Cisco Gets Serious About Security

Cisco today unveiled a blueprint to help organizations embed security functions into their e-business infrastructures.

The framework, dubbed SAFE, provides extensive guidelines for deploying Cisco security products as well as third party applications to secure Cisco's Architecture for Voice, Video and Integrated Data (AVVID).

Cisco AVVID provides a foundation for the company's converged networks strategy, which encompasses call processing, client devices, data applications, directory services, network management and telephony.

Additionally, the company rolled out new intrusion detection modules for switched networks and an intrusion detection appliance for small-to-medium sized businesses.

The company has leveraged its networking dominance to become a leading developer of the high-tech burglar alarms that alert IT managers to suspicious activity on their system or networks.

Cisco captured the market-share lead for intrusion detection software last year, according to market researcher Frost & Sullivan.

Now with SAFE, Cisco is attempting to present a more coherent security strategy than competitors Alcatel, Lucent Technologies and Nortel, said Infonetics Research analyst Jeff Wilson.

"Cisco is basically forming a business unit focused on security. It is a coming-out party to show that it doesn't just provide firewalls," Wilson said. Key Cisco security products include the Cisco Secure PIX Firewall, IOS Firewall Feature Set, Secure Intrusion Detection System (IDS) and VPN Concentrators.

The SAFE blueprint uses a "modular approach" that specifies which security designs, implementation and management processes are necessary for an e-commerce infrastructure or which are best for a manufacturing site with an extranet, Wilson added.

For example, the Corporate Internet Module contains functions for access control, authentication, content filtering, intrusion detection, and network auditing. The modules also integrate with third party applications such as virus protection, host-based intrusion detection, log analysis and authentication systems.

The SAFE approach lets users dissect the network into discrete chunks "so folks don't have to tackle the entire network at once," said David King, Cisco's director of marketing for security. This gives IT managers the option to deploy secure Cisco AVVID in stages according to their specific needs, he added.

The new IDS products include The Catalyst 6000 IDS Module designed to protect switched networks and the Cisco Secure IDS 4210 , a plug and play IDS appliance.

Web hosting provider Exodus Communications Inc. plans to deploy Cisco Secure IDS in its Internet Data Centers to let customers analyze the content of individual packets in real-time while ferreting out suspicious network activity. Exodus will provide customers with the hardware and services needed to install and configure the IDS products, as well as security experts to resolve security incidents on a 24-by-7 basis.

Cisco also rolled out the Secure Policy Manager 2.2, which lets IT operators manage their Cisco IDS systems from the same console as their Cisco firewalls and VPN routers. Further beefing up its security portfolio, Cisco unveiled the Cisco Secure ACS2000, a high performance access control server, and the Cisco Security Encyclopedia (CSEC), an online repository of advanced security information to assist IT professionals in securing networks. CSEC will be available in Q4 2000 at www.cisco.com/go/security.