With a slew of security-related networking offerings under its belt, Cisco is at it again with an über-strategy to unify role-based security and identity management across a network infrastructure.
The goal for the new Cisco Trusted Security effort is to provide an architecture that simplifies management and creates a framework for multiple authentication systems.
The company also sees “TrustSec” delivering an architecture that can coordinate different, often-conflicting policies and apply them across the network, creating a converged policy framework.
The architecture, slated for debut in the first quarter of 2008, should help enterprises that have struggled with applications and networks handling identity in different ways, said Robert Gleichauf, CTO for Cisco’s Security Technology Group.
“We’re congregating [identity] into a single-policy place that can be distributed and applied in a transparent way,” Gleichauf said during a Webcast today with press and analysts. “Define the role once and it can be implemented in multiple places.”
The offering relies on networks’ existing directories, such as Microsoft Active Directory, which define roles and the privileges users have. It also revolves around the IEEE’s 802.1x and 802.1ae standards for Ethernet security.
“What we’ve done through 802.1x and 802.1ae is the ability to start tracking where user traffic goes and doesn’t go in a very secure manner,” Gleichauf said.
As a result, TrustSec brings identity and permissions down to the network layer. Based on its interactions with enterprise directories, the network can determine who can do what and go where.
For existing customers, Cisco said adopting TrustSec shouldn’t require a “forklift” upgrade, but rather a software update to their existing switching infrastructure.
That’s because part of the solution is based on software in Cisco’s upgradeable access switches, said John McCool, senior vice president for Cisco’s Internet Systems Business Unit.
After being upgraded, the switch would enable the security exchange protocol (SXP), which will bind users with roles and communicate back to the trusted domain.
The first TrustSec-capable software for Cisco switches is expected to be available during the first quarter of 2008.