News Release

Cisco Announces Integrated, Managed Virtualization for the Catalyst 6500 Firewall Service Module and New DDoS Attack Prevention Solutions

Extending Self-Defense Network Security Strategy with increased scalability, deployment flexibility, and new attack prevention capabilities
Jun 02, 2004

SAN JOSE, Calif., June 2, 2004 - Cisco Systems, Inc., today announced integrated, managed virtualization and other new capabilities for the Cisco Firewall Services Module along with the introduction of the Cisco Traffic Anomaly Detector XT 5600 and the Cisco Guard XT 5650, Distributed Denial of Service (DDoS) detection and mitigation security appliances.

With ongoing innovations and growing adoption of integrated firewall and IP Security (IPSec) VPN security services modules on Cisco Catalyst® 6500 Series switches, Cisco share of high end firewall and VPN sales increased by 15 percent from the fourth quarter of calendar year 2003 to the first quarter of calendar year 2004, according to Infonetics Research, increasing Cisco's leadership position in security.

These new offerings also advance the Cisco Self-Defending Network security strategy addressing customers' increasing requirements to cost-effectively integrate security throughout the network infrastructure to maximize network availability and business continuance.

"The innovations on the Catalyst 6500 Firewall Services Module highlight the first delivery on Cisco's strategy to enable network-integrated, managed virtualization on a converged services platform with industry leading manageability, usability, and scalability," said Luca Cafiero, Senior Vice President of the Cisco Switching, Voice, and Storage Technology Group. "Our service provider and enterprise customers are integrating virtualized firewall and other services, including IPSec VPN, Layer 4-7 switching, and wireless LAN, on the Catalyst 6500 to embed intelligent services throughout their network infrastructures with scalable architectures."

Increased Flexibility and Operational Gains with New Innovations on Cisco Firewall Service ModuleThe Firewall Services Module software Version 2.2 provides enterprise and service provider customers with a more scalable and operationally efficient way to deploy differentiated security services with customized control throughout their networks without having to deploy a dedicated physical device per service type which lowers the total cost of ownership.

"Managed virtualization" allows a single physical Firewall Service Module in a Catalyst 6500 switch to act as many virtual devices or "contexts". It enables the delivery of differentiated firewall service by customer, user or application type providing each its own network management for more granular control. Cisco expands upon foundation virtualization services with a new feature in its Firewall Service Module, called Resource Manager, which helps enterprises and service providers to allocate firewall performance and resource availability on a per virtual firewall basis. This helps enable differentiated service level definitions and guarantees to network segments or customers.

The Firewall Services Module also includes new Layer 2 transparent firewall support which gives customers the flexibility to segment the network into multiple Layer- 2 security "trust zones," while preserving the network's existing IP addressing scheme and simplifying security deployments.

The Firewall Service Module v2.2 and additional capabilities, announced today, including Resource Manager are supported by Cisco PIX® Device Manager (PDM) v4.0, CiscoWorks Management Center for Firewalls (Firewall MC) v1.3, and CiscoView Device Manager (CVDM) v1.0, for easy, Web-based deployment and management at the module, multi-module, and system level.

Together these new offerings demonstrate the continued innovation and investment protection of the Catalyst 6500 platform as a converged network and security services platform. Catalyst 6500 integrated services modules are also supported on the Cisco OSR 7600 Router.

Enhanced Threat Defense Capabilities with new DDoS Prevention Solutions

Cisco also announced the Cisco Guard XT 5650 and Cisco Traffic Anomaly Detector XT 5600, two high-performance network security appliances from the recent Riverhead Networks acquisition that deliver automated protection against DDoS attacks in enterprise and service provider networks.

The Cisco Guard XT 5650 offers anomaly recognition, comparing individual traffic flows to profiles of normal traffic patterns, behavior, and protocol compliance, in addition to source verification and anti-spoofing capabilities, to block individual attack traffic flows while helping to ensure the delivery of legitimate transactions. A "dynamic diversion" approach enables the Cisco Guard XT 5650 to redirect traffic that is flowing toward a targeted resource through this multilayer defense, maximizing scalability and reliability.

The Cisco Traffic Anomaly Detector XT 5600 can quickly and accurately identify a broad range of known and previously unseen DDoS attacks, and automate activation of the Cisco Guard XT 5650. This helps customers protect critical network resources from DDoS attacks, maximizing network availability. Additionally, future phases will integrate the DDoS detection and mitigation technology onto the Catalyst 6500 platform.

Pricing and Availability

Product Pricing (USD) Availability
Cisco Firewall Services Module:
20 Virtual Firewalls License $12,500 Available now
50 Virtual Firewalls License $25,000 Available now
100 Virtual Firewalls License $45,000 Available now
Cisco Guard XT 5650 $90,000 Sched. availability in July
Cisco Traffic Anomaly Detector XT 5600 $45,000 Sched. availability in July