Most of the new releases are actually expansions on existing products. But one item caught our eye: IOS AutoSecure, a "CLI-based feature for one-touch router lockdown." This may be a sign, albeit a small a one, that Cisco views security as more than a product. Cisco wares--outside of its security-specific product lines--have lacked this feature.
Here's the release I'm waiting for: "Cisco has announced SSH v2 support in all its routing platforms and will no longer charge customers for trying to manage devices securely." I know at least two enterprise customers who are furious that they have to pay extra to get basic SSH support in their Cisco routers and switches. Extreme? Enterasys? Juniper? They don't charge extra to manage their devices securely. But Cisco can't get SSH v2 integrated into its product line, much less support SSH v1 in its standard IOS builds.
How serious about security is a vendor whose default administration mechanism still runs over a clear-text protocol like telnet? Cisco execs aren't stupid; they know security products are selling. But they should also know security is more than a feature, it's a philosophy.