Cisco Sets Out Security Strategy

SAN FRANCISCO -- Cisco Systems Inc. (Nasdaq: CSCO) yesterday fit a number of pieces into its security jigsaw with a slew of announcements at the RSA Conference in San Francisco.

Robert Whiteley, analyst at Forrester Research Inc. says that Cisco is now putting its money where its mouth is. Cisco has been saying that they are going to get serious about security and self-defending networks and they are now backing this up,” he says.

For over a year, Cisco has been touting its Self Defending Network strategy, a somewhat loosely-defined initiative to create an “immune system” for networks. In plain English, this means coordinating security across internal networks and end-point devices such as firewalls and routers.

Just to confuse matters, Cisco also embarked on a security spending spree, snapping up a plethora of smaller, specialist vendors (see Cisco's Security Spree Continues).

Now, however, the company’s game plan is suddenly much clearer, as Cisco unveils a range of technologies born out of the recent acquisitions. For Whiteley, the new version of Cisco’s SSL VPN Concentrator is a key weapon in the company's armory.The software offers a new VPN tunneling client, which Cisco claims can enable access to virtually any application. The vendor has also built a new feature entitled Cisco Secure Desktop. This checks PCs for security vulnerabilities before they are connected to the network, and also performs a post-connection ‘clean-up’ to ensure that no critical data is left behind.

In a previous life, Cisco Secure Desktop was Twingo’s Virtual Secure Desktop. Cisco got its hands on the technology when it bought the startup for $5 million last year (see Cisco: It Takes Two to Twingo).

But, will this be enough to help Cisco launch a serious challenge to rival SSL VPN vendors such as Juniper Networks Inc. (Nasdaq: JNPR), Aventail Corp., and F5 Networks Inc. (Nasdaq: FFIV)? Whiteley certainly thinks so. ”Whereas they were an industry laggard regarding SSL VPN, this puts them on a par with other vendors,” he says.

Cisco is also delivering on its promise to overhaul its Cisco Security Agent (CSA) software, which is regarded by many IT managers as a key weapon in their fight against unforeseen security threats. Last year Cisco gave NDCF some hints about its plans to extend the CSA product, although the company, characteristically, was unwilling to give too much away (see Security Approaches Day Zero).

CSA, which was originally Okena’s StormWatch product, will now offer support for Linux-based systems. Previously, CSA could only support Windows and Unix.Another technology upgrade born out of M&A is the new Traffic Anomaly Detector, which follows the networking giant’s acquisition of Riverhead Networks (see Cisco Completes Riverhead Deal).

The Anomaly Detector examines network behavior during Denial of Service attacks, and will be offered as a blade that can be fitted onto the Catalyst 6500 family of switch products.

Other hardware announcements include a number of new 1 rack-unit high IPS appliances, which range from the entry level, 80-Mbit/s IPS 4215 to the high end, 1000-Mbit/s IPS 4250-XL. The core IPS software that runs on the devices has also been improved to filter out spyware, which is becoming a major problem for end users (see Spyware Blitz Spawns New Market).

The PIX firewall has also received a makeover. A new version of the PIX firewall software targets VOIP with improved support for protocols such as H.323. This will also be key if Cisco is to sell users its concept of self-defending networks, according to Whiteley. “You need a combination of integrated security and purpose-built devices such as the IPS appliances and the PIX firewall,” he says.

Underpinning all these announcements, Cisco has also souped up its core IOS operating system with new application security features. However, Whiteley believes that Cisco has still got some major technology hurdles in its path.”Ultimately, the long-term challenge will be management, whether it is giving a cohesive strategy for Cisco-only networks or integrating with multi-vendor networks,” he says.

— James Rogers, Site Editor, Next-Gen Data Center Forum