Cisco Systems Inc. on Tuesday is expected to announce a number of new security features for its networking products, including a security service it has developed with Trend Micro Inc. that is designed to cut down on the spread of worms and viruses.
The new service, called the Cisco Incident Control System (ICS), will help network administrators set network security policies on Cisco hardware based on security information provided by antivirus vendor Trend Micro, said Joel McFarland, a product manager with Cisco’s security technology group.
Cisco had already partnered with Trend Micro to make its worm and virus signatures available via Cisco’s Intrusion Prevention Systems (IPS), and the companies also are working together on security enhancements for the Cisco ASA 5500 Series Adaptive Security Appliance, McFarland said.
With the new ICS offering, customers now will be able to block the spread of malicious software by using the service to distribute mitigation policies across Cisco networks. “This is really something that delivers an entirely new class of response time,” McFarland said. “In a single choreographed move, I can force the enterprise to take a more protective posture.”
ICS could save network administrators time by automating router and switch configuration, said Joel Conover, principal analyst, Current Analysis Inc.
But while the service will help protect networks from known threats, like the recent Zotob family of worms, it will not do much to prevent so-called “zero-day” attacks, which are based on exploits that have not yet been catalogued by antivirus companies like Trend Micro, he said.
Administrators also will have to be careful with ICS to make sure that the rules and policies it implements do not break other applications running on the network, Conover said. “The question is, how do you check for the business impact of these rules,” he said. “You get this rule from Trend Micro… do you apply it immediately?”
To make things less disruptive, ICS will have a roll-back feature, which will allow administrators to uninstall the security policies should they cause important applications to fail, he said.
Cisco’s other product enhancements planned for Tuesday include an updated version of the Cisco Security Monitoring, Analysis and Response System that can identify and respond to security threats in remote locations like branch offices. The networking vendor also plans to release a new version of its Cisco IPS sometime this month, and plans to release a new versions of its IOS (Internetwork Operating System) router operating system in November.
The Cisco Incident Control System will be available next month, with pricing starting at US$9,200, Cisco said.