Cisco Systems took steps Tuesday to address the growing need for more secure networks that can defend themselves against a variety of threats with the introduction of new incident-control and threat-mitigation software and services. It also has new versions of the company's intrusion-prevention signature (ISP) system and IOS router operating system software.
The newest offerings are part of Cisco's Self-Defending Network security strategy, launched a few years ago to deliver real-time response to threats based on internal and external network intelligence. "The Self-Defending Network security strategy is putting security everywhere it needs to be, which is everywhere, given that everything in the network has become a point of attack," says Raphael Reich, Cisco's security-product marketing manager.
The objective of the new incident control system, or ICS, is to let administrators respond quickly to security threats by distributing intrusion-prevention system signatures to Cisco devices. What makes ICS tick are Trend Micro Inc.'s TrendLabs outbreak-intelligence and virus-signature distribution data, and Cisco incident-control server middleware that helps distribute signatures, which are what describe security threats, to the network devices. "It's a network-wide response to an outbreak," says Joel McFarland, manager of product management for Cisco's security technology group.
The ICS provides a defense against what's already known; it's like moving people out of the path of a storm, says Joel Conover, a principal analyst with Current Analysis. "It takes information from Trend Micro and puts out policies that will mitigate the amount of damage that could come from that attack," he adds.
For companies challenged to accurately identify, manage, and eliminate security attacks while maintaining network security-policy compliance, Cisco also introduced distributed threat mitigation for Cisco IPS, software designed to provide an integrated and more coordinated response to locally occurring threats. The offering is a part of version 4.1 of its Security Monitoring, Analysis, and Response System. "We now have intrusion-detection deep-packet inspection in all Cisco network components, which makes sure devices throughout the network can internally adapt to threats by distributing the relevant signatures they need to defend against active network attacks," McFarland says.