Infrastructure // Networking
News
6/25/2007
01:52 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Cisco Dropping Iron Curtain On Web And E-Mail Attacks

The company will add malware- and spam-inspection capabilities to its firewalls using technology from its recent acquisition of IronPort Systems.

As the Pentagon shakes off last week's e-mail-based attack that forced the Defense Department to take about 1,500 computers offline, Cisco Systems on Monday introduced its strategy for shutting down these types of attacks.

The company revealed Monday that it's going to add new malware- and spam-inspection capabilities to its firewalls, both standalone and embedded in other network devices. It will use the Web and e-mail inspection technologies it bought in an $830 million deal for IronPort Systems, which closed Monday. Given Cisco's claim that one out of every three firewalls being used in business today was made by Cisco, it's a development worth noting, particularly as the security space continues its relentless consolidation. Tech providers including Cisco, Hewlett-Packard, and IBM are scrambling to weave additional security into their products and services, and to do it as quickly as possible.

Cisco's got big plans for IronPort's technology. They include setting up communication between Cisco firewalls and IronPort e-mail and Web gateways in order to pre-emptively stop IT security threats at the network perimeter. Cisco wants to use IronPort's SenderBase service, a database that collects information from more than 100,000 ISPs, universities, and companies around the world, to further Cisco's "self-defending network" strategy.

By early 2008, Cisco expects to enable IronPort e-mail and Web gateways to communicate with Cisco network firewalls and create security benefits that improve the efficacy of network traffic inspection. Cisco firewall customers -- the company claims it owns 38% of the firewall market -- will be able to take advantage of this new IronPort integration through software upgrades, rather than having to purchase new firewall appliances, routers, or switches.

Cisco will start by enabling SenderBase to communicate with Cisco ASA Series firewalls, but eventually the company wants all of the firewalls it sells, including those embedded in routers and switches, to have access to SenderBase data. "This takes the concept of the self-defending network to the next level," says Richard Palmer, senior VP and general manager of Cisco's Security Technology Group. "It's the distributed sharing of information about bad senders."

SenderBase determines the reputation of different IP addresses by scrutinizing the behavior of network traffic originating from those addresses. It scores these addresses according to factors such as how long they've been in existence, whether they're sending a consistent volume of e-mail or other network traffic over a period of time, whether the IP address can receive e-mail traffic (spammer IP addresses generally can't), and whether the IP address has ever been on a blacklist. "Anomaly tracking is the best thing we have to defend our networks against new threats," says Scott Weiss, former CEO of IronPort and now general manager of the IronPort business unit reporting to Palmer. These SenderBase scores tell the network security devices the level of resources they should exert in examining a piece of network traffic.

SenderBase measures more than 110 parameters for any active e-mail or Web server on the Internet in order to determine whether an e-mail, instant message, or stream of Web traffic could pose a security threat. The database receives more than 5 billion queries per day from IronPort gateway appliances installed at its customers' facilities.

IT executives waiting for HP and IBM to wade deeper into the security pool have gotten their wish, as HP last week said it plans to buy Web application security provider SPI Dynamics and IBM recently announced plans to boost its Web app security offerings through the purchase of Watchfire.

Comment  | 
Print  | 
More Insights
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.