Next Generation Security Switch Spotlight

Switch

Security teams usually use internal Security Information Event Management (SIEMs) to be their watchdog for alarming them about threats and risks behind their firewall.  Many have started to deploy complex Network Access Control (NAC) solutions and enhanced Endpoint Security software to detect, alert and block high risk internal network access.

However, most of these alerts happen a little too late.  At CDM, we’ve only seen a few proactive security solutions focused on the actual physical port that the user plugs their Desktops or Laptops into to gain Local Area Network (LAN) access.  The HanDreamnet SG2024 is one of the first line-speed, security centric managed switches we’ve seen on the market.  Yes, we actually had to spin the globe and reach far into Asia – South Korea to be exact, to find these innovative switches.

They are now just coming to market in the US and Canada – in fact, Solantus, Inc. – whom you may already know as one of the very few bold and innovative infosec distributors has picked up this product line.  Some of the key reasons that we also like this switch fabric is as follows:

  1. Lower total cost of ownership (TCO) than Cisco, Juniper or Extreme, among others.
  2. No agent-based software to install so you transparently deploy them or replace aging switches.
  3. No affect on the network and in fact, these switches are performing at speeds we didn’t expect to see, while security functions are all enabled, by default.
  4. Real-time detection and blocking of high risk security events at the physical port level.

How beneficial is an internal threat and ddos protecting switch?  Here are some real-world examples of deployments in Asia by end-customers of HanDreamnet:

Electronic Semiconductor Manufacturer – Experienced a flooding attack, which occurred internally. Whole manufacturing lines were stopped.  All of production material and goods were scrapped.  After deploying SG2024 managed switches, the problem was solved and hasn’t happened again…one infected system goes instantly offline at the physical switch port level when this kind of problem flares up again.  They re-image the system and try to ‘re-educate’ the employee about mal-behavior leading to installation of malware.

Very Large Corporation – Experienced a spreading worm by mobile user’s laptop which caused a huge amount of internal traffic flooding.  They had difficulty tracking it down to the source and lost an entire day at corporate headquarters because of this fast and wide spreading worm.  After deploying SG2024 managed switches, future worm outbreaks were instantly mitigated at the specific ports where they began, before causing peers on the VLANs to become infected or go offline.

Large University – One of the student labs caused a Distributed Denial of Service attack which caused the firewall to lock-up from bulk traffic sessions and they lost internet access for an entire day and evening.  Once they replaced their ‘big brand name’ switches with the SG2024 series they have not encountered any downtime, since, while experiencing frequent ‘troublesome’ student traffic.  This ‘troublesome’ traffic gets blocked nearly immediately at the physical switch port, protecting the rest of the network.

To learn more about these intelligent managed security switches, please visit http://www.solantus.com.

(Sources: CDM and Solantus)