For secure networks, choices range beyond Cisco

By Jim Rendon, News Writer 19 Jul 2004 | SearchNetworking.com

Digg This!     StumbleUpon     Del.icio.us

When Boston-based Eaton Vance Distributors Inc. began shopping for a new networking vendor, it made security its No. 1 priority. Even though the company considered top networking vendor Cisco Systems Inc., it found a smaller vendor that more than held its own against the networking giant.

Five years ago, when the financial services firm was considering a major network upgrade, it looked at Cisco and a smaller vendor, Andover, Mass.-based Enterasys Networks Inc. Eaton Vance spent six months pitting Enterasys' systems against Cisco's gear. And, in the end, Eaton Vance came down on the side of the smaller vendor.

The key in making the decision was security and standards, said Vinnie Cottone, director of infrastructure services at Eaton Vance. At the time, Cisco did not have full support for 802.1x authentication methods, a key to enhancing the security of wireless LANs.

Different groups, same security

Over time, the decision has proven beneficial, Cottone said. As security has become a more serious issue for Eaton Vance, its networking team has been forced to spend more time ensuring that data is secure.

Like many businesses today, Eaton Vance's employees are not divided into distinct technology-based working groups, said Cottone. Employees from different groups need access to much the same information; some individuals are in multiple groups.

Enterasys takes a policy-based approach to network security, allowing administrators to set up access profiles for individual users, an approach that meshes well with the structure of Eaton Vance, Cottone said.

Cisco's system is based on dividing users up into groups, assigning those groups to separate virtual LANs and setting policies based on the group.

"That vLAN approach does not provide the level of security we want in our infrastructure," Cottone said.

Security: A "no-brainer"

Security has been a key focus for Enterasys since long before the company was spun off from Cabletron in 2000. Now, with Cisco halfway down the road on its self- defending network strategy, which incorporates security functions into switches and routers, and Juniper Networks Inc.'s recent acquisition of NetScreen Technologies, focusing diligently on security is a no-brainer for networking companies.

"It has just helped to validate our own security strategy," said John Roese, chief technical officer at Enterasys, referring to all the attention security is now getting from other networking vendors.

As security becomes an increasingly important issue, Enterasys' focus on security has helped to raise the company's profile, said Abner Germanow, program manger for enterprise networks with Framingham, Mass.-based research firm, International Data Corp.

"Enterasys has a very compelling security story," said Germanow. "It is getting the company on a lot more short lists [for potential sales] than they had been on."

Specifically, Enterasys offers a suite of network security products that identify vulnerabilities and quarantine devices. Its Dynamic Intrusion Response software spots abnormal behavior on the network and quarantines the offending user or device until it can be assessed.

Its newest product, Trusted End System, scans a user's device when he or she logs onto the network to ensure that the device has the most up-to-date security software installed. If it lacks the required updates, it is quarantined before it even gets on the network.

This new focus on securing the network from the inside out is increasingly important, Germanow said.

"Networks used to have a crunchy perimeter, but were squishy on the inside," Germanow said. But companies now are as concerned about threats from inside the network as they are from outside, he said, and that's why they need to focus on securing the LAN itself.

For more information Read our exclusive: Cisco's self-defending networks progress, slowly.   Learn how Enterasys is taking on Cisco with low-cost routers.

Eaton Vance has been testing the Trusted End System and plans to launch it by the beginning of August.

That product will serve as a significant improvement over its current network security paradigm, Cottone said. "The biggest unknown is what is happening at the end device," he said.

However, using a smaller company's products has its drawbacks. Cottone's primary complaint about Enterasys is that the pool of users is relatively small, so it can be hard to find other user groups to troubleshoot with.

And Enterasys' strong focus on security is not for everyone.

"There is going to be a subset of that market that is going to happy with 'good enough' security," said Roese. "But for government agencies or health care or atomic weapons facilities --people with real things to protect -- this kind of infrastructure is important."

Tags: WLAN Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT WLAN Security Where can I find a wire driver that unblocks recognized passwords? Will using a VPN protect me against fake wireless hotspots? Fluke gets WLAN design, management, security cred with AirMagnet Is WPA2 secure enough for a commercial business wireless network? Health center cut cost securing wireless network edge with Aerohive Wi-Fi RTLS for WLAN management, location-based security, asset tracking Wireless LAN performance management and security standards beefed up How can I hide my WLAN's SSID in an Aruba AP-61? Wireless LAN security: SonicWall joins crowded WLAN market Stolen laptop recovery using remote access and wireless network SSIDs

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary