IBM, Cisco tackle security's weak link

Companies expand security alliance to help businesses keep worms and viruses from getting onto networks.

Marguerite Reardon Former senior reporter

Marguerite Reardon started as a CNET News reporter in 2004, covering cellphone services, broadband, citywide Wi-Fi, the Net neutrality debate and the consolidation of the phone companies.

See full bio

Marguerite Reardon

Nov. 1, 2004 4:17 p.m. PT

2 min read

IBM and Cisco Systems have expanded a partnership to provide businesses with automated identity and access security to networks.

The two companies announced Thursday that they have integrated IBM's Tivoli network management software with Cisco's networking products to help businesses protect their networks from worms and viruses before employees get on the network. The combined offering sets criteria for users and devices logging on to the network.

IBM and Cisco first announced their partnership in February.

When someone tries to log on to the network, IBM's Tivoli software scans the machine to ensure that it has all the required security patches, antivirus updates and other software running on it. The update is sent to Cisco's Access Control Server through the Cisco Trust Agent, software that is pre-installed on every user's machine. If the device connecting to the network complies with all the security policies that have been previously set, the person is allowed to log on. If it doesn't, the device is quarantined on a separate virtual LAN (local area network) link and the Tivoli software prompts the person to download the necessary software.

Cisco has similar partnerships with makers of antivirus software through its Network Admission Control (NAC) program. Network Associates, Symantec and Trend Micro have been working with Cisco since NAC was announced last year. Earlier this week, Cisco announced that Computer Associates also joined the NAC alliance.

Cisco's NAC initiative is part of a broader effort to help protect networks from worms and viruses before they propagate throughout the network. As the work force becomes more mobile, many workers are inadvertently exposing their companies to security threats. For example, employees who take their laptops with them when they travel may pick up viruses and worms while they are connected to another network on the road. When they return to headquarters and plug into the corporate network, they can infect the entire company.

Cisco is not the only company that has developed a strategy to address this issue. Microsoft also has proposed a plan it calls Network Access Protection, or NAP. Both architectures work in similar ways, but they are not interoperable. Other networking vendors also have developed similar security strategies, including Enterasys and Alcatel.

A consortium of vendors called the Trusted Computing Group is already working on an architecture that will use open standards.

So far, Cisco's NAC architecture is only supported on its IP routers. The company plans to add the functionality to its Ethernet switches sometime next year.

The integrated Cisco and IBM offering will be available in December.