Cisco System's new security modules for its Catalyst 6500 switch are pushing security further into the network, boosting throughput and further blurring the lines between network and security operations.
The San Jose, Calif.-based company has released four modules: a firewall module, an Internet Protocol Security (IPSec) module, a virtual private network (VPN) module and a secure socket layer (SSL) module.
"Recently, network operations groups have picked up on the need for integrating more security into the network. This is one of the strong driving forces behind the product," said Ben Goldman, Cisco's director of product marketing for Internet systems.
Zeus Kerravala, vice president of enterprise infrastructure with the Boston-based research firm Yankee Group, said Cisco is responding to a larger trend in the industry. According to a recent Yankee group survey, 60% of the organizations polled prefer to have higher-layer services embedded in switches to having these services stand alone.
In addition, the modules allow much higher throughput than other VPNs and firewalls on the market, Kerravala said.
Hesham Eassa, a manager of network design engineering for WebEx Communications Inc., a San Jose, Calif.-based Web conference provider, said the throughput is what drew his company to the product.
"We're able to move a lot more data and [have] more concurrent sessions than with any other product I can find on the market," Eassa said.
WebEx's customers, he said, are very concerned about security. Often the Web-based meetings that the company hosts are highly sensitive, and the customers are concerned about any possible security breach. The security modules provide the company with an added layer of security. With the firewall right at the server, everyone is on the other side of the firewall.
While the module does tighten security, Kerravala said it also creates a new vulnerability: it puts everything in one place.
"You have to be careful about the way you architect it," he said. With the security modules integrated into the switch, there is now a single point of failure. If the switch goes, so do the security modules.
Dave Passmore, research director at the Midvale, Utah-based research firm Burton Group, said Cisco has yet to take full advantage of the integrated switch. Each module still requires separate management software.
"Cisco has put everything in a common box but has yet to integrate the management," Passmore said.
Nonetheless, Eassa said the boost in throughput he expects to see from the modules is enough to be excited about for now.
FOR MORE INFORMATION: