Editor’s note: Charles Giancarlo, a longtime Cisco executive, will take over as the networking giant’s chief development officer on July 31. Giancarlo recently published some of his thoughts about the future of network development. The article is reprinted here in the interest of providing Local Tech Wire readers with some insight into how Giancarlo views network issues and how that could impact on Cisco in the future.
SAN JOSE,One of the most painful business lessons of the past few years has been related to network security. We’ve all learned that we no longer live in a world where largely static security defenses that once seemed adequate can protect our most important assets from devastating attacks.
Today at Cisco we are helping organizations of all sizes understand that network security cannot be a limited, reactive function. It’s becoming a fundamental component of the network itself and has to be in place network-wide.
Network security has become vitally important because the role of the corporate network has changed dramatically. It has become the organization’s critical “nerve system” and a strategic asset, enabling and protecting business-critical information, applications and processes.
In the past, such mission critical information was isolated on mainframes or closed networks. But today’s companies work closely with employees, partners, vendors, and customers worldwide by connecting and integrating automated business processes and applications on intelligent networks. That means that security breaches such as worms, viruses, and a host of other threats can attack a company from a wide range of sources, including the company’s very own networked PCs and servers.
The Self-Defending Network
To meet this challenge, Cisco has developed a security strategy we call the Self-Defending Network. It’s a new way of approaching security that can dramatically improve the network’s ability to identify, prevent and adapt to threats, no matter what they are or how they arrive.
Cisco’s Self-Defending Network is part of an evolving strategy that began in the 1980’s. The latest steps on that evolutionary ladder are:
Integrated security is the ability to deploy the appropriate security technology wherever and whenever it’s needed, on any of a variety of devices. It also enables a variety of different security capabilities to share information and coordinate a response.
Cisco integrates security into our routers, our switches, our IP Telephony and wireless systems, as well as into a range of security appliances. Our integrated security consists of secure connectivity, threat defense and trust and identity management.
Secure connectivity protects the privacy of all your transactions, either going across the Internet or within your own network. Cisco provides you the flexibility to utilize IPSec or SSL VPNs for secure communications transport.
Threat defense includes all technologies that can protect against both known and unknown threats. This includes firewalls and intrusion detection systems. It now also includes endpoint protection for PCs and servers through the Cisco Security Agent that can prevent damage from new, previously unknown attacks. It is one of the most potent weapons a company can have to fight security threats.
A comprehensive trust and identity management system gives you the ability to control how access rights are granted to network and computing resources. This technology is equally applicable to dial-up clients, remote access VPN clients, WiFi clients and even standard desktop Ethernet clients.
Cisco security management technology ties these three systems together to provide centralized configuration, monitoring and analysis.
Critical Now: Industry Collaboration
But more is needed to create a true Self-Defending Network. Industry collaboration has become recognized as essential to a strong security strategy.
A coordinated effort with other industry leaders is well underway on what we call the Cisco Network Admission Control Program, or NAC. Initial co-sponsors were Network Associates, Symantec, and Trend Micro. IBM has since joined the program and others will be announced.
The need for Network Access Control begins with the mobile nature of today’s technologies and users. PCs, handhelds, PDAs, and other devices can be connected to many networks other than the corporate infrastructure. When traveling or connecting remotely, a user may infect your network through a home or hotel connection. Whenever a user is outside the corporate network, the usual IT safeguards often are not available.
Based on policies your own company defines, NAC chooses how to handle devices that may not have the latest anti-virus software or operating system patch. Working without human intervention, NAC may completely deny those devices access to the network, or it may restrict or quarantine them until problems are resolved and the device is updated with the latest security policies.
The Future: A Security-Aware Infrastructure
Cisco’s vision of a security-aware infrastructure is one that will extend from the very core of your network to its outer-most reaches.
For example, while our current Network Admission Control program allows entry for people accessing the network remotely, our vision foresees the deployment of Network Admission Control to every single place on the network. That means that even a user bringing his laptop into the office will not be allowed to connect to network resources unless his machine has been updated with the latest security policies and software updates.
With the technology that Cisco is developing for the Self-Defending Network, your network will be able to identify an attack in progress based on information coming from a variety of sources. In a matter of seconds, changes will be made automatically right there in the network to mitigate or completely cancel an attack. Threats will no longer have the advantage of speed and complexity to grow into devastating attacks; your network will be able to defend itself.
The Bottom Line on Network Security
Security is an evolving process. Over fifteen years ago, when Cisco started developing security solutions, we delivered point security technologies, such as firewalls, virtual private networks, IDS, and authentication systems.
More recently, we began offering integrated security solutions, with security built into our access routers, delivered via accelerator blades in our high end switches and specialized security solutions for wireless LANs and IP telephony.
Late in 2003, we announced Cisco Network Access Control, an industry collaboration further expanding our ability to offer broad-based security solutions.
And already in development is our next generation of security technology that will make possible true self-defending networks.
At Cisco, security is built into everything we make. No development project is approved until the appropriate level of security functionality is engineered into it. This approach is designed to successfully meet the new breed of security threats that will challenge the Intelligent Information Networks of today and tomorrow.