Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Access Management

Vernier Networks' EdgeWall 7000 series

EdgeWall 7000 series
Vernier Networks
Price: Starts at $9,000


EdgeWall 7000 series
@exe Access control isn't an either/or proposition. Enforcing security policy without hamstringing normal business activity is a balancing act that factors in device vulnerability and the criticality of the applications and data being accessed. Vernier Networks' EdgeWall 7000 puts enterprises in control of this process, automating business continuity through an intelligent integration of vulnerability assessment and access management.

Sitting in front of switches and wireless APs, the EdgeWall 7000 series of high-throughput appliances provides dynamic, granular access control based on identity and vulnerability assessment to protect critical apps and data from dangerously vulnerable or compromised devices. It allows normal business where risk exposure is acceptable. For example, critical re-sources, like financial records, must be protected at all costs, while an intranet page listing corporate polices or events can still be accessed by clients that have security flaws.

The appliance scans each device for vulnerabilities, performs a signature-based check for device traffic malware, and (if integrated with PatchLink's automated patching) determines patch level. This information is used for creating a security profile. Its decision-making is based on predetermined access policies, which match security profiles with identity profiles (defined groups of users or devices with common characteristics, e.g., wireless users).

Access rights can be granted or the device quarantined for remediation based on threat assessment.

The granularity of access policy creation is perhaps EdgeWall's greatest strength. Security managers determine what rights the user has to pass through to the appliance and what resources on the network will be made available. Access policy can be based on connection location, VLAN tags, time and date, client authentication, and identity.

Be warned: This isn't an appliance that gets dropped in front of your network and configured using a few wizards. Security mangers must have a comprehensive understanding of rights, authentication mechanisms, and vulnerability and patch management before tackling EdgeWall. That said, the interface for creating profiles and setting rights is straightforward and easy to navigate.

Exec Summary
up Granular access control
down Malware detection
down High performance
down Complex
down Manual updates
down Third-party patch management

In our tests, we were able to authenticate only bug-free systems. Using the same credentials, our spyware- and worm-infected desktop was denied network access, and all further traffic from it was dropped.

We redirected questionable traffic to a VLAN for later analysis.

EdgeWall's malicious code and vulnerability filters and signatures come out of Vernier's Threat Labs, a subscription-based service that provides vulnerability information, filters and scan sets, notification, and updates as soon as threats emerge. Updates are not automatic--the user accesses the Web site and determines which updates are applicable to his enterprise environment.

Despite its complexity, EdgeWall 7000 series is a highly scalable tool that provides flexible access management and combines powerful security features with an appreciation of real-world business needs.

-Sandra Kay Miller

Article 10 of 16

Dig Deeper on Network Access Control technologies

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All