IBM is producing two product updates that will pull Tivoli closer to Cisco's Network Admission Control (NAC) technology.
Tivoli Security Compliance Manager version 5.1 and Tivoli Provisioning Manager version 2.1 will now integrate with Cisco's Secure Access Control Server (ACS), allowing companies to deny network access to insecure or virus-infected systems, IBM said.
Compliance Manager is software that can inspect devices attempting to connect to a network, flagging systems that do not adhere to corporate security policy. The product can assess issues such as whether anti-virus software is up to date, or the computer operating system is running the latest software patches. That information can now be used by Cisco's ACS to quarantine machines deemed insecure, said Ric Telford, director of architecture and development in IBM's Autonomic Computing group.
Provisioning Manager allows administrators to fix non-compliant devices to conform to security policies. Administrators can use workflow features in Provisioning Manager to automate tasks such as installing operating system or anti-virus software updates, IBM said.
The release of new versions of Compliance Manager and Provisioning Manager delivers on a promise made by both companies in February, when they announced a "global security initiative" to improve the security of network infrastructure. IBM promised to join the NAC program and begin working on a software agent that will tie Tivoli to ACS. In October, the companies announced the updates to Compliance Manager and Provisioning Manager, which are now available to the public.
"These products will ensure compliance of devices as they come onto the network and allow remediation if devices are not in compliance," Telford said. "This release closes the loop of security problem detection and remediation automatically and limits the need for human intervention," he said.
Cisco has steadily built support for NAC with security software vendors of all stripes in recent months. Companies such as McAfee, Trend Micro and Computer Associates already offer NAC-compliant products.