Cisco Raises Shields On Network Security

By Roy Mark | Feb 13, 2006 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3584671/Cisco-Raises-Shields-On-Network-Security.htm

Network security threats come in all shapes and sizes and it's not always as easy as it should be to protect against them.

Cisco is aiming to simplify how enterprises protect themselves against network security threats with a series of updates and new products announced today.

Cisco issued its new Security Management Suite, along with updates to its ASA and IOS product lines, including an improved SSL-VPN and Anti-X capabilities.

The new and updated products are intended to help provide a better unified threat management posture for Cisco users as part of the San Jose, Calif., company's Self Defending Network strategy.

The Cisco Security Management Suite is comprised of the Cisco Security Manager (CSM) and an updated version of the Cisco Security Monitoring, Analysis and Response System (Cisco Security MARS) version 4.2.

The suite provides what Amrit Patel, director of security management in Cisco's security technology group, explained is unified security service management that is independent of a firewall, virtual private network (VPN) or intrusion prevention system (IPS).

CSM provides users with a map of network devices and policy views of their network. MARS collects all the events and creates of all computers on a network and identifies all "good" and "bad" traffic and network devices.

With version 4.2 of MARS, Patel said administrators can now integrate log data with policy management. As log events arrive, IT administrators can simply right click and get a view of the devices and the policy that permits the traffic.

"When you put a policy out there you should see the impact," Patel told internetnews.com.

Cisco is also improving its hardware to protect against a wide array of threats.

Cisco's ASA 5500 appliance family is getting SSL-VPN capabilities, along with antivirus, spyware and malware capabilities. ASA was unveiled almost a year ago.

Tom Russell, senior director of product management in Cisco's security technology group, noted that the ASA 5500 provides a more coordinated approach to threat mitigation than previous devices in the series.

The next step in the ASA 5500's evolution is Anti-X threat prevention via the new Content Security and Control Security Services Module (CSC-SSM). The new module plugs into ASA 5500 devices much like a blade.

It provides protection against malware (viruses, Trojans, spam etc), content filtering, as well as granular policy controls.

The ASA 5500 series, as well as Cisco's IOS routers, are also getting an SSL-VPN boost.

SSL-VPNs have been making significant headway against their IPsec (define) counterparts in recent years, though Cisco has long argued that both technologies have a place in the enterprise.

Rather than forcing users to choose either IPsec or SSL-VPN, Cisco will now offer both IPsec and SSL-VPN technologies in a single chassis.

Cisco rival Juniper Network's recently unveiled a new family of appliances set to compete with Cisco ASA product line.

Juniper's SSG 500 series however does not currently have SSL-VPN capabilities, though it does include something that the ASA 5500 does not: Integrated WAN (define) capabilities.

Cisco's Russell argued that the ASA 5500 separation of WAN from the platform is by design.

"In a corporate environment, there is usually a desire to separate the rich routing environment from other types of applications beyond just having a WAN," Russell told internetnews.com.

Russell, noted however that if a user did want an integrated security devices together with a WAN, Cisco's integrated service router (ISR) is a good choice.

Article courtesy of internetnews.com