Cisco announces the next phase of strategy for self-defending networks

Cisco announces the next phase of strategy for self-defending networks

SAN FRANCISCO'Cisco Systems Inc. announced the release of 10 new security products or features at the RSA Security Conference this week, calling it the next phase in its strategy to create self-defending networks.

"You can't approach this problem with pinpoint products," Cisco chief executive officer John Chambers said in a keynote address to the conference on Wednesday. "It is impossible without an architectural play to address this."

Chambers said IT is moving toward a converged, all-IP environment with "complete virtualization of resources." It will be irrelevant where an application resides, where it works or how it is accessed, and this virtualization will define security issues, he said. Enterprises must be designed to defend against threats and vulnerabilities that have not yet been defined.

Security challenges must be met by tightly integrating existing security products and moving new security into the network, he said.

The new products and features constitute what Cisco is calling its Adaptive Threat Defense. They fall into three categories:

  • Anti-X defenses, which includes version 5.0 of the Cisco Intrusion Prevention System; its Anomaly Detector and Guard products, available as standalone devices, router blades or managed services, to detect and block denial of service attacks; and Security Agent Version 4.5 to manage security policy on Cisco devices

  • Application security, which includes Secure Sockets Layer virtual private network services in the Cisco VPN Concentrator Version 4.7; PIX Security Appliance Software Version 7.0; and IPS Version 5.0 and IOS Version 12.3 for application inspection and control

  • Network control and containment, including Cisco Security Monitoring, Analysis and Response System and Security Auditor, which monitors network activity; virtual firewall capabilities on PIX software Version 7.0 and IOS Version 12.3; and Network Admission Control support in Cisco VPN 3000 Concentrator Version 4.7.

Chambers also announced that Cisco now is working on a system called Internet Identified Mail, which would compete with Microsoft's SenderID scheme as a way to fight spam and other inappropriate e-mail.

Internet Identified Mail would use keys for a mail server's domain registered with the Domain Name System. Outgoing e-mail would be signed with the keys and verified on the recipient's end by DNS servers. Each e-mail message then would be tagged in the header as registered, not registered, or fraudulent. The recipient would set policy on how each tag would be handled.

About the Author

William Jackson is a Maryland-based freelance writer.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.