Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Keeping on top of risk management and data integrity essentials."

Download it now to read this article plus other related content.

EdgeWall 7000 series
Vernier Networks
Price: Starts at $9,000

@exb

    Requires Free Membership to View

EdgeWall 7000 series
@exe Access control isn't an either/or proposition. Enforcing security policy without hamstringing normal business activity is a balancing act that factors in device vulnerability and the criticality of the applications and data being accessed. Vernier Networks' EdgeWall 7000 puts enterprises in control of this process, automating business continuity through an intelligent integration of vulnerability assessment and access management.

Sitting in front of switches and wireless APs, the EdgeWall 7000 series of high-throughput appliances provides dynamic, granular access control based on identity and vulnerability assessment to protect critical apps and data from dangerously vulnerable or compromised devices. It allows normal business where risk exposure is acceptable. For example, critical re-sources, like financial records, must be protected at all costs, while an intranet page listing corporate polices or events can still be accessed by clients that have security flaws.

The appliance scans each device for vulnerabilities, performs a signature-based check for device traffic malware, and (if integrated with PatchLink's automated patching) determines patch level. This information is used for creating a security profile. Its decision-making is based on predetermined access policies, which match security profiles with identity profiles (defined groups of users or devices with common characteristics, e.g., wireless users).

Access rights can be granted or the device quarantined for remediation based on threat assessment.

The granularity of access policy creation is perhaps EdgeWall's greatest strength. Security managers determine what rights the user has to pass through to the appliance and what resources on the network will be made available. Access policy can be based on connection location, VLAN tags, time and date, client authentication, and identity.

Be warned: This isn't an appliance that gets dropped in front of your network and configured using a few wizards. Security mangers must have a comprehensive understanding of rights, authentication mechanisms, and vulnerability and patch management before tackling EdgeWall. That said, the interface for creating profiles and setting rights is straightforward and easy to navigate.

Exec Summary
Granular access control
Malware detection
High performance
Complex
Manual updates
Third-party patch management

In our tests, we were able to authenticate only bug-free systems. Using the same credentials, our spyware- and worm-infected desktop was denied network access, and all further traffic from it was dropped.

We redirected questionable traffic to a VLAN for later analysis.

EdgeWall's malicious code and vulnerability filters and signatures come out of Vernier's Threat Labs, a subscription-based service that provides vulnerability information, filters and scan sets, notification, and updates as soon as threats emerge. Updates are not automatic--the user accesses the Web site and determines which updates are applicable to his enterprise environment.

Despite its complexity, EdgeWall 7000 series is a highly scalable tool that provides flexible access management and combines powerful security features with an appreciation of real-world business needs.

-Sandra Kay Miller

This was first published in April 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: