Cisco Systems is broadening its network security coverage by expanding the intrusion detection and prevention technology it gained through an acquisition, plus offering a new cloud-based managed Wi-Fi network access control service.
The goal of the new services, announced Monday at the annual Cisco Live conference, this year in San Diego, is to embed security from endpoints to the cloud, the company said.
The idea is to deliver “network as a sensor, network as an enforcer,” CP Morey, director of product and solution marketing for Cisco’s security business group, said in an interview.
From the endpoint perspective, the advanced malware protection (AMP) technology Cisco gained from its 2013 acquisition of SourceFire has been integrated into Cisco’s AnyConnect 4.1 VPN client.
This means AnyConnect has expanded continuous threat protection, Morey, said. “Its about giving customers the ability to quickly deploy AMP technology onto these 130 million (AnyConnect) endpoints either proactively or after a breach.”
AMP is already integrated into Cisco’s cloud security service, as well as many gateways, network devices and email and Web security appliances and mobile systems.
At the campus and branch level, the PowerFire threat defence technology also gained from SourceFire is now integrated into Cisco’s ISR routers.
As a result ISR customers can add optional next-generation firewall, URL filtering, application control, IPS and malware protection through licences. for ISR. “It’s great for edge or branch deployments,” Morey said.
Third, Cisco [Nasdaq: CSCO] has added broader integration of its Identity Services Engine (ISE) and Netflow data with Lancope Inc.’s StealthWatch network behaviour anomoly detection platform to expand the platform’s alerting and alarming capabilities.
Netflow and ISE tell security pros who and what device is on the network. StealthWatch gives network visibility. By giving it access to Netflow and ISE data, network administrators will have faster notification about perceived threats, Brian Korn, Cisco’s senior manager of product and solution marketing.
It can take up to 80 days to discover an attack, he said. “We want to take that time window and dramatically shrink it.”
StealthWatch is sold separately through Cisco partners.
Finally, Cisco announced Hosted Identity Services for CSOs who want to outsource more of their functions. Harlan Parrott, director of customer solutions for Cisco Security Solutions, said in an interview that initially it will be pitched at large enterprises.
Using the company’s Identity Services Engine (ISE), the base service is for locking down Wi-Fi access to network-connected assets through policies. Customers can add other ISE-related capabilities — ISE connects to a number of network monitoring platforms including Splunk, NetIQ, Ping Identity and others — for an extra fee.
Cisco didn’t release pricing, saying it depends on the capabilities customers want.
Eventually, Harlan said, Hosted Identity Services will be available to service providers for re-sale.