Many tools now available but organizations struggling to coordinate plethora of networking defenses

February 13, 2006

by Charles Waltner, News@Cisco

Network security has become an embarrassment of riches for technology vendors and the organizations that use their products. The good news is that networking technology companies, including Cisco Systems, have created a wide-array of products that move network security far beyond the simplistic firewall fortress approach of a few years ago and now provide the multi-faceted defenses required for today's networks.

The bad news, however, is that organizations are struggling to manage all these devices as vendors work on more effective ways to lower security management costs while unifying and coordinating the operations of these devices. "The mindset used to be that a firewall was all you needed," says Brian Wixson, chief information officer for Lansing Automakers Federal Credit Union in Lansing, Mich. "But now businesses realize they need to constantly monitor and maintain layers of security for reasonable network protection."

The resulting proliferation of security devices, however, has left network operators gasping. Wixson, for example, has over a dozen different types of security products protecting his network, and he says his biggest concern is finding a way to "reduce the chaos."

Organizations such as Wixson's often lack security specialists, and network administrators are overwhelmed with thousands of security events from different sources that are difficult to analyze without sophisticated tools. In addition, surveys indicate that a majority of security breeches are attributed to human error, particularly the improper configuration of security devices. Quality network security management tools help address all of these issues.

Though security experts say the industry still has more work to do to answer all of these needs, Wixson and others have been heartened by recent product developments from Cisco. Wixson's credit union, for example, recently purchased Cisco's newly enhanced multi-function device, the Adaptive Security Appliance (ASA) 5500. Wixson is also interested in the Cisco Security, Monitoring and Response System, or MARS, product, which collects information such as operational logs from both Cisco and non-Cisco security devices, as well as servers, that managers can then use to detect network attacks and analyze security device performance. "Cisco is taking a step in the right direction," Wixson says. "I view these products as the beginning of Cisco's move to address this issue."

In response to this growing need for the integration and coordinated management of security tools, last year Cisco formed the Security Technology business unit, which oversees development for security products across the company. Cisco customers are now enjoying the first fruits of this new group's efforts. Cisco, for example, has introduced a software application for security policy configuration, called Cisco Security Manager, and integrated it with Cisco Security MARS, creating the Cisco Security Management Suite. Cisco has also boosted its multi-function security device, the ASA 5500, by adding a malware protection card option and enhancing its support for running virtual private networks.

"Our customers have been telling us of their pressing need for better security management, and we are focusing our efforts on achieving that task," says Jeff Platon, vice president of security and application market management at Cisco. "Obviously, the new iterations of our management tools and security devices are just the beginning, but we are committed to developing effective security management technologies, and our new products provide the foundation for future improvements."

Gale Yocom, president of Covetrix, a Cisco partner and security specialist in Dallas, Texas, says Cisco's Self-Defending Network initiative is another way the company is simplifying the task of network security management. "Organizations are dealing with so many pieces from various vendors that it's hard for them to consistently know if these products are doing their jobs," Yocom says "By taking a systems-based approach to network security rather than the product-centric one of the past, Cisco is creating management consistency and integration across its entire security technology portfolio."

Platon says Cisco is also taking the concept of security device consolidation one step further by integrating security features into its switches and routers. Cisco, for example, has enhanced the virtual private network (VPN), firewall, and intrusion prevention security options for its widely popular Integrated Services Routers. The routers have been one of the company's most popular products in its history because they simplify small business and branch office networking by including capabilities for security, voice communications, and wireless connections all in one box. "What better time to inspect and apply security policies then when you're processing network traffic?" Platon says.

Jack Brahce, director of security services for Analysts International, a global technology company and Cisco channel partner headquartered in Minneapolis, Minn., says Cisco's vast installed base of routers and switches puts the company in a unique position to help address security management complexities. He explains that routers and switches, unlike a particular security device, control traffic throughout a network. With routers and switches working in conjunction with security devices, a network manager can gain a complete picture of what's going on in the network, as well as having the ability to shut-off or restrict parts of the network during a security incident. By integrating security functions into a router or switch, security management becomes far more streamlined and integrated with other network operations.

However it is achieved, security management is imperative in today's networked world. Multi-layered security systems are the only way to counter the growing number and variety of attacks on networks. The Federal Bureau of Investigation (FBI), for example, recently reported that nearly nine out of ten companies experienced a computer security incident in 2005, with one of five admitting they have been attacked more than 20 times during the year.

At the same time, organizations realize they simply can't wall off their networks since they are so vital for connecting to customers, partners and businesses. But that's a difficult proposition. "How do you control security on a device you don't control?" Brahce says.

Phil Go faces just such a conundrum. As chief information officer for Barton Malow Co., a contractor and project management company in Southfield, Mich., Go oversees network access for the company's vast assortment of subcontractors, vendors, joint venture partners, and customers involved in its major construction projects throughout the United States. "We have more and more partners and employees connecting from outside our network, mostly to gain access to our key project applications," Go says. "It's a constant struggle to provide that access while maintaining security. But collaboration is vital to our company. Without it, we would not survive."

As it stands, Go must personally approve any outside access and manually create the restricted accounts. "I would love it if that could be more integrated and automated," he says. "I would let more people in if we could do it safely."

Brahce says Cisco is developing an effective antidote to this challenge with its Network Access Control initiative. NAC is a multi-year industry effort led by Cisco to develop new technologies for inspecting any computing device that tries to connect to the network. Brahce particularly likes Cisco's Clean Access NAC appliance, which serves as a security guard of sorts by testing any computing devices trying to connect from outside the network. The NAC appliance can quarantine and flag any devices that it determines to have unsatisfactory security profiles, such as infected machines or ones lacking proper anti-virus software.

Security management complexities are not only creating operational burdens and limiting the use of networks, but they also threaten the effectiveness of the many new security devices now deployed on networks. Yocom says a lack of management coordination makes it difficult for organizations to know for certain if their security devices are performing as expected. "Even if you spend all your money on the best security devices in the world, if you don't know two months later how their operating, they are doing you little good," he says. "Obviously, we're never going to have 100 percent unified security management, but we're looking to vendors such as Cisco to get us as close to that as possible."

Charles Waltner is a freelance journalist in Oakland, Calif.