On the eve of this week’s RSA conference in San Francisco, Russell Rice, director of marketing for Cisco’s security group sat down with Michael Martin, Network World Canada’s associate editor, to discuss Cisco’s network security vision. He spoke of Cisco’s initiatives in security information management, its relationship with Microsoft and its focus on Network Admission Control or NAC.
NW: Is there one element in the security landscape Cisco is focusing on more than others right now?
Rice: One thing we’ve been trying to tell the market is that integrating security into the infrastructure is critical. Our go-to-market message is “self-defending network”. It’s the focus today, but it’s also a big move for us in how we improve the ability for environment to recognize, adapt and respond to threats. RSA is next week (this week) and we’ll have a number of product announcements at the show. One of the first ones we’ve talked about is Network Admission Control (NAC) – how do I make sure everything that connects to my network conforms to my policy and then determine what kind of acccess it has. Russell Rice>Text
One path is smarter, faster, better in terms of the technology we’re familiar with, whether it be firewall, intrusion detection, or things like that.
I think an area we’re involved with that’s drawing a lot of attention internally is the system view of how we build security systems. My boss likes to call it linkages. But how we start linking technology pieces together to solve a different class of problems. One of the first ones we’ve talked about is Network Admission Control (NAC) – how do I make sure everything that connects to my network conforms to my policy and then determine what kind of acccess it has.
Another big area that was embodied by a recent acquisition of a company called Protego is the security information management space. Most of the products in that area focus on the data collection from various devices and give an operational of what it is. They’ve traditionally been used as forensic tools. One of the areas there hasn’t been a good answer for is operational incident response on a systematic basis. If you’re having an attack now, how do you identify where your infection points are rapidly and then put widespread countermeasures in your environment to dampen the effects they’re going to have. Most organizations do that pretty manually these days.
NW: Have you done much in your security relationship with Microsoft to this point?
Rice: When we first announced NAC, we were in (discussions) with Microsoft. They then announced their Network Access Protection (NAP) initiative. We have ongoing conversations. Those are at a fundamental architectural level right now…(they are) about how we can combine and integrate architectures.
No single vendor has all of the pieces. If we can develop a converged architectural approach right now, there’s a lot of wins (we) can get out of that.
NW: Who would be responsible for the management of this? Is there be some unified management interface you would need to handle this?
Rice: I think how this gets managed right now is different organziations have different elements they bring to the table. There’s the provisioning side, how do you provision end stations, the network, the policy system. There’s a lot of pieces there. I’m not yet sure what the area of provisioning will look at at this time. That’s another area of discussion. Clearly as you move downmarket it becomes necessary to make that straightforward and easy. There’s no tool on the market that can go configure, an antivirus product, make sure it’s up to date and also configure a switch.
NW: Do you think that will exist at some point?
Rice: I don’t know. It’s a tough problem to solve. I think the thing to realize is that in organizations there are different people responsible for different parts of this equation. And so one of the operational challenges organizations have with this is your anti-virus guys can impact LAN access and those two teams aren’t necessarily used to talking together. So how do they start working together in ways they weren’t? I think those traditional boundaries are going to continue to make sense for enterprise organizations. But moving down the food chain it becomes more necessary to have more baggage trunking solutions. We purchased a company called Perfigo about four months ago and they provide and admission control answer that was doing well in the educational market. So that was oriented as an all-in-one provisioning tool that will let you do your work.
NW: Will NAC work with other network vendors’ gear?
Rice: We came out with our first NAC release in June of last year, which was router-based. We’re working on the switch stuff for this summer. But we’ve stating consistently as we build it that we’ll standardize everything. We’ve already interacted with the International Engineering Task Force to say how can we standardize one of the protocols we have here, because we think we’re done. But we fully expect to go standards-based and allow anyone to do what we’re doing in terms of interplay with any components and that includes switch vendors. Philosophically though, we’re playing a bit of a strongarm in that the priority we’ve been receiving from our customer base is they think our first repsonsibility is to build it and make it work, because they’re using our gear and they need solutions yesterday. They want it standardized, but they want it out and working more.