Blogs
Eric Ogren's picture
Eric Ogren

Security Impact

More posts |

December 11, 2007 - 5:23 P.M.

TrustSec – Cisco finally finds its security role

. What's this?

Cisco security leaders led an online discussion on TrustSec, a stronger approach by Cisco to control access to applications by defined roles. TrustSec upgrades will allow Cisco networks to enforce centrally defined roles-based access policies in the switch. With this Cisco has shifted the access control priority from end-point health to user identity, which is where it should have been all along. Network access control is first and foremost an identity-based decision. Here are a few highs and lows:

+ TrustSec integrates with user management from IBM Tivoli and Microsoft Active Directory to identify users, roles, and access policies. This is a nice positioning, where Cisco can focus on the network without creating extra work for its customers.

+ Cisco will require software upgrades to take advantage of TrustSec, but it does not appear that this will be a major expense to enterprise networks. Looks like Cisco learned the lesson to avoid forklift upgrades.

+ The path is cleared for Ironport reputation services to help keep role definitions manageable, and to possibly assign roles to outbound Web resources. User roles change constantly in a dynamic business, and reputation-approaches can supply intelligence for IT to keep policies consistent with business needs.

+ Independent NAC vendors, who assumed Cisco would create a market for them, must now re-do their messaging as Cisco has lowered the importance of NAC to a secondary status. This is a good thing. They should all keep NAC as a datasheet item to be able to respond to RFPs, but need to quickly re-position their product offerings to differentiate their security products.

- There are hurdles that TrustSec must clear: role maintenance can be an administrative nightmare in large organizations, enterprises may prefer to use roles to prioritize traffic or kick in transactional activity auditing and not automatically block access.

The online conference, conducted over something called Cisco IPTV, was logistically pretty cool. My window had a live video of Cisco security execs in the right panel, slides synchronized to the discussion on the left panel, with the bottom footer panel useful for asking questions or getting help. I live in the sticks and everything came through clear and without jitter. Hopefully, Cisco will post sessions from its C-Scape conference on IPTV so those who are not in San Jose can keep informed.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?

Related Posts

DARPA cool or creepy: 'Good Stranger' to 'global brain' spying
Nissan Leaf secretly leaks driver location, speed to websites
Free harem of perfect virtual girlfriends?
How does Intel/McAfee make sense? I think I know...

Today's Top Stories

Essential browser tools for Web developers
Hands on: The new iPad
Microsoft cuts the prices of some Office 365 plans
Google works to overhaul its search
Mozilla will start Firefox silent updates in June
Preston Gralla: Big backlash is building against Windows 8. Will Microsoft listen?