® Security Agent security software provides threat protection for server and desktop computing systems, also known as endpoints. Cisco Security Agent goes beyond conventional endpoint security solutions by identifying and preventing malicious behavior before it can occur, thereby removing potential known and unknown security risks that threaten enterprise networks and applications. Cisco Security Agent mitigates new and evolving threats without requiring reconfigurations or updates on endpoints, providing robust protection with reduced operational costs.
Table 1 lists features of Cisco Security Agent Version 5.0.
Table 1. Cisco Security Agent Version 5.0 Features
Trusted Quality of Service (QoS)
Cisco Security Agent provides the capability at the endpoint to apply QoS markings to application network traffic as specified by Cisco Security Agent policy rules. These markings can be used by Cisco IOS devices upstream in the enterprise network to classify the packets and apply QoS service policies such as policing and queuing. Cisco NAC Framework and Cisco Clean Access, NAC Appliance deployments are used to ensure the validity of the QoS markings from hosts that are running Cisco Security Agent. Trusted QoS can improve the delivery of mission-critical traffic when the network is under heavy load.
Network Admission Control (NAC) integration
In a NAC Framework deployment, the integration of Cisco Security Agent with NAC performs a bidirectional information exchange to affect the posture of the endpoint. Cisco Security Agent can perform dynamic policy updates on the endpoint to change the NAC posture. Hosts that are running Cisco Security Agent can be identified and trusted to have full network access. Nonconforming hosts can be quarantined until remediation is performed and they are brought into compliance. This enhances the self-defending nature of the enterprise network by providing mitigation against denial of service (DoS) and malware attacks.
New features of Cisco Security Agent Version 5.0 include:
• Cisco Trust Agent support - Cisco Trust Agent software is packaged with Cisco Security Agent for optional deployment for operational efficiencies.
• New operating system support for Solaris 9, Windows XP Tablet PC Edition, and VMware.
• Learn Mode - Eliminates the pop-up queries users may experience when the agent is first installed on a system. Users only see queries for unusual or suspicious activity.
• Trusted Boot - Detects on compliant systems/BIOS when a system boot occurred in a nonstandard manner, such as boot from a peripheral device (CD ROM) rather than the system's hard drive (this may be suspicious as it is one way of introducing a Trojan to a system).
• Query logging - Provides customization of which user responses to agent queries (Allow, Deny, Terminate) produce a log message, eliminating unnecessary communications.
• Event filtering - Allows consolidation and aggregation of similar events in the event log for ease of use.
• Event suppression - When enabled, all chosen events are no longer displayed in the event log, allowing elimination of non-useful events.
• Host managing tasks - Host configuration options allow for the automation of tasks such as rule generation to support a workflow process while reducing administrative burden. Hosts can be automatically added or removed from selected groups at preconfigured times, such as during a pilot or product testing period.
• Reset Agents option - Agent settings can be reset centrally back to their original states and all user-configured settings can be removed. This option allows the reset of specific settings or all settings.
All Cisco Security Agent customers who have purchased Cisco Software Application Support (SAS) or SAS Plus Upgrades (SASU) are entitled to upgrade from Cisco Security Agent Version 4.5 to Cisco Security Agent Version 5.0.
Cisco Security Agent 5.0 will be available on January 17, 2006.
Table 2 lists ordering information for Cisco Security Agent Version 5.0.
Table 2. Ordering Information for Cisco Security Agent Version 5.0.
Cisco Security Agent Starter Bundle (includes Management Center for Cisco Security Agents, 1 server agent, and 10 desktop agents)
Cisco Security Server Agent (Windows, Linux, and Solaris), 1 agent
Cisco Security Server Agent (Windows, Linux, Solaris), 10-agent bundle
Cisco Security Server Agent (Windows, Linux, and Solaris), 25-agent bundle
Cisco Security Server Agent (Windows, Linux, and Solaris), 50-agent bundle
Cisco Security Server Agent (Windows, Linux, and Solaris), 100-agent bundle
Cisco Security Server Agent (Windows, Linux, and Solaris), 500-agent bundle
Cisco Security Desktop Agent (Windows and Linux), 25-agent bundle
Cisco Security Desktop Agent (Windows and Linux), 100-agent bundle
Cisco Security Desktop Agent (Windows and Linux), 250-agent bundle
Cisco Security Desktop Agent (Windows and Linux), 500-agent bundle
Cisco Security Desktop Agent (Windows and Linux), 1000-agent bundle
Cisco Security Desktop Agent (Windows and Linux), 5000-agent bundle