 |
|
DAILY NEWS AND INFORMATION FOR THE GLOBAL GRID COMMUNITY / MAY 26, 2003: VOL. 2 NO. 21
|
Systems/Enterprise:
CISCO EXTENDS LEADERSHIP IN INTEGRATED NETWORK SECURITY
Cisco Systems, Inc. announced 14 security solutions and services that will
help customers of all sizes to make their networked business-critical
resources more resilient and operationally efficient. Additions to this
integrated security portfolio include security management, virtual private
network (VPN), and advanced threat protection offerings.
These additions underscore the Cisco security strategy to deliver advanced
network protection by integrating security services throughout Internet
Protocol (IP) networks, making them a transparent and manageable aspect of any
network. The strategy enables a wide array of flexible deployment options
including router and switch-integrated security and multifunction appliances
that offer combined firewall, intrusion detection, and VPN services for
organizations of all sizes. The collaboration of network and security services
enable customers to reap significant performance gains and increased security
intelligence as well as the assistance to scale the network to address future
business growth efficiently and securely.
"With organizations continuing to build operational efficiencies into their
business processes, they increasingly look to take advantage of their current
network resources to securely extend business-critical applications and
resources," said Jason Wright, Industry Analyst and Program Leader, of Frost &
Sullivan. "Cisco's integrated security strategy and product portfolio
underscore its commitment to address this market environment to help customers
sustain productivity and business resilience."
New Security Management Solutions Deliver Enhanced Scalability and
Ease-of-Use
Cisco introduced today new security management solutions and enhancements
designed to ease the operational challenges of managing security deployments
of all sizes and service types. They include:
Cisco IOS AutoSecure: This innovative Cisco IOS Software command-line-
interface (CLI) based feature provides "one touch" router lockdown. A single
command instantly and easily transforms the security posture of routers by
disabling non-essential operating system processes, enforcing secure access,
and enabling secure forwarding features.
Cisco Security Device Manager (SDM) version 1.0: Available across the Cisco
830 to 3700 series access routers to deploy and manage Cisco IOS Software-
based security services. This embedded device manager offers intelligent
wizards for configuring firewall and IP Security (IPSec) VPN services. Cisco
SDM also offers GUI-based router lockdown and, an innovative security auditing
capability to check and recommend changes to router configurations based on
industry-recognized ICSA Labs recommendations.
CiscoWorks Security Information Management Solution (SIMS) version 3.1: Based
on award-winning technology from netForensics, CiscoWorks SIMS delivers
security event monitoring and correlation for multivendor security
environments. Advanced options include event scoring, business impact and
threat analysis which provide a comprehensive set of reporting and forensic
analysis, so that customers can more accurately manage security deployments
and improve their productivity.
Cisco IP Solution Center (ISC) version 3.0 Security Technology Module: A new
policy-based security management offering providing customers with scalable
and robust management of large-scale VPN and firewall deployments. The ISC
management platform minimizes operational costs of security deployments and
prevents inconsistent security policies. Customers can accurately and
effectively deploy and manage VPN, firewall, Network Address Translation
(NAT), and quality of service (QoS) security technologies. Additional ISC
technology modules provide Layer 2 and Multiprotocol Label Switching (MPLS)
VPN management for additional management options.
CiscoWorks VPN/Security Management Solution (VMS) version 2.2: Providing broad
security management for the Cisco portfolio of security services, enhancements
include integrated administrative support for the Cisco Catalyst 6500
Firewall and VPN services modules and integrated monitoring of Cisco IDS
solutions running software version 4.0. Cisco VMS 2.2 also supports the new
Cisco Security Agent, a threat-protection capability based on the recent Okena
acquisition. It also includes support for sophisticated VPN and firewall
features delivered by Cisco IOS Software, and usability has been improved
through a simplified installation process and an option for an expedited
security policy deployment.
New Cisco VPN Performance and Feature Enhancements Spanning Businesses of All
Sizes
Cisco also introduced today Cisco hardware-based VPN acceleration service
modules, Cisco IOS Software-integrated VPN and remote-access VPN extensions to
its integrated security portfolio that offer increased scalability,
performance, and resilience for VPN deployments spanning networks of all
sizes.
