Intel, Cisco Team to Thwart Security ThreatsBy Paul F. Roberts | Posted 2005-08-23 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
The deal will allow Cisco NAC devices to interoperate with systems that use Intel's AMT technology, so companies can defend against security threats.Chip maker Intel Corp. and networking equipment maker Cisco Systems Inc. are joining forces to combine Intel's chip-based Active Management Technology with Cisco's Network Admission Control architecture.
The two companies used the Intel Developer Forum in San Francisco on Tuesday to announce the new arrangement. The deal will allow Cisco NAC devices to interoperate with systems that use Intel's AMT technology, so companies can defend against security threats. Eventually the partnership could provide a hardware secured area for computers to store sensitive network admission credentials, or open up the NAC program to hardware and configuration data that cannot currently be evaluated for decisions about network admission, said Bob Gleichauf, chief technology officer of Cisco's Security Technology Group.
NAC is a Cisco-sponsored program that is part of the Cisco Self-Defending Network strategy. Companies use features built into Cisco routers and switches, and a desktop software client called the Cisco Security Agent to enforce security policies when PCs try to access network computing resources. AMT is technology for managing and protecting IT assets. Systems that use AMT hardware and firmware store critical hardware and software information in secure memory on AMT-equipped machines.
At the same time, security products could push data down to AMT's secure, tamper-resistant storage area in the future, he said.
Information exchanged between AMT and NAC systems could be identical to information that is already used to make admission decisions. However, AMT could potentially be used by NAC-compliant networking gear to make network admission decisions, he said.
For example, statistics collected from hardware interfaces and configuration information stored in a computer's registry aren't used to make admission decisions now, but could be with the help of AMT technology, Gleichauf said.
However, those decisions are in the hands of Intel engineers, rather than Cisco or security companies that have signed on to the NAC program, he said.
Eventually, AMT's secure data store could hold data collected by the Cisco Security Agent. Alternatively, Intel may elect to build CSA functions into AMT, he said.
"It gives [Intel] the option to be creative and capture information in addition to what software vendors capture," he said.
Customers should see the first evidence of the AMT-NAC program in the fourth quarter, when Intel releases AMT software extensions that allow NAC-compliant devices to evaluate AMT data at the network edge, as devices seek access to network resources. Previously, AMT status information could only be assessed on the local machine, Gleichauf said.
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.