Monday, April 24, 2006

ENIRA Partners with Lancope

I've wanted to say something about ENIRA for several months now, but I've been under a non-disclosure agreement. This morning, however, I noticed this press release which quotes me.

What's the fuss? ENIRA is a nearby company (in northern Virginia) that sells a Network Response System. It's essentially an incident containment appliance that isolates hosts when directed to do so. It's neither an IDS nor firewall -- layer 3, 4, 7 (IPS), or otherwise. ENIRA learns your network topology by accessing infrastructure devices (switches, routers, firewalls, etc.) and implements a containment policy when told to isolate a host or segment.

The isolation mechanism makes the best possible choices, based on any policies and restrictions you have provided. It keeps track of its actions and acts like a "network engineer in a box." I think this is a great network-centric incident response product. Lancope is going to use it to implement short-term incident containment when StealthWatch identifies suspicious or malicious activity.

1 comment:

Mark Townsend said...


I would strongly encourage you to review a product from Enterasys Networks - NetSight Automated Security Manager (ASM).

ASM has been shipping for two years and is a rules based "broker", accepting security feeds from IDS/IPS systems and then provisioning a containment policy across multiple vendors products.

Enterasys has been shipping NetSight Automated Security Manager for more than two years and has a nice install base.

While Enterasys Networks is a manufacturer of switches, routers, wireless and the popular Dragon IDS/IPS products - NetSight Automated Security Manager is an open system working with both 3rd party security feeds and provisioning 3rd party network devices.

If you would like, I would be happy to brief you. I'm a co-author of the pending patent on our "Dynamic Intrusion Response" technology and an architect of both the aforementioned technology and our "Network Access Control" technologies.

I remember when I first proposed our network-based intrusion response to Ron Gula back in 2000. I said, "Ron - our switches (layer 2) store every IP address they see" (we have an extended table that learns IP/MAC bindings). Ron replied "cool". I said "Ron, Dragon can ask our switches directly for the location of an IP". After several volleys Ron got it. We started work on it just before Ron left to pursue Tenable.

I look forward to chatting with you about not only this, but our switches built in capacity to implement the exact access control that you mentioned wasn't available today. We've been shipping (and obviously keeping it a secret) for nearly 10 years.

Thanks and keep up the great work!


Mark Townsend
Director Security Technologies
Enterasys Networks