Cisco Security: That Old Familiar Face

View the PDF — Turn off pop-up blockers!

Cisco is a billion-dollar-a-year champ in the security market, pumped up by an oxygen-like pervasiveness in corporate networks—despite what some consider mediocre management tools.

Stephen C. Smith, network manager with Keystone Mercy Health Plan in Philadelphia, chose PIX firewalls and other Cisco security offerings because his four-member team has 60 years of combined experience with its products. “We’ve got a comfort level with Cisco,” he says. “It was kind of a no-brainer to put in what we know works and know how to manage.”

Familiarity, however, isn’t always desirable in the security world. Radianz, a financial services provider based in New York, runs a global network of about 25,000 Cisco routers and more than 100 of Juniper’s NetScreen firewall appliances. Lloyd Hession, the company’s chief security officer, specifically ruled out using PIX devices because their code base is “very similar” to that of the Internet Operating System (IOS), which powers nearly all of Cisco’s network equipment.



“When you’re betting your business on many thousands of Cisco routers,” Hession says, “it’s a good idea to not use technology from the same vendor to protect them.”

On the other hand, when Cisco’s products don’t work together, it can’t deflect the blame. Peter Simonsen, vice president of information systems with Arizona State Savings & Credit Union, says in the past Cisco’s divisions were “isolated into silos” but that it now usually works quickly to resolve interoperability issues. “We’ve never had Cisco say, ‘It’s not our problem,'” he says.

But one area where Cisco has fallen short is its ability to manage multiple security devices. Even longtime Cisco shops complain about its management tools, which traditionally have had text-only, command-line interfaces. Mainly, they’re too hard to use and prone to operator error, says John D. Halamka, CIO of CareGroup Healthcare System. “It’s easy to do a ‘fat-finger’ command that does very bad things,” he says.

That’s old news, says Richard Palmer, head of Cisco’s security products group. Such impressions are based on older Cisco management features, he says, noting that the latest version of the CiscoWorks VPN/Security Management Solution (VMS) software, released in mid-2003, lets administrators apply policies to groups of devices using a graphical interface. Says Palmer, “Sometimes customers will base opinions on data points that are outdated.”

Network Security

Cisco Systems
170 W. Tasman Drive, San Jose, CA 95134
(408) 526-4000
www.cisco.com

Ticker: CSCO (NASDAQ)

Employees: 34,371

Jayshree Ullal
Senior VP & GM, Security Technology Group
In July, she was put in charge of all security products and technologies. Previously ran Cisco’s optical networking and local area network switch groups.

Richard Palmer
VP & GM, VPN and Security Business Unit
Before he took charge of the security products unit in 1998, he led marketing for Cisco’s high-end routing product line.

Products
PIX 500 Series firewall appliances provide stateful inspection of 100 applications, protocols and services. IDS 4200 Series sensors analyze network traffic to spot intrusions. Cisco Security Agent software for Windows and Unix can detect and stop unauthorized activity on servers or desktops. VPN 3000 Series Concentrator appliances provide authentication and encryption.

Reference Checks

Keystone Mercy Health Plan
Stephen C. Smith
Network Manager
[email protected]
Project: Health-care provider with 1,800 employees has two pairs of PIX 520s configured in high-availability mode. It also has a Cisco Catalyst 6506 switch with an intrusion-detection services module.

Rent-A-Center
Tony Fuller
CTO
(972) 801-1108
Project: Retailer has three PIX firewalls protecting the Internet connection at its headquarters in Plano, Texas, where a Cisco 7204 router provides site-to-site VPNs to 2,863 stores.

Hahn & Hessen
Nick Lucenko Jr.
I.T. Manager
[email protected]
Project: The New York law firm installed a PIX 515E and VPN 3005 Concentrator when it upgraded its networking infrastructure in 2002.

City of Southfield
Jerry Werner
Dir., Technology Services
[email protected]
Project: Michigan city government uses Cisco’s Firewall Services Module for the Catalyst 6513 switch and a PIX 515E to separate its law enforcement systems from other departments.

Caregroup healthcare system
John D. Halamka
CIO
[email protected]
Project: Six-hospital health-care provider has two PIX firewalls on an all-Cisco network.

Arizona State Savings & Credit Union
Peter Simonsen
VP, Information Systems
[email protected]
Project: Phoenix-based financial cooperative uses two PIX firewalls, VPN 3015 and 3005 Concentrators, and four IDS appliances.

Executives listed here are all users of Cisco’s products. Their willingness to talk has been confirmed by Baseline.

Cisco Operating Results*

2004FY2003FY2002FY
Revenue$22.05B$18.88B$18.92B
Gross margin68.6%70.1%63.5%
Operating income$6.29B$4.88B$2.92B
Net income$4.40B$3.58B$1.89B
Net margin20.0%19.0%10.0%
Earnings per share$0.70$0.50$0.25
R&D expenditure$3.08B$3.03B$3.45B

* Fiscal year ends in late July
Source: company reports

Other Financials**

Total assets: $35.59B
Stockholders’ equity: $25.83B
Cash and equivalents:$3.72B
Long-term debt: None
Shares outstanding: 6.94B
Market value as of 9/24: $125.69B
**As of July 31, 2004, except as noted