Cisco updates endpoint security technology

18.10.2005
Von 
Jaikumar Vijayan schreibt unter anderem für unsere US-Schwesterpublikation CSO Online.

Cisco Systems Inc. Tuesday announced an enhanced version of its Network Admission Control (NAC) technology designed to help protect corporate networks against threats from insecure endpoint devices such as PCs and notebook computers.

With the move, Cisco has extended NAC support to its range of Catalyst switches and introduced new features allowing companies to enforce security polices on users" devices. Cisco also added new partners to its NAC program and upgraded its line of NAC hardware appliances.

With Version 2.0 of NAC, Cisco has reached a couple of key milestones, said Bob Gleichauf, chief technology officer in Cisco"s Security Technology Group.

"With this, we are selling NAC on switches, routers and on just about every product we sell," Gleichauf said, adding that Cisco now has over 60 vendors participating in the NAC initiative. That"s up from the three partners it had when it first announced the initiative about 18 months ago, he said.

Under its NAC initiative, Cisco is developing a range of tools that let companies permit, deny, quarantine or restrict admission to networks based on an end user"s security status. The capability is seen as key at a time when companies face a growing risk from infected PCs, laptops and other client devices, especially from hardware belonging to contractors or business partners.

Cisco"s NAC technology comprises multiple components, including a Cisco trust agent that sits on endpoint systems and collects information on client security, such as the status of antivirus signatures and patch levels; network access devices that enforce admission control based on the information provided by the trust agent; and a policy server that instructs network access devices on the appropriate policies to be applied.

Cisco said it is teaming up with new partners such as Altiris and Qualys Inc. to provide a scanning service companies can use to audit agent-less PCs and laptops for security compliance. The audit results can then be communicated back to a Cisco NAC server for appropriate enforcement action.

The fact that Cisco has finally extended NAC support to its line of switches means that users are likely to be more interested in the technology than they were when it was only available on Cisco routers, said Joel Conover, an analyst at Current Analysis Inc. in Sterling, Va.

"The closer to the PC or the endpoint that you can provide enforcement, the less chance [there is] that some malicious software that is on one PC can spread to other PCs," he said.

Even so, the fact that the NAC technology is supported only on Cisco"s equipment could be of some concern to users, he said. "Enterprises don"t want to be locked into something that is considered proprietary," he said, noting that companies that deploy NAC are likely to be locked into Cisco"s architecture. "If you don"t like it, you are going to be in trouble."

Larger organizations and those running older Cisco hardware are also likely to need expensive upgrades of their routers and switches to be able to use NAC, he said.

Cisco is not the only vendor touting endpoint security technologies. Its biggest rival is Microsoft Corp., which is working on a Network Access Protection technology under which it is embedding endpoint security enforcement capabilities into its operating systems.

In addition, several other companies offer network access control tools with similar capabilities, including InfoExpress Inc.; Sygate Technologies Inc., which is now owned by Symantec; and Zone Labs Inc., which is now owned by Check Point Software Technologies Ltd.