Cisco Systems announced Feb. 13 additions to its security portfolio and a new direction in security to further the integration of security as a standard piece of the network.
The network vendor unveiled a Security Management Suite of the new Cisco Security Manager 3.0, a security police manager and a reconfigured Security MARS (Monitoring, Analysis and Response System) 4.2. Cisco has also released an enhanced ASA 5500 security appliance with new SSL VPN and security prevention capabilities.
In addition, Cisco security officials revealed a new partner strategy that requires all its VARs to possess basic security competency and a new reliance on security specialists, to push security deeper into the network.
“Anyone selling network infrastructure must also be able to secure the infrastructure,” said Alex Thurber, security director for channel and data center applications. “You must be able to sell VPNs, firewalls and embedded technologies.
“Today it’s not enough to just install the infrastructure for businesses that are more and more dependent on their networks,” he said. “There must be a base security. Being able to provide protection and network needs depends on having an integrated story.”
Cisco is requiring its account executives and 27,000 network partners to become knowledgeable and prepared to sell what the company calls “foundation technologies”—firewalls, anti-virus and VPNs. Advanced security technologies such as intrusion prevention and distributed denial-of-service protocols will be the purview of 1,350 network security specialists with skills in both fields, Cisco said.
Gale Yocom, president of Covetrix, a security VAR and Cisco security specialist, has been installing networks since 1999 and piecing together security for those networks almost as long. The integrated approach has been a long time in the making for him and others like him.
“When we first started, vendors were just putting out network products without any regard for security,” Yocom said. “We started doing the clean-up work, putting together security from point solutions, and we’ve been doing that since. But there was no proactive approach.
“There are so many point products out there, and management complexity is so high,” he said. “There are different vendors for firewalls, switches, routers. The whole idea of Cisco saying a single vendor will provide layer one, layer two and integration into core devices and integrated service routers brings down the complexity.”
VAR Opportunity
The new direction is an opportunity for VARs to add more value-add to their practice, Thurber said.
“Being able to position another piece of the pie allows you to differentiate yourself as a partner and to look for profitability,” he said. “Trying to point out more pieces to the solution. The more of a trusted adviser you can be, the more differentiated you can be.”
Partners are encouraged to use services such as Security Policy Design and Managed Security Services, he said.
The product announcements are part of Cisco’s growing trend to integrate security into the core of the network and manage the unit as one, Thurber and others said. Vendors including security provider SonicWall have followed similar paths.
The Management Suite provides a single point of interaction with the network.
“As security gets embedded in the network through the deployment of security blades and point products, customers need end-to-end management. That’s a level of abstraction that we haven’t previously had to deal with,” said Amrit Patel, director of product marketing for security management in Cisco’s Security Technology Group.
MARS 4.2 allows Cisco customers to view their network according to device and network map and by policy. Administrators can set security policy by device type or group, and do bulk policy deployments from central-to-branch operations, Patel said.
Enhancements to ASA 5500 include new Cisco’s Content Security and Control Software that includes e-mail and Web anti-virus, anti-spyware, content filtering, access control and other security capabilities, while allowing up to 5,000 VPN sessions per device.
All products will be rolled out through March, Thurber said.