Enterasys Announces IPv6 Support For IPS

Enterasys Networks' intrusion prevention system (IPS) now supports IPv6, meeting the federal procurement mandate that went into effect this year and future-proofing business customers that will eventually adopt the expanded network addressing protocol. "The federal government mandates Ipv6 support; they're not using it, but everything they buy has to have it," says Charles Kolodgy, IDC research VP for secure products. "You need that check box if you want to sell to the government, especially [Department of Defense]."

In fact, none of Enterasys' customers have implemented IPv6 yet, says Michelle Araujo, director of product management.

IPv6 is being introduced to meet the dwindling number of addresses available with IPv4. The protocol also includes enhanced security via IPSec and mobile routing support. The federal government mandates that all networking infrastructure procurements must be in compliance with the requirements of the rigorous National Institute of Standards and Technology (NIST) USGv6 Test Program.

For the rest of us, "we're going to get there, we're going to have to, as the address space runs out," says IDC's Kolodgy. He adds that this will be especially true as the use of mobile devices increases, "if each has an IP instead of hopping." However, prospective customers should look at all aspects of Enterasys IPS and other products in its security portfolio, rather than focus on IPv6 support.

Enterasys IPS can be deployed in-line, typical of most IPS products, but Enterasys also offers what it calls Distributed IPS, which leverages Enterasys intrusion detection system (IDS) sensor detection around the network and enforces response action, such as removing the attacker's network access, through switches and other network infrastructure to block intrusions."We use IDS as the eyes for the IPS on the network," says Dennis Boas, security solutions manager. "You still get a level of protection and get the cost benefits of being able to cover large portions of the network without having to deploy in-line IPS at every uplink." The approach is analogous to Sourcefire's IPS, which leverages distributed sensors around the  network.

Bentley College, in Waltham, Mass., uses Distributed IPS to check P2P applications and other suspicious or threatening activity, primarily on its student networks.

"We send information from the IDS into the back-end software and change policies on the switch ports," says Todd Marsh, Bentley's principal network engineer. "As opposed to traditional in-line IPS, we take four sensors and cover a lot of areas."

Enterasys IPS can also act on triggers from the company's Security Information & Event Manager (SIEM), which features flow data collection for network behavioral anomaly detection (NBAD) correlated with traditional log-based event analysis (similar to Q1 Labs' capabilities).

In addition to network-based IDS/IPS, Enterasys offers host-based intrusion detection and prevention for critical servers. All the products can be managed through a common security console.