New ConSentry Software Provides Real-Time Application And Device Threat Detection

New correlation engine and "questionable activity" dashboard expose risky protocol behavior

February 19, 2009

5 Min Read


MILPITAS, Calif.--(BUSINESS WIRE)-- ConSentry Networks announced today new software that addresses two of enterprises' top business concerns for 2009: keeping intellectual property safe and making the most of IT budgets in the economic downturn. A new real-time alerting and correlation engine within the ConSentry InSight Command Center proactively identifies questionable applications and devices that pose a risk to digital assets. The engine in turn populates new dashboards that provide IT with an at-a-glance view of risks on the LAN, with drill-down capability to identify user, device, and application detail. New endpoint posture validation software within the LANShield software dramatically simplifies IT's task of protecting against the spread of malware from managed desktops as well as unmanaged "guest" machines.

The new correlation engine and dashboards highlight risky application and protocol behavior such as that used by the recently reported Downadup/Conficker worm, in which a LAN protocol communicates with external IP addresses. The new endpoint posture validation software includes a permanent agent for managed desktops as well as support for auto-remediation. Taken together, these new software tools improve IT managers' ability to proactively identify threats to their organizations' digital assets and intellectual property, yielding dramatic operational savings for IT.

"As the Regional Security Chair for Pioneer Electronics (USA), Inc., I am responsible for maintaining the security surrounding Pioneer's intellectual property," said Max Reissmueller, senior manager of IT infrastructure and operations. "With recent changes to our company, risks are more prevalent, yet security staffing remains lean. ConSentry's new 'Questionable Activity' dashboard efficiently helps me stay ahead of that risk and find potential problems before they become an issue."

Automatic Business Protection with Layer 7 Visibility The ConSentry LANShield platform provides unprecedented levels of visibility and control of users, applications, and devices on the LAN. The new LANShield and InSight software improves IT's ability to proactively mitigate risks on the LAN without incurring any incremental costs to their budget or staff time. The rules database at the heart of the new real-time correlation and alerting engine processes a broad range of inputs, including user, application, protocol, destination, L4 Port, bandwidth, URL, filename, and time of day. It correlates these inputs against a set of rules to detect potential risks to intellectual property as well as LAN availability. The InSight software ships with a set of pre-defined rules that automatically highlight some of the biggest risks in LANs today, such as a LAN protocol communicating with an external IP address " the type of behavior the Downadup/Conficker worm uses.

After performing this multi-factor correlation, the rules database communicates findings of questionable applications, devices, protocols, and user behavior via dashboard alerts and reports. As a result, IT immediately sees threats such as Trojan applications, encrypted external tunnels, rogue servers, and other potential sources of data leakage. The ConSentry engine's unique ability to drill down to activity at Layer 7, tied to usernames, provides IT with stateful flow analysis of the network for immediate action as well as long-term data for LAN usage blueprints, audits, and forensics.

Dashboards within InSight give IT visibility and intelligent control of all activity on the network:

NAC Dashboard: provides an at-a-glance view of any health issues for devices on or attempting to enter the LAN. IT has full control over which parameters are scanned, what issues merit a warning to the user versus denying access, and which roles in the organization should be subject to a device scan.

Questionable Activity Dashboard: identifies risky applications (e.g., peer-to-peer and IM), rogue servers (e.g., unauthorized DHCP or DNS servers), potentially time-wasting applications and websites (e.g., audio or video downloads), and protocol risks (e.g., SSH running over a non-standard port, which could indicate a botnet). Highlighting these questionable applications and devices enables IT to mitigate the risk of data leakage and lost productivity before problems occur.

The advent of the multi-factor rules database and correlation engine sets ConSentry apart in delivering proactive defense for IT.

"As attacks grow more sophisticated, enterprises are increasingly concerned about the loss of customer data or intellectual property," said Paula Musich, senior analyst for enterprise security at Current Analysis. "But most data leakage prevention projects are long and costly to implement, and can be hard to justify in tough economic times. Simpler and more cost-effective approaches such as gathering and correlating data on activities that point to potential data loss risks can provide IT with a base level of DLP capabilities that address those concerns without breaking the budget." The new endpoint posture validation software enhances ConSentry's device posture-checking ability. LANShield platforms now support a permanent agent for scanning managed devices, in addition to a dissolvable agent for unmanaged guest devices. Auto-remediation of endpoint faults, such as updating out-of-date anti-virus definitions, simplifies IT's task of ensuring device health, and role-based scanning enables organizations to define which systems should be subject to the scans.

"Today's LAN is very different than in the past, with a much greater diversity of users, devices, and applications," said Derek Granath, vice president of marketing for ConSentry. "Add remote offices, virtualization, and digital assets to the mix, and IT has a significant challenge in balancing the potential productivity gains of this diversity and these new tools against the risk they present to organizations. Our new correlation engine, with its proactive threat identification, gives IT managers the control they need to safely leverage these new tools " all in single, easy-to-deploy platform."

Availability The new ConSentry InSight and LANShield software is available now. Contact ConSentry for pricing information.

For More Information See complete multimedia resources page (

See a flash demo of how the ConSentry system highlights potential threats from risky applications, servers, and protocols (

See a flash demo on ConSentry's Endpoint Posture Validation (EPV) capabilities (

View image of "Questionable Activity" Dashboard (

View image of NAC Dashboard (

View ConSentry EPV User Interface (

Compare ConSentry's value proposition with the competitive landscape (

About ConSentry Networks The ConSentry Networks Intelligent Control architecture delivers native user and application control at the network edge. With this technology, ConSentry's award-winning LANShield product family enables IT managers to improve the visibility, control, and performance of users and applications and radically simplify LAN deployment and operations. More than 200 enterprises worldwide rely on ConSentry solutions for increased corporate security, comprehensive visibility, and cost-effective compliance.

ConSentry Networks, the ConSentry Networks logo, and LANShield are trademarks of ConSentry Networks Inc., for use in the United States and other countries. All other product and company names herein may be trademarks of their respective holders.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights