Networking giant Cisco (NASDAQ:CSCO) is giving its four-year-old self-defending network initiative a major refresh this week at the big RSA security conference in San Francisco. The refresh
touches multiple product lines within Cisco and includes update to Cisco
Security Manager 3.2, Cisco Security Agent 6.0, Cisco Intrusion Prevention
System 6.1, Cisco Security Monitoring Analysis Response System (MARS) 6.0,
as well as new Web filtering and application firewall technologies.
The refresh is one of the largest in Cisco’s self-defending network products
initiative since last year when Cisco updated a
similar set of technologies. The overall goal is to position Cisco as an
end to end integrated security platform that continues to evolve to take on
new security threats and business competitors.
“Each one of those individual product offerings has a suite of services but
there is a natural interconnect in the area of threat identification and
control,” Cisco product manager Tom Russell told InternetNews.com.
“It’s about being able to have endpoint technology share threat information
with IPS devices to be able alter their security posture and being able to
have MARS do the real time correlation across threat identification elements
and inform the rest of the devices. That’s a real natural and it’s a unique
value proposition.”
Cisco’s ACE Page 2 of 2
MARS 6.0 isn’t just for Cisco devices either.
In terms of the individual products getting updated, Cisco Security Agent
6.0, which is a server and desktop endpoint protection technology, will now
include integrated antivirus and data loss prevention services. Cisco IPS
“Overall we’re seeing growth in IPS, but the key challenge is how do you make
IPS more usable to the mass market?” Russell asked rhetorically. He said Cisco’s answer is to “offer tools, techniques and reporting that a broader population would be able to leverage.”
Cisco is also now rolling out a new ACE Web Application Firewall built on
technology originally acquired by Reactivity. Cisco acquired Reactivity for
$135 million in 2007 to help bolster Cisco’s XML possessing capabilities.
The ACE according to Cisco, provides deep inspection and security for both
XML and HTML traffic and meets PCI DSS sections 6.5 and 6.6 requirements.
On the monitoring side, Cisco is enhancing its market leading Monitoring,
Analysis and Response (MARS) technology in version 6.0. Among the key new
enhancements are support for NetFlow v.9 which provides greater scale and is
a key part of Cisco’s big firewall appliance, the ASA 5580, which
debuted earlier this year.
“One of the key advancements we’ve made with MARS is being able to open it
up with a support framework that allows for fast integration of third party
devices,” Russell explained.
Cisco competitors Juniper and Nortel now both are in the market with what they hope is a competitive solution to MARS. Juniper and Nortel are both using QRadar as the basis of their attack, though Russell isn’t at all concerned. Russell claimed that he
has yet to see Juniper or Nortel’s QRadar based solutions in competitive bids against MARS.
One of the most hyped elements of the self-defending network portfolio has
been Cisco’s Network Access Control (NAC) technology, though NAC is only a
constituent of a greater whole. While NAC specifically is not updated in this particular refresh, Cisco has been busy with NAC updates recently including guest access and profiling updates.
The Self-Defending Network itself is now entering its fourth year of availability and continues to evolve.
“We’re now expanding the scope of what is its {Self-Defending Network} role and what it is trying to achieve,” Russell said. “It’s more than just tying together CSA, MARS with IPS, it’s about tying UC, Wireless, storage and datacenter with security as well and it is really taking on new meaning in a broader definition.”
