Skip Links

Network World

Brad Reese

Two former Cisco employees license all of Cisco's security protocols

By Brad Reese on Wed, 05/13/09 - 8:06pm.

Krishna PrabhakarSanthosh CheeniyilTwo former Cisco employees, Krishna Prabhakar - Avenda Systems Founder and CEO along with Santhosh Cheeniyil - Avenda Systems Founder and Vice President of Engineering, have signed a five year technology partnership to license all of Cisco's security protocols.

Their start-up Avenda Systems is helping Cisco customers who need user and device identity based access technology.

In the question and answer session that follows, Avenda's co-founders reminisce about their glory days while at Cisco and also touch on how their eTIPS solution is offering an advanced set of network security capabilities that are complementary with current Cisco environments.

1. How did you end up at Cisco?

Krishna Prabhakar: I was the founder and CEO of Devsoft Corporation, a company that produced a solution that was a precursor to 802.1X, and Santhosh was the principal engineer on my staff. We had a strategic OEM relationship with Cisco’s Enterprise Line of Business to develop an enterprise policy management solution. Ultimately, Devsoft’s expertise in developing policy control software helped accelerate Cisco’s delivery of their CiscoAssure Policy Networking initiative. This eventually prompted Cisco to acquire us in March of 1998.

2. Specifically, what was the product you worked on? How successful was it, and is it still being sold today?

Santhosh Cheeniyil: While at Cisco our team developed and released 18 different products that covered three technology areas: Network Management, Voice and Security. Products that were a direct result of our efforts include: URT, ACL Manager, Campus Manager, Personal Assistant, Call Manager, Cisco Communicator, CER, Cisco Security Agent, and Cisco Trust Agent. Most of these products are still being sold by Cisco today.

3. How would you describe your experience working at Cisco?

Krishna Prabhakar: Cisco’s customer reach is enormous so it was very exciting to develop products that were deployed all over the world shortly after their release. It was an excellent opportunity to work with key customers to develop cutting-edge products that extended across different technology areas. In voice technology, we saw our business unit grow from $0 to $1B in four years. In security technology, our business unit grew to $2B in less than two years. It was a challenging and rewarding environment from both a technical and a business perspective.

4. What lessons learned from Cisco can you point to, and how did it prepare you for your current role, as an entrepreneur?

Krishna Prabhakar: Cisco is recognized worldwide for their focus on their customers. We recognized early on that a strong customer focus and the ability to stay ahead of industry technology requirements are critical to success. That can be difficult for a company Cisco’s size. For example, Cisco’s key features in their network and security management products have traditionally lagged behind their hardware developments by several years. Having worked in various technology groups at Cisco, Santhosh and I understand that gaps this long only frustrate your customer base and make it impossible to ever really deliver a cohesive solution. This level of understanding is useful to us now, and drives us to listen closely to customers to deliver a complete solution that they are after.

5. Why did you leave Cisco?

Santhosh Cheeniyil: We were asked to assess a legacy policy management solution and then recommend needed changes to support Cisco’s next generation Identity Based Networking Services initiative. Our recommendation was a complete re-architecture from the ground up. Subsequently, there were several internal discussions over the course of two years with many Cisco technology groups involved. However, a start date for the product never emerged. We decided it would be easier to develop a more innovative solution outside of Cisco, and founded Avenda Systems. In fact, customers are still being sold the product we initially reviewed.

6. What is your current relationship with Cisco?

Santhosh Cheeniyil: Avenda Systems and Cisco Systems have signed a five year technology partnership. Cisco has licensed all of their security protocols to Avenda, which include: TrustSec, PISA, NAC, EAP-FAST, CCX, HCAPv2, GAME and others.

7. Why have other companies failed in this market segment?

Krishna Prabhakar: The most glaring problem for other companies trying to solve the network access control problem has been the combination of architectural limitations and evolving market requirements. Vendors attempted to add new capabilities to a platform that was not designed to support these additional functions. The problem for customers is that they had to purchase different devices or components for health checks, guest access, 802.1X, etc. This led to policy inconsistencies, scalability problems, multiple points of administration, and troubleshooting headaches. Cisco also wavered in their approach for delivering NAC, and that also added to customer confusion and a lack of traction.
 
