Security threats Toolkit

Microsoft and Cisco clash on security

Tags:
Security,
Architecture,
Cisco,
Microsoft

Marguerite Reardon CNET News

Published: 17 Sep 2004 13:00 BST

Differences can divide
Though the overall concepts are similar, the two companies are approaching the problem differently. With NAC, Cisco is trying to solve the entire problem itself, end to end. The company has developed its own security software agents through partnerships with three key antivirus providers -- McAfee, Symantec and Trend Micro -- and technology it had acquired through Okena. These "Trust Agents", as Cisco calls them, will run on clients as well as Cisco networking gear, such as Ethernet switches, IP routers, and firewall products. The agents will communicate with each other through a central policy server to ensure that endpoints are updated and following policy before they connect to the network.

"We felt it was important to deliver a solution that worked end to end," said Bob Gleichauf, chief technology officer for Cisco's security networking group. "The fact that we are building a little agent to sit on clients is because networks extend all the way to the client."

By contrast, Microsoft has opted to focus its NAP architecture on its core competencies: host and server software. Microsoft plans to incorporate security agents as part of its operating system software, so that every desktop and server running Windows XP and Windows Server 2003 will be wired for NAP. Microsoft's current architecture does not include a networking element per se, but the company has partnered with a number of networking gear vendors so that they can hook into the NAP via a central server. While Cisco has not signed up as a partner to NAP, several of its competitors already have, including Juniper Networks, Enterasys and Extreme Networks.

Open standards are key
It is likely to be customers who eventually force the two sides to work together, since both companies have a vested interest in selling their own security agents and Radius servers. A consortium of vendors called the Trusted Computing Group is already working on an architecture that will use open standards, so that customers can use Radius servers, security software or networking gear from any vendor. The group, which announced its plans in June, includes companies such as McAfee, Intel, Sygate, Juniper Networks, Hewlett-Packard and Sun Microsystems. Microsoft is a member of TCG, but Cisco is not.

TCG supporters complain that though Cisco and Microsoft claim they are willing to work with partners, they seem to still be trying to keep pieces of their solutions proprietary to lock in customers.

"Clearly Microsoft and Cisco would love for their architectures to dominate," Scull said. "And by pushing their own solutions they ensure that customers continue to buy their products."

For example, Cisco announced in June that it is expanding its antivirus partnership program to include more security vendors, but it did not mention opening its NAC architecture up to other networking competitors. Even though Microsoft is creating a platform that more than 30 vendors can plug into, its NAP architecture only works in a pure Microsoft environment, which includes the client as well as a suite of back office servers.