Two former Cisco employees license all of Cisco's security protocols

Two former Cisco employees, Krishna Prabhakar - Avenda Systems Founder and CEO along with Santhosh Cheeniyil - Avenda Systems Founder and Vice President of Engineering, have signed a five year technology partnership to license all of Cisco's security protocols. Their start-up Avenda Systems is helping Cisco customers who need user and device identity based access technology. In the question and answer session that follows, Avenda's co-founders reminisce about their glory days while at Cisco and also touch on how their eTIPS solution is offering an advanced set of network security capabilities that are complementary with current Cisco environments.

1. How did you end up at Cisco?

Krishna Prabhakar: I was the founder and CEO of Devsoft Corporation, a company that produced a solution that was a precursor to 802.1X, and Santhosh was the principal engineer on my staff. We had a strategic OEM relationship with Cisco’s Enterprise Line of Business to develop an enterprise policy management solution. Ultimately, Devsoft’s expertise in developing policy control software helped accelerate Cisco’s delivery of their CiscoAssure Policy Networking initiative. This eventually prompted Cisco to acquire us in March of 1998.

2. Specifically, what was the product you worked on? How successful was it, and is it still being sold today?

Santhosh Cheeniyil: While at Cisco our team developed and released 18 different products that covered three technology areas: Network Management, Voice and Security. Products that were a direct result of our efforts include: URT, ACL Manager, Campus Manager, Personal Assistant, Call Manager, Cisco Communicator, CER, Cisco Security Agent, and Cisco Trust Agent. Most of these products are still being sold by Cisco today.

3. How would you describe your experience working at Cisco?

Krishna Prabhakar: Cisco’s customer reach is enormous so it was very exciting to develop products that were deployed all over the world shortly after their release. It was an excellent opportunity to work with key customers to develop cutting-edge products that extended across different technology areas. In voice technology, we saw our business unit grow from $0 to $1B in four years. In security technology, our business unit grew to $2B in less than two years. It was a challenging and rewarding environment from both a technical and a business perspective.

4. What lessons learned from Cisco can you point to, and how did it prepare you for your current role, as an entrepreneur?

Krishna Prabhakar: Cisco is recognized worldwide for their focus on their customers. We recognized early on that a strong customer focus and the ability to stay ahead of industry technology requirements are critical to success. That can be difficult for a company Cisco’s size. For example, Cisco’s key features in their network and security management products have traditionally lagged behind their hardware developments by several years. Having worked in various technology groups at Cisco, Santhosh and I understand that gaps this long only frustrate your customer base and make it impossible to ever really deliver a cohesive solution. This level of understanding is useful to us now, and drives us to listen closely to customers to deliver a complete solution that they are after.

5. Why did you leave Cisco?

Santhosh Cheeniyil: We were asked to assess a legacy policy management solution and then recommend needed changes to support Cisco’s next generation Identity Based Networking Services initiative. Our recommendation was a complete re-architecture from the ground up. Subsequently, there were several internal discussions over the course of two years with many Cisco technology groups involved. However, a start date for the product never emerged. We decided it would be easier to develop a more innovative solution outside of Cisco, and founded Avenda Systems. In fact, customers are still being sold the product we initially reviewed.

6. What is your current relationship with Cisco?

Santhosh Cheeniyil: Avenda Systems and Cisco Systems have signed a five year technology partnership. Cisco has licensed all of their security protocols to Avenda, which include: TrustSec, PISA, NAC, EAP-FAST, CCX, HCAPv2, GAME and others.

7. Why have other companies failed in this market segment?

Krishna Prabhakar: The most glaring problem for other companies trying to solve the network access control problem has been the combination of architectural limitations and evolving market requirements. Vendors attempted to add new capabilities to a platform that was not designed to support these additional functions. The problem for customers is that they had to purchase different devices or components for health checks, guest access, 802.1X, etc. This led to policy inconsistencies, scalability problems, multiple points of administration, and troubleshooting headaches. Cisco also wavered in their approach for delivering NAC, and that also added to customer confusion and a lack of traction.
Santhosh Cheeniyil: Many of the failed products in this space used in-band technology, where all network traffic was directed through low-throughput hardware. These products could be deployed for only certain usage scenarios, typically with a small number of users, thus difficult to justify from an ROI perspective. A few others built custom hardware to handle high-volume network traffic, but customers were reluctant to deploy these solutions in place of their existing access switches.

