News Stay informed about the latest enterprise technology news and product updates.

Cisco incorporates security component into switch

Cisco incorporates security component into switch.

Cisco System's new security modules for its Catalyst 6500 switch are pushing security further into the network, boosting throughput and further blurring the lines between network and security operations.

Read a related story:
Line between networking, security ops becoming blurred

The San Jose, Calif.-based company has released four modules: a firewall module, an Internet Protocol Security (IPSec) module, a virtual private network (VPN) module and a secure socket layer (SSL) module.

"Recently, network operations groups have picked up on the need for integrating more security into the network. This is one of the strong driving forces behind the product," said Ben Goldman, Cisco's director of product marketing for Internet systems.

Zeus Kerravala, vice president of enterprise infrastructure with the Boston-based research firm Yankee Group, said Cisco is responding to a larger trend in the industry. According to a recent Yankee group survey, 60% of the organizations polled prefer to have higher-layer services embedded in switches to having these services stand alone.

In addition, the modules allow much higher throughput than other VPNs and firewalls on the market, Kerravala said.

Hesham Eassa, a manager of network design engineering for WebEx Communications Inc., a San Jose, Calif.-based Web conference provider, said the throughput is what drew his company to the product.

"We're able to move a lot more data and [have] more concurrent sessions than with any other product I can find on the market," Eassa said.

WebEx's customers, he said, are very concerned about security. Often the Web-based meetings that the company hosts are highly sensitive, and the customers are concerned about any possible security breach. The security modules provide the company with an added layer of security. With the firewall right at the server, everyone is on the other side of the firewall.

While the module does tighten security, Kerravala said it also creates a new vulnerability: it puts everything in one place.

"You have to be careful about the way you architect it," he said. With the security modules integrated into the switch, there is now a single point of failure. If the switch goes, so do the security modules.

Dave Passmore, research director at the Midvale, Utah-based research firm Burton Group, said Cisco has yet to take full advantage of the integrated switch. Each module still requires separate management software.

"Cisco has put everything in a common box but has yet to integrate the management," Passmore said.

Nonetheless, Eassa said the boost in throughput he expects to see from the modules is enough to be excited about for now.


The Best Web Links on networking security

Ask network security expert Puneet Mehta a question

Dig Deeper on Network Security Monitoring and Analysis

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.