Skip Links

Network World

Brad Reese

Two former Cisco employees license all of Cisco's security protocols

By Brad Reese on Wed, 05/13/09 - 8:06pm.

Krishna PrabhakarSanthosh CheeniyilTwo former Cisco employees, Krishna Prabhakar - Avenda Systems Founder and CEO along with Santhosh Cheeniyil - Avenda Systems Founder and Vice President of Engineering, have signed a five year technology partnership to license all of Cisco's security protocols.

Their start-up Avenda Systems is helping Cisco customers who need user and device identity based access technology.

In the question and answer session that follows, Avenda's co-founders reminisce about their glory days while at Cisco and also touch on how their eTIPS solution is offering an advanced set of network security capabilities that are complementary with current Cisco environments.

1. How did you end up at Cisco?

Krishna Prabhakar: I was the founder and CEO of Devsoft Corporation, a company that produced a solution that was a precursor to 802.1X, and Santhosh was the principal engineer on my staff. We had a strategic OEM relationship with Cisco’s Enterprise Line of Business to develop an enterprise policy management solution. Ultimately, Devsoft’s expertise in developing policy control software helped accelerate Cisco’s delivery of their CiscoAssure Policy Networking initiative. This eventually prompted Cisco to acquire us in March of 1998.

2. Specifically, what was the product you worked on? How successful was it, and is it still being sold today?

Santhosh Cheeniyil: While at Cisco our team developed and released 18 different products that covered three technology areas: Network Management, Voice and Security. Products that were a direct result of our efforts include: URT, ACL Manager, Campus Manager, Personal Assistant, Call Manager, Cisco Communicator, CER, Cisco Security Agent, and Cisco Trust Agent. Most of these products are still being sold by Cisco today.

3. How would you describe your experience working at Cisco?

Krishna Prabhakar: Cisco’s customer reach is enormous so it was very exciting to develop products that were deployed all over the world shortly after their release. It was an excellent opportunity to work with key customers to develop cutting-edge products that extended across different technology areas. In voice technology, we saw our business unit grow from $0 to $1B in four years. In security technology, our business unit grew to $2B in less than two years. It was a challenging and rewarding environment from both a technical and a business perspective.

4. What lessons learned from Cisco can you point to, and how did it prepare you for your current role, as an entrepreneur?

Krishna Prabhakar: Cisco is recognized worldwide for their focus on their customers. We recognized early on that a strong customer focus and the ability to stay ahead of industry technology requirements are critical to success. That can be difficult for a company Cisco’s size. For example, Cisco’s key features in their network and security management products have traditionally lagged behind their hardware developments by several years. Having worked in various technology groups at Cisco, Santhosh and I understand that gaps this long only frustrate your customer base and make it impossible to ever really deliver a cohesive solution. This level of understanding is useful to us now, and drives us to listen closely to customers to deliver a complete solution that they are after.

5. Why did you leave Cisco?

Santhosh Cheeniyil: We were asked to assess a legacy policy management solution and then recommend needed changes to support Cisco’s next generation Identity Based Networking Services initiative. Our recommendation was a complete re-architecture from the ground up. Subsequently, there were several internal discussions over the course of two years with many Cisco technology groups involved. However, a start date for the product never emerged. We decided it would be easier to develop a more innovative solution outside of Cisco, and founded Avenda Systems. In fact, customers are still being sold the product we initially reviewed.

6. What is your current relationship with Cisco?

Santhosh Cheeniyil: Avenda Systems and Cisco Systems have signed a five year technology partnership. Cisco has licensed all of their security protocols to Avenda, which include: TrustSec, PISA, NAC, EAP-FAST, CCX, HCAPv2, GAME and others.

7. Why have other companies failed in this market segment?

Krishna Prabhakar: The most glaring problem for other companies trying to solve the network access control problem has been the combination of architectural limitations and evolving market requirements. Vendors attempted to add new capabilities to a platform that was not designed to support these additional functions. The problem for customers is that they had to purchase different devices or components for health checks, guest access, 802.1X, etc. This led to policy inconsistencies, scalability problems, multiple points of administration, and troubleshooting headaches. Cisco also wavered in their approach for delivering NAC, and that also added to customer confusion and a lack of traction.
 
