Cisco is Looking Good

I am in Raleigh NC at the Triangle Research Park facility of Cisco Systems. After two days of demonstrations of new technology and capabilities, I must say that Cisco Systems is looking very good. Which, to me, was a BIG surprise.

I began the two-day conference with low expectations, because I use Cisco products in my job, and frankly, the tools, utilities and software is weak, buggy and slow. I expected more of the same from the new software demonstrations. I was pleasantly surprised at what Cisco has been doing.

When Cisco was the market leader, they took comfort that the competition was years behind them, and they saw no need to develop or market a good GUI based firewall or router administration tool. After all, that’s what the Command Line Interface was for- just SSH to the host, make your config changes, and you are fine.

Then, along came Checkpoint. Cisco didnt adapt to the competition by introducing a good GUI. Then came Raptor/SGS, and Cisco responded with VMS, a buggy java-based interface that made firewall adminsitration a pain. It was STILL better to use the CLI rather than to use VMS. Along came Netscreen with their easy-to-install appliance and intuitive GUI interface, and I think Cisco got the picture. With their competition catching up to them, and often beating them, Cisco went back to the drawing board.

Cisco is replacing the clunky VMS with the CS-Manager, which is cleaner, easier to navigate, more intuitive, and even supports an interface for their Intrusion Prevention Systems. It makes working with multiple devices in an enterprise a breeze, and even has a feature that allows you to build VPNs between systems by dragging a line between devices in the GUI. In fact, given this new interface, it would be rare to need to use CLI.

However, not all of their new tools were the results of hard work at the drawing board. Why create when you can buy? Some Cisco engineers realized a long time ago that what security enterprises really needed was a log correlator to make identification and management of security incidents a breeze. So they left the company, started their own company called Protega, and created a SIM. There are already several correlation engines on the market- including ArcSight, and Symantec’s SIM and others. But Cisco liked the protega product so much they bought the company. And they rebranded the product as Cisco CS-Mars.

The MARS product can work with any vendor FW or IDS, but if you run a Cisco shop, this is the product you need to track security incidents on the enterprise. Unlike other SIMS like ArcSight, the Mars does not get carried away with normalization of security incidents. You can still see exactly what the incident was, down to the session level. With a click of the mouse, you can also apply an ACL to the best security device to remediate the network vulnerability or block the attacker. You can even apply a new rule to the IPS to drop the attack too.

I was very impressed with Cisco and their new direction with their technology. I asked the sales engineer giving the presentation “Where have you guys been? Its about time you engaged the competition on this!”

The SE sheepishly replied “I know, I know, but we’re back.”

Indeed they are. The Cisco CS-Manager is in final beta release and should be in full release within 60 days. The CS-Mars is available now. And the two will work great with each other.