Cisco CEO Chambers Details Company's Vision for Network Security
Adaptive Threat Defense brings greater application control, increased protection against malicious programs, and new management capabilities for more effective network protection
Related Information
News Release Cisco Takes Self-Defending Network Strategy to a New Level Cisco Delivers Adaptive Threat Defense Across Security Product Portfolio Press Kit Cisco Systems at RSA Conference 2005 Webcast Watch webcast replay
February 22, 2005
By Charles Waltner, News@Cisco
In his key note address last week at the 2004 RSA Conference in San Francisco, Cisco Systems' President and Chief Executive Officer John Chambers articulated his company's vision of how networking security needs to evolve to ensure the continued benefits of Internet-based communications.
"The success of networking security could dramatically influence the rate of acceptance of information technology and the advantages it can bring to a country, company, or community," Chambers said.
Chambers explained that Cisco is committed to building integrated, systems-based security that reduces complexity, eases deployment, reduces management overhead, and lowers the total cost of ownership. Only with this approach will networks be able to viably protect against current threats and the ones in the years ahead.
"If you are just now thinking about how to create security systems, it's too late," Chambers said. "The challenge for network security is not about what to do now but what network security should be in three, five or seven years. We need to skate to where the hockey puck will be."
And in response to this challenge, Cisco has been developing the Self-Defending Network. While Chambers said this concept of network security was controversial when it was introduced in early 2000, the Cisco vision for an architecture-based, integrated approach to security is proving prophetic.
Network security threats are now coming at networks from every angle and are evolving rapidly. Point products are simply no longer adequate against this dynamic array of attacks. Only with an integrated, comprehensive, and proactive system of protection and response is dependable and viable network security possible.
At the RSA Conference, Cisco unveiled the third and most comprehensive phase in its evolution of the Self-Defending Network. The new phase, called Adaptive Threat Defense, includes multiple products and upgrades addressing application security, invasive coding defense (dubbed "Anti-X"), and network-wide coordinated defense controls.
Cisco initiated the Self-Defending Network as an integrated approach to security and as a response to the shortcomings of previous point-products and "fortress" style network defenses. As has become clear, there are no silver-bullets for network security. Threats are many and continue to evolve. As a result, network defenses must be multifaceted, multi-layered and adaptable. They also must provide for open communications, allowing networks to do what they do best: connecting a wide-array of users across any geography.
The first phase of the Self-Defending Network focused on integrating security features throughout a network, marking a break in the traditional "point product" approach to network security. The second phase of the Self-Defending Network, which Cisco launched in late 2003, focused on developing collaborative security systems. This phase introduced Cisco's innovative Network Admission Control program that created a new tool for security by coordinating network defenses with desktop computers, servers and other "end-points." Now Cisco is bringing even more protection to IP-based communications with the Adaptive Threat Defense phase of the Self-Defending Network.
"Until now, much of what we have focused on is embedding security in the network and enabling different types of endpoints and devices to connect to each other," said Jayshree Ullal, Cisco's senior vice president of the Security Technology Group. "With Adaptive Threat Defense, what we're addressing with our new line of security products is that there is no perimeter to the network anymore so you have to build your defenses with this in mind. Not only do you have to worry about the network and the devices that connect to it, but you also have to secure the applications that run across the network."
Some of the featured technologies of the third phase of the Self-Defending Network include v.5.0 of Cisco's Intrusion Prevention System. This IPS goes well beyond standard IPS products by providing multi-vector threat defenses that use a risk rating system and meta-event generator to assess the nature of various network traffic.
Another major product announcement centers on improvements to Cisco's SSL virtual private network products, which include support for all three types of desktops: channeled clients, Web-based clients, and temporary, Java-type clients. As part of the upgrades, Cisco introduced the Cisco Secure Desktop, which helps manage desktop disc privileges.
Another major facet of the Adaptive Threat Defense is enhancements to the Cisco PIX Firewall. These widely deployed devices can now work as an application firewall that provides granular security with an HTTP inspection engine for controlling Port 80 abuses and other security concerns. Cisco also introduced support for the virtualization of firewalls, application firewall security, and in-line intrusion prevention with the 12.3 release of the Internetworking Operating System (IOS) software that runs all Cisco's routers.
Cisco also boosted the posture assessment capabilities of the highly successful Cisco Security Agent. It now also supports more versions of Windows as well as Linux. And Cisco unveiled new technologies that protect Cisco switches and routers with sophisticated and high-speed counter-measures to distributed denial of service (DDoS) attacks.
Finally, to help with management of network defenses, the company unveiled the all-new Cisco Monitoring, Analysis, and Response System (MARS), which provides automated response and mitigation for network-wide control.
While this third phase of the Self-Defending Network is the most comprehensive to date, it is only one more step in Cisco's determined quest to bring to its customers the most effective networking security on the market. Already Cisco is working on even more innovative security products for the future. As demonstrated in Chambers' keynote address, the company is developing what's known as Internet Identified Mail technology, which can more accurately detect spam and fraudulent email. The specifications for Internet Identified Mail are now under review with the Internet Engineering Task Force (IETF).
As Chambers said, "Time will tell if our approach to network security is right or wrong, but our commitment to an integrated, systems-based security architecture is already proving its value as the complexity of defending networks continues to accelerate. Human intervention is no longer a viable means for protecting the network. The network must have the means to defend itself."
Charles Waltner is a freelance journalist in Oakland, Calif.
