The newest offerings are part of Cisco's Self-Defending Network security strategy, launched a few years ago to deliver real-time response to threats based on internal and external network intelligence. "The Self-Defending Network security strategy is putting security everywhere it needs to be, which is everywhere, given that everything in the network has become a point of attack," says Raphael Reich, Cisco's security-product marketing manager.
The objective of the new incident control system, or ICS, is to let administrators respond quickly to security threats by distributing intrusion-prevention system signatures to Cisco devices. What makes ICS tick are Trend Micro Inc.'s TrendLabs outbreak-intelligence and virus-signature distribution data, and Cisco incident-control server middleware that helps distribute signatures, which are what describe security threats, to the network devices. "It's a network-wide response to an outbreak," says Joel McFarland, manager of product management for Cisco's security technology group.
The ICS provides a defense against what's already known; it's like moving people out of the path of a storm, says Joel Conover, a principal analyst with Current Analysis. "It takes information from Trend Micro and puts out policies that will mitigate the amount of damage that could come from that attack," he adds.
For companies challenged to accurately identify, manage, and eliminate security attacks while maintaining network security-policy compliance, Cisco also introduced distributed threat mitigation for Cisco IPS, software designed to provide an integrated and more coordinated response to locally occurring threats. The offering is a part of version 4.1 of its Security Monitoring, Analysis, and Response System. "We now have intrusion-detection deep-packet inspection in all Cisco network components, which makes sure devices throughout the network can internally adapt to threats by distributing the relevant signatures they need to defend against active network attacks," McFarland says.
The upgraded Cisco IPS, version 5.1, supports up to 255 virtual LANs on a single interface and delivers multigigabit, nonstop intrusion prevention through EtherChannel load balancing, which helps enable high throughput with high-availability services. Cisco IOS Software Release 12.4(4)T, available in November, includes a new outbreak-prevention capability called Flexible Packet Matching that lets users conduct deep-packet inspection pattern matching and filtering using pre-defined or customizable protocol templates in XML or IOS Command Line Interface. This is expected to let users respond to an outbreak in real-time and without network service disruption.
The biggest challenge with Cisco's approach to network security is that there are lots and lots of pieces to their puzzle, Conover says. Some of this is by necessity, since Cisco technology touches so many parts of an IT infrastructure.
Cisco is in the midst of organizing its network security initiatives, having bought a half-dozen companies offering technologies designed to manage packet-borne network threats, Conover says. Cisco would probably be the first to admit it's difficult to stitch all of these products together and provide a single point of accountability for dealing with deploying better security policy, he adds.
But such coordination is crucial. "Cisco's technology is distributed everywhere, so there are a lot of places where their technology can be threatened," Conover says. "If they could have built a single security architecture, that would have been preferable. But, given what they've got, this is an improvement over the status quo and will simplify the lives of the IT administrator, helping them deal with these threats in a more proactive fashion."
A key decision for IT managers and security professionals to consider is whether they want to invest in a suite of Cisco security technology or choose competing products from a variety of different vendors, including Symantec, 3Com, or Check Point Software Technologies. "You can put together a best-of-breed solution from a half-dozen vendors, but then you have the challenge of maintaining all of those systems," Conover says. "On the other hand, you're further locking yourself into Cisco."