Cisco brings security to the edge

Cisco's NAC framework extends protection to the outer edge of corporate networks

Cisco Systems has unveiled an updated version of its Network Admission Control (NAC) framework designed to extend protection against worms and malware to the outer edge of corporate networks.

NAC clients attached to a network automatically check to see that they have the latest antivirus updates, the latest anti-spyware tools and have all patches installed.

If a system fails one of these tests, Cisco's technology blocks it from accessing the network and instead guides users to a section where they can update patches and malware signatures.

Where traditional security products verify the user's identity by asking for a username and password, NAC checks what device is being used to access the network.

This bolsters the protection against security threats from workers logging into corporate networks from home using personal computers.

It could also prevent temporary workers, such as consultants or maintenance engineers, from introducing worms to the network when they plug in a laptop.

The updated version of the product unveiled today moves the authentication check from a server to the switches inside the network, which will help organisations to catch worm outbreaks at an earlier stage, Bob Gleichauf, chief technology officer at Cisco's Security and Technology Group, told vnunet.com.

"Because we are doing it on our switches and wireless access points, these represent the connection into the corporate network," he said.

"A lot of outbreaks of worms and viruses occur inside the corporate network, inside the firewall when you're coming into work and you plug in your laptop."

To enable NAC in the wireless access points and switches organisations need to upgrade the software running those devices. Gleichauf said that such upgrades are usually covered by the existing support contract.