IT Life

Cisco Initiative Takes Aim At Remote Infections

The Cisco Network Admission Control program is designed to ensure that remote systems logging on to networks are safe and properly configured before they're granted access.
Many of the companies hit by SQL Slammer and Blaster, as well as this year's plethora of nasty viruses, learned what was and wasn't working when it came to their security defenses. A number discovered that while their perimeter defenses, such as network firewalls, gateway antivirus, and patching efforts, largely worked to defeat these malicious code outbreaks, their internal networks still ended up getting nailed.

The infections often stemmed from remote workers or visiting consultants and contractors who logged on to company networks without properly patching or updating their antivirus software--and subsequently started infecting internal desktops and servers that had yet to be patched.

To help companies combat the problem of at-risk and insecurely configured remote workers, notebooks, and handheld PCs, Cisco Systems on Tuesday unveiled its planned technology to ensure that remote systems logging on to networks are safe and properly configured before they're granted access.

The initiative, dubbed the Cisco Network Admission Control program, will provide Cisco routers with a way to determine the security posture of computing devices. For example, if a remote notebook user is trying to log on to the system, certain security settings can be validated--such as whether its patches and antivirus signatures are up to date. If, after being vetted by the Cisco Network Admission Control app, the system is found not to be up to snuff, it can be denied access to the network, quarantined, or permitted to enter only certain segments of the network.

Cisco partnered with major antivirus vendors Network Associates, Symantec, and Trend Micro for this initiative.

The concept of enforcing security for "end-point" devices such as notebooks, desktops, PDAs, and eventually cell phones isn't a new idea. Security vendors such as InfoExpress, Sygate, and Zone Labs have end-point firewalls that provide various ways for systems to have their security health checked before network access is granted.

Research firm Frost & Sullivan expects the sale of end-point security applications to grow from $140 million last year to about $556 million by 2008.

Pete Lindstrom, research director at Spire Security, says business security has moved from "a few big gaping holes in systems to a larger amount of tiny holes in corporate systems." He says initiatives such as Cisco's are the next logical way for the security industry to "fill these tiny pinholes" that can create big security problems on internal networks.

The center of Cisco's announcement is its Cisco Trust Agent, which will be installed on remote systems. The agent will gather information from system settings and security apps and send it to Cisco's networking gear to determine if the system requesting access has its security up to snuff.

Moving forward, and largely based on Cisco's January 2003 acquisition of intrusion-prevention maker Okena, Cisco will integrate the Trust Agent with the Cisco Security Agent to enforce end-point security policy and stop new worms from attacking devices that have yet to be patched.

Cisco executives say they expect the first customer deployments of Trust Agent by the first half of next year. But before then, the company says it will deploy the technology on its own networks to increase security and work out any potential kinks in the new technology. Says president and CEO John Chambers, "We eat our own cooking."