Cisco puts its stamp on security

Raising its profile in network security, Cisco Systems Inc. unveiled an overarching enterprise security strategy as well as several products on Tuesday at the NetWorld+Interop conference in Atlanta.

The San Jose, Calif., networking giant outlined a security framework for enterprises that attempts to give a comprehensive look at an issue that traditionally tends to plug holes one at a time. Cisco’s Safe blueprint specifies security design, implementation, and management processes for enterprises with a modular, building-block approach, according to Cisco.

“Safe is our effort to look at enterprise security from a complete perspective,” said David King, director of security solutions marketing at Cisco

Each module, designed and tested in Cisco labs, identifies where and why security products are needed throughout the network. Issues such as potential security threats, responses, performance, and secure management were considered in module development. The modules integrate Cisco security gear, including the Secure PIX Firewall, IOS Firewall Feature set, Cisco Intrusion Detection Systems, VPN Concentrators, and – where needed – security systems from partners for anti-virus, host-based intrusion detection, and authentication systems.

The modular set up gives businesses flexibility to implement network security in stages, depending on specific needs. This flexibility is a key issue for enterprises contemplating converged systems that combine voice, video, and data on one network, Cisco officials said.

Among other issues, e-business efforts in particular have heightened the security risks faced by enterprises, according to Cisco.

“Security becomes more of a risk [in e-business] because you open your network,” King said. “When you leverage the Internet and public networks, security risks increase.”

As part of its Safe blueprint, Cisco announced several new products. The Catalyst 6000 IDS Module is an intrusion-detection system card that slides into a Layer 3 switch. Putting the IDS card right on the switch offers the ability to monitor network traffic more accurately, Cisco said. The IDS card analyzes data in real time to detect and stop attacks as they occur.

The Secure IDS-4210 Sensor is a smaller version of Cisco’s Secure Intrusion Detection System. The IDS-4210 detects unauthorized traffic in the network and sends alarms to a management console with activity details. The system also can control network devices such as routers to end rogue sessions, officials said.

Cisco is adding intrusion-detection capabilities to it Cisco Secure Policy Manager, which lets users monitor firewalls, VPN routers, and intrusion-detection systems from the same console.

And, giving a little back to customers and partners, the new Cisco Security Encyclopedia is an online repository of security information designed to help enterprises learn more about security.

Future security plans for Cisco include encrypting voice over VPN and IP telephony traffic, according to company officials. In addition, Cisco is working with mobile security vendor Certicom to build encrypted tunnels for wireless VPNs. Creating secure, wireless virtual networks would let enterprises leverage mobile devices for more critical and sensitive corporate data, King said.