Want CNET to notify you of price drops and the latest stories?

Cisco set on security spending spree

Networking giant plans buys and partnerships to bolster its security lineup.

Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
Dawn Kawamoto
3 min read
SAN FRANCISCO--Networking giant Cisco Systems plans a rapid increase in security buys and partnerships, as it seeks to offer products that can defend against the latest threats.

CEO John Chambers laid out the company's seven-year network security plan on Wednesday during a keynote speech at RSA Conference 2005 here. His comments built on Cisco's Tuesday launch of its Adaptive Threat Defense effort, in which "intelligent" networks defend themselves against security attacks.

"We will be acquiring aggressively, partnering aggressively and spending aggressively to build about two-thirds of our (security portfolio)," Chambers said.

A key part of Cisco's security strategy has been to acquire start-ups for their technology and expertise, and many of its latest security updates have come from these buys. The company's new Secure Sockets Layer (SSL) virtual private network (VPN) product uses technology picked up in its Twingo deal, for example. It's also put a tool from Riverhead Networks into its Catalyst switches to help prevent denial-of-service attacks.

For more than a year, Cisco has touted its "self-defending" network initiative, which puts intelligence into devices so they can communicate with each other. That means security can be coordinated across the entire network, from the worker at a desk to the guts of the system.

In its related release of upgrades and new products at the RSA show, Cisco introduced intrusion-prevention software, a revamp of its PIX firewall and the overhauled SSL VPN product, which enables employees to remotely connect to the corporate network using a standard Web browser.

Chambers said that Cisco's move to extend control over security defenses across the whole network came out of discussions with customers between 1999 and 2001. Clients wanted the ability to track network traffic, end points, applications and users, he said.

Chambers warned that companies that build their security architecture based on the worms and malicious software of today will find a whole different set of terms and threats five years from now. As a result, he said, companies should instead be focusing on how to get their security architecture "right" and how the components all work together.

"You have to think about where the industry will be in three, five and seven years out," Chambers said. "And you have to think about security as an architecture...you can't approach it as a pinpoint of products."

"We believe that security will evolve and be integrated throughout the network," he added. "We believe they will tie together and move from a reactive mode to one where we can see an intrusion, know how to contain it and have a whole bunch of different products working together."

Cisco has already partnered with several antivirus and security companies. In late 2003, it teamed up with three companies in an initiative, named Network Admission Control, that aimed to improve the security of networks accessed via mobile devices. When all the pieces are in place, the NAC architecture will allow companies to set their network devices to refuse connections from mobile PCs or devices that fail to meet corporate security policies, such as not having the latest software patches and antivirus updates.

Currently, Cisco supports the NAC framework on its IP routers, and it plans to introduce support on its Ethernet switches some time this year.