Cisco To Beef Up Security Framework
The two-year-old framework, dubbed Network Admission Control (NAC), is Cisco's overarching plan for combining technologies and strategy to develop networks that can deploy security tactics automatically, by blocking or restricting devices that aren't compliant with network security policies. Previously, Cisco's NAC offerings included router software and standalone network appliances which communicated with PC "agent" software to determine whether client devices had the correct configurations and clearance.
By adding NAC support to Catalyst switches, Cisco customers can extend the framework's granularity down to the LAN level, said Cisco's Joe Sirrianni, a senior solutions manager for NAC. With NAC capability integrated into the switch's operating system, Sirriani said, administrators can make decisions (such as to isolate network elements that may have been infected by a worm or a virus) at the port level.
"There's a flexibility there now to do whatever fits [the situation] best," Sirriani said. The NAC framework will be available for Cisco's Catalyst 6500, 4900, 4500, 3700, 3500 and 2900 series of switches, and is scheduled to ship by the end of November as an operating-system software upgrade. Customers with appropriate switch support contracts, Cisco said, will get the NAC upgrade free.
Cisco is also scheduled to announce immediate availability of NAC framework support for its wireless routers, including its Aironet access points, also as a software upgrade free to customers with existing support contracts. Cisco also announced a new version of its standalone NAC appliance that supports single sign-ons for NAC and VPN access, as well as a new partner program to extend NAC support to client devices (such as IP phones or PDAs) that might not have the memory or processing capability to house Cisco's Trust Agent client software.
The company also said that the second version of the Trust Agent software will also be available by the end of November. According to Cisco, the client software allows NAC systems to determine if security or management software such as Cisco's Security Agent software, or other required third-party antivirus software is correctly installed and up to date.
While Cisco's vision for NAC is one that eventually blends partnerships and standards to provide an open platform for heterogeneous, interoperable network security, currently NAC consists chiefly of Cisco technologies that work best in Cisco-only network infrastructures, and interoperability guarantees with leading client-side security-software vendors Trend Micro, Symantec and McAfee.
While Cisco's Sirrianni said the company plans to submit NAC protocols to standards bodies, he also agreed that the market will likely play a big role in determining whether customers follow Cisco's vision or competing strategies from other networking vendors like Juniper Networks, or security software vendors like Check Point, or even software king Microsoft, whose Network Access Protection plan hews a similar line to Cisco's NAC.
Enterprise customers, Sirrianni said, are likely to prefer a vendor who can offer the widest range of security interoperability.
"We&re working very closely with Microsoft, and we're still going to submit all our [NAC] protocols to standards bodies by the end of 2006," Sirrianni said. "We're committed to that process."