Aventail says it has released the industry’s first IPSEC replacement VPN with the latest releases in its Smart SSL product line.
Version 8.5 of the company’s Smart SSL VPN product relies on what Aventail refers to as “Smart Tunneling,” which provides a network layer tunnel that provides control of the host layers (define) on remote clients.
The company says Smart Tunneling trumps IPSEC VPNs by offering complete application-layer control, and provides better overall security than existing SSL VPNs from its competitors, which aren’t able to provide bi-directional tunnels, or which offer less integrated policy management tools.
According to Randy Boroughs Sr. Director of Product Management at Aventail, his company’s latest offering will allow customers that have maintained both IPSEC and SSL VPNs to discard their IPSEC solutions.
“A lot of them have maintained IPSEC VPNs for a small number of users,” he said, noting that applications like VoIP and streaming media have propped up demand for IPSEC solutions while SSL VPNs thrived primarily among Web application users. At the same time, he noted, IPSEC users “are not happy with […] the security posture they get with IPSEC VPNs,” which can expose corporate networks to risk from compromised clients.
Aventail’s product provides a pair of access styles for client systems.
For managed clients, such as enterprise-issued laptops with anti-virus software and an approved application manifest, access to an Aventail VPN is handled in a somewhat transparent manner, offering what Boroughs referred to as a “virtual in-office experience.”
VPN access is also made available through the Web-based “WorkPlace portal,” which allows access to Web applications for unmanaged systems such as PDAs, home computers and Internet kiosks. According to Sarah Daniels, Aventail’s VP of Marketing and Product Management, the WorkPlace interface is also able to provide brand-specific portals, presenting a variety of different looks for clients.
In either case, Aventail’s offering also provides what the company refers to as “Adaptive Access.” When a client establishes a connection, the product “[sends] a little agent down to analyze the local nework,” said Boroughs.
The agent assesses routing, proxy settings, and gateway information on the client’s network, then automatically insures that the client is properly configured to retain its VPN connection. According to Aventail, mobile devices have presented a challenge for VPN vendors, accounting for some of the failures in 20 to 30 percent of VPN connections.
The same agent sets up a so-called sandbox on client systems, then cleans up trace information from the VPN session once the connection is closed, making sure that lingering tell-tales in the form of cached pages, files, or cookies are removed from the client.
In addition to handling connection details the Aventail product assesses clients for security posture, and offers a flexible set of policies, so machines that lie somewhere between managed enterprise systems and public terminals at, for instance, Internet cafés can be assigned a level of trust reflective of the existence of up-to-date antivirus software or adequate firewalls.
Pricing starts at $6,995 for the Aventail EX-750, a clientless SSL VPN appliance tailored to small to mid-sized enterprises; and at $9,995 for the Aventail EX-1500 appliance, an enterprise-class solution with high availability and load balancing support. In addition, the company plans to announce pricing incentives for customers currently using IPSEC solution. Aventail says the products will be available next week.