Santhosh Cheeniyil: Many of the failed products in this space used in-band technology, where all network traffic was directed through low-throughput hardware. These products could be deployed for only certain usage scenarios, typically with a small number of users, thus difficult to justify from an ROI perspective. A few others built custom hardware to handle high-volume network traffic, but customers were reluctant to deploy these solutions in place of their existing access switches.

8. How is Avenda’s solution different from other "NAC" solutions?

Krishna Prabhakar: Our product, eTIPS, is a full-featured, identity-based solution that offers an easy-to-use, intuitive interface. We have combined advanced identity, health, and security management capabilities into a cost-effective, scalable platform. Partnerships with Cisco, Microsoft, and other leading vendors provide customers with everything they need for deployments of guest access, .1X security, endpoint health, endpoint discovery, etc.
 
Santhosh Cheeniyil: The level of flexibility offered by our policy engine is another area where our solution is different. eTIPS excels in the ability to put together composite policies by extracting identity attributes from multiple identity stores (such as Active Directory, SQL, LDAP compliant store), and physical information via port or vulnerability scans. The customer benefit is twofold: Flexibility in mapping business (and compliance) rules to network access rules; and the ability to work with existing identity stores in the enterprise without having to replicate information.

According to Avenda, the screenshot below of the eTIPS Start Menu combines solution-wide workflow specific preconfigured templates and ease-of-use features to simplify deployment and management tasks. Avenda claims that its templates and wizards provide policy elements for jump starting service policy creation and deployment. The advanced menu is on the left. As an example, administrators can create identity-based policies based on user identity, host lists, roles, etc.

Screenshot of the eTIPS Start Menu

9. Does Avenda compete with Cisco?

Krishna Prabhakar: Our solution offers a more advanced set of network security capabilities that are complementary with current Cisco environments. Features not offered in the Cisco ACS and NAC products are available in eTIPS. Cisco customers can avoid deploying multiple policy platforms for each use case and access method in multi-vendor environments. Avenda also provides attractive pricing options that help customers implement a solution at their own pace without the need to purchase additional components.

10. Given the economic challenges in today’s market, what can Avenda offer customers that Cisco and others can’t?

Santhosh Cheeniyil: As many IT teams experience budget reductions, Avenda is offering a best-of-breed product with an attractive entry price point and a lower cost of ownership than competing solutions. Many times, the most significant cost in any new or expanded deployment is the IT team’s time and energy. Our customer teams are focused and motivated to assist customers in their deployments via complementary training as well as policy migration support.

Avenda states that the required NAC components are integrated into a single Avenda platform to provide new deployment and consolidation flexibility not offered by Cisco. Avenda claims that it sits at the decision point, and can provide the advanced functionality of a multitude of Cisco boxes. Avenda also claims that it supports all end-user equipment in one appliance, reducing administrators’ costs and administration as shown below.

Avenda Platform

11. What is the future/exit strategy for Avenda?

Krishna Prabhakar: The evolution of our technology allows us to further interoperate with more advanced identity management architectures, so that the utilization of our policy information can be leveraged by a broader set of network devices. We also believe that there is tremendous potential for the application of our technology in emerging market segments such as cloud computing. The more the industry moves toward less dependency on specific platforms or endpoints, the more organizations will require sophisticated access security and identity based policies. Avenda continues to build value in our company through the rapid acquisition of customers and the advancement of our technology. We are confident that we can be a significant force in this segment due to our market timing, the support of our investors, and our ability to provide leading-edge solutions.

What's your take, can Cisco customers benefit from these two former Cisco employees who appear able to help them tackle tough user and device identity based access needs?

