Aventail Expands SSL VPN Tools by Adding Endpoint Technology

Software controls remote access to systems from high-risk devices

Aventail Corp. last week announced that it has added endpoint control technology to its virtual private network (VPN) appliances in an effort to increase the security of remote connections to corporate systems from devices such as airport kiosks and handheld computers.

Seattle-based Aventail said the software can be downloaded for free and installed on its rack-mountable EX-1500 hardware, which supports the SSL data encryption protocol. The new technology will also be built into remote access policy-enforcement tools sold by seven other vendors, according to Aventail officials.

The endpoint capabilities are designed to let network managers control access to corporate systems based on the computing devices being employed by end users and the security risks that they pose, said Jude O'Reilley, a senior product manager at Aventail.

The technology should give IT staffers at the U.S. operations of Paris-based banking and financial services firm BNP Paribas more control over remote access policies and security, while letting end users take advantage of the convenience of SSL VPN technology, said Bruce Lee, CIO at the U.S. unit in New York.

Emergency Access

The corporate and investment banking divisions at BNP Paribas Americas already use Aventail-based SSL VPNs to provide remote access in the event of an emergency, like "if we suddenly need 600 people to work from home or a temporary location," Lee said. The endpoint control software could enable the bank to support everyday use of the VPNs, he added.

Zeus Kerravala, an analyst at The Yankee Group in Boston, said the new feature is the first of its kind and will let companies that use SSL VPNs directly integrate security mechanisms into their remote access setups. SSL VPNs can provide access to corporate data from virtually anywhere, "but there's a problem in that the IT department doesn't have control of that PC, even if you are an authorized user," Kerravala said.

He added that he expects endpoint control tools to be developed by other vendors as use of SSL VPNs grows.

VPNs are one of the few growth areas in IT, according to Steven Harris, an analyst at Framingham, Mass.-based IDC. SSL VPNs and rival products based on the more established IPsec security protocol will both remain popular, Harris predicted. He said that clientless SSL technology will be the preferred method of connecting end users who need only limited functionality, such as e-mail access, while IPsec will support workers who need a full range of access capabilities.

Paul Lowenwirth, vice president of telecommunications at Viewpointe Archive Services LLC in Houston, said his company is looking into using SSL VPN technology to help secure access to databases that contain a total of 29 billion check images.

Viewpointe currently spends about $10 million annually on IPsec VPN services from Sprint Corp. and WorldCom Inc., which does business as MCI, Lowenwirth said.

The VPNs are used to protect the transmission of 70 million check images nightly, as well as the retrieval of individual images for end users, But Lowenwirth said that SSL technology could be useful at a wider range of user endpoints than IPsec is.


Combined U.S. Market for IPsec and SSL VPNs

2002 $2.05B 5.8M
2003 $2.16B* 6.37M*


Source: IDC, Framingham, Mass.


Copyright © 2003 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon