Cisco Adapts Its Defenses to New Threats

SAN FRANCISCO — Cisco Systems announced a new

phase in its “Self-Defending Network” initiative today — one that promises

protection from future attacks.

San Jose, Calif.-based Cisco dubbed the new portfolio “Adaptive Threat Defense” or ATD. Cisco is initially launching 10 new products and corresponding services, half of which were developed by Cisco engineers.

The rest are a combination of technologies Cisco acquired from Psionic

Software, Twingo Systems, Okena, Riverhead Networks and Protego

Networks.

Some of the new products are shipping now at no extra

charge to Cisco customers that have active SmartNET contracts. Others will arrive in March. Each combines security features, multi-layer intelligence, application

protection, network-wide control and threat containment.

Cisco said the latest — and certainly not the last phase — of its

Self-Defending Network initiative was necessary to prepare for the growing

threats of multi-level attacks peppered with the pressures of

spyware, phishing and malware . Much of the new Adaptive

strategy relies on following usage behavioral patterns and trusted

clients.

“We’re laying a foundation to allow for the next wave of

technologies,” Jayshree Ullal, senior vice president for Cisco’s

Security Technology Group, said during a press briefing. “A lot of our

technologies were effective in the 90s, but they need another level to

them. We will continue to support all of our phases as long as there is

a threat.”

The company timed the announcement to coordinate with the RSA

Security Conference here this week. CEO John Chambers is scheduled to

deliver a keynote today on building and securing intelligent

information networks.

The first phase of the Cisco Self-Defending Network security strategy

focused on the need for integrated security, blending Internet Protocol

(IP) and security technologies. The next phase introduced the Network

Admission Control (NAC) industry initiative. Now, Cisco is focusing on

better threat mitigation through Anti-X defenses, application security,

and network control and containment.

Bob Gleichauf, Cisco vice president and CTO of the Security Technology Group, said the Adaptive phase builds on mutual awareness among

Cisco’s partners and between security services and network intelligence

communities.

“It is no longer a Draconian approach that closes off an entire

network in the case of a DDoS. That is not best practices,” Gleichauf

said. “Instead, we are filtering packets and traffic.” For example, an online retailer would not want to cut a potential customer off from the system, yet it needs provisions in place that could limit that customer’s activity when behavior matched threat criteria.

“What we are learning at the network edge

will have to be replicated in other parts of the network,” Gleichauf said. “This kind of attack could be recreated locally and companies have to be able to

withstand it.”

Products aligned with the new Adaptive Threat Defense strategy

include Cisco’s IPS 5.0; VPN 3000 Concentrator version 4.7; PIX 7.0,

which focuses on managing HTTP, voice, and IP-based applications; IOS

12.3(14)T for port-80 control; Cisco Security Agent version 4.5, which

handles malware/spyware protection, enhanced security state or “posture”

assessment and location-based policy enforcement; Catalyst DDoS Modules

for 6500 Series switches and 7600 Series routers; Cisco MARS; and the

Cisco Security Auditor.

Ullal said Cisco’s sales channels and training for the new Adaptive

focus would remain consistent with its current policies.

News Around the Web