ConSentry Networks Delivers Simplified Post-Admission LAN Access Control at Gartner Symposium/ITxpo 2006; Automates Learning of User Role from Microsoft Active Directory to Simplify Role-based Provisioning.SAN FRANCISCO San Francisco (săn frănsĭs`kō), city (1990 pop. 723,959), coextensive with San Francisco co., W Calif., on the tip of a peninsula between the Pacific Ocean and San Francisco Bay, which are connected by the strait known as the Golden -- ConSentry Networks, a leading provider of secure LAN (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used. solutions, today announced delivery of a critical new feature that automatically learns a user's role within Active Directory to enable user-based access control. With this "role derivation derivation, in grammar: see inflection. " capability in the LANShield operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. , the ConSentry LANShield Controllers and Switches now learn a user's role automatically during authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. to enforce role-based policies that control which LAN resources a user is authorized to access after being admitted onto the LAN. (NOTE TO EDITORS: ConSentry Networks will exhibit at the Gartner Symposium/ITxpo 2006 in San Francisco, May 14-18.) The need for post-admission LAN access control is essential as organizations continue to open up their networks to contractors, guests, and an increasingly mobile workforce in an effort to improve business efficiencies and productivity. This increased openness, however, is exposing enterprises to significant security risks that go well beyond the protections enabled by network admission control initiatives. Leading market research firm Gartner highlighted the need for user-based post-admission controls in a recent report. "Business trends such as outsourcing, insourcing (1) Doing work with inhouse employees. Contrast with outsourcing. (2) Creating jobs in your country by an organization that is foreign owned. Contrast with outsourcing. and increased collaboration drive the demand to know exactly what contractors and guests (especially from other countries) are doing on the network," said John Pescatore, vice president and distinguished analyst at Gartner and one of the authors of the report.* He went on to note that "network managers should focus on solutions that meet their needs for mapping user identities to network traffic via integration with, not duplication of, IAM IAM - Interactive Algebraic Manipulation. Interactive symbolic mathematics for PDP-10. ["IAM, A System for Interactive Algebraic Manipulation", C. Christensen et al, Proc Second Symp Symb Alg Manip, ACM Mar 1971]. (Identity and Access Management) systems." The new Active Directory role derivation feature is the latest ConSentry feature to leverage integration with customers' existing Active Directory and RADIUS identity management systems. ConSentry's LANShield devices are designed specifically to provide real-time user-based visibility into LAN traffic, tie all LAN activity back to specific users regardless of their network connection, and control where users can go on the LAN. The addition of automatic role derivation from Active Directory simplifies IT's ability to set granular access control policies based on user status such as employee versus guest or user group within an organization. These controls ensure that only authorized users gain access to specific resources. For example, IT could easily create a policy in a LANShield Controller or Switch for a guest contractor working in an organization's engineering department. The LANShield device would automatically distinguish the user as a contractor versus an employee during authentication and, based on that role, limit the contractor's post-admission access to specific engineering department servers. Continental Airlines, a ConSentry customer, already leverages role derivation to control post-admission user access for employees using information kiosks in airports. "With such a wide range of employees throughout our organization, it's imperative that we control who gets access to specific resources on our network to prevent potentially destructive security breaches," said Andre Gold, chief information and security officer with Continental Airlines. "Baggage handlers and flight crews have entirely different network access needs and rights, for example, and we can tightly control their LAN access with the ConSentry LANShield architecture." The new role derivation functionality greatly simplifies post-admission control by leveraging user profiles already established and stored in Active Directory. By tracking Kerberos commands flowing across the LAN between the client device and the Active Directory server Refers to the Active Directory service running in a Windows 2000 server. See Active Directory. , ConSentry's LANShield Controller and LANShield Switch allows authenticated au·then·ti·cate tr.v. au·then·ti·cat·ed, au·then·ti·cat·ing, au·then·ti·cates To establish the authenticity of; prove genuine: a specialist who authenticated the antique samovar. users onto the LAN and then queries AD for information about the users' groups This is a list of users' groups and types of users' groups with their own Wikipedia articles, categorized by interest. Computers General
"Having just won the prestigious 'Best of Interop' award for infrastructure for our LANShield Switch at the Interop 2006 conference in Las Vegas Las Vegas (läs vā`gəs), city (1990 pop. 258,295), seat of Clark co., S Nev.; inc. 1911. It is the largest city in Nevada and the center of one of the fastest-growing urban areas in the United States. , we're well aware that 'Network Admission Control' is taking center stage among IT and security executives," said Tom Barsi, ConSentry's chief executive officer. "Many of today's NAC See network access control. architectures stop short of providing post-admission control, however, so the introduction of our role derivation functionality comes at a critical juncture as key decision makers learn they need post-admission solutions as well as NAC to protect their LANs." About Gartner Symposium/ITxpo Gartner Symposium/ITxpo is the IT industry's largest and most strategic conference, providing business leaders with a look at the future of IT. For more than 10,000 IT professionals from the world's leading enterprises, Gartner's annual Symposium/ITxpo events are key components of their annual planning efforts. Attendees are responsible for more than $35 billion in IT spending for their respective companies, and rely on Gartner Symposium/ITxpo to gain insight into how their organizations can use technology to address business challenges and improve operational efficiency. For more information, please visit www.gartner.com/us/symposiumwest.com. * Gartner report: "Finding from the 'Security' Research Meeting: Focus on Integrating User Identification Into NAC Deployments" by Lawrence Orans and John Pescatore from 13 April 2006. About ConSentry Networks ConSentry Networks delivers comprehensive LAN security, enabling businesses to protect their corporate assets, ensure continuity of operations The degree or state of being continuous in the conduct of functions, tasks, or duties necessary to accomplish a military action or mission in carrying out the national military strategy. , and dramatically reduce the risk of security breaches. ConSentry enables this pervasive security while lowering IT's cost of operations through its flexible, high-performance platform powered by ground-breaking custom silicon and revolutionary LAN security software. Backed by blue-chip venture capital firms Name Location Founding date Managing Partners/Directors Specialty Capital managed 5AM Ventures Menlo Park, CA; Waltham, MA 2002 John Diekman, PhD (managing partner), Scott Rocklage, PhD (managing partner), Andrew Schwab (managing partner) life sciences $200M [1] that include Accel Partners, INVESCO Private Capital and Sequoia Capital Sequoia Capital is a venture capital firm founded by Don Valentine in 1972. The firm's partners include Don Valentine, Pierre Lamond, Michael Moritz, Doug Leone, Mike Goguen, Mark Stevens, Jim Goetz, Sameer Gandhi, Roelof Botha, and Mark Kvamme. , ConSentry is headquartered in Milpitas, Calif. ConSentry Networks, the ConSentry Networks logo and LANShield are trademarks of ConSentry Networks Inc., for use in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. and other countries. All other product and company names herein may be trademarks of their respective holders. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion