RealTime IT News

Cisco Adapts Its Defenses to New Threats

SAN FRANCISCO -- Cisco Systems announced a new phase in its "Self-Defending Network" initiative today -- one that promises protection from future attacks.

San Jose, Calif.-based Cisco dubbed the new portfolio "Adaptive Threat Defense" or ATD. Cisco is initially launching 10 new products and corresponding services, half of which were developed by Cisco engineers. The rest are a combination of technologies Cisco acquired from Psionic Software, Twingo Systems, Okena, Riverhead Networks and Protego Networks.

Some of the new products are shipping now at no extra charge to Cisco customers that have active SmartNET contracts. Others will arrive in March. Each combines security features, multi-layer intelligence, application protection, network-wide control and threat containment.

Cisco said the latest -- and certainly not the last phase -- of its Self-Defending Network initiative was necessary to prepare for the growing threats of multi-level attacks peppered with the pressures of spyware, phishing and malware . Much of the new Adaptive strategy relies on following usage behavioral patterns and trusted clients.

"We're laying a foundation to allow for the next wave of technologies," Jayshree Ullal, senior vice president for Cisco's Security Technology Group, said during a press briefing. "A lot of our technologies were effective in the 90s, but they need another level to them. We will continue to support all of our phases as long as there is a threat."

The company timed the announcement to coordinate with the RSA Security Conference here this week. CEO John Chambers is scheduled to deliver a keynote today on building and securing intelligent information networks.

The first phase of the Cisco Self-Defending Network security strategy focused on the need for integrated security, blending Internet Protocol (IP) and security technologies. The next phase introduced the Network Admission Control (NAC) industry initiative. Now, Cisco is focusing on better threat mitigation through Anti-X defenses, application security, and network control and containment.

Bob Gleichauf, Cisco vice president and CTO of the Security Technology Group, said the Adaptive phase builds on mutual awareness among Cisco's partners and between security services and network intelligence communities.

"It is no longer a Draconian approach that closes off an entire network in the case of a DDoS. That is not best practices," Gleichauf said. "Instead, we are filtering packets and traffic." For example, an online retailer would not want to cut a potential customer off from the system, yet it needs provisions in place that could limit that customer's activity when behavior matched threat criteria.

"What we are learning at the network edge will have to be replicated in other parts of the network," Gleichauf said. "This kind of attack could be recreated locally and companies have to be able to withstand it."

Products aligned with the new Adaptive Threat Defense strategy include Cisco's IPS 5.0; VPN 3000 Concentrator version 4.7; PIX 7.0, which focuses on managing HTTP, voice, and IP-based applications; IOS 12.3(14)T for port-80 control; Cisco Security Agent version 4.5, which handles malware/spyware protection, enhanced security state or "posture" assessment and location-based policy enforcement; Catalyst DDoS Modules for 6500 Series switches and 7600 Series routers; Cisco MARS; and the Cisco Security Auditor.

Ullal said Cisco's sales channels and training for the new Adaptive focus would remain consistent with its current policies.