Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 AM
Connect Directly

Virtual Machines Get the NAC

Startup FireEye has melded VMs with network access control for greater simplicity

Network access control (NAC) has gotten so complicated, expensive and unmanageable that a new kid on the block wants to sell you virtual machinery to execute a little something it calls "effortless NAC."

Fresh off a Series A round of funding valued at $6.45 million, NAC startup FireEye Inc. says it will help enterprises guard against infected internal users without using quarantines, deploying software agents, or administering policies.

FireEye's 1U-rackmount appliance connects via span port or network tap to an adjacent Ethernet switch. Without obstructing network flow or adding to it, the appliance gets a copy of all traffic traversing that switch. Inside the FireEye appliance, so-called virtual machines replay the traffic, watching how it behaves with various Windows versions and flagging any anomalous reactions that usually signify malware's afoot. Devices exhibiting signs of infection get immediately quarantined till they can be cleaned, says Chad Harrington, VP of sales and marketing for FireEye.

"Other NAC approaches seem to be pretty painful. You have to push out software agents and they are not wildly accurate," Harrington said, adding that there are no software updates required with FireEye's and promising no false positives. "This is what we call effortless NAC -- no tuning or base-lining required."

While there's a user interface that lets IT staff take a closer look, most will prefer to be notified about any VM-detected anomalies via SNMP or email. Customers can also isolate infected users in a quarantined VLAN, blacklist them, or block certain traffic types of switch ports, depending on the nature of the malware's payload.

While there are no commercial customers for the FireEye appliance yet, UC Berkeley is considering putting it behind its Airespace wireless access points. General Motors Corp. also is thinking about installing the appliance in a lab environment, the vendor said. Market researcher Infonetics Research Inc. pegs NAC revenue at almost $4 billion by 2008, up from just $323 million last year.

No other vendor has combined NAC processes with VMs. And while customers aren't rushing to embrace any kind of virtualized network gear these days, the simplicity of FireEye's approach may win some converts, analysts said.

"If FireEye performs as expected, it stands a very good chance of changing the way security and inline defenses operate," said Scott Crawford, senior analyst with Enterprise Management Associates . "They're virtualizing the operation of systems at a very low level, which could redefine the way defenses are placed in the network."

The FireEye appliance will be available later this summer. Pricing hasn't been set, but will fall somewhere between $10,000 to $25,000 per box, the company said.

— Terry Sweeney, Editor in Chief, Dark Reading

Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory ...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sam...
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety r...