<img alt="dcsimg" id="dcsimg" width="1" height="1" src="//www.qsstats.com/dcs8krshw00000cpvecvkz0uc_4g4q/njs.gif?dcsuri=/index.php/c/a/Projects-Security/Cisco-Systems-Managing-Expectations&amp;WT.js=No&amp;WT.tv=10.4.1&amp;dcssip=www.baselinemag.com&amp;WT.qs_dlk=XYkhr5qqOx2cFE4TZRFAFwAAAAo&amp;">

Cisco Systems: Managing Expectations

By Brian P. Watson  |  Posted 2006-12-06 Print this article Print

Recent investments have helped Cisco meet customer demand for more reporting tools.

Cisco Systems' bread and butter is selling switches and routers—gear that enables data, voice and video to travel across computer networks. As viruses and worms evolved in recent years and threatened those networks, customers turned to Cisco's security offerings-—though some asked for better tools to automate the monitoring of network intrusions.

The Société de Transport de Montréal, the Canadian city's transit department, operates a Web site with 50,000 daily visitors—and faces a few hundred attacks from hackers, viruses or worms, says senior networking architect Patrick Hardy.

The Société, already using Cisco routers and switches, also deploys a Cisco Catalyst 6500 firewall module that stacks into a chassis. So, to better defend the network, Hardy and his team opted in 2004 for a blade intrusion detection system. Hardy cited ease of management—the chassis uses shared cables for networking and power, like blade servers—and software that could update both a live blade and a standby blade at the same time.

But there was a problem: He says the system didn't come with a tool to manage the system and create reports to chart performance. (Customers of other vendors say management tools are built into intrusion detection and prevention products.)

The alternative, he says, was to check network activity logs each day and manually aggregate statistics such as the number of attacks received and blocked.

That changed this spring, when, for about $20,000, Hardy bought the new Cisco Security Management Suite, which included the Monitoring, Analysis and Reporting System (MARS), an appliance that integrates with routers, switches, and intrusion and prevention tools and creates aggregate reports of network activity. Cisco acquired the tool when it bought Protego Networks in 2005.

Bob Berlin, director of product management for Cisco, says customer concerns over those reporting tools are "legitimate," but adds that management has become more of a priority as network security tools have evolved. "In some ways, the success of this product area has necessitated the rise of a management product," he says, referring to customers' need for reporting across network security tools.

He points to Cisco's development of its Security Management Suite and MARS as signs that the vendor is working to meet customer needs.

Lots Pook, chief technology officer at Exempla Healthcare, hasn't seen the management suite yet. He and his team built homegrown tools and invested in Hewlett-Packard's OpenView software to manage the Colorado hospital chain's Cisco intrusion detection system.

Exempla bought intrusion detection tools because of growing concerns over patient privacy. Pook says the chain didn't know if it was facing attacks because it lacked reporting and measurement tools before acquiring OpenView.

On the upside, Pook says going with Cisco was a "no-brainer," since Exempla's staff was already acquainted with the vendor's gear. Pooks says Exempla is currently installing four Cisco intrusion detection blades at the 450-bed St. Joseph Hospital in Denver: "We're looking forward to using Cisco intrusion and prevention products to help us be more proactive in the future."

Intrusion Detection

Cisco Systems

170 W. Tasman Drive

SAN JOSE, CA 95134

(408) 526-4000




John T. Chambers

President & CEO

Jayshree Ullal

SVP, Data Center, Switching and Security Technology Group


Cisco Intrusion Prevention System 4200 combines traditional detection capabilities with in-line threat blocking. Cisco Security Management Suite includes the Cisco Security Monitoring, Analysis and Reporting System (MARS), an appliance-based oversight and reporting tool, and the Cisco Security Manager, a configuration solution for network security products.

Reference Checks

Churchill Downs

Reuben Moretz

Data Security Analyst


Exempla Healthcare

Lots Pook



Mandarin Oriental Hotel Group

Eric Cruz

Mgr., I.T.


Société De Transport De Montréal

Patrick Hardy

Sr. Networking Architect


Vignette Corp.

Selim Nart

Network Architect


2006FY 2005FY 2004FY
Revenue $28.48B $24.80B $22.05B
Net income $5.58B $5.74B $4.40B
R&D spending $4.07B $3.32B $3.20B
Fiscal year ends July 29

Associate Editor

Brian joined Baseline in March 2006. In addition to previous stints at Inter@ctive Week and The Net Economy, he's written for The News-Press in Fort Myers, Fla., as well as The Sunday Tribune in Dublin, Ireland. Brian has a B.A. from Bucknell University and a master's degree from Northwestern University's Medill School of Journalism.

eWeek eWeek

Have the latest technology news and resources emailed to you everyday.