Nortel Networks announced today that it has put intrusion protection from security company Symantec into its application switch, further adding intelligent security to the network fabric.
Available next month, the Nortel Application Switch with Symantec Intelligent Network Protection takes a new approach to protecting the network from within, a sign that the application switch platform has "grown up," said Cindy Borovick, director of data center networks for Framingham, Mass.-based research firm IDC.
"They've taken a unique approach to ensuring the safety of the servers in the data center," Borovick said. "It's a logical progression that you would use the application's switch as a bodyguard to protect them sooner."
Wassim Tawbi, data center portfolio leader with Nortel, said the switch, which sits in the data center in front of the application servers or at the network edge, can ensure that critical threats are identified and stopped before they can penetrate a company's network infrastructure and affect business.
The switch contains Symantec's network intrusion prevention technology. Both vendors cautioned, however, that this is not a replacement for existing intrusion prevention systems and intrusion detection systems. Instead, it is used to complement other security devices and close the gap between discovery of a network-based vulnerability or threat and testing and deployment of a patch.
The switch includes Symantec's security inspection engine, automatic real-time threat protection updates, and security content updates, said John Harrison, group product manager for Symantec Network Security Solutions.
"This addresses proactive protection in the midst of an outbreak and protects when new vulnerabilities are announced," he said.
Bruce Meyer, senior network engineer with Toledo, Ohio-based healthcare company ProMedica, said he has the switch in a production environment now and plans to release it shortly. The switch sits right at the edge of the company's Internet connection, Meyer said, helping him classify and identify application traffic. He frequently checks the switch's logs to see what kind of traffic is coming over the network in order to prioritize certain applications and ensure that others aren't hogging bandwidth.
"[So far,] I've gotten a couple of hits on a couple of virus-type things," Meyer said, but the switch has yet to identify any serious threats. "I'm not getting any false positives, but I'm getting a few hits."
On a security level, the switch gives Meyer confidence that it will catch something coming in from the outside before it attacks the network, which supports roughly 10,000 end users.
"It knocks out [security threats] before I have to worry about them," he said. "It's nice to know it's there."
Dan Schrader, director of product marketing in Nortel's application switch division, said essentially the switch checks traffic, checks IP addresses, and scans for common denial of service (DoS) attacks.
Symantec Intelligent Network Protection assembles packets, examines the headers and payloads against the database, and looks for detrimental attacks. If something is found, the session is blocked, the IP address is logged, and an alert is sent.
"Looking for severe and critical threats does not replace a full intrusion prevention system," Schrader warned.
For up-to-date protection, Nortel customers can download current security updates through Symantec LiveUpdate, giving them real-time protection.
"It reinforces the application switch's role as the last line of defense before the servers," Borovick said. "You really do need to protect them."
She said Nortel and Symantec's approach could also save network and data center administrators time and money because having security built into the switch means that they don't need to manually update security software on the servers.