New hardware-based VPN acceleration modules, available across a wide array of
Cisco platforms, raise the bar for high-performance and scalable VPN services.
These include modules for the Cisco 2600XM for the branch office, Cisco 7200
Series routers for the headend, and the Cisco VPN 3000 Series Concentrator for
remote-access VPN aggregation. These solutions also offer advanced security
and scalability through Advanced Encryption Standard (AES) support, extending
business-critical applications to all points in a customer network in a
reliable and cost-effective manner. In addition, Cisco 7600 Series routers and
Cisco Catalyst 6500 Series switches now deliver the highest-performance
security solution available with up to 14 gigabit/second throughput for
central site VPN aggregation and up to 20 gigabit/second firewall services.
Specific product performance information can be found at:
newsroom.cisco.com/dlls/VPNAccelerationinfo.pdf
In addition to the hardware-based VPN acceleration, Cisco is enhancing its
Cisco IOS Software-based VPN capabilities. Enhancements include IPSec-to- MPLS
integration, allowing service providers to terminate multiple IPSec VPN
customer-edge (CE) connections onto a single provider-edge (PE) MPLS interface
for increased scalability and simplified configuration. New Dynamic Multipoint
VPN (DMVPN) features include both a self-healing capability, which maximizes
network VPN uptime by rerouting around network link failures, and a load-
balancing feature, which delivers increased performance by transparently
terminating VPN connections to multiple head-end VPN devices.
The new remote-access Cisco VPN Client software version 4.0 offers a set of
capabilities that enhance its security and operational consistency. The
updated version of the Cisco VPN Client provides improved desktop security,
such as protection against hackers and viruses, for remote-access VPN
sessions through integration with the Cisco Security Agent. The client also
supports a consistent user experience through support of advanced multimedia
and collaboration applications across remote-access VPNs for enhanced remote-
worker productivity, as well as a simplified graphical interface for increased
ease of use.
New Cisco Threat Protection Advancements
Cisco introduced today host-based threat protection solutions along with new
IDS platforms that deliver high-performance, intelligent protection from
malicious network activity. They include:
Cisco Security Agent: Provides day-zero desktop and server protection from
network attacks by inspecting operations on the desktop or server and looking
for anomalous behavior between applications and the operating system for
sophisticated threat protection.
Cisco Access Router IDS Network Module and Cisco IDS 4215 sensor: These new
solutions address the growing small and medium-sized business, branch and
remote-office demand for high-performance and cost-effective IDS solutions.
The Cisco Access Router IDS Network Module is a router-integrated line card
that delivers 45 Mbps of intrusion protection. Through collaboration with
IPSec VPN and generic routing encapsulation (GRE) traffic, this module can
allow decryption, tunnel termination, and traffic inspection at the first
point of entry into the network which is an industry first. This reduces the
additional devices needed to typically support, and reduces operating and
capital expenditure costs while enhancing security. This module complements an
existing portfolio of integrated security and network services available on a
single platform including Cisco IOS Software-based firewall, VPN, switching,
voice, and content for a comprehensive branch-office solution.
The Cisco IDS 4215 Sensor appliance sensor delivers to branch and remote
office customers 80 Mbps of intrusion protection at a price point that sets a
new price/performance-ratio mark. With the support of multiple interfaces that
enables simultaneous protection of up to five different network subnets, the
Cisco IDS 4215 effectively delivers five sensors in a single 1-rack-unit
appliance.
Both the Cisco IDS 4215 and IDS Network Module now support the latest IDS
software version 4.1 which helps protect against malicious network behavior
such as P2P (peer-to-peer) signatures that detect the violation of corporate
policy through the use of file sharing tools such as Kazaa. In addition, both
include easy-to-use integrated Web-based device management and advanced
forensic capabilities. Combined with false alarm elimination through the Cisco
Threat Response (CTR) technology, customers gain enhanced protection and
reduced operational costs. Both are also fully compatible with other Cisco
network-based IDS solutions, and are centrally managed and configured by
CiscoWorks VMS, further reducing operational costs and management complexity.
|