Cisco's Self-Defending Network Strategy Takes A Step Forward
Cisco advances a portfolio of products under its "Adaptive Threat Defense," though companies are likely to stick with a range of vendors.
As part of its self-defending network security effort, Cisco Systems this week introduced a range of network appliances, software enhancements, and services designed to help business networks better identify and more quickly respond to security threats. The so-called Adaptive Threat Defense products aim to provide broader protection by taking a multilayer approach to network security.
The Cisco products will help network managers impose greater control on the way their networks are used and make it easier to fight off threats. But while the broad product rollout may pose a competitive threat to rival security vendors such as Symantec and McAfee, it doesn't eliminate the need for individual security products that most businesses already have deployed, according to analysts and customers.
"Cisco is offering some pretty powerful things for fighting well-known security threats, like known worms and viruses," says Gartner analyst John Pescatore. "But there are new threats coming along all the time, so companies will still need security products to block threats that are external to the network."
The products include an upgraded intrusion-prevention system, modules designed to spot anomalous behavior on the network that might indicate a distributed denial-of-service attack is under way, software to enforce security policies and protect against spyware and malware, several appliances that monitor and inspect traffic flowing over a network, a virtual firewall, and a network control-and-containment system to let administrators more easily monitor and manage network activity and threats.
Chris Fairbanks, principal network architect for ePlus Inc., which provides asset management and E-procurement systems for businesses, has been using or testing several of the new products. Cisco's approach to building greater security capabilities into its network products "is making our lives easier by trying to prevent outages before they happen," he says. "They make sure machines aren't infected before they connect to the network and stop and contain viruses if they do get in."
Cisco's centralized monitoring, analysis, and response system, known as Mars, makes it easier to watch over all of the security devices ePlus has deployed. "It provides a single point of view so I can see exactly what's going on," he says. "You can't put a price tag on that."
Cisco's security products don't replace network firewalls or antivirus software on PCs, but they do provide protection for the "inside" of the network, he says. "Everything in the middle was wide open, and the self-defending approach helps a great deal in that area." Fairbanks says those capabilities are especially useful if an unhappy employee or a hacker gains access to the network and then tries to cause mischief.
Cisco's efforts to build more security features into its networking equipment and Microsoft's efforts to make its operating systems more secure could put pricing pressure on other security vendors, says analyst Pescatore. "Neither company is dependent on security products for revenue."
Cisco's products, however, don't solve one of the major security problems that many business faces: employees improperly configuring servers, routers, and switches. "If your people are the source of the problem, they will end up misconfiguring the security stuff also," he says. "So there will still be a need for separate security layer to catch when people make mistakes."
The new Cisco products include:
Version 5.0 of its intrusion-prevention system, which includes in-line prevention services and antivirus, anti-spyware, and worm-mitigation capabilities. Customers with service contracts can get the software for free; others will pay $5,700.
An anomaly-guard module and a traffic anomaly-detector module for the Catalyst 6500 series of switches and 7600 series of routers, which are designed to protect networks against zero-day distributed-denial-of-service attacks. The guard module costs $80,000; the traffic module costs $35,000.
An upgraded Cicso Security Agent, which provides improved anti-spyware and anti-malware protection as well as support for Windows and Red Hat Linux. Prices start at $1,050.
Upgraded PIX Security Appliance software that inspects and controls a wide range of voice, IP, and HTTP network traffic. The software is free for existing customers with service contracts; prices start at $250 for others.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.