2 min read

3Com builds new security architecture

Company says there's a way to bring intelligent control to networks without rip-and-replace

3Com has called on IT vendors to join it in creating an open network security architecture.

Outlined at last month’s RSA Conference, the company believes its Intelligent Network Control architecture will help customers choose the best of breed access, attack-and-application control devices without having to rip out existing systems.

“This is definitely contrary to the Cisco approach” which is more proprietary, Greg Fitzgerald, vice-president of marketing at 3Com’s security division, said in a recent interview.

The idea depends on companies publishing APIs to their software so their devices can be linked.

However, he also said a new generation of intrusion prevention devices from 3Com’s TippingPoint division, expected at the end of the year, is central to the vision.

These appliances would enforce access and attack control policies set by devices and software from other companies.

“If 3Com can provide the capability for tying those best-of-breed technologies together and provide one key value point — the enforcement point, or what we call the control node — then more power to us,” said Fitzgerald.

“It gives the customer the choice of taking on a propriatary network or an open network.”

The approach will take advantage of a new generation of faster networking gear which won’t appear until late this year or early in 2007.

But Fitzgerald said it will be good for VARs. “They should be very excited because this will make it easier to implement and manage all the solutions they bring to customers.”

So far Microsoft and a few smaller companies have signed on.

3Com thinks networks should become what it calls Bi-Planar (two level) networks, with a control plane overlaid onto the existing system.

Robert Whitely at Forrester Research agrees. “There’s a lot of intelligence that can be embedded in the network,” he said. “The problem is there’s been no efficient way of handling it. What 3Com is saying there has to be a connectivity plane and a policy plane, which is where you handle this intelligence.”

By laying a policy plane on top of existing routers and switches, enterprises won’t have to replace their existing gear, he said.

‘Makes sense’
“It makes a lot of sense,” he said. But, he added, “I give (3Com) A for effort and B for execution.” The framework is built around the TippingPoint products, he said, leaving out 3Com devices.

Fitzgerald acknowledged that the new appliances 3Com envisages will likely be branded TippingPoint and aimed at medium and large enterprises. But later on the technology would be included in 3Com products, he said.

Whitely also noted that Juniper Networks with its Infranet and Cisco with its Intelligent Information Network have network intelligence strategies.

“What’s interesting is where’s Nortel on this, where’s Alcatel, Siemens and Ericsson, Lucent?” he asked.

“It’s not that all companies should have this great strategic vision, but we’re getting the point where Ethernet switching is a commoditized function, so I’d like to see visions from these companies on how they’re going to evolve past that.”