Cisco Bolsters Firewalls, IDS

The firm picked up the proactive intrusion protection drumbeat, upping the accuracy of its Cisco Intrusion Detection System software.

Cisco Systems Inc. today rolled out a wide range of new and enhanced intrusion detection and firewall offerings.

Although Cisco generates security-related revenues of about $1 billion a year, it has had an uphill battle in asserting its place among more favored best-of-breed security tools providers, said Jeff Wilson, executive director at Infonetics Research Group Inc. in San Jose, Calif.

Cisco picked up the proactive intrusion protection drumbeat in the industry with enhancements to the Cisco Intrusion Detection System software that increase the accuracy of the software in finding relevant attacks instead of false alarms.

Cisco enhanced its IDS Version 4.0 release with some 30 new features that extend the level of protocol analysis provided in the software. The IDS software can now perform stateful pattern recognition along with protocol and traffic anomaly detection.

Cisco also introduced under its own marketing umbrella Cisco Threat Response technology, based on Ciscos acquisition of Psionic late last year.

The CTR automates the manual process of intrusion investigation and can reduce the rate of false alarms by up to 95 percent, according to Cisco officials.

Cisco also extended the range of intrusion sensors that it offers to reach the high end of performance.

The new Cisco IDS 4250-XL Sensor is capable of handling 1 Gigabit per second throughput.

"True gigabit performance lets us address the very high end of enterprise environments doing more core level security or service providers offering a provisioned service with this high end box," said Joel McFarland, manager of security appliances at Cisco in San Jose, Calif.

The new second generation Cisco Catalyst 6500 Series Intrusion Detection System (IDSM-2) Services Module operates at 600 Megabits per second—five times faster than the original Catalyst switch module, according to McFarland.

Cisco is also departing from its focus on network-based security in announcing its intent to acquire Okena Inc., a Waltham, Mass. provider of desktop and server-based security software.

Until the acquisition is completed, Cisco has an OEM deal with Okena to market its software as the Cisco Security Agent. "It goes beyond a network centric mindset to secure the end points of the network," said McFarland.

"They see the growth areas and they want to be in the middle of those. It us the only reason theyd acquire a host-based intrusion detection company. Its not a Cisco style business, but was important for their overall security offering to have that piece," said Wilson.

Cisco also extended the Cisco PIX Firewall family with a new release of its PIX firewall software, PIX Device Manager and new hardware-based VPN acceleration.

Cisco PIX Firewall Software Version 6.3 adds support for industry standard Open Shortest Path First routing protocols, support for eight Voice over IP protocols as well as virtual LANs.

The new VPN Acceleration Card+ (VAC+) boosts VPN performance by up to 400 percent and adds support for the Adavnced Encryption Standard (AES).

The PIX Device Manager Version 3.0 (PDM) simplifies remote management of PIX firewalls over VPN links and collects data on triggered security policies.

All of the new offerings excluding the new IDS sensors are available now. The IDS sensors are due next month.