Cisco On Guard

By eweek  |  Posted 2001-09-03

Cisco Systems plans to put its muscle behind the latest tool for thwarting worms and other scary creatures attempting to penetrate e-business infrastructures.

The networking giant is expected to unveil its CiscoWorks IDS Host Sensor, which uses intrusion detection and prevention technology from Entercept Security Technologies, according to Entercept officials.

Entercepts technology is a step ahead of most intrusion detection systems available today. Instead of scanning for known network traffic signatures to discern if an attack is occurring and then notifying the administrator, host-based intrusion protection seeks to prevent attacks by scanning the server for behavioral changes that could indicate an attack and stopping it before it takes shape.

Okena offers a similar product.

Before now, Cisco was simply reselling Entercepts tool. Now the company has integrated Entercepts technology with its own, according to Entercept.

"Cisco has created a lot of noise and is gaining the attention of the security guys, and those guys want them to approach securing the host," said Lou Ryan, president and CEO of Entercept.

A Cisco representative said the company plans a significant intrusion detection announcement within the next couple of weeks, but would not confirm the specifics.

CiscoWorks IDS Host Sensor will round out a suite of security products that, while not yet complete, positions Cisco as major security force. Cisco is also one of the top companies in virtual private networks (VPNs) and firewalls. The Cisco Secure Pix Firewall reels in $90 million to $100 million in revenue each quarter, and trails only Check Point Software Technologies firewall in market share.

According to a report from Bear, Stearns & Co., intrusion detection was never a main focus for Cisco, but it still holds a 29 percent market share, trailing Internet Security Systems.

Cisco is becoming a major security player in other areas. "They maybe wanted to avoid security until VPNs came around," said Jeff Wilson, an Infonetics Research analyst. Cisco needed to offer VPNs, encrypted tunnels between offices, to go along with its network gear.

"If youre selling VPNs, youve got to sell firewalls," and things snowballed, Wilson said, and today Cisco has a comprehensive security offering. But its not complete, and both Wilson and the Bear Stearns report expressed doubt that Cisco could gain a reputation as a one-stop security shop, like ISS, Network Associates Inc. or Symantec.

"Certainly, when you talk about security, there are certain things Cisco is missing," Wilson said. Missing pieces include virus scanning, authentication, security infrastructure testing and protection against denial-of-service attacks.

Rocket Fuel