• United States
Executive Editor

Blocking unacceptable behavior

Feb 11, 20032 mins
Cisco SystemsNetworkingSecurity

* Cisco buys Okena for extra VPN protection

Cisco recently announced plans to buy Okena, maker of security software that screens for potentially malicious behavior rather than simply for known signatures of malicious packets.

Cisco says it plans to package the software for installation on desktops and servers, and the product, called StormWatch, will be integrated into Cisco security gear that is under the control of Cisco’s VPN division.

The importance of this is that vendors are pushing the idea that while VPNs provide a certain level of security between sites or between a single PC and a corporate network, the devices behind the VPN gear – the laptops or servers – can be compromised. It’s great to have a secure pipe to send traffic over the Internet, but not if part of that traffic is a virus that can infect the network that is being accessed.

As a result, VPN vendors for some time now have been incorporating more and more security with their VPN products, such as personal firewalls for PCs, antivirus software and intrusion detection software. Some vendors are even requiring the endpoint devices on VPNs to have the correct versions of firewalls and antivirus software to be turned on before the devices are allowed onto the VPN.

Okena will add a new dimension to this type of protection. Its technology defines acceptable behavior by a device, and any behaviors that are not allowed are blocked. So, for example, a policy might define which applications are allowed to access the Internet. If an application not on the list tries, the attempt is blocked, so a virus that might be generating that attempt would be thwarted.

This is a way to help block new viruses for which patches have not been written, or for which signatures have not been identified to plug into anti-virus software.

Stepping back from the specifics of the Cisco-Okena deal, the idea of needing more than just VPN technology is important. Some people question whether all these added security measures should be lumped together on one device, and that is a decision that individual users will have to make based on their circumstances.

The clear lesson for everyone, though, is that these endpoints must be protected as best each user can afford.