Cisco Systems: Managing ExpectationsBy Brian P. Watson | Posted 2006-12-06 Email Print
Recent investments have helped Cisco meet customer demand for more reporting tools.
Cisco Systems' bread and butter is selling switches and routersgear that enables data, voice and video to travel across computer networks. As viruses and worms evolved in recent years and threatened those networks, customers turned to Cisco's security offerings-though some asked for better tools to automate the monitoring of network intrusions.
The Société de Transport de Montréal, the Canadian city's transit department, operates a Web site with 50,000 daily visitorsand faces a few hundred attacks from hackers, viruses or worms, says senior networking architect Patrick Hardy.
The Société, already using Cisco routers and switches, also deploys a Cisco Catalyst 6500 firewall module that stacks into a chassis. So, to better defend the network, Hardy and his team opted in 2004 for a blade intrusion detection system. Hardy cited ease of managementthe chassis uses shared cables for networking and power, like blade serversand software that could update both a live blade and a standby blade at the same time.
But there was a problem: He says the system didn't come with a tool to manage the system and create reports to chart performance. (Customers of other vendors say management tools are built into intrusion detection and prevention products.)
The alternative, he says, was to check network activity logs each day and manually aggregate statistics such as the number of attacks received and blocked.
That changed this spring, when, for about $20,000, Hardy bought the new Cisco Security Management Suite, which included the Monitoring, Analysis and Reporting System (MARS), an appliance that integrates with routers, switches, and intrusion and prevention tools and creates aggregate reports of network activity. Cisco acquired the tool when it bought Protego Networks in 2005.
Bob Berlin, director of product management for Cisco, says customer concerns over those reporting tools are "legitimate," but adds that management has become more of a priority as network security tools have evolved. "In some ways, the success of this product area has necessitated the rise of a management product," he says, referring to customers' need for reporting across network security tools.
He points to Cisco's development of its Security Management Suite and MARS as signs that the vendor is working to meet customer needs.
Lots Pook, chief technology officer at Exempla Healthcare, hasn't seen the management suite yet. He and his team built homegrown tools and invested in Hewlett-Packard's OpenView software to manage the Colorado hospital chain's Cisco intrusion detection system.
Exempla bought intrusion detection tools because of growing concerns over patient privacy. Pook says the chain didn't know if it was facing attacks because it lacked reporting and measurement tools before acquiring OpenView.
On the upside, Pook says going with Cisco was a "no-brainer," since Exempla's staff was already acquainted with the vendor's gear. Pooks says Exempla is currently installing four Cisco intrusion detection blades at the 450-bed St. Joseph Hospital in Denver: "We're looking forward to using Cisco intrusion and prevention products to help us be more proactive in the future."