Network access control appliance vendor Nevis Networks has announced a system update that it claims triples user capacity, improves integration with existing identity management systems, and provides single sign-on for users.

According to Nevis, key features of the new LANsecure operating software OS 3.0 for its LANenforcer appliances include:

  • Accelerated endpoint posture checks coupled with identity-based access control that avoids disruption to network performance or end users
  • A three-fold increase in user capacity on the appliances that cuts per-user security costs
  • Integration with existing identity management systems to enforce pre-defined, user-based application access policies for simpler administration.

OS 3.0 simplifies the deployment of LANenforcer appliances by providing single sign-on security posture checks for end users, said Nevis. The company reckoned the new OS also provides a range of pre-defined policies and white-lists that protect network-attached devices and enable security administrators to create new access control policies. For example, pre-defined policies for VoIP devices can be applied to all phones on the network, allowing only valid SIP protocol traffic from the endpoint and preventing an attacker from masquerading as the phone.

The new system means LANenforcers can be positioned anywhere in the network and will optionally support up to 3,000 concurrent users accessing an organisation's LAN, tripling the previous maximum. According to Nevis, this reduces costs to under $15 per user.

From an admin point of view, OS 3.0 provides transparent, identity driven, network-based policy enforcement points that operate at a full 10Gbps, according to the company. It reckoned that it's integrated its LANenforcers with leading identity management systems, so that identity-based access policies are updated and synchronised automatically between applications and the network. The result, said Nevis, is faster and simpler deployment of granular user access policies and lower admin overheads.

Additionally, a new out of band deployment option provides visibility into endpoints, users and activity on the network, including malware.

"As a 21st century community college district, we must provide our nearly 34,000 students, faculty, and staff with secured network access to a variety of district business and educational resources, but only on a highly controlled basis to maintain maximum LAN security," said Jeff Dorsz, network security manager with California's South Orange County Community College District.

"Because we have to be fiscally conservative with our network infrastructure, LAN security costs have to be kept to a minimum. This is why the scalability of Nevis' LANenforcer is so important to us. We now have a cost effective solution that that goes beyond NAC, providing pre- and post-connect access controls plus the ability to continuously monitor and report on user activity throughout a network session," said Dorsz.

"It's very clear that many customers evaluating LAN security solutions are initially taking measured steps with single facility roll-outs that address immediate pain points ,"said Andrew Braunberg, senior analyst with Current Analysis. "While the need for pre-and post connect access controls and continuous per user threat detection remains high, the nascent LAN security market is going to have to listen carefully to customers who are struggling with complexity."

Prices for LANenforcer appliances start at US$15,000, and the new OS is available from 19 March 2007.