ConSentry introduces real-time application and device threat detection software
ConSentry has launched new software to provide real-time application and device threat detection.
The ConSentry InSight Command Center proactively identifies questionable applications and devices that pose a risk to digital assets. The engine populates new dashboards that provide IT with an at-a-glance view of risks on the LAN, with drill-down capability to identify user, device and application detail.
As evidenced by the recent Downadup/Conficker worm, where a LAN protocol communicates with external IP addresses, ConSentry claims that the new tools will allow IT managers to proactively identify threats to their organisations' digital assets and intellectual property.
The rules database at the heart of the new real-time correlation and alerting engine processes a broad range of inputs, including user, application, protocol, destination, L4 Port, bandwidth, URL, filename and time of day. It correlates these inputs against a set of rules to detect potential risks to intellectual property as well as LAN availability.
Featuring a network access control dashboard that provides an at-a-glance view of any health issues for devices on or attempting to enter the LAN, it claimed that IT has full control over which parameters are scanned, what issues merit a warning to the user versus denying access, and which roles in the organisation should be subject to a device scan.
A questionable activity dashboard identifies risky applications, rogue servers, potentially time-wasting applications and websites and protocol risks.
Michelle McLean, head of product marketing at ConSentry, said: “The ‘Questionable Activity' dashboard monitors the use of questionable applications, servers, and websites. On it, you just right click on the bar charts to get the details of the users using those applications or address and location information about the servers.
“The new correlation engine and new endpoint software are updates to our existing products – our InSight Command Center and our LANShield software. They're part of our version 3.4 update, and they run the threat detection on a real time basis and will send you a daily report if you want to request it.”
Derek Granath, vice president of marketing for ConSentry, said: “Today's LAN is very different than in the past, with a much greater diversity of users, devices and applications. Add remote offices, virtualisation and digital assets to the mix, and IT has a significant challenge in balancing the potential productivity gains of this diversity and these new tools against the risk they present to organisations.”