Enterprise Security Today; Automated Quarantine Engine - Alcatel Automated Quarantine Engine Specifications

Typical virus containment solution
Alcatel's trusted network intrusion prevention
through network response.
> 4 A L C AT E L

Enterprise security today

Most enterprise networks constantly struggle with new security threats from
outside as well as within. All it takes is one contaminated device with a
virus or worm to infect the network within minutes and take
it down for hours or days, tying up IT resources and
frustrating users.
For example, the IT staff works on identifying the signature
and locates the user manually with available tools. Once
identified, the user is denied network access, doesn't
understand why so he moves to another port, continuing to
spread the virus. Again, the IT staff tries to contain the virus
and manually loads patches to infected computers, playing
a never-ending game of catch-up. Add to this mix wireless
users and your staff stays busy putting out infections and trying to prevent
unauthorized access instead of focusing on projects that are more productive.

Automated Quarantine Engine

To address these security issues, Alcatel offers the Automated Quarantine
Engine (AQE). AQE is a combination of hardware and software, which
provides an automated mechanism that denies access to an endpoint that is
not secure to the network infrastructure, including wireless devices. The AQE is
designed to actively poll the network and quarantine network devices that
have violated any security policy as detected by an intrusion detection /
prevention system (IDS/IPS). These policies can be any or a combination
of the following:
• Virus related signatures (traffic patterns)
• Blocked web sites
• Hacker attempts (traffic indicating an attempt to launch
an attack)
• Violation of any policies that have been set up in the IDS
AQE is designed to push the front-line of security out to the
edge of the network to find insecure network devices before
they can negatively affect the network and isolate the
infected machines at the point of entry, the edge port.
For example, the following diagram shows an infected
station attacking a sever (e.g., port scan). IDP identifies the
attack and source of attack. IDP then notifies OmniVista of
the type of attack, and the source of the attack. The user is
moved into a quarantine VLAN or denied network access.