Analysis: Security strategies put Microsoft, Cisco at odds

Microsoft is pushing ahead with its own network security strategy without the cooperation of Cisco Systems. Experts say that could cause discord among vendors and sizable interoperability problems for enterprises.

Microsoft's new plan to launch a network security product could help enterprises by spurring more market competition,

but experts say Microsoft risks doing more harm than good if its strategy develops into yet another proprietary approach to network security.

Microsoft's planned Network Access Protection (NAP) technology, announced yesterday, checks the health of devices logging onto the network, and will be part of the Windows Server 2003 R2 release scheduled for 2005.

With NAP, network administrators will be able to set policies that define the basic requirements that must be met before a user can access the network. If that user does not have up-to-date antivirus or firewall software, for example, then the user can be quarantined or restricted automatically.

"Our customers wanted to have the ability to inspect clients for policy before they come back on the network," said Steve Anderson, Microsoft's director of marketing for Window's Server division.

We are in deep discussions with Cisco. We are just not in a place where we could announce [a partnership].
Steve Anderson
Microsoft
Microsoft's approach is hardly novel. Many networking vendors are developing or offering similar features. Cisco Systems Inc. is implementing its Network Admission Control (NAC) program and Enterasys Networks Inc. recently announced its Trusted End-System. Both are designed to quarantine problematic end-user devices.

Along with the strategic announcement, Microsoft said it is partnering with many of the major second-tier networking vendors on NAP, including Juniper Networks Inc., Extreme Networks Inc. and Enterasys.

For Juniper, working with Microsoft provided an obvious benefit.

"We are now interoperable with the company that owns the desktop and the back-end infrastructure, and we can provide a safe end-to-end connection from the client to the network to the server," said Rod Mercheson, senior director of product management for the security product group at Juniper.

However, one conspicuous name missing from Microsoft's partner list is that of market leader Cisco.

"This is a direct challenge to what Cisco is doing" with its NAC strategy, said Dave Passmore, research director at Burton Group, a Midvale, Utah-based research firm.

Nonetheless, Passmore said, when it comes to network security, Cisco holds a huge advantage over Microsoft and the software giant's cadre of vendors, thanks to its vast installed base. Cisco currently claims as much as 80% of the installed based of enterprise networking gear, depending on the market. Passmore said Microsoft, in essence, is validating Cisco's approach by following in its footsteps with a similar strategy.

But when it comes to interoperability, the two vendors have yet to see eye to eye. Cisco's NAC technology is specific to its own networking gear and is not meant to operate on third-party products. Microsoft's NAP will work with all of its partners' gear, but not with Cisco's. However, Microsoft is optimistic that the two dominant vendors can find common ground.

"We are in deep discussions with Cisco," said Anderson. "We are just not in a place where we could announce [a partnership] with them today," he said.

Representatives for Cisco did not return calls requesting comment.

So, without a common framework to unite the two vendors' approaches, enterprises are left to choose between a pair of proprietary approaches.

For more information

Learn more about Microsoft's potential perimeter collision with Cisco.

 

Read our exclusive: Cisco's self-defending networks progress, slowly.

Complicating the matter further is that neither technology is closely aligned with an industry standard, said Christian Byrnes, senior vice president for security with Stamford, Conn.-based research firm Meta Group. While Microsoft's approach incorporates standards-based technology, including some 802.1x approaches to authentication, NAP itself is not a standard.

Byrnes recommended that businesses not make any strategic investments in either approach, but use one technology or the other to get them through for the time being.

In the meantime, they should be applying pressure to both companies.

"Businesses should be virtually forcing Cisco and Microsoft to cooperate," Byrnes said.

Standards for secure network access are likely to develop in the next two to three years, Byrnes said. In the meantime, he said businesses should base their decision about which technology to use based on how compatible Cisco's and Microsoft's offerings are with the rest of their infrastructure.

Dig deeper on Network Security Best Practices and Products

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close