Cisco IPS Integration Turns Security Data Into Information
The company took a significant step in this direction Monday when it unveiled a strategy of expansive security data communication, in particular among intrusion prevention systems. Cisco IPS 6.0, in conjunction with Cisco Security Agent 5.2, Cisco Security Mitigation Analysis and Response System 4.3, and Cisco Security Manager 3.1, represents a "systemized approach to self-defending networks," says Mick Scully, a Cisco VP of product management.
The thinking is that the security threat environment will always change more rapidly than security vendors can produce security enhancements, so the security measures already in place need to get better at recognizing and responding to attacks. The latest Cisco security agents enlist PCs into reporting on the security of a network, giving Cisco's latest version of the Cisco Security Mitigation Analysis and Response System (CS-MARS) even more to work with. If your PC is pinged, CSA will now report that ping to MARS, something Cisco is hoping will help companies catch attacks in their earlier stages.
False positives, which suggest a problem when none exists, are distracting and have been highly detrimental to the efficiency of intrusion prevention and detection systems, which generate enough data and don't need to be further cluttered. IPS 6.0 and Cisco Security Agent 5.2 have been tweaked in an effort to cut down false positives reported into the CS-MARS, which studies network traffic for anomalous behavioral and can coordinate with Cisco Security Manager 3.1 to change network security policies when necessary.
In addition to improving network security efficiency, Cisco's goal with the new releases is to integrate reporting from IPSs throughout the network, including those running as standalone network appliances and those running on routers and switches alongside Cisco's Internetwork Operating System, or IOS, which itself has run into security problems of late.
Cisco is also looking to push forward the SSL VPN technology it bought along with MI Secure in July 2005 as a way to better protect systems, data, and networks accessed by remote users. Cisco's SSL VPN is a big part of the company's Adaptive Security Appliance, which includes integrated firewall, IPS, anti-malware, and VPN capabilities. The latest version of the appliance, 8.0, features AnyConnect support for Microsoft Vista and previous versions of Windows, Mac OS X, and Linux, as well as Windows Mobile 5.0 Pocket PC Edition. Among the latest version's other features are network access for VoIP, Embedded Certificate Authority to simplify authentication, and direct mapping of Windows Active Directory to VPN access.
While competitors in the network security market seek to emulate Cisco's approach -- Check Point plans to buy PointSec Mobile Technologies for $586 million to expand into the data encryption game -- few security vendors can throw their weight around like Cisco. The challenge for the networking and security giant will be distributing that weight evenly.