News Release

Cisco Expands Integrated Security Systems Leadership

New threat defense and secure connectivity extensions help enhance and protect networked business systems
Mar 09, 2004

SAN JOSE, Calif., March 9, 2004 - Cisco Systems, Inc., today announced the expansion of its integrated security systems product portfolio, focusing on enhanced performance, flexibility, and network resilience to security threats. Additions include threat defense and secure connectivity products and services that offer cost-effective and advanced performance and protection for networked businesses.

These extensions advance Cisco's Self-Defending Network strategy, which is designed to dramatically improve the ability of networks to autonomously identify, prevent and adapt to a range of security threats. The Cisco Self-Defending Network strategy integrates security in every aspect of the network to create an end-to-end integrated security system. These self-defending networks will identify threats, react appropriately based on risk level, isolate infected endpoints, and reconfigure the network resources in response to an attack.

"Security is no longer best layered onto networks and applications as an after-thought," said Eric Ogren, senior analyst with the Yankee Group. "Cisco clearly understands that security is a network service to be embedded throughout the infrastructure, and this announcement extends on that vision."

Increased Network Resilience and Flexibility with Cisco IOS Threat Defense Services

Cisco announced today an array of threat defense system capabilities through Cisco IOS Software Release.12.3T that are designed to help networks be more resilient to malicious network attacks, while simultaneously enhancing the flexibility and performance of networked business systems. These Cisco IOS Software services will offer customers:

Enhanced Network Resilience: The new Cisco IP Source Tracker, a Cisco IOS Software-based security capability, helps customers identify and locate network entry points for denial of service (DoS) attacks to minimize business disruption. New control-plane-policing features provide network administrators with a reserved management channel into a router, even when it may be under a DoS attack, for more effective response to network attacks. The addition of new role-based command-line interface (CLI) capabilities enable customers to define access based on administrative roles, letting network or security operations personnel exercise more precise control over network security, and minimizing the possibility for network attacks due to misconfigurations.

Improved Security Deployment Flexibility: New transparent firewall support gives customers the flexibility to segment the network into security "trust zones," while preserving the network's existing IP addressing scheme and simplifying security deployment. The new Cisco IOS Firewall for Internet Protocol version 6 (IPv6) provides stateful inspection to both existing IPv4 and IPv6 traffic on a single interface for enhanced performance, along with better management of the IPv6 migration process. Cisco IOS Software now also offers anomaly protocol inspection for the Extended Simple Mail Transfer Protocol (ESMTP), which gives customers advanced network packet inspection capabilities and helps protect again known mail attacks.

New Secure Connectivity and Security Management Products and Services

Cisco Systems® is also introducing security router and virtual private network (VPN) hardware products as well as security management software enhancements that will increase the performance and scalability of enterprise and service provider security and VPN deployments. The new products include:

Cisco 7301 Router: Cisco has extended VPN support to this central-site customer premises equipment (CPE) hardware product offering integrated security in head-end network environments. The Cisco 7301 now supports 370 megabits-per-second VPN throughput, and is integrated with high-performance stateful firewalling, routing and quality of service (QoS) management capabilities in a compact one-rack unit. The Cisco 7301 Router addresses the growing large-scale enterprise and value-added service provider demand for high-performance and cost-effective central-site VPN aggregation. It also includes support for the new Cisco Security Device Manager Version 1.1 for simplified configuration and administration. The platform joins Cisco's broad array of best-in-class integrated security routers.

Cisco Security Device Manager Version 1.1: Cisco Security Device Manager eases the security and VPN management of Cisco IOS® Software-based routers, and now includes new start-up wizards for faster and easier security deployment as well as one-step lockdown, which makes it easier for administrators to enable security features on routers. This reduces the complexity and time of delivering integrated security services into the network. The Cisco Security Device Manager Version 1.1 also extends support beyond the current Cisco 800, 1700, 2600,and 3700 series routers to the Cisco 7200 Series and 7301 routers and includes capabilities that can graphically depict the impact of network security policies on overall network traffic flow for enhanced network administrative control. It now also supports new Cisco IOS Software redundancy features, including dial backup and redundant IP Security (IPSec) VPN tunnels, to minimize potential networked business disruption.

Cisco VPN 3020 Concentrator: A new addition to the industry-leading Cisco VPN 3000 Series of concentrators, the Cisco VPN 3020 offers integrated IPSec and Secure Sockets Layer (SSL) remote VPN access to meet the requirements of any remote user population in a single device and management framework. The Cisco VPN 3020 offers advanced security in IPSec VPN deployments by supporting both Triple Data Encryption Standard (3DES) and Advanced Encryption Standard (AES), along with scalable support for 750 concurrent users. In SSL VPN deployments, the Cisco VPN 3020 can support up to 200 concurrent users for clientless VPN access from any standard Web browser, delivering a highly cost-effective price point per user. With integrated hardware-based acceleration at up to 50 megabits per second and integrated load balancing—which provides enhanced levels of resiliency and scaling by clustering multiple devices, customers have a high-performance and highly scalable solution for remote-access VPN environments.

Pricing and availability (