Cisco extends reach of NAC gear

New network module blade offers NAC appliance functionality to branch offices

Cisco has announced it is adding a network access control blade for its branch office routers in a move the company says will push the admission technology to sites where it might not previously have been affordable.

The new NAC Network Module blade is the equivalent of a Cisco NAC appliance, so if a business wants NAC in a branch office that already has a Cisco Integrated Services Router (ISR), it could install the blade. That would keep down the number of devices to worry about in the branch, Cisco said.

The ISRs are popular multi-platform routers that also support VoIP, VPN, content caching and a firewall.

So far the NAC Network Module can't fail over to another one, but Cisco says it is working on that.

The module fits in Cisco 2800 and 3800 ISRs. The module with a license for 50 users costs US$3,500; 100 users costs US$5,000. Customers can upgrade a 50-user license with a software key.

Cisco is also tapping into a valuable NAC peripheral made by Great Bay Software, whose Endpoint Profiler automatically discovers and profiles all devices attached to the network. Knowing what devices are already on a network is essential to deploying NAC.

Cisco is calling the software NAC Profiler, which identifies devices that can't be scanned by NAC agents, such as IP phones and printers, and assigns them a NAC policy. The software also continues to monitor the behavior of these devices after they are admitted to the network and can flag behavior that violates policies. NAC Profiler will become part of Cisco's NAC appliance server.

The announcements came up during the opening Security Standard roundtable discussion among three Cisco security executives about the changing threat landscape, with the panelists identifying data leakage as the biggest challenge.

"I don't think any of us would say there's a 100 percent solution or even a 70 percent solution," said Richard Palmer, senior vice president and general manager of Cisco's security technology group.

Part of the problem is that businesses want to let employees use managed laptops for limited personal reasons. Dual personal/business use of corporate devices is becoming a requirement in businesses that compete for the best and brightest employees, the panellists said. "If you want to be a preferred employer enabling personal and business use of company devices is one of the questions you have to ask," said Scott Weiss, the co-founder and CEO of Ironport Systems, now part of Cisco.

"This is a difficult thing to balance. There is a thin line between data-leakage protection and employee surveillance."

Personal collaboration tools are becoming more prevalent in business networks and may have to be tolerated, Palmer said. "We're in a cycle where technology and solutions are not being driven top-down by IT, and that's a challenging environment from a security perspective," he said.

Encryption is a key element in protecting against data leakage, the panellists said. Weiss said Cisco's vision is for an encryption gateway that checks outgoing content and encrypts it as necessary based on policies.

Data that is enterprise-critical will be the first category of corporate information to be encrypted both at rest in storage devices and user machines and as it is sent around. Palmer said Cisco will focus on encryption in server storage environments where it will be unobtrusive to the people sending the data. "It's not just what the CSO wants to enforce, it's what the end user will accept and use. That's going to be the key for us," Palmer said.

He added that SSL traffic coming and going from networks can pose a problem because it cannot be scanned for content without breaking the encryption. He said certain trusted entities will be allowed to have the keys to decrypt the traffic so its content can be scanned. These proxies will work in concert with scanning on endpoint devices that send and receive the SSL traffic as well. "This is not as intractable a problem as it appeared it might be a couple of years ago," he said.

Last year at the Security Standard, Cisco set blending physical security with IT security as a goal it wanted to support, but progress has been slow. "Our expectation was that it would happen faster than is the case," said Jeff Platon, Cisco vice president of product and technology marketing for security and application networking.

Some of the delay has to do with the physical security and IT security organizations coming from different cultures and being unfamiliar with each others' technologies. An important prerequisite is for physical security systems to be converted to IP, Palmer said, and that is a big task. "From a deployment point of view, it's going to take some time," he said.

The panel addressed buying decisions customers face when seeking new technologies that are made by start-ups. Customers want more security on their networks and are often attracted by point-products by these young companies, but they would prefer better-integrated technologies, Weiss said.

"Users want different devices that talk and have logical interfaces," he said. "There's a lot of complexity that needs to be simplified through a managed approach."

When deciding whether to go with a point-product from a start-up, customers should consider the breath of that vendor's products and whether it is strong enough to stand alone for the long term against larger, more diverse companies.

If new technology that crops up to address new threats is good enough, larger vendors will try to incorporate it in their products, Weiss said. "It's tough to do everything. Big companies will have to decide whether to build, buy or partner for new solutions," he said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments


Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >


Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >


Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >


Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?