With Internet-based transactions and interactions growing at an explosive rate, it's incumbent upon providers of the networking equipment that runs the Internet and private networks to make security easy to deploy and comprehensive in coverage. If companies such as Cisco Systems don't integrate security into the fabric of the network, the much-hyped concept of trusted computing simply cannot take root; company chairman and CEO John Chambers said Wednesday during his RSA Conference 2006 keynote. "Security is not number one on CEOs' minds; growth is," he added.
Increasingly, the network has become the platform for interactions. Security point-products must as a result move into the network fabric, Chambers said. To meet these needs, Cisco has expanded its security offerings through acquisition and through partnerships. The company now has more than 65 partners for its network-admission control, or NAC, technology initiative, up from 30 a year ago. This type of coordination isn't easy. In fact, Chambers said, "partnering is much harder than acquisitions." As a result, Cisco has bought 15 security technology companies over the past few years.
In addition to looking outside the company for help with initiatives such as NAC, which requires devices trying to connect into a network to prove that they are free of infection before the connection is completed, Cisco this week introduced integrated security technology and security management software aimed at helping companies respond quickly to security threats and instill confidence in the integrity of their networks.
Cisco's new Adaptive Security Appliance, or ASA 5500, exemplifies the company's move toward more integrated security, tying together firewall, intrusion-prevention system, and virtual private network capabilities, as well as antivirus protection using software from Trend Micro Inc. The network appliance offers a number of security capabilities, including an SSL VPN, which allows users to remotely and securely log onto corporate networks. Once the SSL VPN connection is established, users should be able to interact with corporate databases and applications while being protected from infection from viruses, worms, spyware, and other malware. The ASA 5500 also provides protection from new, or zero-day, attacks using behavioral network traffic analysis rather than relying strictly on virus signature databases. The ASA 5500 features a device manager that illustrates the status of system resources and lets administrators block ports of entry into the network.
Cisco is looking to take advantage of its central presence in the network to become the primary provider of security management technology. This week it debuted the Cisco Security Management Suite, an integrated security-event manager that includes the new Cisco Security Manager, as well as an updated version of Cisco Security Monitoring, Analysis, and Response System, also known as MARS. Cisco's MARS lets administrators see attacks against their companies' networks and block all or some routers throughout the network to keep them from being infected. Cisco Security Manager likewise lets administrators create a security policy once and apply that rule to the network as a whole. This will let companies contain infections and keep malware from spreading throughout the network, a move that protects networking equipment, PCs, servers, and mobile devices. Speed is essential to this process, as any delay could allow an infection to spread.