Cisco, antivirus companies team to battle worms

Networking equipment maker Cisco Systems Inc. on Tuesday announced licensing agreements with three leading antivirus software companies and a new program that it said will protect computer networks from worms and viruses.

The Cisco Network Admission Control program will enable Cisco routers to evaluate information, such as whether a particular computer's antivirus definitions are up to date and its operating system is adequately patched, before allowing it to connect to a network, Cisco said.

The new program was developed jointly by Cisco and antivirus companies Network Associates Inc. (NAI), Symantec Corp. and Trend Micro Inc. and will address the security risks posed by remote and mobile computer users who are connecting to corporate networks using home broadband connections or even PDAs (personal digital assistants), Cisco said.

Many organizations recently stopped worms such as Blaster and Nachi at their network perimeter using firewall and IDS (intrusion detection system) software. However, some of those companies suffered anyway when mobile workers and telecommuters became infected through unprotected home Internet connections, then brought their infected machines to work or logged in to corporate networks using a dial-up or VPN (virtual private network) connection.

Cisco Network Admissions Control will prevent such infections by allowing Cisco routers to enforce access privileges when a remote computer attempts to connect to a network. Noncompliant devices can be denied access, quarantined or allowed only limited access to network computing resources, Cisco said.

At the heart of the new system is a new software client called the Cisco Trust Agent, which is installed on laptops, home desktops or servers, or mobile devices that will be connecting to a computing network. The Trust Agent collects information from other security software clients including antivirus clients, and relays that information to Cisco devices on the network.

NAI, Symantec and Trend Micro have licensed the Trust Agent software from Cisco and will be integrating it with their own software clients, Cisco said. In related news, NAI said that it will integrate the Trust Agent with McAfee Security technology, as part of the McAfee Trusted Connection Strategy program.

Cisco is also integrating the Trust Agent with the Cisco Security Agent, a software client for servers and desktop systems that provides integrated firewall, intrusion detection and content-based security. That integration will enable Cisco networks to enforce access policies based on whether or not a machine's operating system is adequately patched, Cisco said.

The new program marks a shift in tactics for addressing the threats posed by worms and viruses, according to Chris Christiansen, an analyst at IDC.

Previously, many security companies treated user desktop and laptop computers mainly as the target of malicious code. The Cisco Network Admission Control program, incorporating the lessons of Blaster and other recent attacks, treats them as transmission points for attacks on the network infrastructure, he said.

"There's a recognition that the network is the true destination of the attack and that routers and switches need to have the ability to protect the network," Christiansen said.

While the new program initially involves only major antivirus and security vendors, Cisco will, in the future, release an API (application program interface) that allows other companies to integrate the new Cisco technology with their products, Christiansen said.

In the meantime, the new program is sure to make security companies watchful and wary of how the new program develops, especially given Cisco's already strong role as a vendor of IDS, firewall and VPN technology, he said.

That size should help the Network Admission Control program succeed where similar, software client-based programs from other companies, including IBM Corp., have not, according to a technologist at a leading financial services organization who was briefed on the announcement.

Cisco's strength in network hardware will make it easier for the company to link data from the desktop back to key network devices. Features that are already in many Cisco products, such as the ability to logically segment networks into VLANs (virtual LAN), will also make it easier to implement new concepts such as a network quarantine area where inadequately secure systems can be placed and safely download and install software patches and antivirus updates, he said.

However, the need to reconfigure networks to implement quarantine areas and the program's reliance on a software client mean that the Network Admission Control program faces a long road to deployment at many large companies, which need to test and certify all new clients to guarantee they do not conflict with the desktop operating system or applications, he said.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies