SAN JOSE, Calif., February 15, 2005 - Cisco Systems, Inc., today announced the addition of over 10 new products, software enhancements, and services across its market-leading security product portfolio. These new offerings deliver more proactive and broader protection from a wider variety of network and business-application threats.
The extent of these new product offerings underscores the evolution of the Cisco Self-Defending Network security strategy through Adaptive Threat Defense (ATD), an innovative architecture that increases security effectiveness via three major components; Anti-X defenses, Application security, and Network control and containment. (See related announcement "Cisco Takes Self-Defending Network Strategy to a New Level" http://newsroom.cisco.com/dlls/2005/prod_021505.html)
"Securing today's networks and applications requires the highest levels of proactive and coordinated threat protection and is a critical aspect of the Cisco Self-Defending Network security strategy,." said Jayshree Ullal, senior vice president of the Cisco Security Technology Group (STG) "Today's announcement highlights Cisco's ability to deliver innovative security extensions across multiple products and platforms which provide customers with Adaptive Threat Defense (ATD) across their business networks and applications."
Cisco is delivering new products and technology enhancements across multiple areas of ATD that include Anti-X defenses, Application security, and Network control and containment. Products and enhancements include:
Anti-X Defenses
The Cisco Intrusion Prevention System (IPS) Version 5.0: Solutions deliver a new generation of highly accurate and intelligent in-line prevention services complemented by new network anti-virus, anti-spyware and worm mitigation capabilities for improved threat defense across multiple form factors including appliances, switch-integrated modules, and Cisco IOS® Software-based solutions offering up to 7 gigabits per second of performance.
The Cisco Anomaly Guard Module and Cisco Traffic Anomaly Detector Module for the Cisco Catalyst® 6500 Series switches and Cisco 7600 Series routers: Version 4.0 of this distributed denial of service (DDoS) behavior-based mitigation solution provides new switch-integrated multi-gigabit protection of critical network resources against day-zero DDoS attacks
Cisco Security Agent (CSA) Version 4.5: Offers malware/spyware protection, enhanced security state or "posture" assessment, location-based policy enforcement, and internationalization for enhanced endpoint security.
Application Security
Secure Sockets Layer (SSL) virtual private network (VPN) services within the Cisco VPN 3000 Concentrator Version 4.7: Provides broadened access to virtually any application with advanced endpoint and malware protection including application-optimization capabilities with the new Cisco Security Desktop application.
Cisco PIX® Security Appliance Software Version 7.0: Represents the largest feature release since its initial introduction highlighted by extensive inspection and control over a broad range of HTTP, voice, and IP-based applications. Cisco PIX version 7.0 also introduces a highly flexible security-policy framework providing fine-grain control over individual user-to-application flows.
Cisco IPS Version 5.0 and Cisco IOS Software Release 12.3(14)T: Solutions also deliver new application inspection and control capabilities offering enhanced application security for port-80 control and misuse and voice over IP (VoIP) environments.
Network Control and Containment
Cisco Security Monitoring, Analysis and Response System (CS-MARS) and Security Auditor: Collectively provide network security event correlation and policy auditing for proactive response to unauthorized network access and activity.
Virtual firewall capabilities available in Cisco PIX Software Version 7.0 and Cisco IOS Release 12.3(14)T: Expands access control and inspection of networked business resources at a lower cost of ownership. Release 12.3(14)T also includes a new IP Security (IPSec) virtual interface, providing easier and more scalable IPSec VPN management, and enhanced support for Voice and Video over VPN (V3PN) applications.
Network Admission Control (NAC) support in Cisco VPN 3000 Concentrator version 4.7: NAC support for IPSec traffic offers enhanced posture assessment.
These products reflect Cisco's commitment to deliver investment protection by enabling customers to significantly enhance the capabilities of their existing systems through simple software upgrades. Highlighted products in this announcement include active intrusion prevention services, SSL VPN, application firewalling and anti-X services, for advanced application and threat protection.
Anti-X Defenses with New Advanced IPS Capabilities
Cisco IPS version 5.0 delivers an increased level of in-line accuracy to identify and stop more of the threats business applications are facing including worms and viruses, malware/spyware, threats associated with peer-to-peer (P2P) and instant messaging (IM) without impacting legitimate traffic.The new IPS software is supported by Cisco IPS 4200 Series appliances and the Cisco Catalyst 6500 Series and 7600 Series Intrusion Detection System Module (IDSM-2) through a software upgrade to provide industry-leading investment protection.
Enhanced in-line IPS functionality available in Cisco IOS version 12.3 (14)T increases protection against new classes of threats such as spyware, network anti-virus, and malware associated with IM applications which dramatically improves the ability to prevent and mitigate damage from worm and virus attacks. This new IPS functionality also allows users to create custom signatures to address newly discovered threats for broader protection.
SSL VPN Enhancements
New SSL VPN capabilities available in the Cisco VPN 3000 Concentrator Version 4.7 includes new Cisco Secure Desktop functionality which helps address SSL VPN endpoint security. The Cisco Secure Desktop provides pre-connection security state or "posture" assessment of the connecting device, security during the session by creating a secure virtual desktop that protects sensitive data, and post-connection clean-up that eliminates all traces of sensitive session information.
The Cisco VPN 3000 Concentrator Version 4.7 also includes a new dynamically downloadable Cisco SSL VPN Client, which provides transport for virtually any IP application. The Cisco VPN 3000 Concentrator Version 4.7 also offers fully clientless support for Citrix environments without the need for any SSL VPN client software thereby increasing application performance and reducing endpoint software compatibility issues.
Proactive Application Control
The new Cisco PIX Software Version 7.0, along with Cisco IPS software version 5.0, and Cisco IOS Release 12.3(14)T, now offer support for application firewalling, which enables application inspection and control of Web traffic, a common entry point for Internet threats. Additionally the new Cisco PIX 7.0 Modular Policy Framework provides network administrators with more granular and flexible inspection control over individual applications and user traffic traversing a firewall. In combination, these new software features prevent malicious behavior such as malformed packets, bandwidth consuming IM and P2P traffic and application-embedded attacks from impacting application performance and proliferation of network attacks.
Enhanced Endpoint Security with Cisco Security Agent Version 4.5
The new CSA 4.5 provides improved anti-spyware/malware protection as well as support for international Windows OS and Redhat Linux. CSA 4.5 also includes advanced integration with Network Admission Control, (NAC) the Cisco-sponsored industrywide initiative led by Cisco to help improve a network's ability to identify, respond, and adapt to security threats, and allows policies to be dynamically changed based on the devices security posture, user credentials, or location of the end device.
More information about additional products announced today can be found at http://newsroom.cisco.com/dlls/2005/securityproduct_detail_021505.pdf
Pricing and availability
New software releases are available to Cisco customers with active SmartNET contracts at no extra charge.
Product | Scheduled Availability | Pricing |
Cisco IPS 5.0 | Q1CY'05 | -Free under service contract -$5700 otherwise |
Cisco VPN 3000 Series version 4.7 (SSL-VPN + Secure Desktop) |
Q1CY'05 | -Free under service contract -Varies by model starting at $495 |
Cisco IOS Software Release 12.3(14)T | Q1CY'05 | -Free under service contract -Varies by model |
Cisco PIX 7.0 | Q1CY'05 | -Free under service contract -Varies by model starting at $250 |
Cisco Catalyst 6500 DDoS Traffic Anomaly Detector Module | Q1CY'05 | $35,000 |
Cisco Catalyst 6500 DDoS Anomaly Guard Module | Q1CY'05 | $80,000 |
CSA 4.5 | Q1CY'05 | Varies by user/server license starting at $1050 |
CS-MARS | Q1CY'05 | Varies, starting at $15,000 |
Cisco Security Auditor | April '05 | Starting at $8k |