Chambers Shouts About Security
”Security, security, security,” he said, in a what we think was a B-flat diminished 7th chord (or maybe we still had our iPods plugged in). ”The number one issue with availability in your data centers and your networks five years from now will be security. “Most good hackers, or worse, rogue nation states, will test your data centers and pull out before they make an attack,” he said. The network, he added, has to be like the human body, it has to be self defending.
The Cisco chief highlighted the need for integrated network security and identified shortcomings in the way that businesses currently guard their networks. “The word intrusion detection is an oxymoron -- once you have detected [a threat], you’re in big trouble."
His remarks sounded as though they were building to a product pitch, and Chambers didn't disappoint. He took the wraps off Cisco’s new all-singing, all-dancing security device, the Adaptive Security Appliance (ASA) 5500, which combines a range of security features, including firewall, IPSec and SSL VPN, anti-virus, worm mitigation, and denial-of-service (DOS) protection.
Vendors are increasingly looking for what have been described as security “god boxes” which offer a broad range of different security features. Yesterday, for example, Fortinet Inc. extended SSL capability to its FortiGate device, a bid to be more god-like, if you will (see Fortinet Fuses SSL & VOIP).
However, the ASA 5500 represents something of a departure for Cisco, which has traditionally offered a variety of different standalone security products. But there is method in this madness -- the networking giant is pushing ahead with its Network Admission Control (NAC) program, which enforces security policy compliance across different devices.
NAC was launched back in November 2003, and Cisco has been slowly adding flesh to the bones of the strategy since (see Cisco Unveils New Network Solution and Cisco Sets Out Security Strategy).
The ASA 5500 is likely to play a major role in this strategy, by sitting at the edge of the network and challenging access to a range of different NAC-compliant products.
But there is a feeling among some in the industry that Cisco’s NAC initiative is more about selling additional kit than driving the IT industry’s security story forward (see Juniper Infranets the Enterprise).
Jayshree Ullal, senior VP of Cisco’s security technology group, refutes this allegation. “We don’t view NAC as proprietary at all,” she tells NDCF. Cisco is working with its partners on both interoperability and standards such as 802.1X, she asserts.
The one-rack-unit-high 5500 device comes in three different versions: the 5510, the 5520, and the 5540. The devices offer a range of performance levels with the 5510 targeted at small-to-medium-sized businesses and the 5540 aimed at high-end enterprises.
— James Rogers, Site Editor, Next-Gen Data Center Forum