Cisco Systems last week rolled out the first set of products under its Network Admission Control program, which is designed to help companies enforce security policies on network endpoint devices such as PCs and mobile systems.
The company also said it will seek broader participation from third-party security software vendors in response to complaints that the NAC program is too proprietary. Currently, Network Associates, Symantec and Trend Micro are the only companies working with Cisco on the endpoint effort, which was announced last fall.
Among the products released last week was software called Cisco Trust Agent. Cisco said the agent technology can be used on servers and client systems to collect security-related data such as operating system patch levels and the status of antivirus tools. The software sends the data to new NAC-enabled routers, which automatically decide whether to allow devices to access networks based on their security status.
Filling a Void
Cisco's NAC technology addresses the growing need for companies to protect not just their network perimeters but also the devices connecting to them, said Ken Kucera, a senior vice president at First National Bank of Omaha.
Cisco's market-leading status puts it in a position to provide that level of protection, Kucera added. "I've always wondered why Cisco wasn't in this space before," he said.
But to be useful to more users, Cisco must let more security vendors hook into the NAC architecture, said Joel Conover, an analyst at Current Analysis.
For instance, Cisco Trust Agent collects security information only from antivirus software sold by Network Associates, Symantec and Trend Micro. Rival products from companies such as InfoExpress and Zone Labs draw information from more security tools, including host-based intrusion-detection systems and firewalls.
So far, Cisco has been reluctant to let other vendors participate in the NAC effort, said Fred Feldman, vice president of marketing at San Francisco-based Zone Labs. "Our concern is that they will use their position to freeze best-of-breed vendors out of the market," Feldman said.
"Today, it's a closed interface," said Stacey Lum, CEO of InfoExpress in Mountain View, Calif. "If Cisco doesn't open it up, then it's Cisco against the rest of the world."
Cisco is aware of such concerns, and in the third quarter it will set up a NAC integration program that will be open to other vendors, said David King, director of business development for Cisco's virtual private networking unit. The company will make select NAC APIs available, including one for Cisco Trust Agent, King said.
He added that in the future, Cisco Trust Agent will be able to collect information from host-based firewalls, intrusion-detection software and other security applications on endpoint systems.