A. This technology is a distributed security software solution that helps prevent malicious behavior on servers and desktops ("endpoints"). The technology is composed of the following elements:
• Cisco Security Agents-Core software that resides on endpoints and autonomously enforces local policies that help prevent attacks.
• CiscoWorks Management Center for Cisco Security Agents -Core management software that provides a central means of defining and distributing policies, providing software updates, and maintaining communications to the agents.
Q. How does CiscoWorks Management Center for Cisco Security Agents work?
A. The CiscoWorks Management Center for Cisco Security Agents defines the application behaviors that are acceptable for an endpoint. When a rule for proper application behavior is violated, the management center responds with predetermined action that keeps the system operational.
• The agent's engine provides the dynamic interception of system calls to files, the network, COM objects, and the registry. In real time, the calls are passed through the CiscoWorks Management Center for Cisco Security Agents rules engine, which correlates the application state against the application-specific policies. It then either returns an "allow" or "deny" response to the kernel.
• The CiscoWorks Management Center for Cisco Security Agents enables an administrator to centrally define, distribute, and monitor policies for agents. The software ships with default policies for popular Microsoft applications, such as IIS, SQL Server, and Office, as well as default desktop, server, and network policies. These default policies can be supplemented by new, user-defined policies.
• The management center also provides real-time correlation at both the agent and the global levels. This provides greater accuracy for decision-making at the agent level and enables security to be dynamically adapted across the enterprise in reaction to events that occur on distributed hosts.
Q. Are the agents and the CiscoWorks Management Center for Cisco Security Agents purchased separately?
A. Yes, the management center is purchased separately from the agents, and it is required to run the agents. The CiscoWorks Management Center for Cisco Security Agents is a featured component of the CiscoWorks VPN/Security Management Solution v 2.2 (VMS).
A. For more information about CiscoWorks VMS, go to:
http://www.cisco.com/go/vms
Q. Can this management center run on a UNIX platform?
A. No, only the Windows 2000 platform supports the CiscoWorks Management Center for Cisco Security Agents, but the server agent supports both the Windows 2000 and Solaris platforms.
Q. Can the CiscoWorks Management Center for Security Agents forward events to the CiscoWorks Monitoring Center for Security?
A. Yes, CiscoWorks Management Center for Cisco Security Agents can forward events from agents to the CiscoWorks Monitoring Center for Security to provide the user with a unified view of events from network intrusion detection systems (IDSs), host IDSs, firewalls, and routers. CiscoWorks Management Center for Cisco Security Agents must be installed as well as the CiscoWorks Monitoring Center for Security. Both components are part of CiscoWorks VMS 2.2.
Q. What is a Cisco Security Agent policy?
A. Cisco Security Agent policy is a collection of rules assigned to each server and desktop (or groups of servers and desktops). These application-centric access control rules provide safe access to required resources and help prevent malicious behavior. Cisco provides default policies that enterprises can implement or use as models for customized policy development. The agents poll the management console for policy updates.
For more information on the Cisco Security Agents, refer to the datasheet at: http://www.cisco.com/en/US/products/sw/secursw/ps5057/products_data_sheet09186a0080144669.html
