Ciscos new NAC Network Module for Integrated Services Routers does not offer any noteworthy features per se. The security system helps to keep small and medium business networks safe by authenticating, authorizing, evaluating and remediating remote users. The company touted the device mainly because of its ability to be integrated into its 2800 and 3800 Series Integrated Services Routers, thus blurring the line between network and security products, a trend that has picked up momentum recently.Historically, routers and switches were designed to move network traffic while devices, such as firewalls, were built to safeguard information as it entered and exited a network. There were clear boundaries between these products mainly because it was easy to discern what was inside and what was outside of the corporate network. This approach worked well in the early days of the Internet but has come under stress recently for a variety of reasons. The corporate office has taken on a new look. Employees are no longer firmly planted inside the network perimeter but now frequently toil in remote locations, such as remote and home offices. Companies opened up their networks to customers and suppliers, who are reaching deeper and deeper into core enterprise systems. Application design shifted; with peer-to-peer networking functions done at a server now shifted to the client and vice versa. Consequently, applications were built to bypass traditional security tools, such as firewalls. As a result, these central network checkpoints became less effective.
In response, vendors started to push security functions into new venues. They went up the seven layer networking model and began embedding them into applications and down so they became closely aligned with networking functions. Rather than buck these trends, vendors, such as Cisco, have been building next generation network devices that feature integrated security modules: the NAC Network Module slips into a router as easily as 1G Ethernet connection.
This architecture offers medium and small businesses some potential benefits. The change should lower costs because vendors have to build one rather than two central units. The move reduces device complexity; with fewer autonomous components required, companies should be able to bring up new sites faster. IT staff training time is minimized because as long as technicians know how to manage routers, they also understand how to oversee the security features. Along with the newfound convenience comes some potential problems. At this stage, such benefits are more theoretical than proven and it is unclear who well the integrated devices will function in corporate networks. The router becomes a central point of failure. If the security module is wiped out, it could bring the whole network down. Despite the potential problems, the integrated devices are expected to gain traction over the coming months and blur the delimiters between network and security functions.
How clear is the boundary line between your network and security functions? How much interest do you have in products, such as Ciscos NAC Network Module? How will security functions evolve in the next few years?
