Sponsored By

Cisco's Serious About IDSCisco's Serious About IDS

Pitches another line of security offerings, with an emphasis on intrusion detection and protection

February 18, 2003

4 Min Read
Cisco's Serious About IDS

Cisco Systems Inc. (Nasdaq: CSCO) is apparently not done with its security makeover. The company introduced a host of enhancements to its security portfolio, including new intrusion detection and protection products and a voice-over-IP security feature on its PIX Firewall (see Cisco Beefs Up Security).

"Security is a huge growing business for Cisco, and they want to show that they’re serious about it,” says Infonetics Research Inc. analyst Jeff Wilson. "They’re out there saying that they’re deeply involved in every aspect of security… and that they’re going to stay that way."

Not surprisingly, the main focus of today’s announcement, which introduced eight new security products and enhancements in all, was intrusion detection and protection. Cisco, which has been offering intrusion detection system (IDS) products since 1995, has lately been pushing hard into this market.

“We’re trying to mark a demarcation point here,” says Jeff Platon, the senior director of product and technology marketing at Cisco. “[We’re] enabling the move from detection to protection.”

The major problem with traditional IDS technologies is the overwhelming number of false alarms they generate. If network operators were to respond to every alarm, they would have time to do nothing else. Many companies have therefore opted to simply shut off their IDS systems altogether to keep from being inundated.

Several security vendors have begun claiming that they have solved the accuracy problem, which has been the main obstacle to moving from pure intrusion detection to a system that could actively prevent intrusions from entering the network. NetScreen Technologies Inc. (Nasdaq: NSCN), for instance, acquired startup OneSecure last summer and has integrated the company’s intrusion prevention technology into its product portfolio (see NetScreen CEO Touts Integration and NetScreen Acquires OneSecure).

Cisco has also acquired a startup, software security vendor Psionic Technologies Inc., to address the accuracy problem (see Cisco Buys Psionic). In its announcement today, the company introduced the Threat Response Technology it inherited from the startup, which it claims can reduce false alarms by up to 95 percent. It does this by automating the traditionally manual process of intrusion investigation, Cisco says.

Unlike NetScreen, Cisco hasn’t dubbed the next generation of its IDS technology "intrusion prevention," calling it instead intrusion protection. While NetScreen’s system automatically stops the traffic it deems dangerous, Cisco is taking a more cautious approach, according to Joel McFarland, Cisco’s manager of security appliances, who points out that Cisco’s solution doesn’t usually work autonomously. “Today, the technology is not mature enough to work autonomously," he contends.

NetScreen, of course, does not agree. “This is just one more attempt by Cisco to solve its issues with IDS,” NetScreen CTO Nir Zuk said in an interview last month, following Cisco’s acquisition of host-based IDS software startup, Okena (see Cisco's Got an Okena ). More than anything, he insisted, Cisco is simply playing catchup in the IDS arena.

The other product releases and enhancements for intrusion detection and protection that Cisco announced today were:

  • Cisco IDS Software Version 4.0, which the company claims improves detection and mitigation by delivering advanced protocol monitoring, analysis, and response capabilities. The software will be deployed across all network-based IDS platforms, including specialized appliances and switch security modules, making for consistency and easier management, the company says.

  • The Cisco IDS 4250 XL Sensor, an intrusion protection system that provides gigabit performance in a flexible configuration chassis. It is scheduled to be available in March for $39,995.

  • The Catalyst 6500 IDSM-2, an intrusion protection system that offers 600-Mbit/s performance. It is scheduled to be available in March for the Catalyst 6500 series for $29,995.

    The company also launched:

  • Four new extensions to its PIX firewall line, including the ability to secure VOIP and multimedia applications.

  • A new software version, 6.3, that will run across all of its firewalls. The software is scheduled to be available in March at no charge for customers with SMARTNet contracts.

  • The VAC+, which it says can improve VPN performance by up to 400 percent, as well as new enhancements to the Cisco Easy VPN service, both scheduled to be available in March.

  • The PIX Device Manager (PDM) version 3.0, which it says provides improved security threat visibility. It is scheduled to be available in March at no charge for customers with SMARTNet contracts.

    “Cisco has been saying for years that it wants to put security everywhere,” says Frost & Sullivan analyst Jason Wright. “Now it looks as though they’re taking steps in that direction.

    — Eugénie Larson, Reporter, Light Reading

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like