Santhosh Cheeniyil: Many of the failed products in this space used in-band technology, where all network traffic was directed through low-throughput hardware. These products could be deployed for only certain usage scenarios, typically with a small number of users, thus difficult to justify from an ROI perspective. A few others built custom hardware to handle high-volume network traffic, but customers were reluctant to deploy these solutions in place of their existing access switches.

8. How is Avenda’s solution different from other "NAC" solutions?

Krishna Prabhakar: Our product, eTIPS, is a full-featured, identity-based solution that offers an easy-to-use, intuitive interface. We have combined advanced identity, health, and security management capabilities into a cost-effective, scalable platform. Partnerships with Cisco, Microsoft, and other leading vendors provide customers with everything they need for deployments of guest access, .1X security, endpoint health, endpoint discovery, etc.
 
Santhosh Cheeniyil: The level of flexibility offered by our policy engine is another area where our solution is different. eTIPS excels in the ability to put together composite policies by extracting identity attributes from multiple identity stores (such as Active Directory, SQL, LDAP compliant store), and physical information via port or vulnerability scans. The customer benefit is twofold: Flexibility in mapping business (and compliance) rules to network access rules; and the ability to work with existing identity stores in the enterprise without having to replicate information.

According to Avenda, the screenshot below of the eTIPS Start Menu combines solution-wide workflow specific preconfigured templates and ease-of-use features to simplify deployment and management tasks. Avenda claims that its templates and wizards provide policy elements for jump starting service policy creation and deployment. The advanced menu is on the left. As an example, administrators can create identity-based policies based on user identity, host lists, roles, etc.

Screenshot of the eTIPS Start Menu

9. Does Avenda compete with Cisco?

Krishna Prabhakar: Our solution offers a more advanced set of network security capabilities that are complementary with current Cisco environments. Features not offered in the Cisco ACS and NAC products are available in eTIPS. Cisco customers can avoid deploying multiple policy platforms for each use case and access method in multi-vendor environments. Avenda also provides attractive pricing options that help customers implement a solution at their own pace without the need to purchase additional components.

10. Given the economic challenges in today’s market, what can Avenda offer customers that Cisco and others can’t?

Santhosh Cheeniyil: As many IT teams experience budget reductions, Avenda is offering a best-of-breed product with an attractive entry price point and a lower cost of ownership than competing solutions. Many times, the most significant cost in any new or expanded deployment is the IT team’s time and energy. Our customer teams are focused and motivated to assist customers in their deployments via complementary training as well as policy migration support.

Avenda states that the required NAC components are integrated into a single Avenda platform to provide new deployment and consolidation flexibility not offered by Cisco. Avenda claims that it sits at the decision point, and can provide the advanced functionality of a multitude of Cisco boxes. Avenda also claims that it supports all end-user equipment in one appliance, reducing administrators’ costs and administration as shown below.

Avenda Platform

11. What is the future/exit strategy for Avenda?

Krishna Prabhakar: The evolution of our technology allows us to further interoperate with more advanced identity management architectures, so that the utilization of our policy information can be leveraged by a broader set of network devices. We also believe that there is tremendous potential for the application of our technology in emerging market segments such as cloud computing. The more the industry moves toward less dependency on specific platforms or endpoints, the more organizations will require sophisticated access security and identity based policies. Avenda continues to build value in our company through the rapid acquisition of customers and the advancement of our technology. We are confident that we can be a significant force in this segment due to our market timing, the support of our investors, and our ability to provide leading-edge solutions.

What's your take, can Cisco customers benefit from these two former Cisco employees who appear able to help them tackle tough user and device identity based access needs?

