Cisco Systems Delivers NAC Appliance 4.0: Enhanced Protection for Corporate LANs, Branch Offices, VPNs and Wireless Network Access Points

WebKnowHow
Monday, July 10, 2006; 02:06 AM

Cisco Systems  announced the delivery of NAC Appliance 4.0, the latest edition of the company's Network Admission Control solution designed to protect businesses from information security risks.

Designed to address the growing business and information technology security challenges caused by increasingly unpredictable threats, the appliance builds on Cisco's vision of NAC by providing policy enforcement at network entry points throughout a distributed enterprise. It features significant policy-enforcement capabilities for protecting local-area networks (LANs) as well as remote office, virtual private networks (VPNs) and wireless access points.

"NAC Appliance 4.0 represents a fundamental part of the Self-Defending Network's infrastructure," said Mick Scully, Cisco's vice president of product management for security. "It helps enable enterprise organizations to successfully defend against outside threats that may enter through wireless and VPN connections as well as threats that come from within corporate LANs and branch offices. It is a network-wide solution."

The solution is based on Cisco NAC's four cornerstone elements: authentication and posture assessment, policy enforcement, quarantine and remediation, and centralized management. At any given entry point, Cisco's NAC Appliance 4.0 identifies an assortment of users and networked devices -- from employees, contractors and guests to endpoints with various operating systems (Windows, Macintosh or Linux-based desktops and laptops), PDAs, printers and IP phones. The NAC Appliance assesses their role in accessing the network, verifies their compliance with corporate security policies and grants appropriate network privileges.

Non-compliant devices are blocked and quarantined. Vulnerability updates can be automatically administered to the operating system as well as updated antivirus and anti-spyware software. Once users and devices are confirmed as compliant with corporate security policies, they are granted network access. Throughout this automated process, NAC Appliance 4.0 can collaborate with the entire network and security infrastructure to ensure that policies are enforced across the enterprise.

"NAC Appliance is a versatile solution that enables us to unify our business operations and network security," said Mark Connelly, chief information security officer for Sun Microsystems. "It delivers NAC's four requisite functions for all segments of our network, and it does this by distinguishing multiple device types and operating systems. Not all vendors can do this. The automated enforcement offloads administrative overhead typically devoted to manual device updates, generating greater savings on our cost structures -- not to mention ensuring secure and efficient operations."

Among its various enhancements, Cisco's NAC Appliance 4.0 offers flexible options to overcome the deployment complexity inherent in enterprise networks. While the appliance can be deployed inline or "out-of-band" with network traffic at Layer 2, it can also be positioned out-of-band at Layer 3 to minimize the number of servers required for multiple locations. Such an option is especially beneficial for larger enterprises with complex distributed networks.

In addition, the appliance provides convenient single sign-on functions for VPN clients, wireless clients and Windows Active Directory domains -- an industry first among NAC solutions. This functionality, along with many existing management and configuration capabilities, provides simplified system operations and enhances employee productivity.

While the appliance is interoperable with various operating systems, it also collaborates with numerous Cisco security products and other vendors' networking equipment, extending its benefits within a more scalable and collaborative network security infrastructure. These products include Cisco Airespace wireless access points, as well as Cisco Security Agent for endpoint-based protection and the VPN services within the Cisco Adaptive Security Appliance (ASA) family.