Brad Reese
BradReese.Com Cisco Refurbished - Services that protect, maintain and optimize Cisco hardware
Contact: Brad Reese | Twitter: http://twitter.com/BradReese
Brad's Favorite Story Picks

  1. Prime Minister of India joins Cisco in attacking President Obama's tax plan
  2. Cisco employee share-based compensation expense defies gravity
  3. Court rules new HP executive vice president is officially AWOL from EMC
  4. Cinco de Mayo: Cisco loses $45M telepresence deal to Polycom
  5. Cash in on lower Cisco gross margins this week
  6. Juniper Networks takes direct aim at Cisco's one million certified engineers
  7. New HP Networking boss took $17.2M from EMC, but sues to void his non-compete agreement
  8. 100% trade-in credit for Nortel products
  9. Is former Cisco star Mike Volpi selling his dilly-dallier of a video service Joost?
  10. Overcoming fear, uncertainty and doubt (FUD) in the secondary Cisco market
  11. Cisco sales pipeline is thawing
  12. How can we help Cisco's partner talent portal avoid failure?
  13. Cisco against Buy America provisions of the $7.2B broadband stimulus fund
  14. Cisco may be experiencing some near-term delays with its MDS storage switch refresh
  15. Cisco phone inadvertently featured onboard Air Force One
  16. Cisco has replaced Intel for second place status on The Mercury News Silicon Valley 150
  17. Visual networking meets 2 new visualizations of Cisco NetFlow data
  18. Juniper Networks missed its quarter for the first time in a long time
  19. Cisco target of 20 patent troll lawsuits
  20. View Brad Reese on Cisco Story Archives

Cisco Repair

Refurbished Cisco

Cisco VoIP Gateways

Cisco Power Supplies

Avenda Demonstration

0
By Brad Reese on Wed, 05/13/2009 - 7:25pm.

This is an interesting demonstration of Avenda's solution:

Sincerely,

Brad Reese
BradReese.Com Cisco Refurbished

What about Microsoft NAP

0
By Anon (not verified) on Thu, 05/14/2009 - 12:01am.

I’ve been researching NAP and noticed that Avenda mentioned a Microsoft partnership. What can the Avenda or the joint solution offer?

Avenda's Response to Microsoft NAP

0
By Brad Reese on Thu, 05/14/2009 - 7:34am.

Avenda's Response to Microsoft NAP:

Avenda’s agents and System Health Validator (SHV) can be used alongside the Microsoft versions of their NAP agents to also check for the status of system services, and for the existence of specific registry keys. For example, a user’s endpoint can be forced to remediate if they’re using unapproved applications, or if certain security services are not updated. In addition to having Microsoft Agents supporting Microsoft platforms, Avenda’s Agents are also available that support Linux and Mac OS X.

NAP Agent Components

NPS-side SHV

NPS-side SHV

Comparison

Agent Comparison

Sincerely,

Brad Reese
BradReese.Com Cisco Refurbished

Cisco comparison whitepaper

0
By Anon (not verified) on Thu, 05/14/2009 - 12:02am.

Interesting whitepaper comparing the Avenda and Cisco solution here (registration required):
"Simplifying a complex Cisco access control solution"
http://www.avendasys.com/support/wpform.php?wp=wpcisco&wpname=Simplifying%20A%20Complex%20Cisco%20Access%20Control%20Solution

Here's the link

0
By Brad Reese on Sat, 05/16/2009 - 9:22pm.

Here's the link:

Simplifying A Complex Cisco Access Control Solution

Sincerely,

Brad Reese
BradReese.Com Cisco Refurbished

DoD funding?

0
By Anon (not verified) on Fri, 05/15/2009 - 12:24pm.

According to Wikipedia, it said Avenda Systems is also funded by private investors, United States Department of Defense (DoD), including U.S. Air Force and Missile Defense Agency, and the Department of Homeland Security. Can you tell us why they funded Avenda?

Regarding Department of Defense Funding

0
By Brad Reese on Fri, 05/15/2009 - 1:09pm.

Official response from Avenda Systems regarding its Department of Defense funding:

"Avenda was initially funded by Department of Defense’s Software Protection Initiative (SPI) program. The focus of SPI is to improve protection for critical software running on computers (desktops through supercomputers). The three security areas covered by SPI are network security, OS integrity and application security. The DOD chose to engage the Avenda founding team because they possessed a unique combination of expertise and depth of knowledge in this technology area. Avenda worked closely with engineers at the Wright-Patterson Air Force Base (WPAFB) on four different projects in the SPI program. Much of the desktop and network based security work done for this project was important to the early architectural design of Avenda’s next generation NAC solution."

