Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Questionable activity dashboard added to ConSentry software

Consentry Networks : 18 February, 2009  (New Product)
Improvements in control and awareness included in latest software for device threat detection and asset protection from ConSentry
ConSentry Networks has announced new software that addresses two of enterprises' top business concerns for 2009: keeping intellectual property safe and making the most of IT budgets in the economic downturn. A new real-time alerting and correlation engine within the ConSentry InSight Command Center proactively identifies questionable applications and devices that pose a risk to digital assets. The engine in turn populates new dashboards that provide IT with an at-a-glance view of risks on the LAN, with drill-down capability to identify user, device, and application detail. New endpoint posture validation software within the LANShield software dramatically simplifies IT's task of protecting against the spread of malware from managed desktops as well as unmanaged "guest" machines.

The new correlation engine and dashboards highlight risky application and protocol behaviour such as that used by the recently reported Downadup/Conficker worm, in which a LAN protocol communicates with external IP addresses. The new endpoint posture validation software includes a permanent agent for managed desktops as well as support for auto-remediation. Taken together, these new software tools improve IT managers' ability to proactively identify threats to their organisations' digital assets and intellectual property, yielding dramatic operational savings for IT.

"As the Regional Security Chair for Pioneer Electronics (USA), Inc., I am responsible for maintaining the security surrounding Pioneer's intellectual property," said Max Reissmueller, senior manager of IT infrastructure and operations. "With recent changes to our company, risks are more prevalent, yet security staffing remains lean. ConSentry's new 'Questionable Activity' dashboard efficiently helps me stay ahead of that risk and find potential problems before they become an issue."



The ConSentry LANShield platform provides unprecedented levels of visibility and control of users, applications, and devices on the LAN. The new LANShield and InSight software improves IT's ability to proactively mitigate risks on the LAN without incurring any incremental costs to their budget or staff time.

The rules database at the heart of the new real-time correlation and alerting engine processes a broad range of inputs, including user, application, protocol, destination, L4 Port, bandwidth, URL, filename, and time of day. It correlates these inputs against a set of rules to detect potential risks to intellectual property as well as LAN availability. The InSight software ships with a set of pre-defined rules that automatically highlight some of the biggest risks in LANs today, such as a LAN protocol communicating with an external IP address - the type of behaviour the Downadup/Conficker worm uses.

After performing this multi-factor correlation, the rules database communicates findings of questionable applications, devices, protocols, and user behaviour via dashboard alerts and reports. As a result, IT immediately sees threats such as Trojan applications, encrypted external tunnels, rogue servers, and other potential sources of data leakage. The ConSentry engine's unique ability to drill down to activity at Layer 7, tied to usernames, provides IT with stateful flow analysis of the network for immediate action as well as long-term data for LAN usage blueprints, audits, and forensics.



NAC Dashboard: provides an at-a-glance view of any health issues for devices on or attempting to enter the LAN. IT has full control over which parameters are scanned, what issues merit a warning to the user versus denying access, and which roles in the organisation should be subject to a device scan.

Questionable Activity Dashboard: identifies risky applications (e.g. peer-to-peer and IM), rogue servers (e.g., unauthorised DHCP or DNS servers), potentially time-wasting applications and websites (e.g. audio or video downloads), and protocol risks (e.g. SSH running over a non-standard port, which could indicate a botnet). Highlighting these questionable applications and devices enables IT to mitigate the risk of data leakage and lost productivity before problems occur.

The advent of the multi-factor rules database and correlation engine sets ConSentry apart in delivering proactive defence for IT. "As attacks grow more sophisticated, enterprises are increasingly concerned about the loss of customer data or intellectual property," said Paula Musich, senior analyst for enterprise security at Current Analysis. "But most data leakage prevention projects are long and costly to implement, and can be hard to justify in tough economic times. Simpler and more cost-effective approaches such as gathering and correlating data on activities that point to potential data loss risks can provide IT with a base level of DLP capabilities that address those concerns without breaking the budget."

The new endpoint posture validation software enhances ConSentry's device posture-checking ability. LANShield platforms now support a permanent agent for scanning managed devices, in addition to a dissolvable agent for unmanaged guest devices. Auto-remediation of endpoint faults, such as updating out-of-date anti-virus definitions, simplifies IT's task of ensuring device health, and role-based scanning enables organizations to define which systems should be subject to the scans.

"Today's LAN is very different than in the past, with a much greater diversity of users, devices, and applications," said Derek Granath, vice president of marketing for ConSentry. "Add remote offices, virtualisation, and digital assets to the mix, and IT has a significant challenge in balancing the potential productivity gains of this diversity and these new tools against the risk they present to organisations. Our new correlation engine, with its proactive threat identification, gives IT managers the control they need to safely make use of these new tools - all in single, easy-to-deploy platform."

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo