With its Self-Defending Network strategy, focus on adaptive threat defense and Network Admission Control initiative, Cisco has become the largest network security provider and trusted network player in the industry. What Cisco is doing is putting automated protections into the network to defend against the harmful effects of viruses, worms and exploits. Bill Gates and Steve Ballmer should personally thank John Chambers for the investment he is making in network security to fix what is mostly a Microsoft-inflicted industry problem.
Today, when an attack occurs, IT staff have to drop everything until they contain the exploit, and patch and cleanse end systems and servers within the network. Firewalls, intrusion-detection and intrusion-prevention systems, and anti-virus software alone cannot protect a corporate network from the onslaught of exploits. An all-encompassing approach to network security is needed.
Enter Cisco. A key part of Cisco's network security strategy involves deploying client software on desktops. The innovative behavioral protection technology within Cisco Security Agent (CSA) and Cisco Trust Agent (CTA) stops exploits at end systems before they start propagating throughout the network. In conjunction with CSA and CTA, Cisco's NAC initiative challenges an endpoint's conformance, defined by policy management, before allowing admission to the network.
But no system will be 100 percent protected, and client software plus admission control is not enough for proactive security management. That's why adaptive threat defense technology is evolving toward behavior anomaly detection and defenses.
A network becomes more responsive to a broad set of possible attacks and threats when security functions work together as a system. This lets the network shut down or compartmentalize segments, virtual LANs, endpoints, ports, flows and so on. The key ingredient is a shift from relying on signature-based defenses toward behavioral defenses. Essentially, you look for bad behavior. That's just what Cisco's CSA does, in addition to providing a distributed personal firewall and application lockdown capability.
Threat defense initiatives that use signature defenses with behavioral-anomaly detection embedded in client software and threat defense appliances are coming on the market. But it will take some time for IT managers to become comfortable with behavior-based threat defense. It's the automated mitigation function that leaves network executives a bit uneasy now. They have to gain confidence with highly automated defenses before they turn on the autopilot. This trust will be gained over time.
Today's adaptive threat defense appliances, when combined with behavioral defenses, will go a long way toward letting network security administration shift from a reactive to a proactive posture, giving staff proper time to schedule patches, contain outbreaks and get out of the security-crisis mode of operation.
Lippis consults to CIOs of Global 2000 companies and their direct reports on network architecture development and funding. He publishes the "Lippis Report" (www.lippis.com) and can be reached at firstname.lastname@example.org