Nevis Networks LANsecure is First Architecture to Comprehensively Solve Multi-Gigabit LAN Security Challenges; Purpose-Built ASIC Enables Platform for Integrating Multiple LAN Security Functions at Wire Speeds
MOUNTAIN VIEW, Calif.—(BUSINESS WIRE)—Nov. 14, 2005—
Today, Nevis Networks announced its LANsecure(TM)
architecture, the heart of Nevis' comprehensive LANenforcer(TM)
product family. The LANsecure architecture enables enterprises to
solve LAN security challenges with Nevis' patent-pending, massively
parallel LANsecure ASIC, which integrates enterprise networking and
comprehensive access control with multiple threat detection
methodologies, all at multi-gigabit wire speeds.
(Editor's Note: For more information about the LANenforcer product
family, please see the press release titled "Nevis Networks Locks Down
Enterprise LANs With Comprehensive, ASIC-Based LANenforcer
Appliances," also released today.)
"With this announcement, Nevis has significantly raised the bar
for complete LAN security," said Rodney Thayer, security analyst,
Canola & Jones (www.canola-jones.com). "The new Nevis ASIC-based
architecture not only incorporates multiple security functions that
previously required separate devices, but it also performs these
functions at previously unavailable performance levels. The LANsecure
architecture delivers the power required to cost-effectively deploy
defense-in-depth, protecting each user and making powerful per-port
LAN security a reality for the first time."
Massively Parallel Architecture Redefines Threat Control
The LANsecure architecture is massively parallel and has an
integrated software stack, enabling it to accelerate multiple security
functions simultaneously, including stateful firewall; threat
signature matching; traffic, protocol, and behavior anomaly detection;
and endpoint quarantine. Each packet passes through the ASIC at wire
speed while it is examined for anomalous traffic patterns, individual
security violations, and threat and malware signatures.
The LANsecure architecture delivers six threat control
methodologies that operate in parallel for the most accurate threat
detection available:
-- The policy-driven stateful firewall provides user-based
Network Access Control (NAC) and protects against Denial of
Service Attacks (DoS and DDoS), packet buffer exhaustion
attacks, SYN flood attacks, and connection highjacking.
-- Threat signature matching identifies known threats and speeds
up incident resolution. Hardware acceleration and parallel
pattern matching eliminate the performance degradation usually
associated with signature-based security devices.
-- Hardware acceleration enables ultra-fast detection of traffic
anomalies for which signatures are not yet available and
blocks them in microseconds.
-- Protocol anomaly detection utilizes stateful pattern matching
which looks for conditions that violate normal behavior in
protocols including IP, TCP, UDP, ICMP, and HTTP.
-- Behavior anomaly detection builds individual behavior
profiles, based on user behavior and IP addresses, that
increase the accuracy of threat containment and reduce false
positives.
-- Automatic endpoint quarantine is initiated by the detection
methods above in response to threats. Response is
policy-controlled and includes redirection for remediation and
blocking of network access.
Wire-Speed Performance Required for LAN Security
The LANsecure architecture performs all its security processing in
parallel and at speeds of up to 10 Gbps -- as much as ten times faster
than conventional security solutions. Because the LANsecure ASIC
operates at wireline speeds, Nevis' LANenforcer products can perform
deep packet inspection and contain threats in microseconds, without
affecting packet latency.
With a packet latency of only 47 microseconds, Nevis' ASIC can
detect and block worms in about 150 microseconds -- fast enough to
contain even zero-day worms. Solutions with latencies in the
milliseconds typically allow 100 or more packets into the network --
enough to cause significant damage and financial loss.
"Security is only valuable if it can be delivered without
impairing the function that is being secured," said Peter Christy,
principal at Internet Research Group. "The LANsecure architecture
provides a high level of security, and its wireline speed allows it to
do so transparently so that even latency-sensitive applications such
as VoIP continue to operate normally."
Scalable, Easy-to-Deploy Architecture
The LANsecure architecture is the first to truly integrate LAN
security and networking in a fundamental approach that is highly
scalable and flexible. Nevis' architecture enables customers to expand
their LANenforcer deployment to meet their evolving security needs.
The scalable architecture also enables Nevis to enhance product
functionality and address new security threats as they emerge.
Nevis' flexible architecture enables two deployment models,
depending upon the desired level of threat containment. In transparent
mode, the LANenforcer 2000 Series is installed behind the access layer
and aggregates user traffic from multiple switches. Transparent
deployment is a cost-effective way to protect many users and can be
quickly deployed, requiring no change to user desktops or to the
existing network. Deployed at the access layer and connecting directly
to each user, the LANenforcer 1000 Series provides the highest level
of protection for every user on the network, containing threats to the
individual user. In both modes, the LANenforcer deploys seamlessly
into the LAN and requires no client software.
"Until now, IT has had to make a tradeoff between deep packet
inspection and high-speed LAN performance because today's LAN security
solutions typically introduce significant packet latency," said Bill
Scull, senior vice president of marketing at Nevis. "The LANsecure
ASIC enables our LANenforcer security appliances to perform deep
packet inspection at network speeds, thus eliminating this tradeoff
and providing comprehensive LAN security from a single integrated
platform."
Disruptive Price/Performance
Nevis purpose-built the LANsecure ASIC to deliver LAN security
appliances with greater flexibility in design and higher performance
than available in off-the-shelf chip sets. The patent-pending ASIC
design uniquely enables the company to address key LAN security issues
facing enterprises today plus ensure extensibility for the future. The
LANsecure ASIC thus enables disruptive price/performance while giving
users the ability to fully secure every user on the LAN without
degrading network performance or deploying client-side software.
About Nevis Networks
Nevis Networks develops and markets ASIC-based LAN security
appliances designed to help corporations protect information privacy
and integrity, ensure network availability, and maintain regulatory
compliance. With its patent-pending LANsecure architecture, the Nevis
LANenforcer product family combines the most comprehensive access
control, deepest threat defense, and fastest threat response to create
a "Personal DMZ" around every user on the LAN. Nevis was founded in
2002 by seasoned executives with strong track records in security,
semiconductor, and networking technologies, and has raised over $40
million from veteran Silicon Valley investors New Enterprise
Associates, BlueRun Ventures, and New Path Ventures. The company is
headquartered in Mountain View, California, with an R&D center in
Pune, India.
For more information, visit the Nevis Networks web site at
www.nevisnetworks.com, or contact the company at 650-254-2500.
Contact:
Nevis Networks, Inc.
Denise Barton, 650-254-2577
Email Contact
or
Engage PR
Kristin Kiltz, 510-748-8200 ext. 204
Email Contact
|
Be the first to review this article
