Cisco's new security target: consumers

Cisco Systems, a multibillion-dollar player in security tools for businesses, is planning to move into the consumer market.

The San Jose, Calif.-based networking giant plans to release products later this year that translate its enterprise-scale technologies to the home, keeping consumers safe as they increasingly get networked and go online, Cisco executives told CNET News.com.

"If you think about what's required in the home, it is a 'mini' version of the enterprise," said Richard Palmer, general manager of Cisco's security technology group. "You have to replicate the broad portfolio of technology solutions that we have in an easy to deploy, easy to buy way that consumers find interesting and are willing to spend money on."

The move positions Cisco to grab a bigger chunk of the security market, which, according to research firm IDC, hit $32 billion in 2005 and is poised for double-digit growth through 2010. It also puts Cisco in competition with security specialists such as Symantec and McAfee, but not in the traditional way. Cisco won't sell software that people install on their PC. Instead, it will add security features and services to its Linksys home-networking gear and Scientific Atlanta set-top boxes.

"We think security is going to be a fundamental requirement for the networked home," Palmer said. Buying security software and loading it onto a PC isn't the way people will be securing their systems in the near future. "That market is being transformed," he said.

In Cisco's portfolio Here are some examples of security products from Cisco that could be applied to home networks.

IOS Intrusion Prevention System

PIX Firewall software

Traffic Anomaly Detectors

NAC Appliance (endpoint clean access)

SSL VPN Remote Access

Linksys has plans for routers and other gateway devices with a variety of security features, said Mani Dhillon, director of product marketing at the company, which was bought by Cisco in 2003. "We're working very hard to have something we can bring to market this year," he said.

The top of the line would be a device--possibly connected to a service--that scans all Internet traffic as it enters a home network and automatically filters out all malicious traffic, he said.

Somewhat less advanced is the idea of filtering access to Web sites at the router--which allows multiple devices to use the same Internet connection--rather than on the PC itself. Linksys is working with IronPort Systems, a recent Cisco acquisition, to build a service for its routers that would shield people from known malicious sites. At the moment, people who want similar surfing protection have to install tools such as McAfee's SiteAdvisor or Exploit Prevention Labs' LinkScanner.

"By putting some of the functionality typically seen in security applications onto your network, you don't have to go off and individually manage every PC to make sure is up to date," Dhillon said.

The Linksys team is also thinking of ways to use Cisco's network access control features, or NAC, in its consumer routers. This would automatically run a health check every time a device connects to the home network. It would verify whether security patches and other safety settings on the PC are up-to-date.

"Security is very high on our list," Dhillon said. "We think this could hit the sweet spot for a good percentage of our customers, if we position it correctly." One of the challenges for Linksys is making sure its products don't become overly expensive, since additional features will require more powerful hardware, he said. A bottom-of-the-range Linksys home router costs around $50.

Linksys rival D-Link already sells a $99 security device. However, the D-Link "SecureSpot" is not a router or gateway, instead it sits in-between a router and a cable modem. D-Link partnered with McAfee for many of the features, which include antivirus and spyware blocking. "Security is top of mind for consumers and it does make sense for us as networking vendors to offer solutions," said Daniel Kelley, D-Link's director of marketing.

A real challenge?
Cisco's plans make sense and stand to bring the company additional business, but industry analysts disagree on whether its move is a threat to security incumbents.

"Built-in security is exactly what consumers need, and security in the router absolutely makes sense for Cisco," said Forrester Research analyst Natalie Lambert. "However, it is not the be-all-and-end-all for security."

In focusing its security efforts on the hardware, the company is essentially creating a new market, Lambert said. "By not providing software, Cisco is staying out of the way of the traditional security players," she said. "Installing security software on a PC is a necessity. Consumers are not sitting behind their Linksys box at all times--they travel."

However, security software incumbents such as McAfee and Symantec could still lose out, said John Pescatore, an analyst at Gartner. "The amount of money households will spend on security is not infinite, and Cisco will be competing for the same security dollar," he said. "Cisco has a great shot here."

[Dachi]

A good idea

Using NAT is a pretty safe way to suppress unsolicited inbound traffic to your PC's as it is.

The problem is that people are still downloading crap on their PC's that sends out a far amount of Internet clogging junk.

Being behind a NAT router does not prevent your PC from being used in a DDoS attack or as a bot to send spam for instance.

There will always be people who manage to have just about anything lurking on their PC's. I believe companies like Linksys actually reach enough homes that a product like this could improve the health of the internet as a whole.

I am sure there will be early bugs to correct, but if the idea is shown to work I think some ISP's should adopt a policy that if they have had to suspend your service more than 2 times because your PC is infected and packeting other Internet users that you should be required to install something like this between your PC and the Internet before they are willing to restore your service.

I wish Cisco/Linksys luck with this.

[Macsaresafer]

Puulease!

Malicious sites can only be malicious because there are so many
Windows vulnerabilities. Any attempt to protect Windows, be it
hardware or software, will add unnecessary layers to an already
overburdened internet. Spam, for example accounts for over 90%
of all email, and it's practically all sent from zombie Windows
computers.

If you really want to end the problem, don't connect a Windows
based computer to the internet. With no internet connection,
there's no way it can become a zombie. Leave the internet to
computers whose operating systems aren't security swiss
cheese: Linux and Mac.

[extinctone]

I agree

There is no reason not to use a hardware firewall. It's just basic common sense.

[Seaspray0]

It is, but won't stop an outgoing bot

"Being behind a NAT router does not prevent your PC from being used in a DDoS attack or as a bot to send spam for instance."

Not so. If your computer is part of a botnet, it will work behind a router. Programs, such as the free ZoneAlarm, will alert you to an unauthorized attempt to access the internet. Even the windows firewall in XP will alert you to unauthorized attempts. Aside from providing access to the internet for multiple computers, the NAT feature used in home routers provides an excellent defense against hackers attempting to access your computer through open ports. This defense helps keep your compute from becoming part of a botnet in the first place, but is not the only way your PC can be compromised. Running executables attached to email is a common method; which is why you should not always run as an administrator like most home users do (installing programs requires administrator rights in almost all cases).

[ciscostu]

Linksys + IPS + VPN + WPA Enterprise

The open source community has already started porting security features to Linksys routers-

http://packetprotector.org