Cisco Systems and Trend Micro say their latest collaboration is another step toward the self-defending network, where IT managers can blunt attacks by spotting worms and updating antivirus signatures within minutes of an outbreak.
The companies unveiled a new service this week called the Cisco Incident Control System (ICS). Cisco also unveiled security enhancements to its Intrusion Prevention Systems (IPS) and Internetwork Operating System (IOS) software.
"This is another piece of the Self-Defending Network initiative," said Raphael Reich, Cisco's product marketing manager for security. "Every security product we come out with is part of that. It's all based on building intelligence into the network so it can respond to and block threats in real time."
The San Jose, Calif.-based networking giant said in a statement that ICS will help customers "respond within minutes to the rapid and global spread of today's worm and network virus outbreaks." The tool uses up-to-the moment outbreak intelligence and virus signature distribution from Tokyo-based Trend Micro.
"Cisco and Trend Micro have recognized that through collaboration between our real-time threat management services -- a key aspect of the Trend Micro Enterprise Protection strategy -- and the Cisco Self-Defending Network security strategy… we can deliver a stronger business security environment that reduces both risk and costs for our customers," Trend Micro CEO Eva Chen said in a statement. "This relationship delivers what enterprise customers are asking for -- a comprehensive and proactive threat outbreak prevention system."
The new product rollout comes on the heels of recent media controversy over Cisco security holes. Earlier this month, Cisco fixed a high-risk flaw in IOS attackers could exploit to cause a denial of service or launch malicious code. Because IOS runs on the company's routers and switches -- a significant portion of the Internet's infrastructure -- the vulnerability prompted Cupertino, Calif.-based antivirus giant Symantec to raise its global threat index to Level 2. And at the Black Hat Briefings in July, security researcher Michael Lynn caused a firestorm when he released a potential flaw in Cisco routers. He said the flaw could, if exploited to its potential by an attacker, bring down the entire Internet. Lynn, a former employee with Internet Security Systems, said at the time that he quit his position with ISS two hours before his discussion and faced litigation from both Cisco and ISS for divulging the information in his presentation.
Those problems aside, Reich said Cisco's collaboration with Trend Micro will go along way in improving security. For those already using Cisco products, he said the rewards could come quickly.
"The key benefit of what we're introducing is for existing customers, those with intrusion prevention systems from Cisco already deployed," he said. "With ICS, you get the latest signatures and protection information from Trend Micro and it's distributed out through Cisco." The enhanced IOS and IPS software will also allow for improved security response across existing infrastructure where Cisco products are already deployed, he said.
ICS is the second product born from the Cisco-Trend Micro collaboration, which started more than a year ago. Reich said the companies worked for 12-18 months on ICS.
An implementation service from Cisco Advanced Services is also available that can provide ICS customers with advanced preparation, design, and deployment support, Reich said. Meanwhile, he said:
- A "distributed threat mitigation" feature for Cisco IPS will provide an integrated and more coordinated response to locally-occurring threats. It is delivered through enhancements to the Cisco Security Monitoring, Analysis and Response System (CS-MARS), version 4.1.
- New versions of the Cisco IPS 5.1 and Cisco IOS Software Release 12.4(4)T offer improved outbreak prevention capabilities. IPS version 5.1 offers support for up to 255 Virtual LANs (VLANs) on a single interface, expanding protection of critical assets. It also delivers multi-gigabit, non-stop intrusion prevention through EtherChannel load balancing, a capability that helps enable high throughput with high availability services. Other new capabilities include traffic rate limiting with Cisco switches and routers, allowing customers to have more control over network traffic and expanded protocol support.
- Cisco IOS Software Release 12.4(4)T also includes a new outbreak prevention capability called Flexible Packet Matching (FPM). FPM lets users conduct deep packet inspection pattern matching and filtering using pre-defined or customizable protocol templates in Extensible Markup Language (XML) or IOS Command Line Interface (CLI) for more granular user control. It also includes additional application firewall and expanded protocol support.
Cisco ICS will be available next month, with prices starting at $9,200, Reich said.