Cisco and antivirus firms unite against worm threat

Networking equipment maker Cisco Systems has announced licensing agreements with three leading antivirus software companies and a...

Networking equipment maker Cisco Systems has announced licensing agreements with three leading antivirus software companies and a program claimed to protect computer networks from worms and viruses.

The Cisco Network Admission Control program will enable Cisco routers to evaluate information, such as whether a particular computer's antivirus definitions are up to date and its operating system is adequately patched, before allowing it to connect to a network.

The program was developed jointly by Cisco and antivirus companies Network Associates, Symantec and Trend Micro, and will address the security risks posed by remote and mobile computer users who are connecting to corporate networks using home broadband connections or even PDAs.

Many organisations recently stopped worms such as Blaster and Nachi at their network perimeter using firewall and IDS (intrusion detection system) software. However, some of those companies suffered anyway when mobile workers and telecommuters became infected through unprotected home internet connections, then brought their infected machines to work or logged in to corporate networks using a dial-up or VPN (virtual private network) connection.

Cisco Network Admissions Control will prevent such infections by allowing Cisco routers to enforce access privileges when a remote computer attempts to connect to a network. Noncompliant devices can be denied access, quarantined or allowed only limited access to network computing resources.

At the heart of the new system is a new software client called the Cisco Trust Agent, which is installed on laptops, home desktops or servers, or mobile devices that will be connecting to a computing network. The Trust Agent collects information from other security software clients including antivirus clients, and relays that information to Cisco devices on the network.

NAI, Symantec and Trend Micro have licensed the Trust Agent software from Cisco and will integrate it with their own software clients. In related news, NAI said that it will integrate the Trust Agent with McAfee Security technology, as part of the McAfee Trusted Connection Strategy program.

Cisco is also integrating the Trust Agent with the Cisco Security Agent, a software client for servers and desktop systems which provides integrated firewall, intrusion detection and content-based security. That integration will enable Cisco networks to enforce access policies based on whether or not a machine's operating system is adequately patched, Cisco said.

The new program marks a shift in tactics for addressing the threats posed by worms and viruses, according to Chris Christiansen, an analyst at IDC.

Previously, many security companies treated user desktop and laptop computers mainly as the target of malicious code. The Cisco Network Admission Control program, incorporating the lessons of Blaster and other recent attacks, treats them as transmission points for attacks on the network infrastructure.

"There's a recognition that the network is the true destination of the attack and that routers and switches need to have the ability to protect the network," Christiansen said.

While the new program initially involves only major antivirus and security companies, Cisco will release an API (application program interface) that allows other companies to integrate the new Cisco technology with their products, Christiansen said.

Paul Roberts writes for IDG News Service

Read more on IT strategy