‘Every business or organization needs to safeguard access to its information network, and its contents’ – Insightix’s Ofir Arkin.Network Access Control (NAC), the holy grail of network security, has become a hot topic. Laptops – easily plugged in at home, at the airport, in a hotel – are a boon for business. The downside of increased mobility and the fanning out of the workplace, however, is that it increases the vulnerability of an organization’s network to unauthorized access. The result: viruses, worms, and malicious attacks.
The market for NAC is expected to soar to $3.9 billion by 2008. But in an industry led by NAC firms such as Cisco, Juniper, and Symantec, a nimble Israeli company, Insightix, has leapfrogged over some major contenders to earn the Frost & Sullivan World Network Access Control (NAC) Best Value Award, for a security product it launched just six months ago.
Insightix NAC provides a complete inventory of all computer devices connected to a network. Because of its on-going monitoring feature, the product detects changes in inventory as they occur. Quality and cost were reasons cited by Frost & Sullivan, a highly regarded analysis firm that provides global consulting and research services, in its choice of Insightix NAC.
“Insightix delivers technologically solid solutions at an attractive price. (It) allows organizations to implement a fully operational NAC solution with their existing network gear (and) simplifies a great deal of the implementation challenges,” reported Frost & Sullivan research analyst Robert Ayoub.
Ofir Arkin, the CTO and co-founder of Insightix, says that NAC is an essential first step in protecting computer networks.
“The laptop of a sales manager reconnecting to the network after a business trip or the unknown laptop of an outside consultant connecting to the network exposes a company or any organization to serious vulnerabilities if unchecked,” he told ISRAEL21c. “Every business or organization needs to safeguard access to its information network, and its contents.”
Insightix’s founder is an internationally recognized expert on NAC, and is a frequent speaker at security conferences. A respected maverick, Arkin stirred up the industry at a conference in August, where he challenged existing assumptions about NAC as defined by some of the large vendors, and showed that present solutions are by-passable, and do not provide 100% coverage.
Arkin will be speaking on the topic again at the OSSIR in Paris in February, at Infosec World Conference & Expo 2007, in Orlando, Florida in March, and at the SchmooCon in Washington, DC also in March.
Before co-founding Insightix, Arkin was a consultant on security matters to numerous multinational companies in the financial, telecom, and pharmaceutical markets. He was recently elected to the board of directors of the Voice over IP Security Alliance (VoIPSA).
“I became interested in computers at the age of 12.” Arkin said. “While some kids would rip up a car to find out how it works, I wanted to know how a computer works.” Arkin says that he still likes to play with the technology and to figure out ways to innovate the products.
While studying computer science at the University of Haifa, he began working for a software company that specialized in security, and was on a team that consulted on security for a major bank in Switzerland.
Later, working for a consulting firm in England, Arkin recognized the need for a comprehensive system to track every device on a network – desktop computers, routers, switches, servers.
“Knowing what is on your network is the essential starting point for any IT (Information Technology) security initiative,” he says. “Many organizations work in the dark.”
Arkin and Lior Tal, an entrepreneur in IT security, co-founded Insightix in 2004. The company’s investors include Nasdaq-traded Quest Software, several technology veterans, and Blumberg Capital. Its advisory board includes industry leaders from IBM, Computer Associates, Citrix, Check Point, RSA, Comverse, ECI Telecom and AudioCodes. Insightix Discovery was launched at the beginning of 2006, based on Arkin’s 10 years in security research.
According to Tony Marquez, the manager of technical services at the Children’s Specialized Hospital in Mountainside, NJ., with branches, clinics and labs in six other cities, the installation of Insightix NAC has made a big difference to the hospital’s ability to keep track of its complicated computer system.
“Unknown laps and wireless access points, especially in our remote locations, are no longer beyond our visibility and control,” Marquez told ISRAEL21c.
“Many companies still go from room to room to count devices,” said Tony Miller, Insightix’s marketing director. “It is easy to miss a device. Missing just one device exposes a company to vulnerabilities.”
Insightix uses an intelligent combination of active and passive discovery techniques to achieve a complete inventory of all computer devices connected to the network.
“Discovery systems that use only active methods that scan periodically can miss a device that is not plugged in at the time of the scan,” Miller explained. “Another problem with active scans is they are based on sending out packets which slow down performance of the network and are often dropped by any firewalled-protected device. The unique system Ofir developed overcomes these problems. It identifies every device connected to a network in real-time.”
“We needed a product that showed real-time traffic analysis. Insightix automatically goes out and discovers your entire network,” said Erik Tebelak, director of information technology for MobiTV, the first mobile TV and digital radio provider, with over a million subscribers. “Plus, it is inexpensive compared to other systems.”
“Once we had a good Discovery System to identify all devices on a network, our customers urged us to develop a NAC solution to control network access,” said Arkin. “It was a natural evolution.”
Insightix’s NAC ensures that only authorized and compliant devices are allowed to operate on the network. The company’s unique Quarantine Silo technology is the first line of defense against rogue devices that try to connect to the network. Each device is put in isolated quarantine, shielded from other devices in quarantine that might infect it, while it goes through compliance checks, such as making sure anti-virus software is installed and running. A computer cannot interact with another device in quarantine or access any part of the network while it is in isolation. Competitive products do not have isolated quarantine.
“Insightix NAC performs continuous network monitoring to make certain that the endpoint stays compliant throughout its operation,” said the Frost & Sullivan citation.
Summing up the advantages of the system, Miller says: “The customer does not have to buy expensive new hardware or software; it requires no software agents, and it can be installed in a matter of hours. We are changing the assumption in the market that for a good NAC solution, you need a ‘rip and replace’ approach.”
Insightix’s line up of satisfied customers already includes banks, insurance companies, and health care organizations in the US, Europe, and Asia. “We are getting very good feedback,” said Miller.
“A customer in Singapore was amazed that the system was installed in two to three hours,” said Miller. “They joked that they were able to install and evaluate the system before other vendors were able to send them proposals.”