 |
|
 |
|
|
Deployment Options and IT Initiatives
The LANShield Switch provides integrated intelligent switching for the wiring closet. IT can leverage the LANShield Switch to:
troubleshoot user and application issues more quickly
support non-user devices such as robotics and IP phones
limit access to resources
track all user activity for auditing
support a more dynamic and diverse workforce
more easily roll out new applications, systems, and business locations
LANShield™ Intelligent Switch Family
Integrated Intelligent Switching
ConSentry Networks delivers intelligent control, making it easy for IT to control users and applications on the LAN. The ConSentry LANShield platforms — the LANShield Switch and LANShield Controller — tie together user, device, role, application, and destination to provide a level of business context not possible with legacy switch architectures. With this context, IT can more easily boost employee productivity, protect assets, and simplify operations.
|
ConSentry LANShield Switches are enterprise-class 24- and 48-port intelligent switches that make it easy for IT to embed user and application control directly into the edge of the LAN infrastructure. Intelligent switching provides the user and application control needed to easily segment users on the LAN and protect critical assets and applications, dramatically lowering the cost of operations compared to deploying and maintaining VLANs and ACLs.
The LANShield Switches combine ConSentry’s custom LANShield silicon and intelligent switching software with standard switching silicon to provide total user and application control without sacrificing performance. The ConSentry custom hardware includes a multi-core processor and programmable ASICs that perform packet processing for monitoring, control, and switching at 10 Gbps. The programmability of the hardware enables ConSentry to keep pace with changes in applications and security requirements.
The LANShield intelligent switching architecture enables enterprises to monitor and control all user traffic with minimal impact on the existing infrastructure. ConSentry leverages existing OS authentication mechanisms, such as the Windows login. The LANShield Switches enforce policy directly, without the need for new VLANs or ACLs in the network or new supplicants or agents on the clients.
An Integrated Approach
The LANShield Switch sits in the wiring closet, connecting user machines into the core or distribution layer of the LAN. Because the switch hosts users directly, it sits in the optimal location for controlling user activities on the LAN.
The LANShield Switches are gigabit Ethernet wiring closet intelligent switches offering user and application control.
The LANShield Switch provides integrated intelligence without compromising on switch functionality. The LANShield CS4048X supports 44 copper-based gigabit ports, four SFP gigabit ports, and two 10 Gbps ports. The LANShield CS4024 supports 24 copper-based gigabit ports and two SFP gigabit ports. Redundant fans and hot-swappable power supplies combined with network resiliency features such as link aggregation and rapid spanning tree ensure high availability at the edge. Optional 802.1af Power over Ethernet provides up to 15.4W of power for all ports.
LANShield™ Controller Family
Cost-effective, Transparent Deployment
ConSentry Networks delivers intelligent control, making it easy for IT to control users and applications on the LAN. The ConSentry LANShield platforms — the LANShield Switch and LANShield Controller — tie together user, device, role, application, and destination to provide a level of business context not possible with legacy switch architectures. With this context, IT can more easily boost employee productivity, protect assets, and simplify operations.
The LANShield Controller makes it easy for IT to embed user and application control directly into the LAN infrastructure. It augments existing switches with user and application intelligence that makes applying controls and segmenting users on the LAN much easier than using traditional tools such as VLANs or ACLs, lowering IT’s cost of operations.
Custom silicon provides the foundation for these control capabilities. This custom hardware includes a multi-core processor and programmable ASICs that perform packet processing for monitoring and control at up to 10 Gbps. The programmability of the hardware enables ConSentry to keep pace with changes in applications and security requirements.
The LANShield intelligent control architecture enables enterprises to monitor and control all user traffic with minimal impact on the existing infrastructure. ConSentry leverages existing OS authentication mechanisms, such as the Windows login. The LANShield Controllers enforce policy directly, without the need for new VLANs or ACLs in the network or new supplicants or agents on the clients.
Transparency and High Availability
The LANShield Controller sits between access switches and the distribution or core layer, aggregating uplinks from wiring closets and enforcing access policies on all traffic. A transparent device, the LANShield Controller requires no changes to network design or user behavior, simplifying deployment and reducing operational costs.
The LANShield Controllers deploy transparently between existing switches, providing intelligent switching to control users and applications.
The Controller supports high-availability and resiliency modes. Enterprises that have dual-homed wiring closet switches can deploy two ConSentry LANShield Controllers as peers — the two platforms share authentication state and preserve user authentications in case of failover. In addition, the Controller itself supports two failure modes. IT can set the device to fail to pass-through, where all LAN traffic will traverse the Controller untouched, or fail to block, where all traffic is stopped. The Controller also includes redundant power supplies and fans.
