Ask the Expert

Cisco network appliance security: Does 'self-defending' network stack up?

Cisco Systems Inc. for several years has touted its vision of the "self-defending" network. What would you say are the key technical concepts behind Cisco's philosophy, and, as of now, has it been a success?

    Requires Free Membership to View

My takeaway from Cisco Systems Inc.'s vision of "self-defending" network appliance security is that it is a tightly coupled collection of appliances that address security all the way up the network stack. The goal is to provide an integrated platform that adapts to the changing threat landscape and supports collaboration among the various components to provide effective protection and ease of management.

A possible architecture for a self-defending network could include (please note that I have focused on the Cisco platform but other best-of-breed solutions are possible as well): A regular 6500 chassis can be configured to house a firewall blade (ACE/FWSM), an IPS module (IDSM2), content management modules and, potentially, a dedicated Web application firewall (ACE WAF). This provides a platform to protect against signature-based network- and application-level attacks, at the same time providing for zero-day protection through an endpoint security product. The data correlation and analysis of data from each of those appliances is achieved using Cisco's Security Monitoring, Analysis and Response System, or MARS, which is Cisco's proprietary security information event management (SIEM) product.

A typical proactive mitigation example could involve the security agent detecting suspicious activity on a host PC, which it then forwards to the MARS platform. The MARS platform then collaborates with the IPS module to monitor flows to and from that endpoint and cut off any potential attacks.

One thing to keep in mind, however, is that you do not have to be Cisco-centric in building a "self-defending" stack that incorporates the devices listed above. The key to having an effective multi-vendor "self-defending" stack is to ensure each security point product is able to collaborate with the others. This collaboration can be quite complicated and difficult, given that most vendor platforms are either point products built on a closed platform, or are built to support their own integrated security stacks. An example of an open platform that supports multiple vendor security products is Crossbeam X-series platform.

This was first published in July 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: