Cisco, IBM team up on end-point security

By Jim Rendon, News Writer 14 Oct 2004 | SearchNetworking.com

Digg This!     StumbleUpon     Del.icio.us

Today Cisco Systems Inc. and IBM announced a partnership to foster increased end-point security for customers who use both Cisco's networking equipment and IBM's Tivoli software.

The companies have integrated IBM's Tivoli network and systems management software with Cisco's Network Admission Control (NAC) technologies to help enterprises set and enforce criteria for users and devices logging onto the network.

When a device attempts to log on, IBM's Tivoli Security Compliance Manager client program will scan it to ensure that it is using the required patches, antivirus updates and other software. If it is, the user will be allowed access to the network. Otherwise, the device will be quarantined on a vLAN and the IBM Tivoli Provisioning Manager will prompt the user to download the required software.

The announcement stems from a change in how employees use networked devices. Today workers often take their PCs or mobile devices off site and log on to other networks, which can cause a security risk when they return to their home networks.

"End points are not the destination for attacks," said Chris Christiansen, an analyst with Framingham, Mass.-based research firm International Data Corp. "Now even friendly end points can be the source of attacks."

IBM and Cisco are reacting to those concerns, said Don Cronin, a senior technologist with IBM's corporate security strategy group. "It is not about patches or viruses or spam, but about solving the underlying business issue," he said. "Individuals need to have the right kind of access for their circumstance."

The new security integration will address both the identity of the person logging on to the network and whether the device is in compliance. To do that, the system uses a Tivoli client on the device.

Cisco has been working toward such end-point security for some time, said Jeff Platon, Cisco's senior director of product and technology marketing. The company's switches and routers are compliant with 802.1x, a standard for enabling identity management.

Cisco has also been moving more security and intelligence into its switches and routers.

But when it comes to end-point security, Platon said. Cisco is better off partnering with companies such as IBM.

For more information Learn why security strategies put Microsoft, Cisco at odds. Read our exclusive: End-point vendors gain from slow Cisco strategy.

"It was never our strategy to enter the trust and identity management space," he added. "But we can play an important role in the systems architecture so that the infrastructure is part of enforcement."

However, only those companies that use 802.1x-complaint Cisco gear and IBM's Tivoli management software can benefit. Customers must also use the Cisco Secure Access Control Server for identity management, rather than a standardized Radius server.

"At this point, [Cisco's partnership with IBM] does not seem applicable to heterogeneous environments," Christiansen said.

Platon said Cisco plans to work with standards bodies to make its approach into an industry-wide standard. At the same time, he said Cisco plans to make future announcements with other management vendors in the future.

"This was a good place to start," Platon said of the partnership with IBM. "But from both Cisco's and IBM's perspective, we have a strategy to open it up to a broader collection of partners."

Tags: Network Security Monitoring and Analysis,  Network Security Best Practices and Products,  Network Access Control,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Security Monitoring and Analysis Application-specific network intrusion detection systems emerge Anomaly-based intrusion protection configuration and installation How can I calculate perimeter firewall throughput? How do I find the application on my network that's dropping packets? Integrating NAC with network security tools Where can I find a sample security audit report? How can I run my own? The firewall remains the network traffic cop, but its role is changing Troubleshooting VLANs: How to monitor 802.1q tagged traffic Poor data-loss prevention practices almost cost Intel a billion How can I block my competitor's IP address range from my website? Network Security Best Practices and Products How do I change my security setting to allow ActiveX? What are two common devices that control outbound network access? 3Com acquisition confirms HP-Cisco battle for China Enterprises demand next-generation firewalls with IPS, app visibility Preventing hacker attacks with network behavior analysis IPS Is there a way to trace my stolen laptop computer? Integrating NAC with network security tools Should organizations separate technical from administrative security? What network equipment is needed to secure a small business LAN? Ethical hacking and countermeasures: Network penetration testing intro Network Access Control What are two common devices that control outbound network access? Using NAC for smartphone security on wireless LAN Network security risks multiply when enterprises begin outsourcing Dynamic policy ensures faster, safer network for school district NAC appliance vendors: Can you depend on them? NAC integration at the endpoint Extending NAC enforcement to network security devices Integrating NAC with network security tools Network access control market crushed by economy, but future is bright Joel Snyder discusses Network Access Control Day at Interop Las Vegas

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary deep packet inspection (DPI)  (SearchNetworking.com) FCAPS  (SearchNetworking.com) Nessus  (SearchNetworking.com) netstat  (SearchNetworking.com) port mirroring  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary