The Ashimmy Blog

McAfee has been making hay lately with their "triple play" promotions. But the biggest security vendor out there has recently announced a triple play themselves.  I am referring to Cisco of course.  In the past few weeks Cisco has made several announcements that show they are serious about keeping competitive, if not best-of-breed n security. But having best-of-breed is not necessary when you are Cisco. When you control 75+% of the networking market, like Joe Namath said, "if you got it, flaunt it". However, when you take a close look at these announcements and the products they tout, we see t is more of the same from Cisco.  Trying to play catch up to other security vendors and driving more into the switch box to leverage their advantage. Lets have a look.

First up is their the Cisco IPS 4270.  This is touted as a 4GPS IPS for certain types of media traffic.  For more conventional data, it does packet inspection at 2 GPS.  While not as high as the highest rated boxes from ISS/IBM. Tipping Point, McAfee, Sourcefire, etc., it does move Cisco into the multi-gig IPS space.  I am not sure if those "boys with toys" types who go in for these Ferrari IPS's will be satisfied though with less than the highest throughput vehicle though.  In the meantime I am sure there will be plenty of Cisco shops who will be only too happy to fork over the bucks (has anyone been able to get a price on this baby?) for this baby.  Besides speed though, I have always heard that Cisco's IPS is beast to use and is not updated very often.  I don't care how fast it goes, if they have not addressed these issues, who cares about how fast it is. It will be just another useless piece of Cisco gear. I have seen more companies than I can count who paid for Cisco IPS (or they think they got it for free with their network buy, but somewhere along the line they paid) and have the boxes not even plugged in, as they use something out.

I have a bigger issue here that I would like to draw attention to though.  That is what can we do to stop the BS around speed ratings in IPS.  Doing 4 GPS on only certain kinds of traffic is not a 4 GBPS IPS!  Cisco is not alone in this though.  Almost every single vendor is guilty of word games with their speed ratings.  2 GPS of traffic in is touted as 4GPS because it also sends those 2GPS out.  That is not 4GPS either!  I would like to see some vendor come along and blow the lid off of the marketing scam and see real throughput levels.  We need apple to apple comparisons!

Second player in the triple play, is Cisco's move into behavior based detection. Brad Reese (our latest guest on the podcast, coming up this week)on his Cisco Subnet, NetworkWorld blog talks about Cisco moving away from NetFlow to a new ASIC packet inspection card (again in the switch) and working with the Cisco QoS Policy Manager. I don't know enough about this one to say for sure, but I think at a time when the industry leaders (Lancope, Mazu, Arbor, etc. are standardized on NetFlow, Cisco at least according to Brad's article is moving away from it.

Finally is Cisco's TrustSec announcement.  I think the Wizard of Syracuse, Mike Fratto has done a good job on his Network Computing blog in calling a duck a duck. When I first heard about TrustSec I though TrustSec was part of the NAC framework. I was surprised to learn it is not. I see TrustSec absolutely competing with NAC.  The fact that one comes from the security group (NAC) and one from the networking group has all the earmarks of a political turf war to me.  In any event like Dom Wilde at Nevis pointed out, identity based access control - BFD. Nothing earth shattering there.  It will be interesting to see hwo TrustSec plays out with NAC when andif it is finally available.

There you have it, 3 new security plays for Cisco.  It certainly keeps it interesting and makes it harder than ever to compete with these guys!