9/29/2005 -- Cisco Systems this week announced several new security products that it says are designed to help customers protect their information assets.

Cisco’s new offerings include the Cisco Incident Control System (ICS) and Distributed Threat Mitigation for Intrusion Prevention Systems (IPS), along with enhancements Cisco is delivering in updates to its IPS and IOS software.

Cisco positions ICS as a worm or virus mitigation tool. It’s designed to quickly identify and contain worms and viruses to keep them from spreading -- or at least to limit the extent of their maliciousness. Cisco says ICS uses outbreak intelligence and virus signature information from anti-virus software specialist Trend Micro. Ideally, ICS can contain a virus or worm outbreak before it overwhelms an organization’s core network assets.

Cisco also announced an ICS Implementation Service from Cisco Advanced Services that promises to deliver advanced preparation, design, and deployment support for ICS customers.

Elsewhere, Distributed Threat Mitigation for Cisco IPS is an outbreak prevention product that’s delivered through enhancements to Cisco’s Security Monitoring, Analysis and Response System (CS-MARS) version 4.1. Distributed Threat Mitigation for IPS prescribes a heavy dose of Cisco’s supporting technologies: It taps the company’s IPS appliance sensors for initial threat notification, CS-MARS for distributing threat-mitigation information across a network, and Cisco routers configured for IPS services to defend against threats.

Finally, Cisco announced new versions of Cisco IPS and Cisco IOS Software that boast improved outbreak prevention and threat mitigation capabilities. For example, Cisco IPS version 5.1 offers support for up to 255 VLANs on a single interface, which Cisco says enables expanded asset protection at lower cost of ownership. The revamped IPS delivers multi-gigabit, non-stop intrusion prevention through EtherChannel load balancing, a capability that enables high throughput with high availability services. It also supports traffic rate limiting with Cisco switches and routers, which lets customers have more control over network traffic and expanded protocol support.

Cisco’s new IOS 12.4(4)T ships with a new outbreak prevention capability called Flexible Packet Matching (FPM). FPM lets users conduct deep packet inspection pattern matching and filtering using pre-defined or customizable protocol templates in Extensible Markup Language (XML) or IOS Command Line Interface (CLI) for more granular user control. -Stephen Swoyer