SAN JOSE, Calif. -- The vision Cisco CEO John Chambers outlined in his RSA Security conference keynote Wednesday...
wasn't new to those who've kept tabs on the networking giant in recent years. In speech after speech, he's pushed the concept of a multi-layered, tightly wound network that can defend itself without human intervention.
But as he did in last year's RSA address, Chambers used a list of new product enhancements to illustrate how his San Jose, Calif.-based company is advancing its Self-Defending Network strategy.
"We're working toward the ability for all Cisco devices to work together and communicate with each other to stop attacks," Chambers told his audience. "The idea is that one device can warn another device of a threat," and can lock down the network to blunt the impact.
With people and businesses becoming increasingly dependent on the Internet for commerce, Chambers predicted that many of today's security point products will be folded into what he called a tightly-integrated network security platform. He also predicted a steady trend toward more virtual networks.
"Virtualization is inevitable," he said, adding that companies must keep an eye to the future and look at how individual products will move into the network over time. "[Future networks] will be more complex, and will allow companies to do neat things and boost productivity. But it has to be an architecture with security throughout."
Cisco used the conference to unveil the latest security enhancements designed to push the world closer in the direction Chambers envisions.
This includes the Cisco Security Management Suite, comprised of the new Cisco Security Manager (CSM) and a new version of the Cisco Security Monitoring, Analysis and Response System (Cisco Security MARS version 4.2).
This suite integrated monitoring, configuration and management solution for identifying and enforcing policies associated with data monitoring, Cisco said.
Also unveiled was a new Content Security and Control Security Services Module (CSC-SSM) for the Cisco Adaptive Security Appliance (ASA) 5500 Series. Cisco said this provides Anti-X services that unify antivirus, antispyware, file blocking, antispam, antiphishing, URL blocking and filtering, and content filtering. The technology is the product of an alliance with Tokyo-based AV firm Trend Micro.
Richard Palmer Jr., VP and general manager of Cisco's VPN and Security division, called the new module an example of the kind of partnerships Chambers said is necessary to make self-defending networks a reality in an interview following Chambers' keynote.
"This shows how we can make the network a platform for services, including the services of our partners," he said, adding that such partnerships will help IT shops deal with the growing realities of online commerce. "Before, an enterprise would just focus on its own network. Now the IT staff must worry about the networks of other organizations it does business with over the Internet."
Finally, Cisco announced that new SSL VPN capabilities have been added to its Adaptive Security Appliances (ASA) and Internetwork Operating System (IOS) routers.
Both products deliver new advanced clientless and client-based SSL VPN functionality with robust endpoint and network security while lowering operational and equipment costs, according to Cisco.
Cisco ASA 5500 Series version 7.1 software allows the ASA 5500 Series to deliver up to 5,000 concurrent SSL VPN sessions per device so that organizations of all sizes can provide remote and mobile employees with "simple, highly secure access to the applications and network resources they need from just about any location," the company added. "Integrated VPN load-balancing and full-featured IPSec VPN functionality lets customers reduce the equipment required to scale and secure the VPN to tens of thousands of concurrent users."
After Chambers' RSA keynote last year, IT professionals expressed some skepticism over Cisco's Self-Defending Network strategy. Sure, they said, the concept is solid. But for the average IT shop, it's not necessarily affordable. Furthermore, they said, the average IT shop may have trouble achieving the interoperability Chambers has outlined.
But Wednesday, one IT security professional vigorously endorsed Chambers' vision.
"One thing I noticed in the [conference] exhibit hall was the sheer amount of appliances companies are offering," said Stephen Escher, network security manager for the Hilton Grand Vacations Company in Orlando, Fla. "I already have a Cisco infrastructure in place, so I'm happy because I already have a lot of the features these appliance vendors are selling."
He noted that his company uses Windows, MacIntosh and Unix-based machines and that the Cisco infrastructure has proven itself compatible with each.
"To me, the partnerships [Chambers] talked about translates into interoperability, and in my environment we have that," Escher said. "It's not a case where this only works with other Cisco products."