Guest

Cisco Security Agent

Cisco Security Agent Version 4.5

  • Viewing Options

  • PDF (83.2 KB)
  • Feedback
DATA SHEET

With the update of Cisco® Security Agent endpoint security software, Cisco Systems® offers its customers the most comprehensive network security threat protection portfolio for securing large corporate networks.

Cisco Security Agent security software provides threat protection for server and desktop computing systems, also known as endpoints. The Cisco Security Agent goes beyond conventional endpoint security solutions by identifying and preventing malicious behavior before it can occur, thereby removing potential known and unknown security risks that threaten enterprise networks and applications. Because the Cisco Security Agent analyzes behavior rather than relying on signature matching, its solution provides robust protection with reduced operational costs.

BENEFITS

The Cisco Security Agent provides numerous benefits, including:

• The ability to aggregate and extend multiple endpoint security functions-the Cisco Security Agent provides host intrusion prevention, distributed firewall, malicious mobile code protection, operating system integrity assurance, and audit log consolidation, all within a single agent

• Preventive protection against entire classes of attacks, including port scans, buffer overflows, Trojan horses, malformed packets, malicious HTML requests, and e-mail worms

• "Zero update" prevention for known and unknown attacks

• Industry-leading protection for servers and desktops, Unix and Windows

• Application-specific protection for Web servers and databases

• An open and extensible architecture with the ability to define and enforce security according to corporate policy

• An enterprise scalable architecture-the Cisco Security Agent is scalable to 100,000 agents per manager

• Integrated management with Cisco Secure IDS, Cisco VPN, and Cisco PIX® security devices

• Integration with Cisco VPN via the "Are You There" (AYT) feature

COMBATING NEW AND UNKNOWN ATTACKS

High-visibility attacks like Code Red and the SQL Slammer worm have shown that traditional technologies are limited in their ability to combat the effects of new and evolving attacks. Customers require host security that protects throughout all stages of an attack and that provides important protection against new and unknown threats.
Because assaults on network systems typically go through stages, Cisco recognizes that a layered approach is the only effective strategy against these attacks, which can occur beyond the perimeter, at the server, or at the file level. The Cisco Security Agent proactively defends against damage to a host throughout all stages of an attack, whereas other technologies provide early stage protection-and only when a signature is known. The Cisco Security Agent is specifically designed to protect against new attacks where there is no known signature.

Figure 1. Life Cycle of an Attack

THE CISCO SECURITY AGENT SOLUTION

The Cisco Security Agent consists of host-based agents, deployed on mission-critical desktops and servers, that report to the Management Center for Cisco Security Agents. The Management Center runs on CiscoWorks VPN and Security Management System (VMS). The agents use HTTP and 128-bit Secure Sockets Layer (SSL) for the management interface, and for communication between agents and the Management Center. Configuration is performed via CiscoWorks VMS, and alerts can be integrated with alerts from other Cisco security products via the Cisco Security Monitoring, Analysis, and Response System.

AGENT ARCHITECTURE

The Cisco Security Agent resides between the applications and the kernel, enabling maximum application visibility with minimal impact to the stability and performance of the underlying operating system. The software's unique architecture intercepts all operating system calls to file, network, and registry sources, as well as to dynamic run-time resources such as memory pages, shared library modules, and COM objects. The agent applies unique intelligence to correlate the behaviors of these system calls, based on rules that define inappropriate or unacceptable behavior for a specific application or for all applications. This correlation and subsequent understanding of an application's behavior is what allows the software-as directed by the security staff-to prevent new intrusions.
When an application attempts an operation, the Cisco Security Agent checks the operation against the application's security policy, making a real-time allow or deny decision on its continuation and determining if logging the request is appropriate. Security policies are collections of rules that IT and/or security administrators assign to protected servers and desktops individually or enterprisewide. These rules provide safe application access to required resources. By combining security policies implementing distributed firewall, operating system lockdown and integrity assurance, malicious mobile code protection, and audit event collection capabilities in default policies for servers and desktops, the Cisco Security Agent provides defense-in-depth protection for exposed corporate systems.
Because protection is based on blocking malicious behavior, the default policies stop both known and unknown attacks without needing updates. Correlation is performed both on the agent and the Management Center console. Agent-based correlation results in dramatically increased accuracy, identifying actual attacks or misuse without blocking legitimate activity; correlation on the Management Center identifies global attacks such as network worms or distributed scans.

