It was nice to see Consentry finally get a decent win for their NAC Switch. We've had our fair share of wins with our Secure Switch in the past year, and it's great to see more customers recognise the fact that the switching infrastructure is the perfect place to deliver scalable, ubiquitous advanced services, like security, in the long term. Many of our own customers, spanning verticals like High Tech, Pharma, Finance/Legal and Outsourcers, have embraced the Secure Switch, and continue to place regular, quarterly repeat orders as they migrate their wiring closet infrastructures. But let's not detract from the fact that Consentry did some dragon slaying here in the US, and in FSU they found a customer willing to speak with their check book about their dissatisfaction with Cisco's NAC and the lack of identity based services available in switching overall. This stuff is not easy to do while maintaining switching performance, which is why you have to make an investment in purpose built silicon, rather than using general purpose COTS (commercial off the shelf) chipsets that don't make the grade.
Now, you'll notice that I called the Consentry switch a "NAC Switch" at the start of this post. This is deliberate despite the fact that they position it as a secure switch. In the mind of most security and networking professionals we talk to, a secure switch needs to at least attempt to be secure, and it also has to be able to maintain switching performance while delivering that security and other application intelligent services. Without any pattern matching capabilities, a very large proportion of threats are free to march right through the Consentry NAC switch. To be fair, I have spoken at a couple of conferences in the recent past with Michelle from Consentry and she openly admits that threat detection and mitigation is not a focus for their company. They've built in some anomaly detection capabilities for some level of value add, but their focus is clearly NAC and LAN segmentation (it says so right there on their website). That's why I'm confused as to why they call it something it isn't. We chose to take a more holistic approach to the problem, so we spent a bit more time on our ASIC and product line. This enables us to provide threat signature matching to address a broad range of LAN threats, and hardware accelerated application intelligence, all at a full 10Gbps and switching latencies. When you integrate this functionality and performance together with access control and NAC, and tie in identity at all stages, you get a secure switch worthy of the title.
//Dom
Comments