The best way for me to describe Rohati is that it is layer 7 ACLs to control access to applications. Where we already have security at the perimeter and at the edge, Rohati is about controlling access at the server/application. The diagram on the left (click on it to get a bigger version), is a good illustration of how Rohati works. By integrating with LDAPs Rohati can assign you an access policy to any application. Based upon that Rohati gives a very fine grain level of access control at the application layer. It acts as a proxy to the app server for both regular and encrypted traffic. Because the ACLs are on the Rohati box itself, there really is not any integration with switches per say and so no integration worries.
The only problem is that the Rohati box has to be able to handle the traffic flow. Hence the box is a big honker. The cheap one is about 20k list I believe and the industrial size version is 80k. This product is aimed squarely at the data center space and is sold through channels.
Will Rohati succeed. Yes, I think it will. I think they have taken a unique approach to a security issue that will continue to grow in years to come. Application access is an area that I think is still up and coming. In a period of nothing is ever new in security, the Rohati team seems to have found something that has not been done before in a packaged dedicated way like this. If nothing else, with all of the ex-Cisco folks there, Cisco will eat its young and buy the technology back in.
The only problem is that the Rohati box has to be able to handle the traffic flow. Hence the box is a big honker. The cheap one is about 20k list I believe and the industrial size version is 80k. This product is aimed squarely at the data center space and is sold through channels.
Will Rohati succeed. Yes, I think it will. I think they have taken a unique approach to a security issue that will continue to grow in years to come. Application access is an area that I think is still up and coming. In a period of nothing is ever new in security, the Rohati team seems to have found something that has not been done before in a packaged dedicated way like this. If nothing else, with all of the ex-Cisco folks there, Cisco will eat its young and buy the technology back in.
No comments:
Post a Comment