Cisco and Microsoft are sharing details of their partnership on network access control technologies, which will include interoperable products and “out-of-the-box” capabilities in future product releases.
At the Security Standard conference, held in Boston last week, the vendors demonstrated how Cisco devices would work with Microsoft systems to screen desktops, laptops and other devices attempting to gain access to network resources. The technologies are part of the companies’ respective product plans and are an emerging technology area that will prevent unsecured devices from infecting or otherwise negatively impacting network and system performance.
“Network access control isn’t a product, it’s a concept and it shouldn’t be delivered by one vendor,” says Zeus Kerravala, a vice president with Yankee Group. “Some parts of it will be delivered via desktops and other parts via the network. This should allow customers to deploy Cisco and be able to integrate with other technologies.”
Cisco’s Network Admission Control (NAC) strategy and Microsoft’s Network Access Protection (NAP) plans promise to screen devices before they gain access to network and system resources. The partnership, announced more than two years ago, resulted in the companies developing APIs that would enable Cisco-compliant switches to work with Microsoft’s upcoming Vista operating system and Longhorn server releases.
According to the companies, the joint technology would include a client agent running on the managed device to detect the state of the device. The client authenticates to the network and sends a statement of its health — meaning if it is patched with the proper software or complies with preset policies — to the Cisco Secure Access Control Server (ACS) through a router or a switch. ACS then passes the status of the device to the Microsoft Network Policy Server (NPS) and NPS evaluates by comparing the state against preset policies included in third-party policy servers.
Vista won’t see widespread adoption and Longhorn isn’t set to ship until the second half of 2007, but the companies will begin a beta program of the interoperability capabilities later this year.
“The news isn’t entirely meaningful until Longhorn ships, but customers can hope to get simple, out-of-the-box features that will help them make securing their network a bit easier,” says John Pescatore, lead security analyst at Gartner.
“Cisco has a head-start in jointly developing this API because other vendors will eventually be able to write to it and it will help customers get network access control capabilities realistically without relying on just one vendor.”
Network access control technologies are getting a lot of attention, industry watchers says. But the market remains relatively immature as vendors hash out what to offer end users who may be confused by all the hype. Partnerships such as this could help ease adoption and the use of such technologies, which should be the goal for security managers attempting to protect their networks.
“Security practices shouldn’t impede existing workflows and customers are pushing back at the vendors to make it easier for them to get the technology in place without disrupting how their end-users work,” Pescatore says.
In fact, customers interested in the separate technologies urged Cisco and Microsoft to find a way to integrate their separate NAC and NAP plans, the companies say. And by joining forces, the vendors say they are providing customers with two paths to adopting technologies to better protect their networks.
“The recurring theme is that we are giving customers a choice and offering a simple option for interoperability between our technologies,” says Bob Gleichauf, CTO of Cisco’s Security Technology Group. “It’s not by any means flashy because it shouldn’t be, but this is a model that Cisco and Microsoft can return to and reuse for other technologies.”