Cisco Shores Up Security

Cisco overhauled its security management software in an attempt to push its self defending networks” message to enterprise data center managers. (See Cisco Unveils Security Mgt and Cisco Innovates Security.)

For a couple of years, Cisco has extolled the virtues of its “self-defending networks” strategy to anyone willing to listen. Instead of deploying a plethora of different security devices like perimeter firewalls, Cisco is urging users to embed security into their networks, as an in-stream device or as part of the networking equipment itself. (See Chambers Shouts About Security.) As part of this message, the vendor is pushing a strategy called Network Admission Control (NAC), which enforces security policy compliance across different devices.

By focusing security resources on the network rather than in endpoint devices, users are better equipped to cope with the rapidly changing demands of cyber security. (See Chambers Sells Self-Defending Networks.)

It's a message that could fall on receptive ears. Just days ago, Bank of America and Washington Mutual joined a growing list of companies that have suffered high-profile security breaches. Last week, the banks were reportedly forced to cancel the debit cards of thousands of customers after a security breach involving an undisclosed company. While not openly related to network violations, the snafus nonetheless highlight a growing concern.

Cisco’s revamp includes the latest version of its Monitoring, Analysis, and Response System (MARS) that collects security data from network devices. In a nod to users’ increasingly complex IT environments, MARS version 4.2 can now draw information from both Cisco and non-Cisco appliances. Also released today is Cisco Security Manager (CSM) software, which manages different security devices, including firewalls and Virtual Private Networks (VPNs).MARS user Andrew Nielsen, information security manager at Santa Clara, Calif.-based Silicon Valley Bank, buys into Cisco's security concept and is looking forward to getting his hands on the new wares. “Security management is a headache because of the mix of different devices,” he admits. “One of the biggest challenges is getting actionable data.”

Silicon Valley Bank will upgrade to the new version of MARS this year, adds Nielsen, who is eagerly awaiting other enhancements. “Cisco has also made a lot of improvements for the archiving and retrieval of logs, as well as compliance.”

Version 4.2 of the MARS product, at a list price of $15,000, will be on the market during the second quarter of this year. Pricing for CSM, available sometime this quarter, starts at $3,500.

On the downside, Cisco is taking its time making its security vision a reality. The concept was launched way back in November 2003, and Cisco has been slow to add flesh to the bones. (See Cisco Unveils New Network Solution and Cisco Sets Out Security Strategy.)

Meanwhile, others are racing to beat Cisco to the network-embedded security mark. Startup Mazu Networks is focused on internal network security, but its solution is based on a separate hardware unit. (See Mazu Adds Profiler.) Radware unveiled its DefensePro 3.0 software today, which it claims can help protect networks against Denial of Service (DOS) and zero-day attacks. (See Radware Intros Next-Gen IPS.)Juniper’s Enterprise Infranet initiative, launched last year, is head-to-head with Cisco’s NAC plans. (See Mazu Marks Growth, Juniper Intros Enterprise Infranet, Juniper's Infranet Takes Baby Steps, and Cisco Heckles Infranet Initiative.) Today, Juniper made some software changes of its own, unveiling a new version of the operating system used on its DX application acceleration products. According to Juniper, DXOS version 5.1 offers users better integration with the vendor’s SSL VPN boxes and routers. (See Juniper Advances Delivery.)

— James Rogers, Senior Editor, Byte and Switch

Organizations mentioned in this article: