Cisco to extend anomaly-detection

Cisco Systems Inc plans to extend the anomaly-detection capability from its host client and DDoS mitigation technology into its IPS offering, as well as allowing all its security offerings to correlate information across a corporate network.

Bob Gleichauf, VP and CTO of the San Jose, California-based networking company’s security technology group, said imbuing the IPS portfolio of appliances and modules with anomaly detection is key to overcoming the limitations of signature-based inspection in the context of encrypted traffic. I hear lots of dedicated IPS vendors saying how much traffic their products can inspect, but they never mention the fact that they’re forwarding all the encrypted stuff, he said.

Cisco already has anomaly-detection in both its Cisco Security Agent, CSA, software client for host devices (PCs and laptops) and the Cisco Guard DDoS Mitigation Appliances and Traffic Anomaly Detectors it acquired when it bought Riverhead two years ago. The idea now is to add that same expertise to the IPS product line, all the way down to individual ports on the Catalyst switches bearing the modules.

In addition, Gleichauf said CSA will be able to share state with IPS to make what he called service chaining possible. They’ll be able to share state to determine what’s going on in the network, he said, adding that the company wants the Monitoring, Analysis and Response System appliance (the result of the acquisition of Protego Networks in December 2004) to be the authority for regulating [security] policy, with its ability to correlate events and its awareness of the individual network’s topology.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing