Anyone paying attention to Cisco Systems Inc. during the past year knows that the San Jose, Calif.-based vendor
vehemently believes the future of enterprise network security depends on numerous layers of protection.
Tuesday the networking giant added a pair of new layers to its paradigm, the Cisco Incident Control System (ICS) and the Cisco Distributed Threat Mitigation for Intrusion Prevention Systems (IPS).
The first element, the ICS, is intended to boost security on a corporate network before an emerging Internet threat reaches the perimeter. Based on a Cisco 5500 Series adaptive security appliance (APA), the ICS relies on regular updates from Trend Micro Inc.'s TrendLabs to keep tabs on worm and virus activity worldwide.
Joel McFarland, manager of security product marketing for Cisco, said ICS allows a network security manager to put policies in place prior to an outbreak so that, when threat global threat activity reaches a predetermined level, ICS changes the settings on Cisco routers and switches into a more defensive posture.
The second piece, Distributed Threat Mitigation (DTM), is actually an enhancement to Cisco's Security Monitoring, Analysis and Response System (CS-MARS), which manages internal network security policies.
Its objective is to mitigate threats that have made their way into the network.When DTM for IPS isolates the existence of an internal attack or infection, it uses Cisco IPS appliance sensors to change the posture of the network so that the threat doesn't spread inadvertently.
For example, should a notebook carrying the Zotob worm gain access to the network, DTM for IPS adjusts routers on the network edge to ensure other PCs stay safe.
Complementing the two products is a new version of Cisco Internetwork Operating System. IOS 12.4(4)T debuts a capability Cisco calls flexible packet matching, which enables deep packet inspections using pre-defined, customizable XML templates.
Joel Conover, principal analyst with Sterling, Va.-based research firm Current Analysis, said while the ICS is particularly interesting, what's most compelling is that Cisco is making an effort to tie together the numerous components in its stable of network security products.
"Cisco's got a lot of room to make further improvements because there are a lot of pieces," Conover said. "But ICS addresses a top-of-mind IT issue, which is patching your system in time to stop an outbreak from slamming you."
Though DTM for IPS may seem redundant when compared side-by-side with Cisco's Network Access Control products, Conover said the vendor is targeting organizations with all-Cisco networks that either want as many network security safeguards as possible, as well as those that haven't yet invested in NAC.
"Even if you have NAC, you're going to have policies in your NAC infrastructure that allow certain types of client devices into the network, and those devices can always have worms or viruses," Conover said.