Where products and corporate policy intersect

Three of the network security industry’s biggest vendors used last month’s RSA Security Conference to launch products designed to enforce corporate network security policies.

The companies are trying to address the issue of watching for and preventing clients without proper security technology from accessing enterprise networks.

Cisco Systems Inc., for example, announced Cisco Security Manager (CSM) 3.0, the Monitoring, Analysis and Response System (MARS) 4.2 and a set of modules for its Adaptive Security Appliance (ASA) 5500 series.

Meanwhile, Brampton, Ont.-based Nortel Networks Corp. launched the Secure Network Access Switch (SNAS) 4050, which includes RADIUS authentication, management via simple network management protocol (SNMP) and syslog, plus dual profile authorization. The switch is designed to ensure no client can access the network without the correct antivirus, firewall and software patch updates. It also monitors PCs for any changes that could affect security.

Proceed with caution
Nortel says it plans to have its SNAS products work with Microsoft Network Access Protection (NAP), and include “smart ports” on its switches, routers and gateways that will allow them to communicate with other NAP clients so companies can enforce security policies across the network.

“When somebody comes into the office with their laptop, you really should treat that device almost in the same way as you would if someone calls in from home,” over a VPN, said Pat Patterson, Nortel’s director for security solutions in a telephone interview from the RSA conference.

Corporate networks are often accessed by visitors who bring in their own computers, said Jack Sebbag, McAfee Inc.’s vice-president and general manager for Canada.

McAfee has announced Policy Enforcer, which runs with its ePolicy Orchestrator software and is designed to examine all new clients to ensure they comply with corporate security policies – such as having the right anti-virus updates, firewall software and operating system patches – before allowing them access to the network.

“There’s way too many unauthorized machines getting on to corporate networks,” Sebbag said. “Sometimes hundreds of people – consultants, contractors or employees without access – just plug into the network and release malware without their knowledge.”

Policy enforcement is also one aim of Cisco’s Self-Defending Network security strategy. “Every device has a role to play in the overall security posture of the network,” said Scott Pope, Cisco’s senior manager for virtual private network (VPN) security product management and product marketing.

CSM 3.0, which is an update to Cisco’s VPN and Security Management product, is designed to manage security policies on various Cisco routers, firewalls, VPN and intrusion prevention devices.

“The management side of things is something we’ve been a bit weak in in the past,” said Dario Zamarian, senior director for product management of Cisco’s security technology group.

Share on LinkedIn Share with Google+