Cisco Locks Down Security Strategy

Networking leader upgrades individual firewall and VPN products; is it just playing catchup?

February 19, 2002

4 Min Read
Cisco Locks Down Security Strategy

Cisco Systems Inc. (Nasdaq: CSCO) has been beefing up a range of security products in an effort to refurbish its image as a network security provider.

Cisco's emphasis is on integrating security across its portfolio of networking products, rather than simply offering point products. That's a good choice, many observers say, for while Cisco is uniquely positioned to offer broad, comprehensive solutions, it doesn’t always stand up to the competition on the quality of its point products.

Last week Cisco made a number of new product announcements that might bring the company up to speed in the security arena. Its enhanced versions of the PIX 506 and 515 firewall platforms increase firewall throughput two-and-a-half times, according to the company’s own lab reports, while the new 6.2 software version of Cisco’s PIX operating system enables highly scaleable VPN deployments. The company also announced the availability of its SAFE Blueprint for IP telephony.

“Their products are generally not going to be the best products on the market,” opines Frost & Sullivan analyst Jason Wright. “[They] are decent, but they’re lagging behind in a few areas like performance improvement, remote management capabilities, and acceleration capabilities.”

Other observers say Cisco’s products are high quality but, unfortunately, also very high-price.

"They’re not necessarily not as good,” says Synergy Research Inc. analyst Aaron Vance, “but they’re not nearly as competitively priced [as the competition].”

But while the new products and product enhancements add to performance, management, and acceleration, as well as bringing down cost, Wright still isn’t convinced that Cisco is the best buy when it comes to security.

"This is something they should have done a year ago,” he says, pointing out that he thinks Check Point Software technologies Ltd. (Nasdaq: CHKP), among others, has far better management capabilities and scaleability. “They’re just playing catchup.”

In Cisco's view, the notion of security as a device or area separate from the rest of the network is outdated -- instead, companies that are serious about security should take a holistic approach by securing the whole system, not just parts of it.

“In the past, our networks were like M&Ms,” vice president and general manager of Cisco’s VPN and security services business unit, Richard Palmer, says. “Hard on the outside and soft and chewy on the inside... [Now, we try to] make the networks hardened all the way through, like jaw-breakers.”

The benefits of such an approach, he says, are compatibility and scaleability. When security features are compatible with the rest of the network, it is easier to ensure that they kick in at the right time and in the right order. For example, Palmer points out, it is crucial that encryption doesn’t start until the traffic load has been classified. And when network traffic is moving at gigabit speed, it’s important that VPNs (virtual private networks) and firewalls don’t slow it down. This is easier to achieve when they’ve been integrated into the network.

So, if you’re looking for a single firewall or intrusion detector, Cisco might not be the right place to shop. If you’re on the lookout for a comprehensive security solution, however, observers say there aren’t many companies out there that can compete with the networking giant. Since Cisco has such a large range of products, it can set up solutions that include all Cisco devices, and therefore work better together than a mix of products. In addition, Cisco has a good support system.

Cisco is not only aiming at covering nearly every aspect of the security environment, it is also targeting every level of the market, with PIX firewalls available from the gigabit level, with the 535, down to the small office/home office (SOHO) level, with the 501. And with its new 6.2 software, Cisco has, among other things, simplified large-scale SOHO hardware VPN deployments by allowing all policy to be remotely configured. The software also introduces LAN-based failover, simplifying life for the enterprise segment by removing distance limitations. The new 6.2 also offers voice over IP and multimedia support.

Check Point, SonicWall Inc. (Nasdaq: SNWL), and WatchGuard Technologies Inc. (Nasdaq: WGRD) are among the companies that compete in this space.

— Eugénie Larson, Reporter, Light Reading

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like