QUESTION & ANSWER

Cisco's self-defending networks progress, slowly

By Jim Rendon, News Writer 07 Jul 2004 | SearchNetworking.com

Digg This!     StumbleUpon     Del.icio.us

According to Robert Whiteley, an associate analyst with Cambridge, Mass.-based Forrester Research Inc., Cisco still has several key components to integrate and, without them, its self-defending network will fall like Troy did to the Greeks. SearchNetworking.com caught up with Whiteley to find out more about where Cisco needs to shore up its defenses.

What are the security threats that Cisco is responding to with this strategy?
Robert Whiteley: Up until now, the idea was that outside of the corporate network, there are viruses that need to be stopped before they enter the enterprise. But it is increasingly easy for an authorized person to walk into a building, plug a laptop in and spread a virus.

Even if Cisco can deliver its products on time, there is a question about whether the devices can handle the extra functionality without affecting performance. Robert Whiteley Forrester Research

Companies need to start defending the local area network, and that adds another layer of complexity. Instead of a guarding a single entry point, now you are trying to prevent an attack that could originate anywhere.

What is Cisco's vision for a self-defending network?
Whiteley: One is to clean the end point so the virus is eliminated before it has access to the network. Then, if something does manage to infect the network, the device should be quarantined. That requires a tremendous amount of intelligence in Cisco's products.

How far along is Cisco on that path?
Whiteley: The biggest thing that Cisco is working on now is network admission control, which involves identifying the user, ensuring that the device is not infected and determining what to do if the device is infected.

Right now, Cisco is at phase one of that process. Its routers have the ability to quarantine users.

Strategically, what comes next?
Whiteley: In the next phase, Cisco will move that ability to its switches and VPN gear. That is an important distinction. It is great to have enforcement points at the router, but when you plug in to the Ethernet jack, you have access to the network with no router between you and the network. Those capabilities need to be resident on the switch. Switches must quarantine users before a virus spreads throughout a business. There is value in what Cisco offers now, but it will be much greater when it delivers switches in 2005.

For more information Read our exclusive: Cisco launches new security, manageability tools.

What can companies do in the meantime?
Whiteley: There will always be point solutions from companies like Symantec Corp. and Check Point Software Technologies Ltd. that you can place in the network. They help not only with prevention and protection, but with quarantining devices on the network. Another thing that companies can do is to deploy a Secure Socket Layer virtual private network internally, so that when users plug into their laptops they access the network as if they were remote users. Unfortunately, it is an expensive approach and requires multiple gateways because of the number of simultaneous users in an enterprise.

But wouldn't users be frustrated by using Web interfaces for all of their applications, even when they are in the office?
Whiteley: Most vendors have cleared the applications hurdles with SSL VPNs so that there is not a lot of difference in the user experience. The only issue is that there may be some latency in the connection, so it is not great for voice over Internet Protocol.

Is it good for the industry to be folding so much intelligence into the network?
Whiteley: This is a very important place for the industry to get to, but there are still some potential issues. Even if Cisco can deliver its products on time, there is a question about whether the devices can handle the extra functionality without affecting performance.

Tags: Network Security Monitoring and Analysis,  Network Security Best Practices and Products,  Network Access Control,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Security Monitoring and Analysis Application-specific network intrusion detection systems emerge Anomaly-based intrusion protection configuration and installation How can I calculate perimeter firewall throughput? How do I find the application on my network that's dropping packets? Integrating NAC with network security tools Where can I find a sample security audit report? How can I run my own? The firewall remains the network traffic cop, but its role is changing Troubleshooting VLANs: How to monitor 802.1q tagged traffic Poor data-loss prevention practices almost cost Intel a billion How can I block my competitor's IP address range from my website? Network Security Best Practices and Products How do I change my security setting to allow ActiveX? What are two common devices that control outbound network access? 3Com acquisition confirms HP-Cisco battle for China Enterprises demand next-generation firewalls with IPS, app visibility Preventing hacker attacks with network behavior analysis IPS Is there a way to trace my stolen laptop computer? Integrating NAC with network security tools Should organizations separate technical from administrative security? What network equipment is needed to secure a small business LAN? Ethical hacking and countermeasures: Network penetration testing intro Network Access Control What are two common devices that control outbound network access? Using NAC for smartphone security on wireless LAN Network security risks multiply when enterprises begin outsourcing Dynamic policy ensures faster, safer network for school district NAC appliance vendors: Can you depend on them? NAC integration at the endpoint Extending NAC enforcement to network security devices Integrating NAC with network security tools Network access control market crushed by economy, but future is bright Joel Snyder discusses Network Access Control Day at Interop Las Vegas

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary deep packet inspection (DPI)  (SearchNetworking.com) FCAPS  (SearchNetworking.com) Nessus  (SearchNetworking.com) netstat  (SearchNetworking.com) port mirroring  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary