SAN JOSE, Calif., May 20, 2003 - Cisco Systems, Inc. today announced 14 security solutions and services that will help customers of all sizes to make their networked business-critical resources more resilient and operationally efficient. Additions to this integrated security portfolio include security management, virtual private network (VPN), and advanced threat protection offerings.
These additions underscore the Cisco® security strategy to deliver advanced network protection by integrating security services throughout Internet Protocol (IP) networks, making them a transparent and manageable aspect of any network. The strategy enables a wide array of flexible deployment options including router and switch-integrated security and multifunction appliances that offer combined firewall, intrusion detection, and VPN services for organizations of all sizes. The collaboration of network and security services enable customers to reap significant performance gains and increased security intelligence as well as the assistance to scale the network to address future business growth efficiently and securely.
"With organizations continuing to build operational efficiencies into their business processes, they increasingly look to take advantage of their current network resources to securely extend business-critical applications and resources," said Jason Wright, Industry Analyst and Program Leader, of Frost & Sullivan. "Cisco's integrated security strategy and product portfolio underscore its commitment to address this market environment to help customers sustain productivity and business resilience."
New Security Management Solutions Deliver Enhanced Scalability and Ease-of-Use Cisco introduced today new security management solutions and enhancements designed to ease the operational challenges of managing security deployments of all sizes and service types. They include: Cisco IOS® AutoSecure: This innovative Cisco IOS Software command-line-interface (CLI) based feature provides "one touch" router lockdown. A single command instantly and easily transforms the security posture of routers by disabling non-essential operating system processes, enforcing secure access, and enabling secure forwarding features.
Cisco Security Device Manager (SDM) version 1.0: Available across the Cisco 830 to 3700 series access routers to deploy and manage Cisco IOS® Software-based security services. This embedded device manager offers intelligent wizards for configuring firewall and IP Security (IPSec) VPN services. Cisco SDM also offers GUI-based router lockdown and, an innovative security auditing capability to check and recommend changes to router configurations based on industry-recognized ICSA Labs recommendations.
CiscoWorks Security Information Management Solution (SIMS) version 3.1: Based on award-winning technology from netForensics, CiscoWorks SIMS delivers security event monitoring and correlation for multivendor security environments. Advanced options include event scoring, business impact and threat analysis which provide a comprehensive set of reporting and forensic analysis, so that customers can more accurately manage security deployments and improve their productivity.
Cisco IP Solution Center (ISC) version 3.0 Security Technology Module: A new policy-based security management offering providing customers with scalable and robust management of large-scale VPN and firewall deployments. The ISC management platform minimizes operational costs of security deployments and prevents inconsistent security policies. Customers can accurately and effectively deploy and manage VPN, firewall, Network Address Translation (NAT), and quality of service (QoS) security technologies. Additional ISC technology modules provide Layer 2 and Multiprotocol Label Switching (MPLS) VPN management for additional management options.
CiscoWorks VPN/Security Management Solution (VMS) version 2.2: Providing broad security management for the Cisco portfolio of security services, enhancements include integrated administrative support for the Cisco Catalyst® 6500 Firewall and VPN services modules and integrated monitoring of Cisco IDS solutions running software version 4.0. Cisco VMS 2.2 also supports the new Cisco Security Agent, a threat-protection capability based on the recent Okena acquisition. It also includes support for sophisticated VPN and firewall features delivered by Cisco IOS Software, and usability has been improved through a simplified installation process and an option for an expedited security policy deployment. New Cisco VPN Performance and Feature Enhancements Spanning Businesses of All Sizes Cisco also introduced today Cisco hardware-based VPN acceleration service modules, Cisco IOS Software-integrated VPN and remote-access VPN extensions to its integrated security portfolio that offer increased scalability, performance, and resilience for VPN deployments spanning networks of all sizes.
New hardware-based VPN acceleration modules, available across a wide array of Cisco platforms, raise the bar for high-performance and scalable VPN services. These include modules for the Cisco 2600XM for the branch office, Cisco 7200 Series routers for the headend, and the Cisco VPN 3000 Series Concentrator for remote-access VPN aggregation. These solutions also offer advanced security and scalability through Advanced Encryption Standard (AES) support, extending business-critical applications to all points in a customer network in a reliable and cost-effective manner. In addition, Cisco 7600 Series routers and Cisco Catalyst 6500 Series switches now deliver the highest-performance security solution available with up to 14 gigabit/second throughput for central site VPN aggregation and up to 20 gigabit/second firewall services. Specific product performance information can be found at: http://newsroom.cisco.com/dlls/vpn_acceleration_info.pdf
In addition to the hardware-based VPN acceleration, Cisco is enhancing its Cisco IOS Software-based VPN capabilities. Enhancements include IPSec-to-MPLS integration, allowing service providers to terminate multiple IPSec VPN customer-edge (CE) connections onto a single provider-edge (PE) MPLS interface for increased scalability and simplified configuration. New Dynamic Multipoint VPN (DMVPN) features include both a self-healing capability, which maximizes network VPN uptime by rerouting around network link failures, and a load-balancing feature, which delivers increased performance by transparently terminating VPN connections to multiple head-end VPN devices.
The new remote-access Cisco VPN Client software version 4.0 offers a set of capabilities that enhance its security and operational consistency. The updated version of the Cisco VPN Client provides improved desktop security, such as protection against hackers and viruses, for remote- access VPN sessions through integration with the Cisco Security Agent. The client also supports a consistent user experience through support of advanced multimedia and collaboration applications across remote-access VPNs for enhanced remote-worker productivity, as well as a simplified graphical interface for increased ease of use.
New Cisco Threat Protection Advancements
Cisco introduced today host-based threat protection solutions along with new IDS platforms that deliver high-performance, intelligent protection from malicious network activity. They include: Cisco Security Agent: Provides day-zero desktop and server protection from network attacks by inspecting operations on the desktop or server and looking for anomalous behavior between applications and the operating system for sophisticated threat protection.
Cisco Access Router IDS Network Module and Cisco IDS 4215 sensor: These new solutions address the growing small and medium-sized business, branch and remote-office demand for high-performance and cost-effective IDS solutions.
The Cisco Access Router IDS Network Module is a router-integrated line card that delivers 45 Mbps of intrusion protection. Through collaboration with IPSec VPN and generic routing encapsulation (GRE) traffic, this module can allow decryption, tunnel termination, and traffic inspection at the first point of entry into the network which is an industry first. This reduces the additional devices needed to typically support, and reduces operating and capital expenditure costs while enhancing security. This module complements an existing portfolio of integrated security and network services available on a single platform including Cisco IOS Software-based firewall, VPN, switching, voice, and content for a comprehensive branch-office solution.
The Cisco IDS 4215 Sensor appliance sensor delivers to branch and remote office customers 80 Mbps of intrusion protection at a price point that sets a new price/performance-ratio mark. With the support of multiple interfaces that enables simultaneous protection of up to five different network subnets, the Cisco IDS 4215 effectively delivers five sensors in a single 1-rack-unit appliance.
Both the Cisco IDS 4215 and IDS Network Module now support the latest IDS software version 4.1 which helps protect against malicious network behavior such as P2P (peer-to-peer) signatures that detect the violation of corporate policy through the use of file sharing tools such as Kazaa. In addition, both include easy-to-use integrated Web-based device management and advanced forensic capabilities. Combined with false alarm elimination through the Cisco Threat Response (CTR) technology, customers gain enhanced protection and reduced operational costs. Both are also fully compatible with other Cisco network-based IDS solutions, and are centrally managed and configured by CiscoWorks VMS, further reducing operational costs and management complexity.
For product and solution details go to: http://www.cisco.com/go/integrated_security/
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.