NAC is Cisco’s year-old initiative aimed at building access control into network infrastructures by enforcing endpoint security policy compliance. The idea is to simplify the task of keeping unpatched or worm-infested PCs off the network.
Updates to be shipped from both firms in December will enable integration between Tivoli Security Compliance Manager and Cisco’s Secure Access Control Server and Trust Agent, executives said.
In the combined system, the Tivoli SCM, after it has scanned an endpoint and compared its security state to policies, can pass that information to the Cisco ACS, via the Trust Agent, which makes the decision to permit or deny network access.
The integration appears similar to the interoperability with various anti-virus and client firewall products Cisco announced last November, though instead of polling these diverse applications for their compliance, Trust Agent takes an aggregated feed from SCM.
On the remediation side, non-compliant endpoints can be isolated by ACS to a quarantine network or server. IBM Tivoli Provisioning Manager will be able to come in at this point and prompt the user to upgrade passwords or download patches, the companies said.
