2/22/2005 -- As expected, Cisco Systems Inc. last week fleshed out its security portfolio with the addition of 10 new products, software enhancements, and services.

Also last week, Cisco CEO John Chambers outlined an aggressive security strategy during his keynote at the RSA Conference 2005 security confab. Going forward, Chambers confirmed, Cisco will continue to innovate on its own to enhance the security of its products, but — as the company has demonstrated on more than half a dozen occasions over the last 12 months — won’t be shy about looking elsewhere to acquire key technology assets.

“I believe … innovation is about doing it yourself, acquiring and partnering. As we move into elements of security, you will see us both acquire very aggressively, you will see us partner very aggressively, and you will see us innovate probably two-thirds of the products ourselves,” said Chambers.

In this regard, he cited Cisco’s raft of new security-related product and service announcements: “If you look at this most recent set of announcements … look at how much was done by Cisco, and look at how much was key acquisition targets that we then modified the development to say how does this play together.”

Chambers positioned the new offerings as part of Cisco’s Self-Defending Network security strategy, which is based on the company’s “Adaptive Threat Defense” (ATD) architecture. ATD consists of three components: Anti-X defenses (which include IDS and client malware/spyware security agents), application security defenses, and network control and containment features.

To that end, Cisco announced version 5.0 of its Cisco Intrusion Prevention System (IPS), which it claims is enhanced with new intelligent in-line prevention services and network anti-virus, anti-spyware and worm mitigation capabilities. As a result, Cisco officials say, IPS 5.0 is better able to protect both traditional and non-traditional network devices, such as appliances, switch-integrated modules, and IO-based products.

Elsewhere, Cisco introduced version 4.0 of the Anomaly Guard Module and Traffic Anomaly Detector Module for its Cisco Catalyst 6500 Series switches and Cisco 7600 Series routers. The new version of Cisco’s DDoS mitigation offering features multi-gigabit protection capabilities that are designed to protect against day-zero DDoS attacks. Cisco also announced version 4.5 of its Cisco Security Agent (CSA), which has been revamped with added protection against malware and spyware protection — including new "posture" assessment, location-based policy enforcement, and enhanced endpoint security capabilities.

On the application security front, Cisco announced the availability of SSL VPN services for its VPN 3000 Concentrator Version 4.7, along with version 7.0 of its Cisco PIX security appliance software.

In the latter case, Cisco officials say, PIX 7.0 amounts to the largest feature release since that product was first introduced. In addition, the new version of PIX supports a flexible security-policy framework that gives network administrators fine-grained control over individual user-to-application flows.

On top of this, Cisco said that IPS Version 5.0 and Release 12.3(14)T of IOS also support application inspection and control capabilities that offer improved application security for port-80 control and misuse as well as for VoIP.

At the network layer, Cisco announced its Cisco Network Control and Containment Cisco Security Monitoring, Analysis and Response System (CS-MARS) and Security Auditor products. Similarly, Cisco said that new virtual firewall capabilities in PIX 7.0 and IOS Release 12.3(14)T help to expand access control and inspection at a lower cost of ownership.

Officials said that IOS 12.3(14)T ships with a new IPSec virtual interface, which supports more scalable IPSec VPN management, along with enhanced support for Voice and Video over VPN (V3PN) applications. -Stephen Swoyer