Secure networking developer ConSentry Networks has introduced what it calls its Intelligent Switch architecture – in essence, a firmware upgrade which adds application and role-based control within the network.The ConSentry devices were already able to pull a user’s profile out of an identity store such as MS Active Directory, RADIUS or LDAP, and use this to control network and application access, as we reported in our review last year.What’s new, claimed the company’s CTO Jeff Prince, is it can now work out who should have access to what and where automatically, based on role data stored in the directory.“The system now uses roles, and enforces without you having to program ACLs into switches, set up VLANs or anything. The IT manager doesn’t have to get involved,” he added. “In effect, it writes your business policies to the switch.” He said this means an organization can consolidate its security permissions in one place – the directory – with the ConSentry system automatically binding changes into the network.This is already working well, said Lou Owayni, global network and telecom manager at Adaptec, which has a Cisco core with ConSentry LANShield edge switches. “With LANShield, when new users are placed in Active Directory, I can safely and automatically add them to the LAN and implement access controls with a single touch,” Owayni added.Like other flow-based network devices such as WAN accelerators and IPS, the ConSentry switch includes a deep packet inspection (DPI) processor able to identify applications at Layer 7, not just by port number. The system can also tie in with ID management software and handle non-user devices such as printers, Prince said.He noted that ConSentry does still sell NAC appliances, in particular to companies which aren’t ready to refresh their edge switches and want to add security non-disruptively.He said though that this application and role-based security really belongs within the edge switch, and predicted that other vendors would follow ConSentry’s lead over time.“Cisco with Trustsec has acknowledged the need to bring in user and role data, and so does Juniper’s announcement this week,” he said.Juniper already has similar security technology, in its UAC (user access control) devices, and is about to launch a range of enterprise switching products. Prince said that the Intelligent Switch firmware is already shipping within ConSentry’s 24 and 48-port switches, and will be a free upgrade for switch or controller customers with a support contract.By Bryan Betts, Techworld.com Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe