Cisco Systems is to announce its presence as a player in the intrusion-prevention system market with five appliances and software that adds IPS capabilities to its switches, firewalls and routers.
The network-based IPS appliances, set for delivery next month, would range from a low-end 80Mbps offering to one that runs at a maximum 7Gbps, Cisco said. The ability to identify and block network attacks will work identically across the Cisco appliances, routers, switches and the PIX firewall. The new line-up, which will be unveiled at the RSA Conference in San Francisco, will pose an obvious threat to a growing field of competitors that includes Internet Security Systems, McAfee, Symantec, 3Com's TippingPoint Technologies, Top Layer Networks and start-ups such as V-Secure Technologies.
Concern about computer worms and automated attacks is prompting IT managers to deploy IPSs both at the Internet perimeter and inside the corporate LAN, in spite of the danger of false positives that might cause IPSs to block legitimate traffic.
Cisco, which also announced the VPN 3000 Concentrator for combined SSL- or IPSec-based tunnelling, calls the security products rollout its adaptive threat defence, senior vice-president of Cisco's security technology group, Jayshree Ullal, said.
The design of the Cisco IPS would include the ability to generate a "risk rating of the event and asset value of the target" when an attack is identified and blocked, Ullal said. Like other IPS appliances, the Cisco line would be able to work in a passive-detection mode like an intrusion-detection system.
Ullal said Cisco's IPS was intended to function well in VoIP networks without disrupting traffic. "The IPS is going to protect voice gateways from attack," she said.
Industry analysts said Cisco's push into IPS was a reaction to growing market demand for more proactive options than that of intrusion detection.
"So far, they've only had detection capability," Forrester Research analyst, Paul Stamp, said. "But Cisco has a good reputation in detection, so IPS shouldn't be too hard for them."
In addition to its IPS rollout, Cisco is also unveiling the PIX Security Appliance 7.0. This software-based change for the PIX VPN/firewall lets it perform application inspection and prevent some types of spyware and peer-to-peer network traffic, and provide logical firewalls within a single firewall. "You can create extranet and intranet zones," Ullal said. This was done by portioning internal firewalls with PIX Security Appliance.
She said this was Cisco's first step into adding application-layer protections to the PIX firewall, and the PIX Security Appliance 7.0 wouldn't detect or block cross-site scripting, a function available in most application firewalls, such as those from Teros and Imperva.