ConSentry Networks, a leading provider of secure LAN solutions, today announced the LANShield Switch, an enterprise-class switch that integrates the security features needed to secure every user and every port on the LAN. With this announcement, ConSentry is leading the migration of security from an overlay to an embedded technology in the LAN.
By delivering its LANShield silicon architecture and security software initially in the LANShield Controller (formerly the Secure LAN Controller), ConSentry was able to focus on refining the security functions and to prove out the LANShield architecture in a platform that integrates easily into customers existing infrastructure. The Network Admission Control (NAC), visibility, user access control, and threat control capabilities of the LANShield silicon constitute the foundation of the LANShield product family.
The addition of the new CS4048 LANShield Switch enables ConSentry to offer customers the flexibility of deploying pervasive and cost-effective LAN security within a switch, joining the overlay option of the LANShield Controller for applying security to traffic from existing switches.
“ConSentry’s LANShield Controller provides us persistent visibility into and control over who gets access to our networks and resources to maintain business continuity,” said G.M Choi, vice president infrastructure services of LG-CNS. “Now that we’re at a point of upgrading our switching fabric, we see significant threat control and economic advantages by consolidating LAN security and switching into a single platform. Not only will we need fewer devices on our network, but we’ll also dramatically streamline our network management.”
In addition to providing an integrated option for enterprises upgrading their switching infrastructure, the LANShield Switch also suits enterprises with “greenfield” locations requiring secure LANs. The integrated secure switch is more cost-effective – both from a capital and operational perspective – than buying two platforms.
“Switching has become commoditized, but integrated security and switching changes the playing field significantly,” said Dave Passmore, vice president of the Burton Group. “Not only does the integration lower the total cost of ownership for customers, but the ability to place the control functions and threat containment in the wiring closet and closest to the user is a real win-win.”
Because the LANShield silicon architecture is common to both platforms, the LANShield Switch supports all the security features currently delivered in the LANShield Controller. The LANShield silicon consists of a 128-core processor and two programmable ASICs, which work together to provide per-flow inspection and enforcement at 10 Gbps, including network admission control to restrict who can come onto the LAN, full Layer 7 visibility into all user activities, control over user access to authorized resources through role-based provisioning, and threat control to prevent zero-hour attacks from compromising network availability.
The LANShield Switch is priced comparably to enterprise switches that lack any built-in application knowledge or user-based control. When IT must layer on additional capabilities, such as deploying firewalls, IDS/IDP systems, and anomaly detection devices within the LAN, as well as desktop software, solution costs skyrocket to approximately 10 times that of the ConSentry LANShield Switch to secure the same number of gigabit ports.
“We repeatedly hear from enterprises that they need to secure every port on the LAN, but they cannot afford the exorbitant cost required to do so,” said ConSentry CEO Tom Barsi. “Customers need someone to deliver a viable LAN security solution, and ConSentry is doing just that with our LANShield Switch, which will deliver unmatched integrated functionality at a breakthrough price point.”
LANShield Switch Product Details
The CS4048 is a self-contained, rack-mountable 1U intelligent switch with 44 10/100/1000 copper ports, four Gigabit Ethernet SFP ports, and two 10 Gbps uplink ports. The 44 copper ports provide industry-standard Power over Ethernet (PoE) for supporting wireless LAN access points or VoIP handsets. The switch performs deep packet inspection at 10 Gbps. Additional features include hot-swappable power supplies and fans and Layer 2/3 Quality of Service capabilities. Centralized management is provided by ConSentry InSight command center.