While that's an issue, the malicious user would still need credentials on the domain in order to authenticate to domain resources, so without credentials, the hacker is limited to rummaging through local system files or poorly secured network shares.
Layer 7 application filtering features, while not very customizable, were more than sufficient for protecting against the vast majority of port-hopping peer-to-peer threats out there. The CS4024 impressively stymied every attempt to port hop out to the Internet using various P2P clients. L7 awareness allows the controller to peel deep into the packet payload to check for those unmistakable application signatures that prevalent file-sharing protocols in use today leave behind. P2P protocol support includes Gnutella, Direct Connect, BitTorrent, WINNY, and IM file transfer.
While ConSentry's P2P protection capability performed well, we would love to see ConSentry give users more options for defining custom applications to enforce policy on. As of now, if you want to apply policy to new applications, you'll need to send packet captures to the ConSentry lab for analysis and development of a protection mechanism.
Those familiar with managing a Cisco infrastructure will immediately take to the ConSentry command-line interface, which looks and feels much like a Cisco Catalyst. The ConSentry CLI falls a tad short on logging and debugging, and we had a hard time getting live debugs to the console working properly for various events for which we were clearly generating activity. But on the whole, the CLI itself was rather robust and its similarity to the Cisco IOS will surely make for an easy transition for most network engineers. Reporting in InSight is well presented in dashboard-like fashion and offers a good amount of analytics on traffic and application usage, policy incidents, along with reports on system health and authentication issues.
Enterprises looking to concentrate their defenses at the very edge of the network will find the CS4024 to be a fairly robust solution for enforcing system health, applying usage and quality-of-service policies, and preventing malicious applications from traversing the switch port.
The CS4024 starts at $4,995 and goes up from there based on additional security and enforcement options available for purchase à la carte.
Randy George is an industry analyst covering security and infrastructure topics.
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