Brad Reese
BradReese.Com Cisco Refurbished - Services that protect, maintain and optimize Cisco hardware
Contact: Brad Reese | Twitter: http://twitter.com/BradReese
Brad's Favorite Story Picks

  1. Prime Minister of India joins Cisco in attacking President Obama's tax plan
  2. Cisco employee share-based compensation expense defies gravity
  3. Court rules new HP executive vice president is officially AWOL from EMC
  4. Cinco de Mayo: Cisco loses $45M telepresence deal to Polycom
  5. Cash in on lower Cisco gross margins this week
  6. Juniper Networks takes direct aim at Cisco's one million certified engineers
  7. New HP Networking boss took $17.2M from EMC, but sues to void his non-compete agreement
  8. 100% trade-in credit for Nortel products
  9. Is former Cisco star Mike Volpi selling his dilly-dallier of a video service Joost?
  10. Overcoming fear, uncertainty and doubt (FUD) in the secondary Cisco market
  11. Cisco sales pipeline is thawing
  12. How can we help Cisco's partner talent portal avoid failure?
  13. Cisco against Buy America provisions of the $7.2B broadband stimulus fund
  14. Cisco may be experiencing some near-term delays with its MDS storage switch refresh
  15. Cisco phone inadvertently featured onboard Air Force One
  16. Cisco has replaced Intel for second place status on The Mercury News Silicon Valley 150
  17. Visual networking meets 2 new visualizations of Cisco NetFlow data
  18. Juniper Networks missed its quarter for the first time in a long time
  19. Cisco target of 20 patent troll lawsuits
  20. View Brad Reese on Cisco Story Archives

Cisco Repair

Refurbished Cisco

Cisco VoIP Gateways

Cisco Power Supplies

Avenda Demonstration

0
By Brad Reese on Wed, 05/13/2009 - 7:25pm.

This is an interesting demonstration of Avenda's solution:

Sincerely,

Brad Reese
BradReese.Com Cisco Refurbished

What about Microsoft NAP

0
By Anon (not verified) on Thu, 05/14/2009 - 12:01am.

I’ve been researching NAP and noticed that Avenda mentioned a Microsoft partnership. What can the Avenda or the joint solution offer?

Avenda's Response to Microsoft NAP

0
By Brad Reese on Thu, 05/14/2009 - 7:34am.

Avenda's Response to Microsoft NAP:

Avenda’s agents and System Health Validator (SHV) can be used alongside the Microsoft versions of their NAP agents to also check for the status of system services, and for the existence of specific registry keys. For example, a user’s endpoint can be forced to remediate if they’re using unapproved applications, or if certain security services are not updated. In addition to having Microsoft Agents supporting Microsoft platforms, Avenda’s Agents are also available that support Linux and Mac OS X.

NAP Agent Components

NPS-side SHV

NPS-side SHV

Comparison

Agent Comparison

Sincerely,

Brad Reese
BradReese.Com Cisco Refurbished

Cisco comparison whitepaper

0
By Anon (not verified) on Thu, 05/14/2009 - 12:02am.

Interesting whitepaper comparing the Avenda and Cisco solution here (registration required):
"Simplifying a complex Cisco access control solution"
http://www.avendasys.com/support/wpform.php?wp=wpcisco&wpname=Simplifying%20A%20Complex%20Cisco%20Access%20Control%20Solution

Here's the link

0
By Brad Reese on Sat, 05/16/2009 - 9:22pm.

Here's the link:

Simplifying A Complex Cisco Access Control Solution

Sincerely,

Brad Reese
BradReese.Com Cisco Refurbished

DoD funding?

0
By Anon (not verified) on Fri, 05/15/2009 - 12:24pm.

According to Wikipedia, it said Avenda Systems is also funded by private investors, United States Department of Defense (DoD), including U.S. Air Force and Missile Defense Agency, and the Department of Homeland Security. Can you tell us why they funded Avenda?

Regarding Department of Defense Funding

0
By Brad Reese on Fri, 05/15/2009 - 1:09pm.

Official response from Avenda Systems regarding its Department of Defense funding:

"Avenda was initially funded by Department of Defense’s Software Protection Initiative (SPI) program. The focus of SPI is to improve protection for critical software running on computers (desktops through supercomputers). The three security areas covered by SPI are network security, OS integrity and application security. The DOD chose to engage the Avenda founding team because they possessed a unique combination of expertise and depth of knowledge in this technology area. Avenda worked closely with engineers at the Wright-Patterson Air Force Base (WPAFB) on four different projects in the SPI program. Much of the desktop and network based security work done for this project was important to the early architectural design of Avenda’s next generation NAC solution."

