Cisco NAC meets Microsoft NAP

The big event from this week's The Security Standard conference was the interoperability announcement between Cisco NAC and Microsoft NAP. I still feel that the NAC approach from these two vendors misses the mark badly and it is so tempting to go off on a NAC rant. However, being a Libra I feel compelled to keep things in balance every once in a while. With that, let's take a look at some of the positives to come out of this announcement.

1.    Integrating core elements of network management, endpoint management and security policy management can only improve the professional lives of enterprise IT. A single process to ensure that policy seamlessly bridges network, endpoint and application infrastructures can only be a good thing. 

2.    Bad things will always happen to corporate networks – no security product can protect the business against every potential threat. IT needs a discovery mechanism to understand the impact of a threat and to push out reactive changes in policy. NAP notifications of degradation to an unhealthy state can allow IT to better discover the magnitude of a security event.

3.    Server environments, upon which runs the business, can be better monitored and managed. Yes, the NAC-NAP verbiage is all about desktop AV and personal firewalls, but the approach works best for tightly controlled and managed systems. IT, which manages thousands of distributed servers with controlled configurations, can potentially use this approach to tell when a server falls out of compliance.

4.    NAC-NAP will generate subscription revenues for AV vendors. Vendors like McAfee, Symantec and Trend Micro have to be happy because AV subscriptions will become ubiquitous in the enterprise and will not be allowed to expire. In the short run, NAC-NAP will give a boost to subscription-oriented security businesses.

5.    There may really be a customer problem here. Cisco and Microsoft are powerfully framing the NAC-NAP discussion to fixing a broken security model within the business infrastructure. Amazingly, all the major security vendors can say is, "Thank you sir, may I have another"! The big three all have piles of data from their research labs, and yet not one of them is standing up and saying the problem of endpoint security management is being over-blown. The silence is deafening. Believe me, this is not easy for me to say and I do not totally believe it, but maybe there is something there.

6.    It is good to see the big players talking. It is possible that open interfaces can be defined by the architecture giants that allow other good minds to innovate. Right now, the protocols are nowhere near rich enough, but they will eventually get there if the infrastructure people keep working together.

Wow – I did it!! Even though my list of negatives is at least 10 times longer. Oh oh, I feel my scales tipping back. :-)