SAN FRANCISCO – Cisco Systems Inc., Monday used the public debut of its new top security executive to announce application screening capabilities for its popular line of enterprise firewalls and a refresh to its midrange firewall lineup, which kicks off an effort to assuage concern about inertia surrounding its
At a press and analyst briefing on the eve of RSA Conference 2012, Cisco Senior Vice President Chris Young, the new general manager of Cisco’s security technology business, announced Cisco ASA CX, an extension to its Adaptive Security Appliance that offers control over 1,000 different applications, including Facebook, Google+, LinkedIn, Twitter and iTunes.
The application-aware firewall product breaks those applications down into more than 75,000 micro-applications, or application components. In a product demo, Cisco Director of Product Management Rajneesh Chopra showed how ASA CX can not only report on how much network bandwidth is consumed by specific applications and application features, but also how it can prevent or limit use of applications or components within applications or websites.
[Cisco's] like an aircraft carrier; they have a lot of firepower, but they don't turn on a dime. It looks like they're going to figure out that the ship needs to turn.
John Kindervag, Forrester Research
"Visibility on breadth of applications is one thing, but going into the second level of detail to see what's actually happening is another," Chopra said. "The focus here is on applications and application behavior so customers can tell what is actually happening on their networks."
Seeking to address the growing enterprise security concern of unmanaged consumer devices on the network, Cisco also announced updates to a pair of related technologies. TrustSec 2.1 broadens support for a technology that Cisco has been building into its core routing and switching fabric for nearly five years. The technology enables enterprises to enforce network policy on a myriad of devices, including enterprise endpoints and consumer devices like smartphones and tablets, across both wired and wireless networks. The Identity Services Engine 1.1 is the technology that underpins TrustSec by detecting and classifying all devices connected to the network based on their characteristics, as well as by the information provided by the devices themselves.
Customers address additional security needs from Cisco
During the press and analyst event, Cisco staged a panel discussion with several of its customers. Nick Young, network support manager of UK-based Four Seasons Healthcare, said he needs Cisco to help him add automation to his network to stop activities that don't comply with policy.
"I used to run whitelists for everything, but now I can't do that" because they don't scale, Young said, adding that the emphasis on banning certain websites has fallen by the wayside in favor of stopping bad actions. "Now I say, 'If you want to go to some website, that's great,' but if there's something bad there, we just want to stop that bad bit."
More on the Cisco security strategy
CEO John Chambers admits Cisco security unit lost its way
Cisco is focusing on contextual security
Why have Cisco security customers been uneasy?
Additionally, Cisco announced a new slate of ASA 5500-x Series midrange multifunction firewall appliances. The five models include both half and full rack versions, ranging from 1-4 Gbps of firewall throughput. Chopra said the intent is to provide "services-first platforms" that have the ability to run numerous additional security services without grievously affecting the performance of the appliance.
Young said all of these moves together are meant to advance Cisco's SecureX security product strategy, including its master plan to build capabilities into the fabric of the network to make access and policy decisions faster and more efficiently, which will create an "intelligent" network.
"We're really filling out that promise we made a year ago around SecureX," Young said, "making the context control strategy real for our customers, and the proof points are there."
Cisco debuted the SecureX concept in a pre-RSA briefing a year ago. It has gained little traction, however, as the two key executives driving the strategy, Tom Gillis and Ambika Gadre, were among the nearly half-dozen key leaders of Cisco's security technology business unit to leave the company last year. In November Cisco hired Young, a former VMware executive, to take over its security business.
John Kindervag, a principal analyst with Cambridge, Mass.-based Forrester Research who attended the briefing, said Cisco is exploring a number of interesting technologies, increasing its emphasis on the security business and rebuilding it under Chris Young's leadership.
"I think changing out the executives gives them an opportunity to reboot and fix the things that haven't been working," Kindervag said. "They're like an aircraft carrier; they have a lot of firepower, but they don't turn on a dime. It looks like they're going to figure out that the ship needs to turn and hopefully it'll be on the right direction."
View all of SearchSecurity's RSA 2012 Conference coverage.