Article from Internet Week re ISS & Nortel
internetwk.com
Friday, November 20, 1998, 2:00 p.m. ET.
Security Spans Switch
Ports
By RUTRELL YASIN
Internet Security Systems Inc. and Nortel
Networks are working together to give IT
managers products that can detect and
respond to attacks across switched
networks with a single tool.
The companies this week said they will
integrate ISS' RealSecure intrusion
detection system with Nortel's Passport
6000 switches to give IT managers
stronger end-to-end network security
mechanisms.
Their alliance is meant to overcome a
limitation that's common to widely used
network security products: Intrusion
detection systems typically have limited
processing capacity to analyze the large
IP data streams moving through switch
ports. As a result, IT managers have
been forced to place an intrusion
detection engine on every segment or
switch port to exert tighter control. But
this can be an expensive and
cumbersome task.
The ISS/Nortel pact, however, will let
Nortel users monitor all traffic through the
switch with a single RealSecure engine.
That's because ISS and Nortel are
developing links between RealSecure
and NetSentry, which is Passport
software that views packets coming
through all switch ports. NetSentry can
send copies of all packets to an external
RealSecure engine, according to
Charles Meyers, ISS' vice president of
corporate and business development.
IT managers can then "see traffic in
multiple switch ports, [whereas before]
they could only see one segment at a
time."
Network administrators welcome any
security tools that give them a better
view of traffic in switched networks.
"There's a larger need for something that
gathers information across switched
ports and VLANs," said Tony Brocato, a
senior systems engineer at the Injured
Workers Insurance Fund, a user of
Cabletron switches.
"In a switched environment, you cannot
detect intrusions on switch ports unless
you are on that port," Brocato said.
RMON agent software can be placed on
ports to give IT managers some sense
of where traffic is coming from and its
destination, but there's still a need for
tools that "allow a higher authority [an IT
manager] to see what's going on."
A bundled software product is slated to
debut during the first quarter of 1999,
Meyers said. Deeper integration will
come in the second half of the year when
RealSecure is incorporated into the
backplane of Passport
switches--essentially making intrusion
detection an integral part of the switch.
This higher level of integration will be
generic enough so other network
vendors can incorporate intrusion
detection into their products, Meyers
said.
The Nortel pact is part of the Adaptive
Network Security Alliance that ISS
launched last month. Backed by 40
vendors--including Compaq,
Hewlett-Packard and 3Com--ANSA will
provide users with tools to respond to
security breaches quickly and efficiently. |
