Enterprise network threats are escalating in both speed and magnitude, and IT staff, no matter how able they may be, cannot respond quickly enough to today’s attacks. In response, Cisco Systems Inc. has developed a new program that the company says will protect computer networks from attacks better than point solutions like intrusion detection systems and firewalls.
John Chambers, president and CEO of Cisco, last month outlined the Cisco Network Admissions Control (NAC) program, whose aim is to prevent the mass destruction of threats like the recent Blaster worm and Slammer virus by scanning devices when they attempt to connect to a corporate network.
Developed in conjunction with antivirus vendors Network Associates Inc., Symantec Corp. and Trend Micro Inc., Cisco said the initiative will tackle the risks posed by mobile and remote workers in enterprise environments who connect to corporate networks.
According to Charles Giancarlo, senior vice-president and general manager, switching, voice and storage with San Jose-based Cisco, remote users can become inflected through home or hotel connections or even through CDs and DVDs.
“When a user is outside the corporate network, the usual IT safeguards are no longer in place,” he said during a Web conference last month. “In coming together to solve the critical problem that faces security today, we are uniting behind the power of the network to defend IT infrastructures against attacks.”
The NAC essentially detects non-compliant devices – those that may harbour viruses – and denies network access or quarantines the device until the network administrator can correct the problem.
Giancarlo explained that the NAC’s underlying technology-Trust Agent – gets installed on laptops, home PCs and mobile devices that connect to corporate networks. Trust Agent determines certain levels of security, such as whether a device has been recently patched or has the latest virus-recognition files.
“The explosion of wireless, mobile devices and pagers has made the corporation much more vulnerable to attack,” said George Samenuk, CEO of Network Associates.
The program is part of Cisco’s Self Defending Network strategy, whereby the company has outlined several key needs to keep networks healthy and running.
“We need automated and proactive solutions that can defend against threats like viruses immediately when they occur,” Chambers said. “We need to move from standalone security devices to integrated security services in the network infrastructure. Lastly, we need to move from individual security products or services that operate independently to (offerings) that operate together as part of a cohesive security system.”
Network Associates, Symantec and Trend Micro have licensed the Trust Agent software from Cisco and will be integrating it into their own software clients, Cisco said.
For investment firms like Morgan Stanley Individual Investor Group in New York City, keeping assets and strategic information safe is a critical task. According to Lance Braunstein, chief information security officer with the global financial services firm, the flood of new devices into the corporate environment has put this data at a significant risk. Braunstein said that Cisco’s strategy and collaboration with the antivirus software makers will essentially enable Morgan Stanley to apply consistent security policies to machines that access the company’s network.
The program marks a shift in tactics for addressing the threats posed by worms and viruses, according to Chris Christiansen, an analyst at IDC.
Previously, many security companies treated user desktop and laptop computers mainly as the target of malicious code. The Cisco Network Admission Control program, incorporating the lessons of Blaster and other recent attacks, treats them as transmission points for attacks on the network infrastructure, he said.
“There’s a recognition that the network is the true destination of the attack and that routers and switches need to have the ability to protect the network,” Christiansen said.
While the new program initially involves only major antivirus and security vendors, Cisco will, in the future, release an API (application program interface) that allows other companies to integrate the new Cisco technology with their products, Christiansen said.
Cisco expects the first NAC roll out by mid next year, but said it plans to roll out the program in-house first.
– With files from IDG News Service