Nevis Networks LANsecure is First Architecture to Comprehensively Solve Multi-Gigabit LAN Security Challenges; Purpose-Built ASIC Enables Platform for Integrating Multiple LAN Security Functions at Wire Speeds.MOUNTAIN VIEW, Calif. -- Today, Nevis Networks announced its LANsecure(TM) architecture, the heart of Nevis' comprehensive LANenforcer(TM) product family. The LANsecure architecture enables enterprises to solve LAN (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used. security challenges with Nevis' patent-pending, massively parallel See MPP. LANsecure ASIC (Application Specific Integrated Circuit) Pronounced "a-sick." A chip that is custom designed for a specific application rather than a general-purpose chip such as a microprocessor. , which integrates enterprise networking The networking infrastructure in a large enterprise with multiple computer systems and networks of different types is extraordinarily complex. Due to the myriad of interfaces that are required, much of what goes on has little to do with the real data processing of the payroll and orders. and comprehensive access control with multiple threat detection methodologies, all at multi-gigabit wire speeds. (Editor's Note Editor's Note (foaled in 1993 in Kentucky) is an American thoroughbred Stallion racehorse. He was sired by 1992 U.S. Champion 2 YO Colt Forty Niner, who in turn was a son of Champion sire Mr. Prospector and out of the mare, Beware Of The Cat. Trained by D. : For more information about the LANenforcer product family, please see the press release titled "Nevis Networks Locks Down Enterprise LANs With Comprehensive, ASIC-Based LANenforcer Appliances," also released today.) "With this announcement, Nevis has significantly raised the bar for complete LAN security," said Rodney Thayer, security analyst, Canola & Jones (www.canola-jones.com). "The new Nevis ASIC-based architecture not only incorporates multiple security functions that previously required separate devices, but it also performs these functions at previously unavailable performance levels. The LANsecure architecture delivers the power required to cost-effectively deploy defense-in-depth, protecting each user and making powerful per-port LAN security a reality for the first time." Massively Parallel Architecture Redefines Threat Control The LANsecure architecture is massively parallel and has an integrated software Separate software components or applications that have been combined into one package. See integrated software package. stack, enabling it to accelerate multiple security functions simultaneously, including stateful firewall In computing, a stateful firewall (any firewall that performs stateful packet inspection (SPI) or stateful inspection) is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) travelling across it. ; threat signature matching; traffic, protocol, and behavior anomaly detection An approach to intrusion detection that establishes a baseline model of behavior for users and components in a computer system or network. Deviations from the baseline cause alerts that direct the attention of human operators to the anomalies. See IDS and anomaly. ; and endpoint quarantine. Each packet passes through the ASIC at wire speed while it is examined for anomalous traffic patterns, individual security violations, and threat and malware signatures. The LANsecure architecture delivers six threat control methodologies that operate in parallel for the most accurate threat detection available: --The policy-driven stateful firewall provides user-based Network Access Control (NAC See network access control. ) and protects against Denial of Service Attacks (DoS and DDoS), packet buffer exhaustion attacks, SYN flood attacks, and connection highjacking. --Threat signature matching identifies known threats and speeds up incident resolution. Hardware acceleration In computing, hardware acceleration is the use of hardware to perform some function faster than is possible in software running on the normal (general purpose) CPU. Examples of hardware acceleration include blitting acceleration functionality in graphics processing units (GPUs) and and parallel pattern matching 1. pattern matching - A function is defined to take arguments of a particular type, form or value. When applying the function to its actual arguments it is necessary to match the type, form or value of the actual arguments against the formal arguments in some definition. eliminate the performance degradation usually associated with signature-based security devices. --Hardware acceleration enables ultra-fast detection of traffic anomalies for which signatures are not yet available and blocks them in microseconds. --Protocol anomaly detection utilizes stateful pattern matching which looks for conditions that violate normal behavior in protocols including IP, TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. , UDP UDP (uridine diphosphate): see uracil. (User Datagram Protocol) A protocol within the TCP/IP protocol suite that is used in place of TCP when a reliable delivery is not required. , ICMP (Internet Control Message Protocol) A TCP/IP protocol used to send error and control messages. For example, a router uses ICMP to notify the sender that its destination node is not available. , and HTTP HTTP in full HyperText Transfer Protocol Standard application-level protocol used for exchanging files on the World Wide Web. HTTP runs on top of the TCP/IP protocol. . --Behavior