Identity-based access control from AEP is released

by Steve Ragan - Apr 1 2008, 16:00

AEP Networks said on Monday, that they are launching a new Identity-based Access Control appliance (IBAC), called IDpoint. IDpoint will act as both a firewall and policy-enforcement engine.

Designed for enterprise networks, IDpoint is placed in-line directly in front of any sensitive resources or servers, acting as a hardened network-layer or application-layer enforcement point. It enforces network-layer and specific application-layer access policies by checking PacketTags, the unique cryptographic representation of user identity, to every IP packet sent to whatever it is currently protecting.

“This ‘proof of identity' tag is only added to packets destined for protected resources. As such, it eliminates the potential for unauthorized access to resources. However, all access attempts made against protected resources – whether allowed or denied – are logged for reporting,” AEP said in their RSA brief. The RSA security conference and expo will take place this month in San Francisco.

IDpoint provides extensive logging and reporting showing which users accessed what information from where, when, and for how long. Detail policy violations and PacketTag anomalies are logged as on-screen and printable reports. This audit trail aids reporting and compliance challenges for PCI DSS, HIPAA, and other regulatory guidelines.

One of the biggest issues facing IT recently is compliance and information protection. Recently in both government and public IT sectors, there has been a trend of information disclosure vulnerabilities. TJX, Hannaford, UCLA, and others all showed considerable failures with compliance checks and coverage.

“Compliance considerations leave us with the burden of proof that we protect confidential medical records. IDpoint has addressed this pain with a simple, intuitive policy enforcement engine that gives us proof of user access to private medical information,” said Bryce Bowman, Systems Administrator at Medical Associates of the Lehigh Valley. “The value of IDpoint is not just controlling user access; it's providing a detailed audit report to prove compliance with regulations such as HIPAA.”

Technology such as IDpoint is going to emerge in waves if the trend keeps up. The problem however, with appliances such as this, is how easily it can integrate with existing infrastructure. AEP says that IDpoint is a “bump-in-the-wire” architecture that does not have any IP addressable interfaces on the protected path(s). As a result, enterprises can simply drop in an IDpoint without any disruption to the existing network.

IDpoint starts at about $50,000 for 99 licenses.
http://www.aepnetworks.com/products/downloads/dataSheet_IDpoint.pdf

Around the Web