« NY, NY. So good they named it NAC | Main | Friday 13th...... has my luck run out?? »

June 29, 2007

Re: IP Address to User??

Chris Harrington over at Infosecpodcast blog wrote an interesting piece today called IP Address to User??  Unfortunately Chris has disabled comments on his blog, so I thought I'd take up the topic here on our blog.  Chris bemoans the fact that incident response in the enterprise today is still a long and laborious task.  IPS and Firewall solutions usually provide you an IP address at best when an incident occurs, and getting from there to an actual username so you can take action is a pretty rocky and time consuming road.  I'd like to bring some joy into Chris's life and let him know that there is an answer to his troubles and it's called LAN Security

By integrating NAC, identity-based stateful firewalling, full IPS capability, event correlation and monitoring into a single solution, LAN Security appliances and secure switches are able to crush the incident investigation time from hours to a little less than a second.  Yes folks, I said 1 second.  I know, I'm a marketing guy (I started life as an engineer before moving to the Dark Side, so I'm not all bad), so you're thinking this is all spin, but we have demo'ed this capability publicly at many trade shows and more importantly we have many customers who are using this today in large networks (think 10,000's users).  Resolution of the incident can also be in the seconds if you simply want to quarantine that user and endpoint, but might take a few more minutes if you want to remediate them.

None of this requires a NAC agent, in fact you can turn off the pre-connect NAC scans altogether and you're still protected because the identity based access control, IPS, event correlation and monitoring engines sit in the network monitoring each and every user flow and tie them to identity.  DHCP leases are not a problem, this is all real time functionality, and the type of troubleshooting and forensics data available is mind blowing.  One of the favorite tools that customers love is something we jokingly call "google for security".  Type in a username, IP or MAC address and you'll get an entire history of incidents, services and resources, applications, etc for that entity along with what they are doing right this minute.  Oh, and you can also feed syslog to your existing consoles if you like, so no more flipping.

So, Chris, I sympathize with your predicament and understand the pain you are feeling, but there is an elegant and simple solution.  You just have to believe and all your dreams can come true (it just takes 13 years :-))

//Dom

UPDATE: Chris had a glitch with a plugin and comments are now enabled again.

Posted at 09:09 AM in Enterprise Network Security |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83452000469e200e008cf52058834

Listed below are links to weblogs that reference Re: IP Address to User??:

» Hydrocodone buy online. from Drugs online cheap hydrocodone buy.
Easy way to buy hydrocodone online. Buy hydrocodone no prescription. Buy hydrocodone without a prescription. [Read More]

Tracked on April 26, 2009 at 01:49 PM

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.