In an effort to turn the tables on computer worms that can clog and confound corporate networks, Cisco has teamed with three major antivirus vendors to make networks smarter — and therefore safer — with trusted agents that can cut off infected or compromised nodes while keeping the overall network up and running.
Acknowledging that the collaboration with competitors was forced by customer requests and concern about persistent infection from worms new and old, Cisco and antivirus vendors Network Associates, Symantec and Trend Micro said the Cisco Network Admission Control (NAC) program will more intelligently enable routers to enforce access privileges when a computer or “endpoint” connects to the network.
The companies — which said they worked together to develop the program whereby Cisco “trust agents” reside on endpoints and communicate with the network — hope to corral rogue network connections unprotected by antivirus software.
Aberdeen Group research vice president Jim Hurley told TechNewsWorld that companies are struggling with remote users who can easily introduce Internet worms and viruses when they connect to the network. “There are all kinds of devices attached to the network that IT doesn’t know about,” he said.
Many customers have cleaned and updated their networks, but a substantial percentage of corporate networks have not been updated. “They just kept sending worms back out into corporate environments,” Hurley added, referring to this year’s Blaster and SoBig outbreaks.
The Cisco NAC program will use the trust agent software to collect state-of-security information from multiple security resources around the Internet. The agents then will communicate that information to the connected Cisco network where access control decisions are made and enforced, Cisco said.
While there was some concern that automatically cordoning off network connections could disrupt business processes or interaction with customers or partners, Cisco manager of product marketing Russell Rice told TechNewsWorld that the program includes remediation that can occur as the client or device is quarantined.
Cisco director of business development in VPN and security Dave King added that the appropriate level of network access is granted according to the findings of the trust agent, depending on how customers implement the admission control. In other words, everything can be customized to suit a particular customer’s concerns.
Worm Catching License
King told TechNewsWorld that Cisco, which is licensing the trust agent software to a select set of antivirus vendors, will put the network security software in all of its infrastructure devices in a “rolling thunder of platforms.”
The admission-control functionality, which initially will support network endpoints running Microsoft Windows NT, XP and 2000, will be supported on Cisco’s routers in 2004, the company said.
The company plans to extend the admission-control reporting capabilities across multiple platforms, including switches, wireless access points and security appliances, and said it will open elements of the program to additional organizations in the industry as well.
Immunity Through Ubiquity
King said support for Windows 2003, Mac OS, Linux and other systems will be added over time. He also said that while antivirus vendors are free to sell the capability alone or fold it in as a standard part of their antivirus solutions — which all three vendors indicated they will do — Cisco will focus on the trust agent’s integration with the company’s security agent, an intrusion-prevention and firewall system.
Rice, a leader of the admission-control program’s development, said the strategy was originally focused on remote and wireless access, but the Slammer and Blaster worms reoriented the project toward the part of the network that is most vulnerable to attack by worm.
“It required recognition of all the ways you get into [any] network,” Rice said. “You need a ubiquitous way to do [admission control].”