Cisco, IBM team up on end-point security

By Jim Rendon, News Writer 14 Oct 2004 | SearchNetworking.com

Digg This!     StumbleUpon     Del.icio.us

Today Cisco Systems Inc. and IBM announced a partnership to foster increased end-point security for customers who use both Cisco's networking equipment and IBM's Tivoli software.

The companies have integrated IBM's Tivoli network and systems management software with Cisco's Network Admission Control (NAC) technologies to help enterprises set and enforce criteria for users and devices logging onto the network.

When a device attempts to log on, IBM's Tivoli Security Compliance Manager client program will scan it to ensure that it is using the required patches, antivirus updates and other software. If it is, the user will be allowed access to the network. Otherwise, the device will be quarantined on a vLAN and the IBM Tivoli Provisioning Manager will prompt the user to download the required software.

The announcement stems from a change in how employees use networked devices. Today workers often take their PCs or mobile devices off site and log on to other networks, which can cause a security risk when they return to their home networks.

"End points are not the destination for attacks," said Chris Christiansen, an analyst with Framingham, Mass.-based research firm International Data Corp. "Now even friendly end points can be the source of attacks."

IBM and Cisco are reacting to those concerns, said Don Cronin, a senior technologist with IBM's corporate security strategy group. "It is not about patches or viruses or spam, but about solving the underlying business issue," he said. "Individuals need to have the right kind of access for their circumstance."

The new security integration will address both the identity of the person logging on to the network and whether the device is in compliance. To do that, the system uses a Tivoli client on the device.

Cisco has been working toward such end-point security for some time, said Jeff Platon, Cisco's senior director of product and technology marketing. The company's switches and routers are compliant with 802.1x, a standard for enabling identity management.

Cisco has also been moving more security and intelligence into its switches and routers.

But when it comes to end-point security, Platon said. Cisco is better off partnering with companies such as IBM.

For more information Learn why security strategies put Microsoft, Cisco at odds. Read our exclusive: End-point vendors gain from slow Cisco strategy.

"It was never our strategy to enter the trust and identity management space," he added. "But we can play an important role in the systems architecture so that the infrastructure is part of enforcement."

However, only those companies that use 802.1x-complaint Cisco gear and IBM's Tivoli management software can benefit. Customers must also use the Cisco Secure Access Control Server for identity management, rather than a standardized Radius server.

"At this point, [Cisco's partnership with IBM] does not seem applicable to heterogeneous environments," Christiansen said.

Platon said Cisco plans to work with standards bodies to make its approach into an industry-wide standard. At the same time, he said Cisco plans to make future announcements with other management vendors in the future.

"This was a good place to start," Platon said of the partnership with IBM. "But from both Cisco's and IBM's perspective, we have a strategy to open it up to a broader collection of partners."

Tags: Network Security Monitoring and Analysis,  Network Security Best Practices and Products,  Network Access Control,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Security Monitoring and Analysis Where can I find a sample security audit report? How can I run my own? The firewall remains the network traffic cop, but its role is changing Troubleshooting VLANs: How to monitor 802.1q tagged traffic Poor data-loss prevention practices almost cost Intel a billion How can I block my competitor's IP address range from my website? Hospital gains network visibility by convincing vendors to collaborate What software monitors and locks users from accessing my router? Data leak prevention starts with trusting your users NagVis -- 'Nagios: System and Network Monitoring, Second Edition,' Chapter 18 What is a genetic algorithm and where can I learn more about them online? Network Security Best Practices and Products Ethical hacking and countermeasures: Network penetration testing intro Are you on a domain name system (DNS) blacklist database? Rogue access points: Preventing, detecting and handling best practices Network security threats solved by risk management: John Pironti explains How to evaluate and manage UTM for network security Profiling -- and protecting against -- network problem users: The Internet Novice How does a firewall work? Physical network security key to fighting low-tech threats Why are TCP/IP networks considered unsecured? Troubleshooting networks: Can vendor software self-install firewalls? Network Access Control Network access control market crushed by economy, but future is bright Joel Snyder discusses Network Access Control Day at Interop Las Vegas Maturing NAC market gets its first Gartner Magic Quadrant Poor data-loss prevention practices almost cost Intel a billion Network access control poised for a comeback by aiming small Dynamic network access control secures electronics manufacturer Shifting defenses and dynamic perimeters challenge network security Compliance in a virtualized world: Server virtualization and NAC security Securing the new network architecture: Security for distributed, dynamic networks What is data loss prevention? -- An introduction to DLP

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary deep packet inspection (DPI)  (SearchNetworking.com) FCAPS  (SearchNetworking.com) Nessus  (SearchNetworking.com) netstat  (SearchNetworking.com) port mirroring  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary