arkin tal 88 298.
(photo credit: Courtesy)
Nighttime. You come home from a hard day's work, and what do you expect? A little dinner, an exchange of pleasantries with him or her, maybe a little TV later on - in short, some peace and quiet after a hard day's work.
That's what you expect - or hope for, at least. But what do you actually get?
That's right - a headache! Kids crying, kids whining, the din of the TV, spilled milk - can't someone please get me back to the office? Nope - not until tomorrow! Well, if you're stuck, you've got to find a way to cope - to quiet the little ones down.
I don't mean to overdramatize, but it is situations like this that can bring wrack, ruin and IT devastation to your place of work.
How? Simple! You know that letting the kids surf the Internet keeps them quiet. Of course, you're security conscious at home, so you know you're safe from active viruses. But many virii don't do their dirty work upon installation; some act in a more trojan-like manner, waiting for pseudo-portentous dates like December 21, 2012 (http://www.december212012.com) to do their thing.
Your home PC is infected - which means that your laptop, which you plug into the network, is a likely target for propagation of certain types of trojans. And what happens when you plug your laptop into the office network? Put it this way: If the world doesn't end on 21.12.12, there's a good chance your job will, when the IT department traces your laptop as the "patient zero" that brought the company down!
Of course, there's a way around the problem: All you have to do is get your company to install one of the products made by Ra'anana-based startup Insightix (http://www.insightix.com/), which will keep any and all trojans - or any other application, service, or rogue technology, past, present and future stays far away from your office's IT system.
To keep things safe - to ensure that business is not disrupted by a stealthy intruder - system administrators need to be in control. And the first step to control, says Lior Tal, CEO of Insightix, is knowledge - specifically, knowledge of what your IT system looks like. It's surprising and shocking, says Tal, how few companies even know what devices are hooked up to their servers. "If you don't know where to look for problems, how can you find them?" says Tal.
It's all about NAC - Network Access Control - keeping rogue devices off a network, and controlling the devices that you allow to connect to servers.
Insightix has two products that can alleviate the woes associated with unauthorized network devices, and the potential dangers they may carry - Insightix IT Visibility, and Insightix NAC. Both are software-based software solutions, allowing IT personnel to get, in real time, and updated on a regular basis, information about devices on the network and to control authorized and unauthorized elements. While Insightix Visibility provides a system for discovery and is meant to be used in conjunction with, say, a patch installer (InsightixVisibility will check to see which device is not up to snuff), Insightix NAC is a full-force security policy control system, which will check every device and enforce a set of rules; violators need not apply (i.e., they won't be allowed access to the corporate network). Compliance in this case can be whatever the company decides it should be: Keeping Kazaa and its P2P cousins off workstations (and closing the ports associated with them), making sure that everyone is using the same version of X application (to ensure maximum compatibility) or even making sure everyone has one of those aquarium screensavers, where the fish "swim" over the network from screen to screen. Note that compliance (and cataloging) is not restricted to computers; wireless access points, personal servers and other home equipment may be brought from home by employees and connect to the corporate network.
Sounds nice, but aren't there plenty of products that do this already? Surprisingly, says Tal, the answer is no. Not that there aren't discovery and NAC tools out there; but they have several major flaws that make them far less effective than the Insightix products.
"Other discovery systems do a one time scan of the network, and usually at night, so as not to impose on network communications too much. But you miss a great deal when you rely on that kind of system, because users take laptops and other devices home."
According to Gartner, the leading research firm, on average, discovery tools can account for about 65 percent of devices on a network - meaning that more than one-third of connected devices are free to do what they want, no matter how anti-social. The Insightix line, though, monitors the network in real-time, ensuring that any new addition is discovered almost as soon as it is connected to the network, that it knows the rules - and keeps them.
The system was impressive enough to rate raves from Red Herring as one of the top 15 security start-ups to watch, says Tony Miller, marketing director for Insightix.
The company already has contracts with several institutions both in Israel and the US. It just completed its first successful round of VC funding from leading US based VC Softbank Capital and, as a result, Ron Schreiber will be joining Insightix board of directors (Insightix has been privately funded by Doron Dovrat, Israel Adir, Quest Software and Blumberg Capital since its inception in 2004, says Miller). And it's got Ofir Arkin - one of the world's top authorities on NAC and network security.
Arkin, CTO of Insightix, is a phenomenon unto himself, says Tal. He is a frequent presenter at Black Hat and Def Con (where the "real" hackers hang out), and last year, presenting at the Black Hat security experts convention, he "blew the lid" off NAC, exposing the flaws endemic in popular NAC solutions. But as the top tech guy in Insightix, one could assume that he would make sure the products his company is developing is doing right by the IT people who just want to be able to sleep easier at night - secure in the knowledge that their network is safe from unauthorized intrusions, and that they will still have a job on December 22, 2012.