. . . and then there were three
Does anyone remember this great Genesis album? For me it was when I first realized that Genesis was still great even without Peter Gabriel. Phil Collins was the lead singer and the big hit was "Follow you, follow me". But enough of classic rock history, I write about a recent interview of Steve Hanna by Rick Turner in Computer Business Review Online. Steve, the co-chair of the TCG/TNC workgroup and a Juniper engineer (among other things) has been a guest on our podcast before. In this interview Steve for the first time that I have seen throws down the gloves with Cisco in the NAC framework battleground. Steve says unequivocally that the recent collaboration and interoperability, as well as Microsoft "donating its client/server protocol ... to its Trusted Network Connect workgroup", has left a two horse race between Cisco and everyone else. This is against the usual reporter drivel about the three frameworks and which one will win. Steve is not usually the kind of guy who makes bold statements like that. For him to come out swinging like this, I have to think that the TNC folks think that this game is winding down and Cisco will have no choice but to play ball with them.
Of course Steve does point out that Microsoft is not abandoning their bilateral interoperability with Cisco. But he rightfully says that this has received a lukewarm response in the market because it is a two-server solution. Steve again right on, says people want NAC in the OS to work with whatever they have have already deployed (does that mean he does not believe in replacing existing switches with "secure switches". What does ConSentry and that crowd say about that, they are TCG members I think). Steve also says NAC has to move beyond Windows boxes and work with anything with an IP address. That I think is what we are going to see coming out of the TCG/TNC going forward by the way. The TCG has big plans to move the NAC standards into overall endpoint and network security. In Steve's own words "incorporating things like anomaly and vulnerability scanning, as well as device characterization, which is where an endpoint requests access with no NAC software on it, in which case we need to be able to identify it as a printer or whatever." Ambitious indeed! Lets see if they can deliver.
In the meantime, Cisco has gone Sphinx like in discussing NAC. Have they decided to go in another direction? Are they contemplating a change in their strategy? Something must be going on there and our inquiring minds would like to know.
In the meantime, I am currently scheduling a podcast in the next few weeks which will have Steve Hanna rejoin us as a guest along with our friend Amith Krishnan from Microsoft's NAP program. I would like to invite Russell Rice or someone from Cisco if they would like to appear as well, but will have to work on that one. If anyone knows Russell's email address, please forward it to me. Stay tuned for more details. If you have any questions you would like to see answered you can send that to podcast (at) stillsecure dot com.
Comments