Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Identity driven network access control for IP networks.

AEP Networks : 01 April, 2008  (New Product)
IDPoint and PacketTag introduced by AEP networks to provide identity management and access control across enterprise networks.
AEP Networks has announced the availability of AEP IDpoint, an advanced identity-based access control (IBAC) appliance. IDpoint is an identity-driven, stealth-mode, wire-speed policy enforcement point for use in the enterprise data center in front of critical application resources. By inserting proof of user identity into IP packets and enforcing resource access policies based on group membership, IDpoint can greatly aid organizations in adhering to internal governance as well as achieving compliance with industry regulations, such as PCI DSS and HIPAA. IDpoint addresses customer demand for tighter control over user access to critical, high-value information assets in order to preserve data integrity and reduce business risk.

IDpoint has been in use by multiple early access customers from a range of industries.

"Compliance considerations leave us with the burden of proof that we protect confidential medical records. IDpoint has addressed this pain with a simple, intuitive policy enforcement engine that gives us proof of user access to private medical information," said Bryce Bowman, Systems Administrator at Medical Associates of the Lehigh Valley. "The value of IDpoint is not just controlling user access; it's providing a detailed audit report to prove compliance with regulations such as HIPAA."

"We are able to drop in IDpoint - without making any infrastructure changes - and add the initial set of access policies integrated with our user directory in under an hour," said Andrew Lingenfelter, General Manager of NCS DataCom, Inc., a managed security service provider. "IDpoint provides a distinct security advantage for our customers because we now have tremendous control over what specific resources and applications individual users and/or customers are authorized to access. Not to mention we then have a full audit trail for compliance related issues.'

Network Segmentation, Policy Enforcement & Granular Access Control
Designed for the enterprise, IDpoint is placed in-line directly in front of certain sensitive application resources or servers in the data center as a hardened policy enforcement point. It enforces network-layer and specific application-layer (such as FTP) access policies and privileges to determine individual user access to the protected resources while stopping unauthorized network traffic from getting through - even an unauthorised TCP ping is blocked. This granular access control allows organizations to easily build identity-driven security zones to ring-fence valuable network resources - limiting access to just those users with a "need to know" and isolating critical resources from exposure to non-authorised staff, partners, customers, devices, etc.

The IDpoint token inserts a secure, unique cryptographic representation of user identity, called AEP PacketTag, into every IP packet destined for a protected resource. This 'proof of identity' tag is only added to packets destined for protected resources. As such, it eliminates the potential for unauthorized access to resources. However, all access attempts made against protected resources - whether allowed or denied - are logged for reporting.

IDpoint provides comprehensive, identity-correlated logging and reporting showing which users accessed what critical information resources from where, when, and for how long. Detail policy violations and PacketTag anomalies are logged as on-screen and printable reports. This unalterable audit trail greatly aids reporting and compliance challenges for PCI DSS, HIPAA, and other regulatory guidelines. Further, IDpoint segmented networks limit the scope and, therefore, complexity of compliance audits.

IDpoint is a "bump-in-the-wire" architecture that does not have any IP addressable interfaces on the protected path(s), meaning seamless installation can occur anywhere on the network. It operates without impacting routing and switched topology, authentication, firewall, IDS/IPS, IP address topology or other applications. As a result, enterprises can simply drop in an IDpoint without any disruption to the existing network for simple and ubiquitous deployment.

The solution works end-to-end between the IDpoint token on the client and the IDpoint appliance in the data center, allowing the IP network to remain a simple, fast pipe. This "security on the ends" approach offers simpler deployments and efficient management of moves, changes and rearrangements which is in stark contrast to network-embedded security alternatives like NAC, VLANs, complex ACLs and firewall policies that are difficult to manage and expensive to maintain. With IDpoint, granular access control is effectively managed by the LDAP/Active Directory administrator. This architectural approach makes IDpoint very useful in healthcare, pharmaceutical, financial services, managed services providers or any organisation where privacy, network segmentation, data protection and compliance are important.

Additional Highlights of AEP Idpoint:.

- Enforce end-to-end intelligent access policies across any IP-based network (LAN, WAN & remote/mobile users).

- Stealth-mode policy enforcement: Undetectable, "transparent" device silently inspects packets at wire-speed across two independent 1 Gb/s enforcement paths, denying unauthorised traffic and isolating systems from inappropriate access. Enforceable at the network layer by host address, subnet, port, protocol and user identity.

- Device identity determined via AEP Client Machine Identity (CMID) technology.

- Targeted endpoint integrity checks.

"The identity-based access control gateway or network appliance enables the enterprise to audit who accessed specific information and application hosting servers, and impose preventative controls that limit access to users based on their identity and associated roles or group memberships," said Phil Schacter, Vice President and Research Director at The Burton Group.

General availability of AEP IDpoint will be mid-April 2008. List-pricing for IDpoint starts at $52,000, which includes 99 concurrent user licenses.

AEP IDpoint will be demonstrated at the RSA Conference 2008, San Francisco, April 7-10, at booth #234, and Infosecurity Europe 2008, London, April 22-24, at stand D235.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo