NAC module lowers barrier to entry, Cisco says

Cisco Systems Inc.’s announcement of a network admission control module for its popular Integrated Services Router will allow companies to “stick a toe” into NAC technology at a lower price point, one analyst says.

Cisco launched the NAC Network Module Monday. In a pre-briefing before the launch, Cisco NAC product manager Brendan O’Connell said one of the keys of the ISR line is the ability to plug modular services directly into the backplane of the router and turn them on inside the network hardware.

“Whether it’s security applications like NAC now, or IDS and IPS, or voice applications, the ISR is a fantastic platform for customers who are looking at designs with a lot of these services enabled,” because they are included in a single footprint, O’Connell said.

“That drives down their operational expenditures and their design considerations. When you only have one box out there to deal with, it’s a lot less complex for them to manage.”

That opens up a lot of design options for customers with multiple locations and branches, he said.

Since the ISR was introduced three years ago, Cisco has been trying to bring more components into the platform to provide a full branch solution for the customer, said Inbar Lasser-Raab, director of marketing for Cisco’s Advanced Routing Technology Group.

“From an architecture point of view, we have a lot of ways to add additional modules and additional capabilities,” both hardware and software, Lasser-Raab said, as well as hardware acceleration modules for the performance boost needed to handle the increased number of in-box services.

By adding the NAC module to the line, “we’re really lowering the barrier to entry for our customers, allowing them to start with a NAC solution even at smaller branches that are more remote, where they don’t have IT staff. They just plug that module in and they’re part of the overall NAC solution,” she said.

Phil Hochmuth, senior analyst with Yankee Group, agreed the modular format is a good starting point for companies looking into NAC.

“Integration with the router is a bit of a no-brainer” for Cisco customers, Hochmuth said. It allows customers to get started with NAC at a lower price point than with a standalone appliance.

A company can “stick a toe in the environment,” he said, trialing the NAC technology at branch offices and moving it into head office if it works out. “It’s a similar approach they took to voice over IP a few years ago,” he said.

The module is identical in functionality to Cisco’s NAC appliance, Lasser-Raab said. “We package it as the module with a 50-user licence or the module with a 100-user licence, so it’s really the lowest entry point to the NAC solution that Cisco offers today,” she said. The appliances start at 100 users licences, with 250-, 500-, 1,500- and 3,500-user licence options.

Cisco also announced the NAC Profiler, an appliance which automatically identifies and monitors network end points, particularly those not associated with a user — printers, access points, etc.

“Historically, NAC has been focused on PC-type endpoints,” O’Connell said. For non-PC endpoints, it’s largely been an exception system — simply accepting them an allowing them access to the network. The profiler, rather than just allowing access to the network, gathers more information about the device and its behaviour.

In an enterprise environment that isn’t running voice over IP, half the network end points aren’t PCs; in a VoIP environment, it’s two-thirds, O’Connell said. “They’re printers, they’re projectors, the badge readers on phones, all sorts of other IP-enabled, but not PC, endpoints…The NAC problem is a lot bigger than just operating system-based machines.”

The profiler is designed to automate the manpower-intensive process of identifying machines by MAC address and creating exceptions. It also monitors behaviour, rather than just excepting the device. If a device identified as a printer, for example, is accessing a print server, that’s normal behaviour. If it tries to access a Web page, that isn’t.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Dave Webb
Dave Webb
Dave Webb is a freelance editor and writer. A veteran journalist of more than 20 years' experience (15 of them in technology), he has held senior editorial positions with a number of technology publications. He was honoured with an Andersen Consulting Award for Excellence in Business Journalism in 2000, and several Canadian Online Publishing Awards as part of the ComputerWorld Canada team.

Featured Articles

Stemming the tide of cybercrime

By: Derek Manky Technology continues to play a significant role in accelerating...

Power through a work-from-anywhere lifestyle with the LG gram

“The right tool for the right job” is an old adage...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now