Ponte Communications Inc. announced a new product aimed at centralizing control of network-wide policy and security updates called nsControl Monday.
Designed to address the difficulties of managing security for the many different types and brands of network devices that companies have installed, nsControl offers centralized and automated maintenance, the company said. NsControl allows a manager to distribute security updates, system patches or new policies to every affected device on the network with one command, rather than dealing with each group of devices by type or vendor, according to Ponte. Now updates can be pushed out to all firewalls on the network, or all routers, regardless of interface or language used to deal with them, according to Mark Epstein, chief technology officer of Ponte.
The system works like this: A company using nsControl must install a Control Server and as many Network Control Points as needed. The Control Server is a Sun Microsystems Inc. Solaris system running the nsControl software. Network Control Points are installed wherever they are needed in the network, depending on the network's size, said Epstein. The more decentralized a network is, that is, the more branch offices and remote locations a company has, the more Network Control Points will be needed, he said.
Then, when a patch needs to be applied or new security policies are added, the administrator simply sends them from the Control Server to the Network Control Points, which, in turn, distribute them automatically to the necessary devices. Even though different devices are likely to use different languages and methods of interaction, nsControl handles all of them easily because the system translates the original command from the administrator into whatever language a device speaks, Epstein said.
The Control Server stores all information about previous changes, so that older versions can be restored. The system also includes a full audit trail so that changes can be tracked and explained.
A system like nsControl is needed because corporate networks are becoming larger, more complex and more interconnected, which can lead to trouble, said Alan Norquist, vice president of marketing at Ponte.
"As networks gets more complex, attacks group" and the knowledge needed to launch them goes down, he said. Automated attack tools are gaining popularity and now there is an automated security tool, as well, he said.
An automated tool is needed because networks and the devices are so large and so plentiful that humans can get overwhelmed, leading to fixes not being installed as quickly as necessary, said Epstein. This is borne out by the spread of the Code Red worm, which exploits a vulnerability found in Microsoft Corp.'s IIS server over a month ago, but yet has found its way into over 200,000 servers "Control is desperately needed," Epstein said.
NsControl is targeted at Fortune 1000 financial services companies and managed service providers, Ponte said. Though the company does not yet have any customers for nsControl, the system has been available since June and is shipping in North America, said Norquist, adding that sales in Europe are likely to come soon.
A full network installation of nsControl generally runs as high as US$4 million to $5 million, but customers can buy smaller numbers of Control Severs and Network Control Points to start, Norquist said.