News Release

Cisco Unveils SAFE Blueprint, Extending Cisco AVVID for Secure E-Business

SAFE Announcement Includes New Intrusion Detection and Security Policy Management Solutions
Sep 26, 2000

SAN JOSE, Calif., September 26, 2000Cisco Systems, Inc. today announced its security strategy for the Cisco AVVID architecture called "SAFE," a flexible security blueprint to help organizations reliably and cost-effectively engage in e-Business.

"SAFE is the only blueprint that tells customers how to embed security into their e-Business infrastructures," said Richard Palmer, vice president and general manager of the Cisco VPN and Security Services business unit. "Cisco AVVID now comprehensively addresses the security requirements of the network while providing the flexibility to support specific e-Business applications, such as electronic commerce and supply chain management."

Cisco AVVIDthe Cisco Architecture for Voice, Video and Integrated Datanow integrates scalable, high performance security services throughout the e-Business infrastructure, making it possible for companies to design and implement intelligent, self-defending networks. Within Cisco AVVID, the SAFE blueprint combines leading Cisco security solutions with a rich "ecosystem" of programs, partners and services.

"Security is on every end-user and service provider's mind right now, but nobody is sure where to turn to for answers," said Jeff Wilson, Director of Access, Infonetics Research. "The SAFE blueprint will provide companies with a roadmap for integrating security into the fabric of their networks, something most e-Businesses will need to do if they want to keep customers satisfied."

The SAFE blueprint has already drawn an early endorsement from Exodus Communications, Inc., a leader in complex Internet hosting and managed services. Exodus plans to begin rolling out its Cyber Attack Management Services based on the SAFE blueprint in October.

"To compete in the fast-paced Internet Economy, our customers need access to the latest, most comprehensive security solutions and services on the market," said Dr. Bill Hancock, vice president, security and chief security officer for Exodus. "Cisco's SAFE offers a proven blueprint that will allow customers to securely compete in the Internet Economy."

A Modular Framework Based on Cisco AVVID

The SAFE blueprint adopts a modular approach to securing the enterprise network in which security design, implementation and management processes are all specified for customers. Built within Cisco AVVID, SAFE integrates the security solutions required to safely engage in e-Business today and provides flexibility as organizations migrate to converged data, voice and video environments.

In designing each SAFE module, Cisco considered several key criteria, including potential security threats and responses, resilience, performance, scalability, secure management, quality of service and voice support. Each module identifies where and why critical Cisco security products and technologiessuch as Cisco Secure PIX. Firewall, Cisco IOS. Firewall Feature Set, Cisco Secure Intrusion Detection Systems (IDS) or Cisco VPN Concentratorsare needed. Where appropriate, the modules also integrate best-in-class third-party ecosystem solutions, such as anti-virus protection, host-based intrusion detection, log analysis and authentication systems.

SAFE's modular approach provides maximum flexibility for customers, enabling them to adopt the modules that are appropriate for their businesses. SAFE also offers customers the flexibility to deploy secure Cisco AVVID infrastructures in stages according to their specific and immediate business needs. This allows organizations to leverage their existing security infrastructure while staying within their security budgets on new e-Business projects. Customers also gain peace-of-mind knowing that each module has been built and tested by Cisco security architects and examined by Cisco's award-winning security consultants.

New Cisco Security Products and Ecosystem Enhancements

In addition to SAFE, Cisco today announced several new Cisco Secure Intrusion Detection System products (see separate press release issued today) as well as two new security management options for network administrators. The announcements include:

  • The Catalyst 6000 IDS Module, a full-featured IDS solution designed to address the critical need for intrusion detection capabilities in switched environments. The list price for the Catalyst 6000 IDS Module is $14,995 USD.

  • The Cisco Secure IDS 4210, a plug-and-play IDS appliance for both enterprises and small- to medium-sized businesses. The list price of the Cisco Secure IDS 4210 is $8,000 USD.

  • Exodus will deploy Cisco Secure IDS in its Exodus Internet Data Centers as part of CAMS. The intrusion detection component of CAMS will allow Exodus customers to analyze the content and context of individual packets in real-time to detect suspicious network activity. Exodus will provide interested customers with the hardware and services needed to install and configure the IDS solution, as well as highly skilled security professionals available to resolve security incidents on a 24x7 basis.

  • Cisco Secure Policy Manager (CSPM) version 2.2, which adds IDS capabilities to Cisco's scalable policy-based security management system. Now customers can manage their IDS systems from the same console as their Cisco firewalls and virtual private network (VPN) routers. The list price for CSPM version 2.2 is $2,000 USD for a three-unit "Lite" bundle and $15,000 USD for an enterprise license.

  • Cisco Secure ACS2000, a high performance access control server that controls the authentication, authorization and accounting (AAA) of users accessing corporate resources through the network. The list price for Cisco Secure ACS2000 is $4,500 USD.

Cisco also announced several enhancements to its Enterprise ecosystem, which includes supporting Cisco security programs and services as well as third-party products and integration partners. Cisco Enterprise ecosystem announcements include:

  • The Cisco Security Encyclopedia (CSEC), an on-line repository of advanced network security information intended to assist networking professionals in securing networks for e-Business. CSEC will be available in Q4 2000 on the World Wide Web at

  • A new Cisco Certified Network Professional certification for Security, which provides a program for Cisco network security solution specialists. The expertise gained from this program provides the student with a thorough administrative understanding of many of the key elements of a Cisco AVVID network.

  • Enhancements to the Cisco Security and VPN Associate program, an interoperability testing and co-marketing program developed to deliver comprehensive security solutions for Cisco networks that build on the strengths of Cisco's line of security products. New elements in the program include complementary application security and wireless communications solutions.

For additional information about Cisco AVVID and Cisco's SAFE blueprint, please visit the Cisco Enterprise Security Web site at