Cisco moving reputation services into network devices

As acquisition of IronPort closes, Cisco eyes integration

As Cisco closes its acquisition of communications security company IronPort, it announces plans to integrate IronPort’s Web reputation services with its routers and firewalls.

Within a year’s time, Cisco customers will have greater protection from Internet threats on their networks when the company begins integrating recently acquired IronPort's reputation service called SenderBase into its routers and firewalls, company executives say.

Cisco’s acquisition of communications security vendor IronPort, which closed Monday, gives the network giant access to what’s becoming an essential tool in helping to thwart Internet threats -- reputation services -- adding content security to the list of features its network devices boast.

Reputation services monitor Web sites or e-mail traffic or both and flag potentially malicious content, such as e-mail messages containing spam, viruses, phishing attacks or hidden malware; and watch for Web sites that download viruses, botnets and other malware to visitors. Once flagged, the services then prevent customers from being affected by the threats by, for example, rejecting inbound e-mail from an IP address known to send spam, or blocking employees from visiting a Web site that downloads malware.

Such services “are becoming really important,” said Arabella Hallawell, research vice president with Gartner Group, during a session at the Gartner IT Security Summit earlier this month. “It’s not just about [monitoring] IP addresses, it’s understanding domains and Web site information, understanding when a domain was registered, who it was registered by, and if a Web site does a lot of advertising and has active content.”

What’s particularly important are that these services cover both Web and e-mail traffic, she added. “We’re really starting to see e-mail and Web threats intersect.”

SenderBase collects information from more than 100,000 sources worldwide and examines more than 110 attributes of an active e-mail or Web server to determine a reputation score, according to IronPort.

Cisco is calling the addition of SenderBase to its network devices Wide Packet Inspection, combining the depth of network-level security with the breadth of inspection capabilities for e-mail, Web and instant messaging traffic, says Jeff Platon, vice president of the company’s security marketing.

There are other areas in its product portfolio where Cisco sees potential for integration with SenderBase, Platon says. But for the most part, IronPort will operate as an independent business unit under the Cisco umbrella, led by former IronPort CEO Scott Weiss.

This arrangement, according to one user of products from both companies, should offer IronPort the resources and the flexibility it needs to continue to grow.

“We see distinct advantages for IronPort being associated with a large company like Cisco [that has] sufficient money for research and development,” says Mark Pfefferman, assistant vice president and director of distributed computing services with Western & Southern Financial Group in Cincinnati. “As spam gets increasingly more sophisticated and difficult to protect against, a solid, well-funded research and development program will be critical for a company … to remain in the top tier.”

Cisco plans to release network devices with SenderBase during the first half of 2008, says Platon.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies