Startup Insightix has made a deal with a hardware manufacturer to produce an appliance version of its network access control software that lets customers discover all networked devices and monitor them, looking for behavior that violates corporate security policies.
The company has made an OEM agreement with Resilience, which makes high-availability security appliances, including firewall/VPN gear and gateways for e-mail scanning and intrusion prevention. The appliance, called Blazara, discovers devices, draws a network topology map and keeps track of devices as they log on and off, noting any configuration changes they undergo in the meantime.
Insightix NAC software can block unauthorized devices from network access via address resolution protocol (ARP) spoofing, which tells the device it is ineligible to send traffic to the network. Alternatively, it can block access to switch ports using SNMP commands to switches that deny access.
Insightix software on the appliance checks whether devices on the network behave as they should. For instance, a PC that has spoofed the IP address of a printer would be discovered by Insightix NAC based on its behavior that falls outside what a printer does, and its network access would be shut down.
Unlike some other NAC products, Insightix NAC requires no software agent on the devices it monitors.
One upside of the software is that it can be deployed on a network without changing the network topology or infrastructure. Some other vendors' NAC architectures, notably Cisco's, require specific switches.
Resilience specializes in security hardware and already has relationships with other security software vendors. It sells appliances with integrated Websense Web Security Suite, Check Point's VPN-1 IPSec and Connectra SSL VPN, RealSecure's IPS, and Sophos's PureMessage e-mail security.