Mumbai: Cisco Systems has announced the release of the Cisco Network Admission Control programme to address the increased threat and impact of worms and viruses to networked businesses. This strategic program represents a significant step forward in industry collaboration and is part of Cisco's Self-Defending Network Initiative that helps customers identify, prevent and adapt to security threats.
"As the network continues to be a mission critical business system for organisations of all sizes, a top priority for customers is securing their information assets and minimising the impact of viruses and worms," says John Chambers, president and CEO, Cisco Systems. "Cisco's Network Admission Control programme is designed to address a pervasive customer concern by helping organisations contain security threats before they cause damage."
The Cisco Network Admission Control programme was developed in conjunction with leading anti-virus software vendors including Network Associates, Symantec, and Trend Micro. This collaboration addresses the broad and growing concern among enterprise customers - the re-mediation costs resulting from worms and viruses.
"Recent worm and virus infections have elevated the issue of keeping insecure nodes from infecting the network and have made this a top priority for enterprises today," says Mark Bouchard, senior programme director, META Group. "Many organisations were successful at stopping recent worm attacks at their Internet boundaries, yet still fell victim when mobile or guest users connected their infected PCs directly to internal local area networks. Eliminating this type of threat will require a combination of strengthened policies and network admission control systems."
Customers using network admission control systems can allow network access only to compliant and trusted endpoint devices (for example, PCs, servers, personal digital assistants) and can restrict the access of non-compliant devices. In its initial phase, the Cisco Network Admission Control functionality enables Cisco routers to enforce access privileges when an endpoint attempts to connect to a network.
This decision can be based on information about the endpoint device such as its current anti-virus state and operating system patch level. Network admission control systems allow non-compliant devices to be denied access, placed in a quarantined area, or given restricted access to computing resources. Cisco Network Admission Control systems will initially support endpoints running Microsoft Windows NT, XP and 2000 operating systems.
"The proliferation of unknown computing endpoints in the form of remote and mobile users puts our strategic information assets at increasing risk," says Lance Braunstein, chief information security officer, and executive director of Infrastructure Engineering, Morgan Stanley Individual Investor Group, a global financial services firm. "Cisco's collaboration with anti-virus software vendors will enable us to apply a consistent security policy to computers that access our network. Network admission control systems will allow us to take advantage of our existing investment in security software and network infrastructure to ensure that computers accessing our network will conform to our security policies."
A key component of the Cisco Network Admission Control programme is innovative software developed by Cisco called the Cisco Trust Agent which resides on an endpoint system and communicates with the Cisco network. The Cisco Trust Agent collects security state information from multiple security software clients, such as anti-virus clients, and communicates this information to the connected Cisco network where access control decisions are made and enforced. Cisco has licensed its Cisco Trust Agent technology to Network Associates, Symantec and Trend Micro so it can be integrated with their security software client products.
The Cisco Trust Agent will also be integrated with the Cisco Security Agent to enforce access privileges based on an endpoint's operating system patch level. The Cisco Security Agent is Cisco's laptop/desktop and server host intrusion prevention and distributed firewall software that identifies and prevents malicious behaviour before it can occur.
Cisco self-defending network initiative
The Cisco Network Admission Control programme is a key development in the Cisco Self-Defending Network Initiative, an innovative, multifaceted security strategy designed to dramatically improve the ability of networks to identify, prevent and adapt to a range of security threats. The Cisco Self-Defending Network Initiative advances Cisco's strategy of integrating security services throughout Internet Protocol (IP) networks by delivering new system-level network threat defence.
Network admission control availability
Cisco Network Admission Control functionality is scheduled to be supported on Cisco's access and mid-range routers in mid-2004. In future releases, this capability will be extended across multiple Cisco product platforms, including switches, wireless access points and security appliances. The Cisco Trust Agent is scheduled to be integrated with both Cisco and some Cisco Network Admission Control programme supporting companies' security client software products beginning in mid-2004. Future phases of this programme will extend endpoint and network security interoperation to include infection containment capabilities. Cisco expects to open elements of the Cisco Network Admission Control program to additional organisations in the industry as the programme develops.