Network access control vendor Lockdown Networks is upgrading its kit to quarantine rogue devices detected by other security equipment on the network.
New software for Lockdown's Enforcer devices will accept syslog information from other security systems , and impose access restrictions based on their perception of the severity of any threats.
Lockdown gear scans devices as they attempt to access the network, but doesn't monitor their behaviour once they are on. Sharing intrusion-prevention system (IPS) data, for example, will let Enforcer quarantine computers whose behaviour violates security policies.
Intrusion-detection system (IDS) gear may find behaviour that represents a security risk, but they usually respond only by sending out alerts, not automatically taking action. The combination of the two is something users want, says Jeff Kowalski, vice president of reseller South Seas in Denver. Enforcers running with IPS gear can quarantine devices that came onto the network appearing clean but that later show behaviour indicating they are infected with malware.
"It can let us take real-time action on events reported by the IPS," he says.
A major plus for this approach is that the devices can be added to networks without requiring infrastructure upgrades, Kowalski says.
Lockdown says its Enforcers can be configured to act on syslog events from other devices based on seven threat levels defined in syslog standards. So a Level 2 threat might trigger no action by the Enforcer while a Level 7 threat might trigger a quarantine for the device that represents the threat, Lockdown says.
In cases where other security devices such as IDS, IPS and network behaviour analysis gear do not support syslog standards, Lockdown can gather information from them using APIs, the company says.
The upgrade to Enforcer software is scheduled for general availability in April.