Cisco Integrates NAC with Routers

Cisco's plug-in NAC module will help corporate branch offices deal with threats locally.

Cisco Systems is expanding its network access control offerings in a move company officials said will cut complexity, the cost of operations and extend security at the endpoint.

The San Jose, Calif., company Sept. 10 launched the NAC Network Module, a plug-in module that integrates Ciscos NAC technology into its Integrated Services Routers. The module will protect businesses by authenticating, authorizing, evaluating and remediating remote user machines connected via wired or wireless links prior to granting them access to corporate networks, company officials said.

The NAC network module, which offers all of the features of the Cisco NAC Appliance Server, is supported in the Cisco 2800 and 3800 Series Integrated Services Routers. Designed with corporate branch offices in mind, the NAC Network Module for the Integrated Services Routers seeks to stop potential threats locally before they are transferred over the broader corporate network. The module enforces security policies on all networked devices, from Windows, Mac and Linux machines to laptops and personal digital assistants.


Click here to read more about Ciscos enterprise-class Wi-Fi.

"The NAC [Network Module] simplifies a customers life by offering all of their enterprise NAC features from the standalone appliances integrated directly into their routing hardware," said Brendan OConnell, NAC product marketing manager at Cisco. "Having a single box solution at a branch reduces the complexity of the architecture and reduces the cost of operations and ownership for maintenance, power and management."

In addition, Cisco also is introducing NAC Profiler, an endpoint-recognition technology meant to address the growing diversity of network devices by taking an in-depth and automated inventory and enabling actions to be taken based on the devices behavior.

"Historically NAC—[from] all vendors, not just Cisco—has focused heavily on posture assessments for PCs and largely handled other network devices on an exception basis," OConnell said. "Exceptions are highly manual since the customer must know the NAC addresses of all their devices and offers little or no verification of the device in question. Profiler now automates the process just as PC admission is automatic and brings the information gathering and posture assessment element back into the equation before granting access."

Christian Christiansen, an analyst with IDC, said the fact that NAC Profiler and the NAC module support non-Windows devices and non-PCs is significant.

"Not all the stuff that [companies] have to secure—not all the systems and devices, the endpoints—are Windows-based, or theyre not based on contemporary Windows versions," he said. "So they have to manage a wide variety of mobile devices … that they will never see, that they will never touch. So it gets to be a difficult situation where you have to manage a device that youll never see and that the customer wont let you touch."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.