Sincerely,

Brad Reese
BradReese.Com Cisco Refurbished

We are a Cisco customer

0
By Anon (not verified) on Fri, 05/15/2009 - 2:36pm.

Why should I consider using this instead of Cisco NAC?

Cisco NAC

0
By Brad Reese on Fri, 05/15/2009 - 3:12pm.

Official Avenda Systems response:

"The Avenda solution is a single platform that does not require multiple components and management interfaces. It supports all of your Cisco switches and routers, and provides the ability to create more granular policies. In today’s competitive market it also gives you the flexibility to look at other vendors products if needed."

Sincerely,

Brad Reese
BradReese.Com Cisco Refurbished

Too much risk...

0
By Anon (not verified) on Tue, 05/26/2009 - 6:04am.

Buy the avenda box... And their sole investor gets cold feet (they have done it before) and Avenda goes away... leaving my network with doorstops. Isnt there is a big mismatch in risk/reward?

12next ›last »

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use BBCode tags in the text.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <p> <strong> <i> <br /> <br> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Welcome, visitor. Register Log in
About Brad Reese on Cisco

Brad Reese cofounded BradReese.Com Cisco Refurbished, which enables affordable networks globally by assuring customer satisfaction with guaranteed one year warranties on both Cisco Repair as well as Refurbished Cisco.

Don't be shy, contact Brad Reese online or call him Toll Free:

866-864-0506

International callers may wish to call Brad by dialing:

850-364-4115

Archives
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
Categories
A classic scam to defraud Cisco's SMARTnet program
America's Best profile written by Useem regarding Chambers' success
Avian Securities Senior Telecom Research Analyst - Catharine Trebnick
Breakingviews.com correspondent - Robert Cyran
CCIE
Careers
Charlie Giancarlo - Managing Director of Silver Lake Partners and Skype investor
Cisco
Cisco ASR 9000 architecture
Cisco ISR G2 Module Support
Cisco Integrated Services Router Generation 2 (ISR G2) Model Comparison
Cisco Integrated Services Routers Generation 2 Portfolio
Cisco Unified Communications Support for Microsoft Windows 7
Cisco is pushing their ASR 9000 at very competitive prices
Cisco is warning Unified Communications customers about NOT successfully offering support for Microsoft Windows 7
Cisco technical star Jonathan Rosenberg
Cisco will have no liability for any delay in delivery
Data Center
Douglas Smith - Cofounder and President of Network Instruments
Expand visibility of NetFlow-dependent NBAD and compliance applications
GigaStor captures and converts packets in NetFlow data flows
Index Venture partner Danny Rimer
Jonathan Rosenberg - a Cisco Fellow in Cisco's Voice Technology Group
Juniper MX960 lab test results
LANs / WANs
Mark Roberts - Polycom vice president of partner marketing
Michael Useem - Professor of Management
Microsoft
NetFlow
NetFlow add-ons
NetFlow overhead can overtax infrastructure
Network Behavior Anomaly Detection (NBAD)
Network Management
Non-NetFlow capable devices are blind to local traffic
Produce NetFlow about any device
SMB
Security
Selection committee member for America's Best Leaders
September 2009 vs. October 2009 Worldwide CCIE Count Comparison
Silver Lake Managing Director - Egon Durban
Skype's cofounders Niklas Zennstrom and Janus Friis
Software
The Charlie angle is to keep Dave Roux on track
The new Cisco ISR G2 portfolio is priced as follows
VoIP / Convergence
What are the benefits of GigaStor NetFlow Agent?
What’s new on the Cisco ISR G2 models vs. the old ISR models?
Windows 7
Windows 7 just not worth an all-out urgent effort by Cisco to support
Wireless / Mobile
eBay CEO - John Donahoe
sFlow
sFlow and NetFlow provides extended visibility
On The Web
Twitter