News Stay informed about the latest enterprise technology news and product updates.

Cisco's self-defending networks progress, slowly

Cisco Systems Inc. has been in the process of folding security into its network infrastructure for some time. The initiative, known as the self-defending network strategy, is a part of Cisco's overall push to add more intelligence into the network. But as with any long process, Cisco still has quite a bit of ground to cover.

According to Robert Whiteley, an associate analyst with Cambridge, Mass.-based Forrester Research Inc., Cisco still has several key components to integrate and, without them, its self-defending network will fall like Troy did to the Greeks. SearchNetworking.com caught up with Whiteley to find out more about where Cisco needs to shore up its defenses.

What are the security threats that Cisco is responding to with this strategy?
Up until now, the idea was that outside of the corporate network, there are viruses that need to be stopped before they enter the enterprise. But it is increasingly easy for an authorized person to walk into a building, plug a laptop in and spread a virus.

Even if Cisco can deliver its products on time, there is a question about whether the devices can handle the extra functionality without affecting performance.
Robert Whiteley
Forrester Research
Companies need to start defending the local area network, and that adds another layer of complexity. Instead of a guarding a single entry point, now you are trying to prevent an attack that could originate anywhere. What is Cisco's vision for a self-defending network?
One is to clean the end point so the virus is eliminated before it has access to the network. Then, if something does manage to infect the network, the device should be quarantined. That requires a tremendous amount of intelligence in Cisco's products. How far along is Cisco on that path?
The biggest thing that Cisco is working on now is network admission control, which involves identifying the user, ensuring that the device is not infected and determining what to do if the device is infected.

Right now, Cisco is at phase one of that process. Its routers have the ability to quarantine users. Strategically, what comes next?
In the next phase, Cisco will move that ability to its switches and VPN gear. That is an important distinction. It is great to have enforcement points at the router, but when you plug in to the Ethernet jack, you have access to the network with no router between you and the network. Those capabilities need to be resident on the switch. Switches must quarantine users before a virus spreads throughout a business. There is value in what Cisco offers now, but it will be much greater when it delivers switches in 2005.

For more information

Read our exclusive: Cisco launches new security, manageability tools.

What can companies do in the meantime?
There will always be point solutions from companies like Symantec Corp. and Check Point Software Technologies Ltd. that you can place in the network. They help not only with prevention and protection, but with quarantining devices on the network. Another thing that companies can do is to deploy a Secure Socket Layer virtual private network internally, so that when users plug into their laptops they access the network as if they were remote users. Unfortunately, it is an expensive approach and requires multiple gateways because of the number of simultaneous users in an enterprise. But wouldn't users be frustrated by using Web interfaces for all of their applications, even when they are in the office?
Most vendors have cleared the applications hurdles with SSL VPNs so that there is not a lot of difference in the user experience. The only issue is that there may be some latency in the connection, so it is not great for voice over Internet Protocol. Is it good for the industry to be folding so much intelligence into the network?
This is a very important place for the industry to get to, but there are still some potential issues. Even if Cisco can deliver its products on time, there is a question about whether the devices can handle the extra functionality without affecting performance.

Dig Deeper on Network Security Monitoring and Analysis

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close