anomaly detection builds individual behavior profiles, based on user behavior and IP addresses, that increase the accuracy of threat containment and reduce false positives. --Automatic endpoint quarantine is initiated by the detection methods above in response to threats. Response is policy-controlled and includes redirection for remediation and blocking of network access. Wire-Speed Performance Required for LAN Security The LANsecure architecture performs all its security processing in parallel and at speeds of up to 10 Gbps -- as much as ten times faster than conventional security solutions. Because the LANsecure ASIC operates at wireline speeds, Nevis' LANenforcer products can perform deep packet inspection Analyzing network traffic to discover the type of application that sent the data. In order to prioritize traffic or filter out unwanted data, deep packet inspection can differentiate data, such as video, audio, chat, voice over IP (VoIP), e-mail and Web. and contain threats in microseconds, without affecting packet latency. With a packet latency of only 47 microseconds, Nevis' ASIC can detect and block worms in about 150 microseconds -- fast enough to contain even zero-day worms. Solutions with latencies in the milliseconds typically allow 100 or more packets into the network -- enough to cause significant damage and financial loss. "Security is only valuable if it can be delivered without impairing the function that is being secured," said Peter Christy, principal at Internet Research Group. "The LANsecure architecture provides a high level of security, and its wireline speed allows it to do so transparently so that even latency-sensitive applications such as VoIP continue to operate normally." Scalable, Easy-to-Deploy Architecture The LANsecure architecture is the first to truly integrate LAN security and networking in a fundamental approach that is highly scalable and flexible. Nevis' architecture enables customers to expand their LANenforcer deployment to meet their evolving security needs. The scalable architecture also enables Nevis to enhance product functionality and address new security threats as they emerge. Nevis' flexible architecture enables two deployment models, depending upon the desired level of threat containment. In transparent mode, the LANenforcer 2000 Series is installed behind the access layer and aggregates user traffic from multiple switches. Transparent deployment is a cost-effective way to protect many users and can be quickly deployed, requiring no change to user desktops or to the existing network. Deployed at the access layer and connecting directly to each user, the LANenforcer 1000 Series provides the highest level of protection for every user on the network, containing threats to the individual user. In both modes, the LANenforcer deploys seamlessly into the LAN and requires no client software. "Until now, IT has had to make a tradeoff between deep packet inspection and high-speed LAN performance because today's LAN security solutions typically introduce significant packet latency," said Bill Scull, senior vice president of marketing at Nevis. "The LANsecure ASIC enables our LANenforcer security appliances to perform deep packet inspection at network speeds, thus eliminating this tradeoff and providing comprehensive LAN security from a single integrated platform." Disruptive Price/Performance Nevis purpose-built the LANsecure ASIC to deliver LAN security appliances with greater flexibility in design and higher performance than available in off-the-shelf chip sets. The patent-pending ASIC design uniquely enables the company to address key LAN security issues facing enterprises today plus ensure extensibility for the future. The LANsecure ASIC thus enables disruptive price/performance while giving users the ability to fully secure every user on the LAN without degrading network performance or deploying client-side software. About Nevis Networks Nevis Networks develops and markets ASIC-based LAN security appliances designed to help corporations protect information privacy and integrity, ensure network availability, and maintain regulatory compliance. With its patent-pending LANsecure architecture, the Nevis LANenforcer product family combines the most comprehensive access control, deepest threat defense, and fastest threat response to create a "Personal DMZ (DeMilitarized Zone) A middle ground between an organization's trusted internal network and an untrusted, external network such as the Internet. Also called a "perimeter network," the DMZ is a subnetwork (subnet) that may sit between firewalls or off one leg of a " around every user on the LAN. Nevis was founded in 2002 by seasoned executives with strong track records in security, semiconductor, and networking technologies, and has raised over $40 million from veteran Silicon Valley investors New Enterprise Associates, BlueRun Ventures, and New Path Ventures. The company is headquartered in Mountain View, California For the census-designated place, see Mountain View, Contra Costa County, California. For other places called "Mountain View", see . Mountain View is a city in Santa Clara County, in the U.S. state of California. The city gets its name from the views of the Santa Cruz Mountains. , with an R&D center in Pune, India. For more information, visit the Nevis Networks web site at www.nevisnetworks.com, or contact the company at 650-254-2500. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion