Joining the ranks of security-appliance vendors this week is startup Identity Engines, which today is expected to launch a $15,000 box designed to quickly add centrally managed identity-based security to enterprise networks.
Called the Ignition Model 3000E, the first offering from the Mountain View, Calif.-based Identity Engines can support between 500 and 2,000 clients active per device, according to Roy Chua, the company's vice president of marketing. The appliance, Chua said, will use existing directory and authorization client data (including RADIUS and LDAP information) to act as central administration point for authentication, authorization and accounting (AAA) of network users.
With such an appliance, network administrators can more easily set policies and permit more-flexibile yet secure access to their networks, said Chua, who said that server-based authentication software products have not kept pace with the expanding complexity of corporate networks that may now include a wide range of access technologies like wireless and virtual private network connections, and multiple application servers with a wide mix of users.
"The products out there to do authentication were designed 10 years ago," said Chua, who said that current identity-management systems may reside on multiple corporate servers, without a single coherent management point. "What's missing is the intelligence to manage the access [policies] across complex networks. That's the gap we fill."
As networks become more important to enterprises' businesses, there is a desire to make assets available to as many users as possible. But growing in lockstep with expanded access is the very real threat of viruses and hackers, whose presence can cause not only expensive network downtime but also the loss of business-critical information.
Market leaders like networking giant Cisco Systems are taking particular interest in security of late, with overarching plans to make networks "self-defending" via interlocking technologies and policies. Identity Engines' Chua said his company's appliance "fits in well" with plans like Cisco's NAC vision. Other companies have already started to target the identity-security field with similar network appliances, including shipping products from InfoBlox, among others.
Chua said Identity Engines' appliance can simplify many administrative processes, such as the desire to provide guest access to a corporate network. Instead of requiring a network administrator to manually set up and tear down a guest user account, Chua said the Ignition device allows administrators to set up software templates with the correct user permissions already in place that would let non-technical users, such as reception personnel, create guest accounts on the fly.
The first verison of the company's appliance is designed only for local-area networks but the company plans to ship a version that supports wide-area links by the first half of 2006, Chua said. Chua said Identity Engines will look to resellers to move its product, claiming that the appliance approach offers VARs a simpler way to add value to their services.