Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

2/19/2009
11:15 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New ConSentry Software Provides Real-Time Application And Device Threat Detection

New correlation engine and "questionable activity" dashboard expose risky protocol behavior

MILPITAS, Calif.--(BUSINESS WIRE)-- ConSentry Networks announced today new software that addresses two of enterprises' top business concerns for 2009: keeping intellectual property safe and making the most of IT budgets in the economic downturn. A new real-time alerting and correlation engine within the ConSentry InSight Command Center proactively identifies questionable applications and devices that pose a risk to digital assets. The engine in turn populates new dashboards that provide IT with an at-a-glance view of risks on the LAN, with drill-down capability to identify user, device, and application detail. New endpoint posture validation software within the LANShield software dramatically simplifies IT's task of protecting against the spread of malware from managed desktops as well as unmanaged "guest" machines.

The new correlation engine and dashboards highlight risky application and protocol behavior such as that used by the recently reported Downadup/Conficker worm, in which a LAN protocol communicates with external IP addresses. The new endpoint posture validation software includes a permanent agent for managed desktops as well as support for auto-remediation. Taken together, these new software tools improve IT managers' ability to proactively identify threats to their organizations' digital assets and intellectual property, yielding dramatic operational savings for IT.

"As the Regional Security Chair for Pioneer Electronics (USA), Inc., I am responsible for maintaining the security surrounding Pioneer's intellectual property," said Max Reissmueller, senior manager of IT infrastructure and operations. "With recent changes to our company, risks are more prevalent, yet security staffing remains lean. ConSentry's new 'Questionable Activity' dashboard efficiently helps me stay ahead of that risk and find potential problems before they become an issue."

Automatic Business Protection with Layer 7 Visibility The ConSentry LANShield platform provides unprecedented levels of visibility and control of users, applications, and devices on the LAN. The new LANShield and InSight software improves IT's ability to proactively mitigate risks on the LAN without incurring any incremental costs to their budget or staff time. The rules database at the heart of the new real-time correlation and alerting engine processes a broad range of inputs, including user, application, protocol, destination, L4 Port, bandwidth, URL, filename, and time of day. It correlates these inputs against a set of rules to detect potential risks to intellectual property as well as LAN availability. The InSight software ships with a set of pre-defined rules that automatically highlight some of the biggest risks in LANs today, such as a LAN protocol communicating with an external IP address " the type of behavior the Downadup/Conficker worm uses.

After performing this multi-factor correlation, the rules database communicates findings of questionable applications, devices, protocols, and user behavior via dashboard alerts and reports. As a result, IT immediately sees threats such as Trojan applications, encrypted external tunnels, rogue servers, and other potential sources of data leakage. The ConSentry engine's unique ability to drill down to activity at Layer 7, tied to usernames, provides IT with stateful flow analysis of the network for immediate action as well as long-term data for LAN usage blueprints, audits, and forensics.

Dashboards within InSight give IT visibility and intelligent control of all activity on the network:

NAC Dashboard: provides an at-a-glance view of any health issues for devices on or attempting to enter the LAN. IT has full control over which parameters are scanned, what issues merit a warning to the user versus denying access, and which roles in the organization should be subject to a device scan.

Questionable Activity Dashboard: identifies risky applications (e.g., peer-to-peer and IM), rogue servers (e.g., unauthorized DHCP or DNS servers), potentially time-wasting applications and websites (e.g., audio or video downloads), and protocol risks (e.g., SSH running over a non-standard port, which could indicate a botnet). Highlighting these questionable applications and devices enables IT to mitigate the risk of data leakage and lost productivity before problems occur.

The advent of the multi-factor rules database and correlation engine sets ConSentry apart in delivering proactive defense for IT.

"As attacks grow more sophisticated, enterprises are increasingly concerned about the loss of customer data or intellectual property," said Paula Musich, senior analyst for enterprise security at Current Analysis. "But most data leakage prevention projects are long and costly to implement, and can be hard to justify in tough economic times. Simpler and more cost-effective approaches such as gathering and correlating data on activities that point to potential data loss risks can provide IT with a base level of DLP capabilities that address those concerns without breaking the budget." The new endpoint posture validation software enhances ConSentry's device posture-checking ability. LANShield platforms now support a permanent agent for scanning managed devices, in addition to a dissolvable agent for unmanaged guest devices. Auto-remediation of endpoint faults, such as updating out-of-date anti-virus definitions, simplifies IT's task of ensuring device health, and role-based scanning enables organizations to define which systems should be subject to the scans.

"Today's LAN is very different than in the past, with a much greater diversity of users, devices, and applications," said Derek Granath, vice president of marketing for ConSentry. "Add remote offices, virtualization, and digital assets to the mix, and IT has a significant challenge in balancing the potential productivity gains of this diversity and these new tools against the risk they present to organizations. Our new correlation engine, with its proactive threat identification, gives IT managers the control they need to safely leverage these new tools " all in single, easy-to-deploy platform."

Availability The new ConSentry InSight and LANShield software is available now. Contact ConSentry for pricing information.

For More Information See complete multimedia resources page (http://www.consentry.com/news_pressresources-0209.html)

See a flash demo of how the ConSentry system highlights potential threats from risky applications, servers, and protocols (http://www.consentry.com/Questionable_Activity_Dashboard_V34/Questionable_Activity_Dashboard_V34.htm)

See a flash demo on ConSentry's Endpoint Posture Validation (EPV) capabilities (http://www.consentry.com/host_integrity_checking_v34_launch/host_integrity_checking_v34_launch.htm)

View image of "Questionable Activity" Dashboard (http://www.consentry.com/download/Dashboard-QuestionableActivity-users.bmp)

View image of NAC Dashboard (http://www.consentry.com/download/Dashboard-NAC.bmp)

View ConSentry EPV User Interface (http://www.consentry.com/download/EPV-Permanent-Agent.bmp)

Compare ConSentry's value proposition with the competitive landscape (http://www.consentry.com/download/Access-Control-Competitive-Landscape.pdf)

About ConSentry Networks The ConSentry Networks Intelligent Control architecture delivers native user and application control at the network edge. With this technology, ConSentry's award-winning LANShield product family enables IT managers to improve the visibility, control, and performance of users and applications and radically simplify LAN deployment and operations. More than 200 enterprises worldwide rely on ConSentry solutions for increased corporate security, comprehensive visibility, and cost-effective compliance.

ConSentry Networks, the ConSentry Networks logo, and LANShield are trademarks of ConSentry Networks Inc., for use in the United States and other countries. All other product and company names herein may be trademarks of their respective holders.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This gives a new meaning to blind leading the blind.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27479
PUBLISHED: 2021-06-16
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users.
CVE-2021-27483
PUBLISHED: 2021-06-16
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user.
CVE-2021-27485
PUBLISHED: 2021-06-16
ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.
CVE-2021-31159
PUBLISHED: 2021-06-16
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
CVE-2021-31857
PUBLISHED: 2021-06-16
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.