Sergey Nivens - Fotolia
Cisco lifts branch security with latest software release
Cisco introduced at its Live conference branch security software for the ISR router. The networking company also improved malware protection in the Meraki MX appliance.
LAS VEGAS -- Cisco, which hopes to build a software portfolio on par with its networking hardware, has introduced applications and cloud-based services that provide network security to companies' branch offices.
Cisco unveiled Monday at its Live customer conference software for the ISR 4000 branch router, which has become a platform for running software-defined network services. The branch security products are sold separately from the hardware -- an example of Cisco's ongoing push to grow its software business.
The releases stem from Cisco's acquisition last year of security providers Lancope and OpenDNS. The new Lancope-related software runs in a container inside the ISR 4000. The application, called Stealthwatch, requires the purchase of a Stealthwatch Learning Network License.
The software provides branch security through network behavior analytics that identifies and flags traffic patterns that could indicate malware on the corporate network. Network operators use the Stealthwatch dashboard to set policies that tell the software how to react to specific traffic patterns. For example, the software can block suspicious traffic from a device on the network while flagging other anomalies for manual intervention.
Also on the ISR 4000, Cisco is providing the option of improving branch security through a subscription to the OpenDNS' cloud-based Umbrella service. Domain name system (DNS) requests pass through Umbrella, which blocks traffic headed for domains or IP addresses that pose a security threat. The service is particularly useful in providing the first line of defense against mobile devices connecting to a corporate guest network.
Overall, Cisco is making the ISR one of several platforms for running network services in software, rather than in separate hardware appliances, said Dan Conde, an analyst at Enterprise Strategy Group. "Their whole point is to turn the branch router, the ISR, into a general purpose device that can run different features, so all customers have to do is flip them on."
Cisco DNA
The products are the latest releases in Cisco's evolving Digital Network Architecture, the vendor's blueprint for running network services as virtualized software. DNA will eventually replace the old way of managing a network through the command line interface of each router or switch. Cisco requires the use of its hardware to take advantage of DNA today, but analysts expect the vendor to eventually make the software platform hardware-agnostic.
"We're not there yet, but generally speaking, that is the direction Cisco is alluding to," said Rohit Mehra, an analyst at IDC.
Cisco demonstrated its more open approach in the March unveiling of DNA. The launch included the introduction of the Enterprise Network Functions Virtualization stack, which has a KVM hypervisor for running virtualized network functions. The Enterprise NFV is available on a Cisco Unified Computing System (UCS) E-Series server module that plugs into the ISR 4000. The stack includes APIs that third-party developers can use to run their software on the platform.
Cisco's focus on software is essential in adapting to a shifting networking market. Companies are searching for products that take them away from proprietary hardware -- Cisco's largest revenue generator -- to more agile software that can reduce costs.
New security for AnyConnect, Meraki
Also at Live, Cisco announced that it would connect the OpenDNS Umbrella service to AnyConnect 4.2, the latest version of the company's virtual private network (VPN) client for mobile devices.
Other new cloud-based security services include the Cisco Defense Orchestrator, a console for managing policies on applications, such as next-generation firewalls and intrusion prevention systems. Having remote management is critical to companies that want to bolster branch security in offices without IT support.
Finally, Cisco has added its Advanced Malware Protection to the Meraki MX appliance that secures a wireless network comprised of Meraki access points. AMP, which stems from Cisco's 2013 Sourcefire acquisition, analyzes files for malware, blocking those that are infected. Also, the technology continuously tracks files to catch those that become a threat after they were initially found to be safe.