Endpoint security interoperability and standards
0 Comments
Endpoint security could revolutionize corporate security. I say this thing since a couple of years.
But endpoint security effectiveness is flawed by at least 2 big issues:
This second point is the most important at the moment: actual solutions aren't based on a standard and aren't interoperable by default.
A customer adopting the Check Point endpoint security solution (Total Access Protection or TAP) will not be able to integrate it with Cisco equipement featuring Network Admission Control (NAC) endpoint security implementation.
2 year ago Cisco and Microsoft annouced a cooperation to deliver interoperable endpoint security. But since that announcement nothing happened (also because Microsoft endpoint security solution, Network Access Protection or NAP, will appear not earlier than another year and a half).
Now Cisco and Microsoft are re-announcing their partnership for NAC-NAP interoperability at Security Standard conference.
Again? Yes, but this time they made a little more, producing a 8-pages whitepaper (half marketing half technical), about the interoperability.
The central point of this interoperability is the endpoint security agent, which is currently integrated in Windows XP SP2 (with some limitations) and in Vista and Windows codename Longhorn Server beta builds: the Microsoft NAP agent will serve also as Cisco NAC agent.
Luckily the agent will be updated by online Windows Update service or offline Windows Server Update Services (WSUS).
Meanwhile Cisco will continue to develop its own NAP client (Cisco Trust Agent) for non Microsoft operating systems and possibly for Microsoft OSes prior to Windows Vista.
How customers adopting Check Point TAP or Sygate NAC (now acquired by Symantec of Borg) other endpoint security solutions will be able to integrate on this? Has still to be known.
Obviously this complexity could be addressed creating a standard. The real problem is an attempt to standardize already exists but not all companies are embracing it.
It's called Trusted Network Connect and its first draft appeared in May 2005.
By chance both Check Point and Sygate immediately adhered to it, while others like Juniper, Nortel, StillSecure added or announced support to it this year.
Microsoft announced plans to make its NAP compliant to TNC standards on April 2005 while Cisco didn't.
So while you ask yourself why Cisco is once again preventing to return on your previous investments, you may want to look at a wonderful summary scheme about NAP-NAC-TNC interoperability, created by Opus One:
You may also want to check for further reference a needful terms comparison for all three implementations in the standardization assessment published by IETF in June 2006.
But endpoint security effectiveness is flawed by at least 2 big issues:
- it cannot handle machines where no endpoint agents are present
- it lacks of interoperability
This second point is the most important at the moment: actual solutions aren't based on a standard and aren't interoperable by default.
A customer adopting the Check Point endpoint security solution (Total Access Protection or TAP) will not be able to integrate it with Cisco equipement featuring Network Admission Control (NAC) endpoint security implementation.
2 year ago Cisco and Microsoft annouced a cooperation to deliver interoperable endpoint security. But since that announcement nothing happened (also because Microsoft endpoint security solution, Network Access Protection or NAP, will appear not earlier than another year and a half).
Now Cisco and Microsoft are re-announcing their partnership for NAC-NAP interoperability at Security Standard conference.
Again? Yes, but this time they made a little more, producing a 8-pages whitepaper (half marketing half technical), about the interoperability.
The central point of this interoperability is the endpoint security agent, which is currently integrated in Windows XP SP2 (with some limitations) and in Vista and Windows codename Longhorn Server beta builds: the Microsoft NAP agent will serve also as Cisco NAC agent.
Luckily the agent will be updated by online Windows Update service or offline Windows Server Update Services (WSUS).
Meanwhile Cisco will continue to develop its own NAP client (Cisco Trust Agent) for non Microsoft operating systems and possibly for Microsoft OSes prior to Windows Vista.
How customers adopting Check Point TAP or Sygate NAC (now acquired by Symantec of Borg) other endpoint security solutions will be able to integrate on this? Has still to be known.
Obviously this complexity could be addressed creating a standard. The real problem is an attempt to standardize already exists but not all companies are embracing it.
It's called Trusted Network Connect and its first draft appeared in May 2005.
By chance both Check Point and Sygate immediately adhered to it, while others like Juniper, Nortel, StillSecure added or announced support to it this year.
Microsoft announced plans to make its NAP compliant to TNC standards on April 2005 while Cisco didn't.
So while you ask yourself why Cisco is once again preventing to return on your previous investments, you may want to look at a wonderful summary scheme about NAP-NAC-TNC interoperability, created by Opus One:
You may also want to check for further reference a needful terms comparison for all three implementations in the standardization assessment published by IETF in June 2006.
Most Recent Articles
0 Comments:
Post a Comment
Links to this article:
Stay up to date |
|