Announcements from Extreme, Enterasys, and leading infrasructure vendors today at the Interop show will highlight the divergent architectural approaches that traditional infrastructure and emerging security-centric infrastructure upstarts are taking towards access control and application layer security.
The traditional infrastructure vendors are centralizing security resources onto their existing switching and routing product portfolios. They trap new traffic flows at the ingress to corporate networks and divert them to centralized security engines within the core of the corporate network for further analysis. Those security engines then make decisions whether to admit, reject, or quarantine those flows, defining Access Control Lists (ACLs) that are pushed out to the switches for enforcement.
New security-centric players, such as Consentry, DeepNines, Lockdown Networks, Nevis, InfoExpress, Radware, and Vernier, distribute intelligence embedding deep packet inspection capabilities within the core or distribution switches. Consentry went even further earlier last month by extending deep packet inspection into its new access switch, the Secure LAN Switch. The 44-port 10/100/1000 POE switch lists for $14,995 or $341 per port.
While the security-centric players will have broader appeal in new installations, they'll have a tougher time penetrating existing installations. This is particularly true with Consentry's Secure LAN Switch, which will require companies to commit upfront to the higher costs of security switching. On the other hand, security-centric players offer the ability to work inline, not just at flow initiation, enabling companies be more vigorous in their security enforcement.
The Traditional Approach