The company has partnered with Zone Labs and Sygate Inc, companies that provide host integrity checking agent software. These agents can now communicate indirectly with Enterasys switches, which can then decide whether to permit network access.
CTO John Roese said that the move is the third leg of Enterasys’s Secure Networks strategy. The first two legs were introducing access control and policy management and adding reporting and interoperability with intrusion detection.
According to Roese, the system allows endpoints to be blocked, or quarantined to a patch network, whenever the agent discovers the host is not compliant with policies such as patch freshness or virus definition freshness.
The system is reminiscent of Cisco’s NAC strategy, and of a rival standards effort coming out of the Trusted Computing Group, which involves most of Cisco’s rivals, including Enterasys, Sygate and Zone.
Cisco introduced NAC last November, and released the first wave of products and support about a week ago, but Roese said that Enterasys’s system has more useful functionality available now than Cisco, which is looking at a phased approach.
In our model, if it’s found out that you’ve got an improperly configured host, or the host has a virus, or it has an issue, the enforcement is done right at the jack in the wall, Roese said. Cisco’s NAC currently only works on Cisco’s WAN routers, he said.
