October 14, 2004 8:58 AM PDT

IBM, Cisco tackle security's weak link

IBM and Cisco Systems have expanded a partnership to provide businesses with automated identity and access security to networks.

The two companies announced Thursday that they have integrated IBM's Tivoli network management software with Cisco's networking products to help businesses protect their networks from worms and viruses before employees get on the network. The combined offering sets criteria for users and devices logging on to the network.

IBM and Cisco first announced their partnership in February.

When someone tries to log on to the network, IBM's Tivoli software scans the machine to ensure that it has all the required security patches, antivirus updates and other software running on it. The update is sent to Cisco's Access Control Server through the Cisco Trust Agent, software that is pre-installed on every user's machine. If the device connecting to the network complies with all the security policies that have been previously set, the person is allowed to log on. If it doesn't, the device is quarantined on a separate virtual LAN (local area network) link and the Tivoli software prompts the person to download the necessary software.

Cisco has similar partnerships with makers of antivirus software through its Network Admission Control (NAC) program. Network Associates, Symantec and Trend Micro have been working with Cisco since NAC was announced last year. Earlier this week, Cisco announced that Computer Associates also joined the NAC alliance.

Cisco's NAC initiative is part of a broader effort to help protect networks from worms and viruses before they propagate throughout the network. As the work force becomes more mobile, many workers are inadvertently exposing their companies to security threats. For example, employees who take their laptops with them when they travel may pick up viruses and worms while they are connected to another network on the road. When they return to headquarters and plug into the corporate network, they can infect the entire company.

Cisco is not the only company that has developed a strategy to address this issue. Microsoft also has proposed a plan it calls Network Access Protection, or NAP. Both architectures work in similar ways, but they are not interoperable. Other networking vendors also have developed similar security strategies, including Enterasys and Alcatel.

A consortium of vendors called the Trusted Computing Group is already working on an architecture that will use open standards.

So far, Cisco's NAC architecture is only supported on its IP routers. The company plans to add the functionality to its Ethernet switches sometime next year.

The integrated Cisco and IBM offering will be available in December.

2 comments

Join the conversation!
Add your comment
It's about the money
This still sounds like technology aimed more at maximizing product sales than security. I see too many ways it can be negated: New worms not yet profiled will get through, not every security hole will have a patch, and what about employees hacking the system from within? This would be an expensive update and not cost effective.
Posted by Marcus Westrup (630 comments )
Reply Link Flag
hacking the system
<a class="jive-link-external" href="http://www.analogstereo.com/mercedes_c_class_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/mercedes_c_class_owners_manual.htm</a>
Posted by Ipod Apple (152 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.