.
EdgeWall's malicious code and vulnerability filters and signatures come out of Vernier's Threat Labs, a subscription-based service that provides vulnerability information, filters and scan sets, notification, and updates as soon as threats emerge. Updates are not automatic--the user accesses the Web site and determines which updates are applicable to his enterprise environment.
Despite its complexity, EdgeWall 7000 series is a highly scalable tool that provides flexible access management and combines powerful security features with an appreciation of real-world business needs.
-Sandra Kay Miller
This was first published in April 2005