Cisco announced a pair of additions to its Network Admission Control (NAC) product line yesterday, launching new tools that promise to extend the authentication system to a greater variety of devices and office environments. The introductions were timed to coincide with the start of the Security Standard Conference in Chicago, which is owned and operated by InfoWorld parent IDG.
Cisco unveiled its Network Module for NAC, which will give customers the ability to implant the authentication system into the vendor's Integrated Services Router (ISR) hardware, along with its NAC Profiler, which is meant to allow users to monitor a greater number of non-PC devices using the security tools.
The introduction comes hot on the heels of Cisco's late-August announcement that Intel will arm computers using its vPro and Centrino microprocessors with the ability to communicate their security posture to corporate networks, even before they have been booted-up. Executives with the San Jose, Calif.-based company said the latest products evidence the company's ongoing work to mature NAC aggressively.
"This is an announcement where you see things continue to develop, not only in terms of the types of things that NAC technologies can do, as was the case with the chipset interaction, but also in terms of addressing problems that everyone has, such as getting posture assessments for devices that don't run on Windows," said Brendan O'Connell, senior product manager for Cisco's Security Technology Group.
"With the ISR module, we're giving customers the option to push NAC into the branch-office setting, which is something else customers have been asking us for," O'Connell said. "It's all about increasing NAC's ease-of-use and operability."
While Cisco is widely credited with inventing NAC technology -- which is identified by other vendors by the more generic term "network access control," and is used to verify a device's identity and security standing as it attempts to connect to a network -- some industry watchers have criticized the manufacturer for not moving faster to introduce products such as its new releases.
In addition to expanding the potential footprint of its NAC systems by driving the technology into its ISR hardware, which it has been selling to customers for over three years, Profiler addresses one of the primary security concerns raised with the authentication systems, namely, their ability to identify and monitor IP-connected devices other than desktop and laptop computers.
Based on NAC's complexity, some companies have chosen to use branch offices or remote locations to test its impact and efficacy in the field before blending the tools into their central IT networks, Cisco officials said -- exactly the type of scenario the ISR module will seek to facilitate.
The ability to add NAC via a blade in the ISR devices will also appeal to small and medium-size businesses (SMBs), the networking giant contends, as will the ability to license the technology for office settings with 50 to 100 users -- the smallest deployment alternative for the tools the vendor has offered to date.
Cisco maintains that by offering NAC monitoring for IP-connected machines such as Voice-over-Internet-Protocol (VoIP) phones and networked printers, companies will no longer be forced to formulate complicated exceptions to test the devices.