NSA home

About NSANSA SolutionsProducts and ServicesAssessmentsDesign ServicesImplementationSLAsAruba NetworksNeoterisSecure ComputingTrend MicroResource CenterContact NSA

Products & Services


ConSentry Networks secures enterprise LANs with a purpose-built system that preserves data integrity, ensures network availability and supports regulatory compliance initiatives at compelling price/performance levels. ConSentry's solution leverages a breakthrough, patent-pending silicon architecture that allows continuous identification of all LAN traffic and enforces user access to authorized resources and applications at wire-speed, in real-time.

Enterprise LANs today involve more than just connectivity with contractors, insiders and guests all requiring access to the LAN. It's now about securing the LAN. ConSentry's platform affordably delivers LAN security with the performance and simplicity required to make it viable to deploy.

Performance: The Power of the LANShield·Silicon Architecture

Enterprise LANs have performance requirements that are orders of magnitude greater than WAN links. Today's wiring closet switches have gigabit, and often multi-gigabit links up to the core or aggregation layer. Only ConSentry's patent-pending LANShield silicon architecture is capable of delivering breakthrough secure processing throughput and the flow acceleration needed to fully visualize and control LAN-based communications. ConSentry's platform enables deep packet inspection at 10 Gbps throughput on user and network core traffic.

Innovation in the LAN: Building User and Application Control into the Network Fabric
The ConSentry platform binds a user name to an IP and MAC address as the user authenticates to the LAN. Once bound, this user information is tracked and utilized for policy enforcement, authorization and reporting on a per user basis.

Application Awareness:
Most traditional security devices can only inspect and control traffic up to layer 4, which means web-based applications which tunnel under port 80 and LAN-based applications which create their own internal layer 4 port identifiers are not visible and can't be controlled. For this reason relying only on layer 2-4 data is insufficient to control and understand traffic. ConSentry's platform classifies traffic up to layer 7 for each new flow enabling robust application-based enforcement.

Simplicity: Transparent Security & Seamless Network Integration
Securing the LAN should not mean replacing the LAN. Rather, solutions must leverage the existing installed network equipment. LAN-based security solutions must integrate with existing authentication, identity management and host integrity systems. The ConSentry platform does exactly that, as a transparent bridge between the wiring closet switches and core/aggregation switch layer. Deploying seamlessly into an infrastructure, ConSentry leverages LAN investments.

Centralized Management:
Any LAN security solution needs be as simple to manage as existing switches. Solutions should not require complex security event managers to correlate, rather should provide user-based, violation indexed reporting to allow IT to take immediate action when a security incident arises. The ConSentry management platform provides IT staff with a centralized, easy-to-use and actionable control panel for a uniform view of user activity and incidents across the LAN.

ConSentry Networks is poised to significantly impact the Security Policy Enforcement landscape. Examples of the application relevance of the ConSentry solution are characterized here.

ConSentry PCI Data Security Standard
NAC - The ConSentry Alternative
Malware Control Tech Brief

To learn more about the viability of ConSentry, please Contact NSA via email or direct request.

Home | About Us | Solutions
Products & Services | Resource Center | Contact Us
Contact NSA