CENTRALIZED MANAGEMENT

The Management Center for Cisco Security Agents provides all management functions for all agents in a centralized manner, from the CiscoWorks VMS platform. Its role-based, Web browser, "manage from anywhere" access makes it easy for administrators to create agent software distribution packages, create or modify security policies, monitor alerts, or generate reports. The Management Center ships with more than 20 fully configured default policies, making it easy for administrators to deploy thousands of agents across the enterprise. It also allows customers to deploy agents in "IDS mode", where activity is alerted but not blocked.
The Management Center offers simple but powerful customization capabilities such as a tuning wizard, allowing administrators to quickly fit default policies to their environments. Administrators can easily modify rules or create entirely new rules to meet custom needs and requirements. To aid audit compliance requirements, the Explain Rules feature allows the administrator to print out a human-language description of the function of specified rules or policies.
Agents are deployed to servers and desktops directly from the Management Center, and are controlled and updated from this manager. Each agent operates autonomously-if communication with the manager is not possible (for example, if a remote laptop user has not yet connected via the VPN), the agent continues to enforce the security policy. All security alerts are cached by the agent and uploaded to the manager when communication is restored.
Cisco also offers a suite of analysis reporting tools from the Management Center. The Deployment Analysis feature provides details on which applications are installed across all agents, as well as information about usage of those applications. The Behavior Analysis feature is a comprehensive data analysis tool for custom or unknown applications and environments. It provides detailed reports of application behavior, allowing customers to understand any application, even extremely complex ones that have been highly customized to an individual customer's environment.

TECHNICAL SPECIFICATIONS

The Cisco Security Server Agent supports:

• Windows 2003

• Windows 2000 Server and Advanced Server

• Windows NT v4.0 Server and Enterprise Server (SP 6a)

• Solaris 8 SPARC architecture (64-bit kernel)

• Red Hat Enterprise 3.0 ES and AS

The Cisco Security Desktop Agent supports:

• Windows NT 4 Workstation (SP 6a)

• Windows 2000 Professional

• Windows XP Professional

• Red Hat Enterprise 3.0 WS

The Management Center for Cisco Security Agents on CiscoWorks VMS is available for:

• Windows 2000 Server and Advanced Server (SP 4), English (United States) only

Language availability (agent):

• English (United States) and international (except Arabic and Hebrew) for Windows operating systems

• English (United States), French, German, and Japanese (Kanji) user interface options for Windows operating systems

• English (United States) only for Linux and Solaris operating systems

INSTALLATION REQUIREMENTS

Note: English (United States) and international language versions (except Arabic and Hebrew) of Windows operating systems are supported.

Cisco Security Server Agent on Windows:

• Windows NT v4.0 Server or Enterprise Server (SP 6a)

• Windows 2000 Server or Advanced Server

• Windows 2003

• Single or multiple Pentium processors, 200 MHz or faster

• 128 MB RAM minimum

• 15 MB disk minimum

• Ethernet or dial-up network

• Citrix Metaframe is supported; Windows Terminal Services (WTS) is supported on Windows 2000

Cisco Security Server Agent on Solaris:

• Solaris 8 SPARC architecture (64-bit kernel), 12/02 edition or later

• Uni-processor, dual-processor, or quad-processor Ultra SPARC, 400 MHz or faster

• 256 MB RAM minimum

• 15 MB disk minimum

Cisco Security Server Agent on Linux:

• Red Hat Enterprise Linux 3.0 ES or AS

• Uni-processor, dual-processor, or quad-processor x86, 500 MHz or faster

• 256 MB RAM minimum

• 15 MB disk minimum

Cisco Security Desktop Agent on Windows:

• Windows NT v4.0 Workstation (SP 6a)

• Windows 2000 Professional

• Windows XP Professional

• Windows XP Home Edition

• Single or multiple Pentium processors, 200 MHz or faster

• 128 MB RAM minimum

• 15 MB disk minimum

• Ethernet or dial-up network

• Citrix XP is supported; WTS is supported on Windows XP

Cisco Security Desktop Agent on Linux:

