Cisco security exec has big plans for Ironport technology

Former Ironport CEO guiding Cisco's incorporation of reputation and monitoring gear into security offerings

Cisco is looking to aggressively incorporate its reputation and monitoring gear into security gear, all under the direction the former CEO of Ironport, the company Cisco bought for its reputation technology.

Scott Weiss, recently promoted to vice president of Cisco's security technology business unit, says reputation could improve the effectiveness of classic security gear starting as soon as year-end.

As head of the security technology unit, Weiss oversees all Cisco firewalls, VPNs, intrusion protection/detection system gear, Security Manager software, Monitoring, Analysis and Response system (MARS) as well as all the Ironport product line of antispam and Web-filtering products.

"I have a lot of early thoughts about synergies from the Ironport product line, and some of the threat prevention and interrogating of anonymous traffic that we've really built up an expertise with, and how to tie that better in with the firewall and [intrusion-protection system]," Weiss says. "These are things we have hypothesized about before but now we are really putting those product plans into action."

Weiss says he also wants to incorporate a behavioral monitoring feature of Ironport S-Series Web security appliances into Cisco firewalls. The monitoring could alert firewalls to block malicious traffic in and out of the network based on known exploits.

"A lot of silent threats that were not seen could be eliminated on a large-scale basis. That's an early charter we have for the organization," he says. "We've had some meetings of these groups and we've actually put some project plans in place. I think that you could see it as early as eight to 12 months as some of these cross-pollenization efforts."

The monitoring capabilities would help businesses by giving them better data about what traffic is moving across network boundaries. "You have to illuminate what information is leaving the corporation before folks are going to be willing to invest in [security] and some of the Ironport technology will allow us to do that," Weiss says.

He says the capability of Ironport gear to detail traffic in and out of networks and perform threat assessment could help boost the capabilities of IPS products. "IPS as a technology is not that dissimilar from what we do at Ironport, which is interrogating anonymous traffic, things that are coming into the network," Weiss says.

To that end he says he hopes to swap engineers between Cisco's Ironport division and its IPS team to see what improvements they can come up with. "We've not put those two groups together to see what synergies there really are, but we've hypothesized quite a few of them," he says.

Weiss says he wants to get these threat-monitoring tools in the hands of customers because he thinks they are unaware of the scope of the problem. "Just about every company we drop one of these monitors in we see that there's a 30 to 50 percent infection rate on the corporate desktop even with anti-virus or antispyware on the client," Weiss says. "I think this is something that is just not that well understood by most corporate IT managers, how pervasive this problem is."

He says threats no don't just try to break through firewalls, they also infiltrate and attempt to "unlock the doors from the inside." Dealing with these threats can take the form of access control that makes sure machines joining networks have properly installed, updated and running security software and patches.

"Centralizing and pulling the management interfaces and recording what's going on and what the customer should do about it has always been part and parcel to what we've been doing at Ironport, and I'd like to be able to continue that across the Cisco devices," Weiss says.