Cisco made a big announcement with a slew of security products in the past month. Sit back and let CSOinformer break down the announcement and what it means for you.
If you are a Cisco security customer today, you likely use their IOS security features in routers to build and manage your VPNs. Perhaps you use the PIX firewalls to protect some Internet links. In some cases, Cisco may have given you their security products if you bought enough of their routers and switches - they like to keep everything in the family.
Cisco has stated recently in no uncertain terms that security is an important market for them, for although it is numerically smaller than other businesses, it is a strategic business that sustains key mindshare with corporate executives and boards of directors. The announcement brought together several different initiatives within Cisco, which can be divided into the following categories:
VPN. Cisco announced several enhancements to their VPN capabilities. Hardware acceleration is a key improvement as Cisco has tended to lag behind other VPN providers in performance. The new accelerator options can be integrated with low end routers up to enterprise routers and switches. The IOS software has gained new levels of VPN sophistication for redundancy, optimized routing and service provider friendliness. The really disappointing aspect of the VPN announcements is a continued lack of a SSL VPN solution. Users want the flexibility that SSL provides. It is terrific for both simple implementations and highly dynamic environments. While I believe SSL will ultimately prevail, this should not be a religious battle between IPSec and SSL style VPNs. They both have their place at the corporate table right now and both should be supported. Until this happens, Cisco-philes will need to solutions like Aventail to get what they need.
IDS. Cisco made a slew of changes to their IDS capabilities. One noticeable announcement is the Cisco Security Agent, which is the Host intrusion prevention software Cisco gained in their acquisition of Okena. The Cisco Security Agent software resides on Windows and Unix machines and blocks attacks using behavioral technology. This is a very promising area, and also an interesting area for Cisco as we will see if they have the stomach for heavy duty Windows tech support. Additional IDS announcements were made regarding new IDS modules for low end routers, as well as inexpensive standalone IDS sensors. Cisco is helping bring down price points of IDS, but total cost of ownership is related to the accuracy of the overall solution. We would like to see Cisco's Network IDS gain more of the network traffic behavioral monitoring capabilities similar to a company like Mazu Networks. We believe that the same philosophy that Cisco has embraced for Host IDS can be applied to Network IDS. However, Cisco did make an announcement to improve the cost benefit of IDS in a related area…
Security Management. The biggest announcements were related to security management. For the first time, Cisco is offering a Security Information Management (SIM) console, capable of event monitoring, analysis and correlation for multivendor environments. Cisco is providing the solution through an OEM agreement with netForensics. With a SIM tool you can begin to find security problems by correlating seemingly unrelated events from web servers, firewalls, NIDS, HIDS and other devices. A less sexy but potentially more valuable security management tool for Cisco customers was the announcement of the Security Device Manager (SDM), which provides expert recommendations and intelligent wizards to lock down the configurations of routers, firewalls and VPNs. Most of our insecurities in Cisco equipment go back to poor configurations. The other VPN-related management announcement is the IP Solution Center, providing policy-based configuration management for large scale VPNs and Firewalls.
There are three messages Cisco is sending to customers. One, Cisco wants to build as much security as they can into the network infrastructure solutions that you have already bought in to. Two, Cisco wants to extend its security reach into the computers themselves and convince you to deploy Cisco software throughout your enterprise. Three, Cisco wants to be the aggregator of all security devices and solutions and provide the management console - for Cisco devices as well as the (hopefully for Cisco) dwindling third party security solutions.
Message one is an important convergence issue that nearly everyone can support. Our switches and routers should have as much security functionality as can be built in without degrading performance or compromising a secure architecture. Message two is a tough sell but maybe a necessary one - desktops are a pain to manage and Cisco will only be able to control a single piece of agent software as opposed to the entire operating system and hardware. This could go either way. Message three is again a difficult one to swallow just yet, is Cisco a logical management company as the largest provider of network infrastructure? Will Cisco use third party management capabilities as a method to force one way upgrades to Cisco solutions? Stay tuned.
The announcement, and more importantly all of the acquisition and R&D work that led up to it demonstrate a very holistic and integrated approach to security, something we have not seen from Cisco before. There are still gaps, but I do believe Cisco is serious about real security.
CSOinformer is edited by Jim Reavis, founder of SecurityPortal and longtime industry analyst. This monthly newsletter is targeted at people who must take a strategic, multi-year view of the information security industry, and we promise insights you will not find anywhere else.
CSOinformer is a service of Reavis Consulting Group, and is published on the second Tuesday of each month.