3Com is adding intrusion prevention to its network equipment so customers can quarantine attacks by shutting down switch ports and redirecting users to restricted virtual LANs.
The company's network switches will respond to commands from its TippingPoint Intrusion Prevention System (IPS) that sits in-line with traffic, inspecting packets to Layer 7 at wire speed and throttling or blocking suspicious traffic. The IPS will be packaged in blades that plug into 3Com switches and routers, and will go on sale later this year.
The IPS can make switches close ports or shunt traffic to secure VLANs to quarantine devices and network segments where worms are found, says Kip McClanahan, a president at 3Com.
Switch and router access lists cam also be changed to restrict activity of infected machines, and block IP addresses. New software and hardware will appear over the next nine months.
3Com's approach is similar to its competitors. Alcatel has teamed up with intrusion-detection vendors to use the company's Automated Quarantine Engine in Alcatel switches. Nortel's switches also support third-party IDSes. Cisco's Clean Access software imposes similar restrictions. Enterays's Automated Security Manager quarantines via its switches.
3Com's TippingPoint blades will be in competition with other overlay security vendors such as Check Point, Caymas, Vernier and Lockdown. The company will also announce new smaller TippingPoint devices for smaller networks, and software upgrades for more secure VoIP.