IBM, Cisco team on network security

Tech giants IBM Corp. and Cisco Systems Inc. are collaborating to address network security threats such as hackers, worms, and viruses, the companies said on Friday.

Under a new agreement, they are integrating a number of products, allowing companies using IBM's products to communicate more directly with network security technology made by Cisco, executives said. The two companies unveiled a number of initiatives including plans for a software agent that will enable Cisco's Secure Access Control Server (ACS) to communicate with IBM's Tivoli Identity Manager software.

The ACS product manages users and identities across local- and wide area networks. The integration will allow companies that use the two products to have a single identity and control system that extends from software applications to network resources, according to Chris O'Connor, director of corporate security strategy at IBM.

IBM ThinkPad notebook and ThinkCenter desktop computers can establish more secure connections to Cisco VPN (virtual private network) products. Using technology already available, ThinkPads and ThinkCenters that use the ThinkVantage embedded security chip can connect seamlessly with Cisco VPN products, providing enhanced security with hardware- and software-based encryption, the companies said.

Customers who purchase the IBM eServer xSeries products and ThinkPads can now download a version of the Cisco Security Agent for those machines. The agent includes firewall and intrusion prevention features and provides "day zero" protection by identifying and blocking malicious behavior on computers, IBM and Cisco said.

Finally, IBM said it is joining the Cisco Network Admission Control (NAC) program. Unveiled in November, the NAC program pairs Cisco with security companies, enabling Cisco routers to evaluate information, such as whether a particular computer's antivirus definitions are up to date and its operating system is adequately patched, before allowing it to connect to a network.

IBM will integrate the Tivoli security management software with Cisco products involved in the NAC program. For example, companies using both Cisco NAC products and Tivoli will be able to take information about a computer's software configuration and apply it to Tivoli security policies before granting admission to a network, O'Connor said.

The combination of Tivoli and NAC will give companies the ability to make network admission decisions based on more specific information than is currently possible, he said.

The partnership between Cisco and IBM is a natural step, given both companies' size and strength serving Fortune 5000 companies, O'Connor said.

The two companies have also made complementary security investments in recent years. Cisco has focused on end-point security with the Cisco Security Agent and network admission control with the NAC program, while IBM has invested in policy and user management, said Dave King, director of marketing for Cisco's VPN and Security Business Unit.

"This is natural marriage of complementary solutions," he said.

The Tivoli Identity Manager agent for Cisco Secure Access Control Server will be available in March and more announcements are planned, King said.

The two companies have a three-year road map of "incremental updates" planned, especially in the area of access control and remediation, O'Connor said.

The ultimate goal is to make security "go away," he said. "Security should be there when you make a new business process so you don't have to think about it piece by piece," O'Connor said.

"We view this as a long run relationship. We don't expect this to be a one hit wonder," King said.