Secure Access Central Update - July 2006

Our e-mail updates highlight both new services and content on Secure Access Central and significant industry news. You can view the full content for each topic by selecting the relevant link. We encourage you to share Secure Access Central with other security professionals.

Secure Access Central delivers the most comprehensive coverage of endpoint security and policy-based access control including robust SSL VPN and NAC solutions. To that end we publish our own original analysis and point you to a select set of other high quality publications on the Internet.

Network Admission Control (NAC) is now one of the most talked about subjects in enterprise network security with early adopters getting their feet wet and more than 50 vendors vying for industry attention and customer IT spending. The list of NAC-related products is long and growing: policy managers and enforcers, NAC-enabled networking equipment, identity-based DHCP servers, endpoint security software, vulnerability assessment tools, security and system life-cycle management systems and SSL VPN gateways.

While figuring out "what NAC solution is possible and desirable for my specific IT environment?" will remain a tough challenge for all organizations over the next few years, Secure Access Central is committed to helping you successfully meet this challenge.

In this issue:(select topic to view)

1. Solution Profile: Cisco NAC Framework
2. Solution Profile: Cisco NAC Appliance
3. Network Admission Control Vendor Directory (Update)
4. Customer Perspectives on NAC: Survey Data
5. SSL VPN + NAC Convergence = AEP Networks + Lockdown Networks
6. Microsoft + Whale Communications = Future New Products???
7. NAC Misconceptions: What Should You Believe?
8. Introducing a new portal sponsor: NeoAccel

Solution Profile: Cisco NAC Framework

While no single vendor clearly dominates in revenue market share, Cisco Systems has already attracted much industry interest by offering two distinct NAC solutions widely viewed as de facto competitive benchmarks for other NAC vendors.

The Cisco NAC Framework enables organizations to create a comprehensive, universal and highly automated infrastructure for enforcing endpoint security compliance and controlling network admission policies. Cisco provides the central NAC policy controller and NAC-enabled network systems and more than 50 vendors provide complementary endpoint security and management software that integrate with the Cisco products. Deploying and managing a Cisco NAC Framework is a major undertaking which requires a substantial investment in hardware, software, services and manpower. The Cisco NAC Framework is a major undertaking which requires a substantial investment in hardware, software, services and manpower. Fortunately, it can be deployed in manageable stages. Few companies will do otherwise.

Our new Cisco NAC Framework profile provides an in-depth examination of this Cisco-led industry initiative. We will continually enhance this publication to maintain the freshness of our analysis.

Current content includes:

• A complete functional description
• Profiles of key solution components
• A detailed example of how it works
• A comparison to the Cisco NAC Appliance

Solution Profile: Cisco NAC Appliance

In contrast, the NAC Appliance, formerly called Cisco Clean Access, enables organization to rapidly deploy relatively self-contained endpoint assessment, policy management, and remediation services without requiring changes to switches and routers. The NAC Appliance capabilities are much narrower than a full-blown NAC Framework implementation and the required effort, time and costs are naturally much lower.

The new Cisco NAC Application profile provides an in-depth examination of this product.

Current content includes:

• A complete functional description of the NAC Appliance
• Profiles of key solution components
• A detailed example of how it works
• A comparison to the Cisco NAC Framework

NAC Vendor Directories

A number of NAC policy and enforcement products have been added to our NAC directory. Separate directories for complementary products (e.g. remediation servers) will be added soon.

Customer Perspectives on NAC: Survey Data

This month Dark Reading/Network World have published highlights from their recent poll of customer perceptions about NAC. The answers to nine key questions from about 300 organizations are included. A few minor surprises but nothing earthshaking. However, the high ranking of identity-based access control to SELECT resources rather than simply to the network is reassuring. We encourage you to read the entire article and compare your perceptions to the survey findings. This brief exercise can sharpen you own priorities.

SSL VPN + NAC Convergence = AEP Networks + Lockdown Networks

In July AEP and Lockdown jointly announced a "technology licensing, co-development and marketing partnership which will integrate Lockdown’s flagship Network Access Control (NAC) solution, Lockdown Enforcer™, into AEP’s Policy Networking security solutions." Secure Access Central asked Reggie Best, EVP/GM Secure Application Access Business for AEP Networks, to clarify what the two companies intend to do together from a technology perspective. His answer follows:

"Our intention is to co-develop very specific extensions to both the NSP and the Lockdown technology allowing unified health scan checks, quarantine and remediation for SSL VPN traffic entering the network via the NSP. This way SSL VPN, wireless and wireline Ethernet traffic as well as branch office traffic (via IPSec for example) can be managed in a consistent way. We are enhancing the NSP v-realms policy engine to add a specific policy stage for NAC- based posture validation and building to an API which we are co-defining with Lockdown. Lockdown is extending this API on their side to enable the necessary communications between the NSP and the Lockdown NAC technology. AEP will still offer customers the existing Symantec SODA based endpoint security as an option. NAC will be a second option offering a broader solution for customers that need it.

AEP will be licensing the resulting NAC offering to sell under the AEP brand, on our appliances through our channels. The primary positioning will be to add NAC capable posture validation/health checking to AEP SSL VPN while enabling smooth integration of guest, conference room and partner access (via wireless or wired Ethernet).

This is part of a bigger AEP policy networking suite from the edge (where we play today) to the core (where the market is heading) that the company will roll out over the next 12-18 months."

This relationship offers more evidence of the convergence of SSL VPNs and NAC as secure remote access becomes one of the primary concerns for organizations of all sizes.

Microsoft + Whale Communications = Future New Products???

Now that Whale Communications is a Microsoft subsidiary what should you expect in terms of new products? You can learn about what Microsoft has said so far by reading its acquisition FAQs. A key questions is how will Whale Application Optomizers play in Microsoft's NAP strategy. We will follow the evolution of their combined solutions closely.

NAC Misconceptions: What Should You Believe?

In August we will publish a new area on Secure Access Central titled NAC Perceptions: What Should You Believe? Here we will identify and explore common misconceptions about NAC technology and usage. We invite you to submit your own candidates along with your views on the issue. You can send them to the publisher at dana@breakawaymg.com.

Introducing a new portal sponsor: NeoAccel

Starting in August NeoAccel will share how its secure gateway architecture uniquely meets the performance needs of the most demanding of remote access environments. The NeoAccel SSL VPN-Plus™ appliance eliminates TCP-over-TCP meltdown and context-switching overhead affecting conventional SSL VPN deployments. Through a comprehensive gateway kernel rewrite and SSL stack re-engineering, NeoAccel’s SSL VPN-Plus™ is able to deliver performance levels above that of even IPSec configurations. Applications requiring low latency and quick access to corporate networks, like VoIP, run flawlessly even in a wireless environment over the NeoAccel™ platform.

You are receiving this message because you signed up for the Secure Access Central mailing list. We encourage you to share it with others you feel would benefit from Secure Access Central. You may unsubscribe at any time.

©2004-2006 Breakaway Security Group

© 2004-2007 Breakaway Security Group - Terms of Service - Privacy Policy - Contact Us - Advertising Information