Network infrastructure is evolving rapidly to deliver anytime, anywhere access to exploding multi-media content for novices and experts using PCs, laptops, handhelds, and gaming devices. As they do they become increasingly vulnerable to attack by serious hackers, recreational rogues, and accidental intruders.

The ConSentry LANShield Switch is a secure enterprise-class switch that makes it easy for IT to embed wire-speed security directly into the edge of the LAN infrastructure. It provides the full set of secure switching capabilities needed to protect enterprise assets:

	Network Admission Control (NAC) — authentication and posture check to control who can enter the LAN
	visibility — incident- and exception-based information resolved to the username, at Layer 7 for common business protocols (e.g., file name, URL)
	identity-based control — role-based provisioning to control user activities on the LAN
	threat control — detect and block propagation of worms and other malware to prevent network meltdown

The LANShield Switch combines ConSentry’s custom LANShield silicon and security software with switching silicon to provide total per-port control and visibility without sacrificing performance. The ConSentry custom hardware includes a 128-core processor and programmable ASICs that perform deep packet inspection, provide security monitoring and control, and switch traffic at 10 Gbps. The programmability of the LANShield silicon enables ConSentry to keep pace with changes in applications and security requirements.

The LANShield inline architecture enables enterprises to monitor and control all user traffic with minimal impact on the existing infrastructure. ConSentry leverages existing OS authentication mechanisms, such as the Windows login. The LANShield devices enforce policy directly, without the need for new VLANs or ACLs in the network or new supplicants or agents on the clients.

An Integrated Approach
The LANShield Switch sits in the wiring closet, connecting user machines into the core or distributionn layer of the LAN. Because the switch hosts users directly, it sits in the optimal location for controlling user activities on the LAN and containing threats launched — accidentally or maliciously — from a user machine. The LANShield Switch’s per-port control contains peer-to-peer violations or worms to a single user rather than to all users connected to one uplink port.

The LANShield Switch provides integrated security without compromising on switch functionality. The LANShield CS4048X supports 44 copper-based gigabit ports, four SFP gigabit ports, and two 10 Gbps ports. Redundant fans and hot-swappable power supplies combined with network resiliency features such as link aggregation and rapid spanning tree ensure high availability at the edge. Optional 802.1af Power over Ethernet provides up to 15.4W of power for all ports.