Sincerely,

Brad Reese
BradReese.Com Cisco Refurbished

We are a Cisco customer

0
By Anon (not verified) on Fri, 05/15/2009 - 2:36pm.

Why should I consider using this instead of Cisco NAC?

Cisco NAC

0
By Brad Reese on Fri, 05/15/2009 - 3:12pm.

Official Avenda Systems response:

"The Avenda solution is a single platform that does not require multiple components and management interfaces. It supports all of your Cisco switches and routers, and provides the ability to create more granular policies. In today’s competitive market it also gives you the flexibility to look at other vendors products if needed."

Sincerely,

Brad Reese
BradReese.Com Cisco Refurbished

Too much risk...

0
By Anon (not verified) on Tue, 05/26/2009 - 6:04am.

Buy the avenda box... And their sole investor gets cold feet (they have done it before) and Avenda goes away... leaving my network with doorstops. Isnt there is a big mismatch in risk/reward?

12next ›last »

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use BBCode tags in the text.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <p> <strong> <i> <br /> <br> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Welcome, visitor. Register Log in
About Brad Reese on Cisco

Brad Reese cofounded BradReese.Com Cisco Refurbished, which enables affordable Cisco networks globally by assuring customer satisfaction with guaranteed one year warranties on both Cisco Repair as well as Refurbished Cisco.

Don't be shy, contact Brad Reese online or call him Toll Free:

866-864-0506

International callers may wish to call Brad by dialing:

850-364-4115

Archives
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
Categories
Allan Sulkin - founder and president of enterprise communications systems and applications consultancy - TEQConsult Group
Careers
Chambers and his Board of Dirctors urged Cisco shareholders to vote NO
China networking marketplace
Christian Brothers Investment Services notice
Cisco
Cisco TelePresence
Cisco TelePresence revenue
Cisco Unified Communications Support for Microsoft Windows 7
Cisco engineer - Kevin Murphy
Cisco has now become the target of unflattering employee reviews
Cisco is warning Unified Communications customers about NOT successfully offering support for Microsoft Windows 7
Cisco is well known as being one of the best companies to work for
Cisco stock chart for the last 10 years
Cisco will have no liability for any delay in delivery
Cisco's 1st Quarter Other Product Revenue By Fiscal Year
Cisco's F1Q10 earnings call
Cisco's Form 10-Q
Cisco's new Stock Incentive Plan as amended and restated
Cisco's upcoming annual stockholder's meeting
Daniel Berg - Skype's CTO
Data Center
Dave Donatelli - HP executive vice president and general manager of enterprise servers and networking
FNF
Father of SIP - Jonathan Rosenberg
Financial windfall for Cisco shareholders
Flexible NetFlow
Flip video camcorder
Flip video camcorder revenue
Gilbert Public School's $3.5 million network upgrade to HP
Gilbert Public Schools Board President - Thad Stump
Gilbert Public Schools assistant superintendent - Barb VeNard
Glassdoor.com is financially backed by 2 of the leading Silicon Valley venture capital firms - Benchmark Capital and Sutter Hill Ventures
HP also bid on the project
HP purchasing 3Com
HP's Converged Infrastructure strategy
HP's acquisition of 3Com
John Chambers has had some good paydays as the CEO of Cisco
LANs / WANs
Microsoft
NBAD
NetFlow
NetFlow add-ons
Network Behavior Anomaly Detection
Network Management
Popular online career and workplace community - Glassdoor.com
ProCurve ONE alliance
Proposal submitted by Christian Brothers Investment Services
Proxy resolution during Cisco's annual meeting
Rosenberg is now Skype's Chief Technology Strategist
SMB
Say on executive pay
Security
Skills and abilities of Skype CTO Daniel Berg
Skype announced Roseberg jumped ship from Cisco
Skype's Chief Technology Strategist - responsible for Skype's overall architecture and technology strategy
So how does one verify that Glassdoor's information is really from Cisco employees?
Software
Superintendent Dave Allison
TelePresence revenue
VoIP / Convergence
When Cisco used its common stock to buy Linksys and Pure Digital
Who's right about Cisco's work environment - Fortune or Glassdoor?
Windows 7
Windows 7 just not worth an all-out urgent effort by Cisco to support
Wireless / Mobile
On The Web
Twitter