Deployment Options and IT Initiatives
The LANShield Controller sits behind existing switches to augment the LAN with user and application control. IT can leverage the LANShield Controller to:
troubleshoot user and application issues more quickly
support non-user devices such as robotics and IP phones
limit access to resources
track all user activity for auditing
support a more dynamic and diverse workforce
more easily roll out new applications, systems, and business locations
ConSentry InSight Command Center
The command center for Intelligent Control
ConSentry Networks delivers intelligent control, making it easy for IT to control users and applications on the LAN. The ConSentry LANShield platforms — the LANShield Switch and LANShield Controller — tie together user, device, role, application, and destination, sending that information to the InSight Command Center for aggregation and display. As a result, IT gains a level of business context not possible with legacy switch architectures which enables IT to more easily boost employee productivity, protect assets, and simplify operations.
In addition to aggregating all user and application flows, InSight presents IT with actionable information, showing key events in at-a-glance summaries and drill-down, detailed views. InSight enables rapid incident response, auditing, and reporting. InSight’s GUI-based tools also simplify policy creation and distribution.
InSight includes templates that make it easy for IT to create policies and deploy them on LANShield devices. The LANShield platforms automatically derive users’ roles, and InSight uses that role information as the basis for intelligent switching policies. InSight also supports filters that let IT treat policies as building blocks and layer on multiple levels of control more easily. The flexible exception rules, combined with the policy filters, let IT create unique controls by role without creating a separate policy for each variation.
Visibility Features
InSight provides IT with a view of the overall health of the LAN, all security incidents, and per-user, per-role, and per-application aggregated views. The LANShield products bind users to their addresses and applications, so InSight is able to display all LAN status information, incidents, and policy violations by username.
InSight retains statistics about all flows, including both real-time and historical data. This information includes such details as the packets and bytes in and out by application and protocol; the individual file name involved in a Windows file sharing (CIFS), instant messaging, or FTP operation; the usernames of users who accessed particular files; and the duration of all sessions.
The Network Awareness dashboard provides a quick snapshot of network usage by user, role, or application.
InSight also provides an aggregated view of the LAN security health — the InSight dashboard displays:
the overall network threat level
user counts by authenticated, unauthenticated, and guests
authentication failures
incidents for unauthenticated users
policy, malware, and posture incidents
the top user or device roles responsible for incidents
Other dashboard views such as Network Awareness show network resource usage, with data including top network users, top applications by bandwidth and instance, top destinations, and top URLs being accessed during the course of the day.
InSight provides a range of other statistics that can be selected to create custom dashboard views and reports. IT can select from data such as top policy violators, top FTP file transfers, top IM files, top policy incidents, and malware incidents by type.
Detailed forensic drill-down is available from the dashboard views that provide information on user activity, applications and hosts used, and policies enforced. IT can also use InSight to track individual application flows for a user. IT can select which traffic InSight should make visible. For example, an IT administrator may choose not to see details on traffic related to a management VLAN. IT can also set filters for InSight’s visibility by application and role.
To protect privacy, InSight supports a four-eye mode that requires two IT staff be involved when accessing information such as usernames and IP addresses.
The Security Incidents dashboard enables quick response to policy, malware, and posture violations.
In addition to showing all applications a given user is running, IT can further drill down to see the file names involved in a Windows file transfer, as shown here, or the URLs viewed during web sessions.
Custom queries allow IT to view specific data when troubleshooting performance, user, application, or security issues. Among the possible queries are:
new applications (by bandwidth) seen over a period of time specified by IT
new network users seen over a period of time specified by IT
network users seen over a specific time period but not currently visible
Policy Creation GUI
InSight command center incorporates a rich graphical user interface for identity-based policy creation. With it, IT can easily create:
network zones
hierarchical policies and role mapping
Layer 4 and Layer 7 application filters and groups
role definitions and user-to-role mapping
Active Directory, RADIUS, and LDAP interface configuration
Reporting Features
InSight provides comprehensive reporting on the visualized data. Built-in reports include the Daily File Access Report and the Enterprise Security Report, which includes user asset and incident information. IT can also generate custom reports to meet a variety of needs, from technical to business issues. For example, an administrator could build a report that showed all users that have incidents associated with a given policy during a specified time period or all users that accessed a particular application during a specified time period. An IT administrator can also add graphical charts from the InSight dashboard to report templates to enhance their visual presentation.
The LAN Security Incident Report includes a bar chart showing policy incidents by application type and a tabular listing of all policy incidents. IT can define the time duration covered by the report.
Reporting Features
InSight provides centralized management and configuration of all LANShield devices deployed in a network. Capabilities include:
central policy management: InSight enables IT to configure policies just once and then push them out to all applicable LANShield devices.
software updates of multiple LANShield devices: IT can use InSight to distribute updated LANShield OS releases to all deployed devices.
LANShield device health: This configuration view provides status on a LANShield device’s CPU usage, memory usage, fan speeds, current temperature, and power supply status.
custom captive portal: Using InSight, IT can distribute a customized captive portal page to multiple LANShield devices.
distribute posture check configuration file: IT can use InSight to send these endpoint files to multiple LANShield devices.
audit logging: IT can track all actions done via InSight, with the associated users, time, and status of each activity.
archiving data: InSight is RAID capable and data can be exported to an SQL database.
ConSentry InSight can configure and manage multiple LANShield devices from a centralized location.
|
|
|
|