8. How is Avenda’s solution different from other "NAC" solutions?

Krishna Prabhakar: Our product, eTIPS, is a full-featured, identity-based solution that offers an easy-to-use, intuitive interface. We have combined advanced identity, health, and security management capabilities into a cost-effective, scalable platform. Partnerships with Cisco, Microsoft, and other leading vendors provide customers with everything they need for deployments of guest access, .1X security, endpoint health, endpoint discovery, etc.
Santhosh Cheeniyil: The level of flexibility offered by our policy engine is another area where our solution is different. eTIPS excels in the ability to put together composite policies by extracting identity attributes from multiple identity stores (such as Active Directory, SQL, LDAP compliant store), and physical information via port or vulnerability scans. The customer benefit is twofold: Flexibility in mapping business (and compliance) rules to network access rules; and the ability to work with existing identity stores in the enterprise without having to replicate information.

According to Avenda, the screenshot below of the eTIPS Start Menu combines solution-wide workflow specific preconfigured templates and ease-of-use features to simplify deployment and management tasks. Avenda claims that its templates and wizards provide policy elements for jump starting service policy creation and deployment. The advanced menu is on the left. As an example, administrators can create identity-based policies based on user identity, host lists, roles, etc. 9. Does Avenda compete with Cisco?

Krishna Prabhakar: Our solution offers a more advanced set of network security capabilities that are complementary with current Cisco environments. Features not offered in the Cisco ACS and NAC products are available in eTIPS. Cisco customers can avoid deploying multiple policy platforms for each use case and access method in multi-vendor environments. Avenda also provides attractive pricing options that help customers implement a solution at their own pace without the need to purchase additional components.

10. Given the economic challenges in today’s market, what can Avenda offer customers that Cisco and others can’t?

Santhosh Cheeniyil: As many IT teams experience budget reductions, Avenda is offering a best-of-breed product with an attractive entry price point and a lower cost of ownership than competing solutions. Many times, the most significant cost in any new or expanded deployment is the IT team’s time and energy. Our customer teams are focused and motivated to assist customers in their deployments via complementary training as well as policy migration support.

Avenda states that the required NAC components are integrated into a single Avenda platform to provide new deployment and consolidation flexibility not offered by Cisco. Avenda claims that it sits at the decision point, and can provide the advanced functionality of a multitude of Cisco boxes. Avenda also claims that it supports all end-user equipment in one appliance, reducing administrators’ costs and administration as shown below. 11. What is the future/exit strategy for Avenda?

Krishna Prabhakar: The evolution of our technology allows us to further interoperate with more advanced identity management architectures, so that the utilization of our policy information can be leveraged by a broader set of network devices. We also believe that there is tremendous potential for the application of our technology in emerging market segments such as cloud computing. The more the industry moves toward less dependency on specific platforms or endpoints, the more organizations will require sophisticated access security and identity based policies. Avenda continues to build value in our company through the rapid acquisition of customers and the advancement of our technology. We are confident that we can be a significant force in this segment due to our market timing, the support of our investors, and our ability to provide leading-edge solutions.

What's your take, can Cisco customers benefit from these two former Cisco employees who appear able to help them tackle tough user and device identity based access needs? BradReese.Com Cisco Refurbished - Services that protect, maintain and optimize Cisco hardware Contact: Brad Reese | Twitter:

  1. Prime Minister of India joins Cisco in attacking President Obama's tax plan
  2. Cisco employee share-based compensation expense defies gravity
  3. Court rules new HP executive vice president is officially AWOL from EMC
  4. Cinco de Mayo: Cisco loses $45M telepresence deal to Polycom
  5. Cash in on lower Cisco gross margins this week
  6. Juniper Networks takes direct aim at Cisco's one million certified engineers
  7. New HP Networking boss took $17.2M from EMC, but sues to void his non-compete agreement
  8. 100% trade-in credit for Nortel products
  9. Is former Cisco star Mike Volpi selling his dilly-dallier of a video service Joost?
  10. Overcoming fear, uncertainty and doubt (FUD) in the secondary Cisco market
  11. Cisco sales pipeline is thawing
  12. How can we help Cisco's partner talent portal avoid failure?
  13. Cisco against Buy America provisions of the $7.2B broadband stimulus fund
  14. Cisco may be experiencing some near-term delays with its MDS storage switch refresh
  15. Cisco phone inadvertently featured onboard Air Force One
  16. Cisco has replaced Intel for second place status on The Mercury News Silicon Valley 150
  17. Visual networking meets 2 new visualizations of Cisco NetFlow data
  18. Juniper Networks missed its quarter for the first time in a long time
  19. Cisco target of 20 patent troll lawsuits
  20. View Brad Reese on Cisco Story Archives
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.