Cisco Systems is releasing an integrated network self-defense system that combines the companys existing wired and wireless intrusion prevention technology with its NAC Appliance and ifirewall technology. The company refers to this combination product as the Cisco Unified Wireless Network.
In addition to providing a defense against such threats as rogue access points and clients, the Secured Wireless Solution provides diverse services, including single sign-on, client validation, integrated firewall services for guest access and a unified management approach. The new secure solution is designed to meet the needs of a variety of government and industry regulations, including HIPAA (Health Insurance Portability and Accountability Act), the Sarbanes-Oxley Act and PCI.
“What were announcing is a new architected solution,” said Ben Gibson, director of Mobility Solutions Marketing at Cisco, in San Jose, Calif. “Our engineers and designers have tested and validated a wired and wireless solution for security.”
“If you are an organization such as health care or retail, there are specific regulations that say you must safeguard data from a wireless device,” Gibson said. “A key part of safeguarding that information is ensuring that the network is able to detect rogue access devices or clients that are attempting to tap into this information. In particular, employees tend to bring in consumer-class Wi-Fi access points and plug into the network, which creates a significant security hole. You need to detect the access point and shut it off or mitigate it,” he said.
The problem, Gibson said, is that wired networks and wireless networks dont always have the same capabilities when it comes to security. “On a wired network side, theres a separate capability that allows you to detect whether a rogue access point is plugged into your network. If you only have wired IDS [intrusion detection system], you can stop them from getting into the wired network,” Gibson said. “Through this new solution, we have integration between our wireless LAN controller family and the Cisco ASA 5500. In the past, we offered a wired and a wireless system. Now were integrating the two together. This is a substantial win for customers who are always resource-constrained. It can be managed holistically.”
However, it takes more than unified management to make life easier for the IT staff, and Gibson said Cisco has also addressed other issues. “Another key application is the ability to have single sign-on whether youre on the wired or wireless network,” Gibson explained. “Its our wireless LAN controllers in concert with the Cisco NAC [Network Admission Control] controllers. What weve developed is integration between these products. The process for wired and wireless used to be two separate operations. The wireless LAN controller and the NAC appliance are taking care of authentication. You only have one sign-on,” he said.
Gibson said a third area thats been in demand by customers is guest and contractor access to the network. Now the integrated firewall services support them as well. “Guests get sent through the firewall system, which allows very specific rules for guest applications,” he said. “Now you can apply specific policies, such as not allowing point to point or corporate IM [instant messaging] or FTP file transfers.”
Gibson said the unified approach should make it easier for companies to meet government regulations. “If you dont have a secured wireless and wired network, you have a potential risk of not being able to control your financial data,” he said. “Without converged security, its a lot more difficult to meet requirements.”
Analyst Zeus Kerravala, speaking to eWEEK from Manchester, England, said Ciscos new capability is an important extension of its existing offerings. “It extends the principles of self-protection to wireless,” said Kerravala, senior vice president for Enterprise Research at Yankee Group Research. “You want the policies you employ and practices you deploy to apply to the whole enterprise. For most enterprises, this isnt the case. Cisco needs to be able to provide that unified security across the whole network. It needs to be consistent,” he said.
Kerravala said that while he thinks Ciscos new integrated offering is an important step, the company isnt really where it needs to be with the capability. “It needs to be easier to manage. Theyre about 70 percent there,” he said. “But theyre further along than anybody else.”
“The next step needs to be some integration once you get outside the walls of the campus,” Kerravala said. “What Cisco has tackled is when youre in the office. But users are coming in from BlackBerrys and Treos. There are a number of other access methods, and those need to be included as well,” Kerravala said. Still, “I think its important to show that self-protection is evolving; its at least a step in that direction,” he said.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
