ConSentry LANShield OS and Technology
Document Downloads:
LANShield OS - Intelligent Switching Software
ConSentry Networks delivers intelligent switching, making it easy for IT to control users and applications on the LAN. The ConSentry LANShield OS drives the company's LANShield architecture, the custom programmable silicon at the heart of the LANShield product family. The ConSentry's LANShield platforms the LANShield Switch and LANShield Controller tie together user, device, role, application, and destination to provide a level of business context not possible with legacy switch architectures. The LANShield OS provides this integrated context, enabling IT to align the LAN with the business and deliver the services needed to make their companies more efficient, accountable, and agile.
The LANShield silicon and OS are common to both the LANShield Switch and LANShield Controller. Both platforms provide total user and application control without sacrificing performance and with minimal impact on the existing infrastructure. ConSentry leverages existing OS authentication mechanisms, such as the Windows login. The LANShield OS enables the LANShield platforms to enforce policy directly, without the need for VLANs or ACLs in the network or supplicants or agents on the clients.
LANShield Architecture
The ConSentry LANShield OS drives the massive parallel processing capabilities of the LANShield silicon. The 128-core LANShield CPU processes 128 threads simultaneously, enabling deep packet inspection and policy enforcement. The accompanying programmable ASICs provide wire-speed forwarding on already inspected flows and session tracking for reporting and auditing. Together, the LANShield CPU and ASICs deliver full user and application control at 10 Gbps rates, maintaining wire-speed performance.
For each traffic flow, the LANShield OS binds together username, device, role, addresses, applications, and destination and applies policy. As a result, all reporting and control ties back to the user, device, and role. The OS enables active or passive authentication for users, automatically derives the role for each user or devices, and recognizes and classifies applications. LANShield OS names more than 300 applications at Layer 4, and it inspects more than 30 at Layer 7. The LANShield devices then use that application knowledge to apply policies that control what users can access.
Integration with ConSentry InSight
The LANShield OS coordinates the processing onboard a LANShield device and also interfaces with the ConSentry InSight Command Center software. InSight sends policies to the LANShield platforms via the LANShield OS, and the OS sends back to InSight extensive data about incidents, session information, user status, and other LAN security data collected by the LANShield silicon.
The OS also provides an industry-standard command line interface (CLI) for access to LANShield devices. The CLI allows IT to configure the ConSentry platform, apply user control policies, and learn user and incident information.
LANShield Technology - The enabling technology for intelligent switching
The changing focus from increasing bandwidth to increasing control requires custom silicon to meet the associated demand for intense processing power. Our custom LANShield silicon consists of a 128-core processor and two custom traffic-processing programmable ASICs to deliver intelligent switching. These custom chips support the massively parallel processing needed to provide stateful deep packet inspection on each traffic flow and detailed Layer 7+ tracking and policy enforcement enabling user and application control at wire speeds.
The LANShield Silicon consists of the LANShield Processor, a massively parallel multithreaded 128-core CPU, and the LANShield Flow Accelerator and Visualizer programmable ASICs
The LANShield product family marries custom silicon with dedicated intelligent switching software to enable full visibility and control of users, applications and threats. The LANShield OS drives the silicon and delivers these controls. It also performs the three-way binding of IP address, MAC address, and user identity, learned during authentication, to support identity-based control and full visibility of all user activities.
The programmability of the LANShield hardware and software enable ConSentry to update the LANShield Switches and LANShield Controllers to accommodate changes in protocols, applications, and attack architectures that may affect the LAN's vulnerability.