• Red Hat Enterprise Linux 3.0 WS

• Uni-processor, dual-processor, or quad-processor x86, 500 MHz or faster

• 256 MB RAM minimum

• 15 MB disk minimum

The Management Center for Cisco Security Agents on CiscoWorks VMS:

• Windows 2000 Server or Advanced Server

• 1 GHz Pentium processor or faster

• 1 GB RAM minimum

• 9 GB disk minimum

ORDERING INFORMATION

The Cisco Security Agent solution consists of two main components: the Cisco Security Agents and the Management Center. A management center is required to run agents, and agents cannot be licensed to an unlicensed console. The Management Center for Cisco Security Agents is provided at no charge with the separately licensed CiscoWorks VMS restricted or unrestricted product, or in the Cisco Security Agent starter bundle.

Table 1. Cisco Security Agent Part Numbers

Part Numbers

Product Description

CSA-SRVR-K9
Cisco Security Server Agent (Windows, Linux, and Solaris), one agent
CSA-B10-SRVR-K9
Cisco Security Server Agent (Windows, Linux, and Solaris), 10-agent bundle
CSA-B25-SRVR-K9
Cisco Security Server Agent (Windows, Linux, and Solaris), 25-agent bundle
CSA-B50-SRVR-K9
Cisco Security Server Agent (Windows, Linux, and Solaris), 50-agent bundle
CSA-B100-SRVR-K9
Cisco Security Server Agent (Windows, Linux, and Solaris), 100-agent bundle
CSA-B500-SRVR-K9
Cisco Security Server Agent (Windows, Linux, and Solaris), 500-agent bundle
CSA-B25-DTOP-K9
Cisco Security Desktop Agent (Windows and Linux), 25-agent bundle
CSA-B100-DTOP-K9
Cisco Security Desktop Agent (Windows and Linux), 100-agent bundle
CSA-B250-DTOP-K9
Cisco Security Desktop Agent (Windows and Linux), 250-agent bundle
CSA-B500-DTOP-K9
Cisco Security Desktop Agent (Windows and Linux), 500-agent bundle
CSA-B1000-DTOP-K9
Cisco Security Desktop Agent (Windows and Linux), 1000-agent bundle
CSA-B5000-DTOP-K9
Cisco Security Desktop Agent (Windows and Linux), 5000-agent bundle
CSA-B10000-DTOP-K9
Cisco Security Desktop Agent (Windows and Linux), 10,000-agent bundle
CSA-STARTER-K9
Cisco Security Agent starter bundle (Includes 1 server agent and 10 desktop agents)

Table 2. Cisco Security Agent Maintenance Part Numbers

Maintenance Part Number

Maintenance Product Description

CON-SAU-CSA-STRT
Software Application Support plus Upgrades (SASU) for the Cisco Security Agent starter bundle
CON-SAU-CSA-SRVR
SAU for 1 server agent (Windows, Linux, and Solaris)
CON-SAU-CSA-B10S
SAU for 10-server agent bundle (Windows, Linux, and Solaris)
CON-SAU-CSA-B25S
SAU for 25-server agent bundle (Windows, Linux, and Solaris)
CON-SAU-CSA-B50S
SAU for 50-server agent bundle (Windows, Linux, and Solaris)
CON-SAU-CSA-B100S
SAU for 100-server agent bundle (Windows, Linux, and Solaris)
CON-SAU-CSA-B500S
SAU for 500-server agent bundle (Windows, Linux, and Solaris)
CON-SAU-CSA-B25D
SAU for 25-desktop agent bundle (Windows and Linux)
CON-SAU-CSA-B100D
SAU for 100-desktop agent bundle (Windows and Linux)
CON-SAU-CSA-B250D
SAU for 250-desktop agent bundle (Windows and Linux)
CON-SAU-CSA-B500D
SAU for 500-desktop agent bundle (Windows and Linux)
CON-SAU-CSA-1000D
SAU for 1000-desktop agent bundle (Windows and Linux)
CON-SAU-CSA-5000D
SAU for 5000-desktop agent bundle (Windows and Linux)
CON-SAU-CSA-10KD
SAU for 10,000-desktop agent bundle (Windows and Linux)

Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 	205298.F_ETMG_KL_6.05Printed in the USA Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2005 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R) 	205298.F_ETMG_KL_6.05Printed in the USA