AEP IDpoint™ and AEP PacketTag™ technology provide end-to-end identity over any TCP/IP network
Somerset, NJ – March 31, 2008 – AEP Networks, the leader in policy-based networking, today announced the availability of AEP IDpoint™, an advanced identity-based access control (IBAC) appliance. IDpoint is an identity-driven, stealth-mode, wire-speed policy enforcement point for use in the enterprise data center in front of critical application resources. By inserting proof of user identity into IP packets and enforcing resource access policies based on group membership, IDpoint can greatly aid organizations in adhering to internal governance as well as achieving compliance with industry regulations, such as PCI DSS and HIPAA. IDpoint addresses customer demand for tighter control over user access to critical, high-value information assets in order to preserve data integrity and reduce business risk.
IDpoint has been in use by multiple early access customers from a range of industries.
“Compliance considerations leave us with the burden of proof that we protect confidential medical records. IDpoint has addressed this pain with a simple, intuitive policy enforcement engine that gives us proof of user access to private medical information,” said Bryce Bowman, Systems Administrator at Medical Associates of the Lehigh Valley. “The value of IDpoint is not just controlling user access; it's providing a detailed audit report to prove compliance with regulations such as HIPAA.”
“We are able to drop in IDpoint – without making any infrastructure changes – and add the initial set of access policies integrated with our user directory in under an hour,” said Andrew Lingenfelter, General Manager of NCS DataCom, Inc., a managed security service provider. “IDpoint provides a distinct security advantage for our customers because we now have tremendous control over what specific resources and applications individual users and/or customers are authorized to access. Not to mention we then have a full audit trail for compliance related issues."
Network Segmentation, Policy Enforcement & Granular Access Control
Designed for the enterprise, IDpoint is placed in-line directly in front of certain sensitive application resources or servers in the data center as a hardened policy enforcement point. It enforces network-layer and specific application-layer (such as FTP) access policies and privileges to determine individual user access to the protected resources while stopping unauthorized network traffic from getting through – even an unauthorized TCP ping is blocked. This granular access control allows organizations to easily build identity-driven security zones to ring-fence valuable network resources – limiting access to just those users with a “need to know” and isolating critical resources from exposure to non-authorized staff, partners, customers, devices, etc.
Adding Identity in the IP Packet
The IDpoint token inserts a secure, unique cryptographic representation of user identity, called AEP PacketTag™, into every IP packet destined for a protected resource. This ‘proof of identity’ tag is only added to packets destined for protected resources. As such, it eliminates the potential for unauthorized access to resources. However, all access attempts made against protected resources – whether allowed or denied – are logged for reporting.
Reporting, Auditing & Regulatory Compliance
IDpoint provides comprehensive, identity-correlated logging and reporting showing which users accessed what critical information resources from where, when, and for how long. Detail policy violations and PacketTag anomalies are logged as on-screen and printable reports. This unalterable audit trail greatly aids reporting and compliance challenges for PCI DSS, HIPAA, and other regulatory guidelines. Further, IDpoint segmented networks limit the scope and, therefore, complexity of compliance audits.
Simple to Deploy & Low Cost of Management
IDpoint is a “bump-in-the-wire” architecture that does not have any IP addressable interfaces on the protected path(s), meaning seamless installation can occur anywhere on the network. It operates without impacting routing and switched topology, authentication, firewall, IDS/IPS, IP address topology or other applications. As a result, enterprises can simply drop in an IDpoint without any disruption to the existing network for simple and ubiquitous deployment.
The solution works end-to-end between the IDpoint token on the client and the IDpoint appliance in the data center, allowing the IP network to remain a simple, fast pipe. This “security on the ends” approach offers simpler deployments and efficient management of moves, changes and rearrangements which is in stark contrast to network-embedded security alternatives like NAC, VLANs, complex ACLs and firewall policies that are difficult to manage and expensive to maintain. With IDpoint, granular access control is effectively managed by the LDAP/Active Directory administrator. This architectural approach makes IDpoint very useful in healthcare, pharmaceutical, financial services, managed services providers or any organization where privacy, network segmentation, data protection and compliance are important.
Additional Highlights of AEP IDpoint
- Enforce end-to-end intelligent access policies across any IP-based network (LAN, WAN & remote/mobile users)
- Stealth-mode policy enforcement: Undetectable, “transparent” device silently inspects packets at wire-speed across two independent 1 Gb/s enforcement paths, denying unauthorized traffic and isolating systems from inappropriate access. Enforceable at the network layer by host address, subnet, port, protocol and user identity
- Device identity determined via AEP Client Machine Identity (CMID) technology
- Targeted endpoint integrity checks
“The identity-based access control gateway or network appliance enables the enterprise to audit who accessed specific information and application hosting servers, and impose preventative controls that limit access to users based on their identity and associated roles or group memberships,” said Phil Schacter, Vice President and Research Director at The Burton Group.
Pricing & Availability
General availability of AEP IDpoint will be mid-April 2008. List-pricing for IDpoint starts at $52,000, which includes 99 concurrent user licenses.
AEP IDpoint will be demonstrated at the RSA Conference 2008, San Francisco, April 7-10, at booth #234, and Infosecurity Europe 2008, London, April 22-24, at stand D235.
For more information:
- Product Datasheet:
- Product Photo:
About AEP Networks
AEP Networks offers a comprehensive Policy Networking solution that provides complete security starting at the endpoints and working throughout a network – from the edge to the core. AEP’s integrated portfolio of security products includes identity-based network and resource access control, SSL VPNs, high assurance IPSec-based VPN encryptors, and hardware security modules for key management. Our products address the most demanding security requirements of public-sector organizations and commercial enterprises internationally. The company is headquartered in Somerset, New Jersey, with offices worldwide.
AEP Networks, the AEP Networks logo, IDpoint and PacketTag are trademarks of AEP Networks, Inc., with registration pending in the United States. All other trademarks or registered trademarks contained herein are the property of their respective owners.
Vice President, Marketing
UK PR contact
Tel: 07814 727211
This press release was distributed by ResponseSource Press Release Wire on behalf of Fiona Keys in the following categories: Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.