Cisco releases Network Admission Control products

Cisco Systems Inc. said that products are now available for its months-old Network Admission Control, or NAC, program to integrate information technology (IT) security features and policies into network switching and routing products.

The company on Monday announced a wide range of Cisco routing products and software that support the NAC technology, unveiled a new vendor integration program to encourage more companies to develop NAC-compliant products and said it is offering consulting services to help customers deploy NAC on their network.

Announced in November 2003, the Cisco Network Admission Control program was developed jointly by Cisco and antivirus companies Network Associates Inc. (NAI), Symantec Corp. and Trend Micro Inc. The program addresses the security risks of remote and mobile computer users connecting to corporate networks with software that allows Cisco routers to evaluate information, such as whether particular computer's antivirus definitions are up to date and its operating system is adequately patched, before allowing it to connect to a network.

Cisco 830 to 7200 series routers running the company's Internetwork Operating System Version 12.3(8)T or higher now support the NAC program, as do some of the company's network access and security management products, including the Cisco Secure Access Control Server Version 3.3, Cisco Security Agent Version 4.02 and CiscoWorks Security Information Management Solution Version 3.2 products, the company said.

The Cisco Trust Agent Version 1.0, which collects information from other security software clients including antivirus clients and relays that information to Cisco devices on the network, is now available and has been integrated with the Cisco Security Agent, a software client for servers and desktop systems that provides integrated firewall, intrusion detection and content-based security, Cisco said.

A variety of so-called "end point" security products support the Trust Agent as well, including NAI's McAfee VirusScan Enterprise 8.0i and 7.x products, Trend Micro's OfficeScan Corporate Edition Version 6.5 and future versions of Symantec's Client Security and AntiVirus Corporate Edition products, the company said.

Those products often combine security features such as antivirus, desktop firewall and host intrusion prevention features in a single security agent.

To encourage other companies to develop NAC-compliant products such as security and patch management software, Cisco will release application programming interfaces (APIs), including an API for its Trust Agent, to third party technology vendors for integration. That program will begin in the third quarter, 2004, the company said.

Finally, Cisco said it is now offering professional services to help companies deploy NAC technology on their networks. Cisco consultants will offer a variety of services including network assessments to determine whether a customer's network is ready for a NAC deployment, design services and installation and configuration.

Cisco's NAC program is at the heart of the company's vision for a future in which computer networks are "self defending" and capable of stopping threats such as hackers, viruses and worms. However, that vision may take some time to be realized at all but the largest companies, said Zeus Kerravala vice president, enterprise infrastructure research and consulting at The Yankee Group.

"NAC requires companies to think differently about how their network deployed," Kerravala said. "Most networking is reactive. Companies look backward, and ask 'What features do we have and how do we deploy them?' With NAC, they have to think in advance about what their network architecture is going to be."

The company's consulting services, announced Monday, will help companies to make that transition, he said.

Still in its early stages, Cisco's NAC architecture, as well as competing efforts from competitors like Juniper Networks Inc. could eventually be the foundation for industry-wide technology standards for integrated network security. With its dominant share of the market for high end and enterprise networking equipment, Cisco is sure to have a big hand in any eventual standards, Kerravala said.