Security for the enterprise comes in all shapes and sizes. Its moving parts are coordinated by a mechanism known as network access control, facilitating dialogue between network-based security devices and client anti-virus software.
Appliances from Cisco, Juniper and Nortel communicate with McAfee, Symantec and CA, for example, to check whether distributed desktops, laptops and mobile devices that connect to the network are compliant with corporate security regulations.
Nortel Networks Corp. last month announced a switch aimed at extending its Secure Network Access from remote virtual private network connections to the LAN. The Secure Network Access Switch targets the endpoint as an added layer that brings client security in line with existing network protection policies.
Nortel’s new switch is both a credible and more heterogeneous alternative to Cisco’s Network Admission Control, according to Robert Whiteley, an analyst with Forrester Research Inc.
“Nortel provides all the same parts that Cisco can,” he says. “And Nortel tends to be more standards-based in its approaches, so when you plan to tie in multiple vendors, Nortel makes a friendlier foundation.”
The Toronto-based company is partnering with Juniper, Symantec, McAfee, IBM and Check Point to push interoperability standards with Trusted Network Connect, a task force of more than 70 vendors, including Microsoft, but not Cisco, within Trusted Computing Group.
The latest boxes are brimming with intelligence that’s engineered to keep security self-sufficient and simple. But managing the many layers between the network and its applications can be unwieldy, complex and costly.
While endpoint security may be technically feasible, Whiteley says it’s not economically viable. Vendors must scale the walls of interoperability for the technology to become cost-effective.
“We’re talking about integrating several back-end technologies to make endpoint security work,” says Whiteley. “The operational costs quickly escalate to the point where it’s not economically feasible.”
While endpoint security ties network protection and client security together, the appliance must also tap into the back-end to collect user information in Microsoft Active Directory, says Whiteley, as well as configuration or patch management software from vendors such as Altiris, Shavlik, PatchLink and BigFix.
“For this stuff to work together in multi-vendor environments, we need to get aggressive, we need to get behind [Trusted Network Connect standards], and we need to get visible,” says Peter Cellarius, Nortel’s head of enterprise security, wireless and routing.
Independently, Cisco and Nortel are also working to integrate their products with Microsoft’s Network Access Protection (NAP), server-based endpoint security software that will ship with Vista next year.
Cellarius says Nortel’s Network-Assured NAP hopes to integrate NAP inspection into the endpoint compliance methods of the Secure Network Access Switch. Similarly, if NAP discovers the Nortel switch, it can use Nortel’s port-based mechanism to enforce access rules.
Philadelphia-based law firm Duane Morris LLP has an array of security products that watches over its distributed information systems. CIO John Sroka supports 1,500 users across 20 offices, including 625 lawyers who often work on the fly. He admits it’s a complex environment to manage.
The company — which makes use of both a systems integrator and a managed security services provider — operates off a Nortel-based infrastructure, with McAfee virus scanning on the network, intrusion detection systems from Cisco (data) and Nortel (voice), and dual firewalls from Check Point. A man