2/17/2004 -- Long-time collaborators Cisco Systems Inc. and IBM Corp. were at it again last week, announcing plans to integrate their security and management tools to automate many security-related tasks. But thats not all: The two companies say that theyll continue to collaborate to improve security for their combined customers, and will introduce new products on a regular basis.

Initially, Cisco and IBM plan to ratchet up integration between two of their product offerings, such that customers can use Big Blues Tivoli Identity Manager software to control Ciscos Secure Access Control Server (ACS). Officials say this will help reduce common security risks -- such as orphaned user accounts -- and also facilitate single-sign-on capability to network resources.

In addition, IBM says that it will support Cisco VPN client in its ThinkPad notebooks and ThinkCentre desktops, which feature integrated an embedded security and encryption chip called "ThinkVantage." Cisco, for its part, will integrate its Cisco Security Agent with IBM clients and servers to provide protection from worms and viruses. Big Blue will offer the Cisco Security Agent through its Web site as an available option when customers purchase Intel-based IBM eServer systems.

Down the road, IBM says that it will join Ciscos Network Admission Control (NAC) program and also announced plans to integrate certain of its IBM Tivoli security management tools with Cisco infrastructure products that are involved in the program. Cisco developed NAC in conjunction with anti-virus vendors Network Associates, Symantec, and Trend Micro. The program was announced in November of 2003.

NAC exploits new IOS functionality that lets Cisco routers enforce access privileges when an endpoint attempts to connect to a network. A Cisco router will be able to use NAC capabilities to make intelligent decisions about an endpoint device, based on known information about its anti-virus readiness state and its operating system patch level, which is to be supplied by a compatible anti-virus client. Customers can configure Cisco routers that support NAC to deny access to non-compliant devices, place them in a quarantine area, or provide restricted access to network resources.

Theres a services piece to the new initiative, as well, involving IBMs Global Services (IGS) unit, which Big Blue says will be available to help assess security in combined Cisco and IBM infrastructures.

The partners say that at least one of the new initiative's deliverables -- integration between the ThinkVantage embedded security chip and Cisco's VPN client -- is already available, and that the other deliverables will be available in the March time frame. Officials from both companies say that the new initiative is just the start of an ongoing collaboration that could lead to new product introductions every six months or so.

"We've been working on integrating these products and have been testing them in our labs for several months. Our initial group of products will be ready for market in March,"said Arvind Krishna, vice president of Tivoli Security Products for IBM, in an interview posted to Ciscos site. "It's important to note that our agreement with Cisco is not just a one-time announcement but also a long-term plan to improve security for our customers through greater integration. We will be looking to deliver new product opportunities every six months or so." -Stephen Swoyer