Cisco Converges Defenses
Less a new product than a matching up of existing security features, Cisco will combine its Self-Defending Network system with the wireless security features already available in its Unified Wireless Network products. Current Cisco customers will receive the new combined features of the system as regular updates to their current Cisco software, and the company will provide assistance in educating IT managers to the new integration features enabled by SWS, says Cisco manager for mobility solutions Chris Kozup:
"The industry overall has done a good job in the past several years solving the security problems associated with wireless networks through, among other things, the WPA2 standard," says Kozup. "Those now provide a level of secure and robustness that can provide the confidence to enterprises to move forward and deploy wireless networks. That's great, and it's necessary, but it really doesn't address the needs our customers have."
In other words, the main thrust of industry-wide security to date has been to secure data in transit over RF networks -- "flying through the air," as Kozup puts it. Cisco's looking to a) protect back-end wired networks from intrusions using wireless access as a launch-pad back into corporate systems, and b) protect mobile data that is stored in various devices moving back and forth between trusted and untrusted networks.
Essentially, the new architecture uses Cisco security features on the wired network, including its Network Admission Control appliance, ASA firewall, Cisco Security Agent, intrusion-protection software, and Secure Services Client, and puts them in the wireless environment. For instance, when a wireless user on a laptop logs into the wireless LAN in a corporate facility, the Cisco WLAN controller can now hand off the authentication process back to the NAC appliance, which then assesses the "posture" or security health of the device, making sure it has the latest anti-virus and anti-spyware protection and so on. This process is transparent to the user, who is only asked to log in once.
Similar processes unify the wireless network with Cisco's existing intrusion detection system and the Cisco Security Agent, a client-side device that acts as personal firewall.
In November Siemens said it would integrate its HiPath WiFi manager software with network access protection (NAP) code from Microsoft Corp. (Nasdaq: MSFT) to enable network admins to monitor users logging onto the wireless network and enforce security policies.
— Richard Martin, Senior Editor, Unstrung