You are here: Home / Blog / Cisco SecureX – Nothing but Empty Words ?

Cisco SecureX – Nothing but Empty Words ?

29th March 2011 by 7 Comments

SecureX is supposedly “Context Aware Enforcement”. I also believe SecureX to be Cisco’s current security strategy ( is that three or four in the last three years ? ). So it’s something we should probably be aware of. Right ?

But I don’t know what, either specifically or generally, that means as a deliverable. And other than a couple of keynote †talks and some press releases, the strategy appears to have stopped before it even got serious.

I’ve been watching this webcast where Tom Gillis gave a presentation at RSA – here is the webcast – http://media.omediaweb.com/rsa2011/exclusive/webcast-launcher-2-4-cisco.htm

The presentation was very long on fancy and expensive looking graphics like this one:
Cisco securex 2

Meaningful, eh ?

And there was any number of condescending platitudes:
07:05 – “Cool and easy will always win out over safe but clunky”
11:55 – “In a world where the network doesn’t have a beginning or an end”
12:43 – “Cisco…the most trusted infrastructure in the world”
…… yeah, I have given up about here

And I’ve been to Cisco web – Cisco SecureX Architecture and it’s effectively empty.

I also interviewed Tom Gillis at Cisco Live in London, and was deeply concerned about the lack of depth to SecureX. I played back the recording of the interview again, and still have the same problem that this strategy is hollow. It’s missing deliverables, actions, details, or indeed, anything that can be actioned.

The EtherealMind View

Honestly, if this is the The Future of Network Security: Ciscoís SecureX Architecture I have no idea how that is going to work. How can you announce a new strategy, and then provide no details for a month or more after the announcement.

Cisco Security Business Unit has has any number of convulsions within the company as they kill off products such as CS-MARS, defocus on others e.g. NAC and finally deliver on long overdue upgrades ( CSM 4.0, ACS 5.x ). Importantly, they are still integrating the purchase of IronPort and ScanSafe with the SBU now headed by Tom Gillis who was previously CEO of IronPort . This lack of execution implies that there might all sorts of problems with getting agreement within the SBU on exactly what SecureX is or is not †? †Alternately, it’s just possible that SecureX is already dead due to internal politics since there is nothing happening.

Cisco Security Business Unit has been a reliable partner for many years and any more stumbles will start me thinking to re-evaluate my security products. The ASA is good product, but it’s only one part of an ecosystem.

Or am I missing something ? Is there any other information about Cisco’s SecureX that I haven’t seen ? Anyone from Cisco Security marketing want to reach out and let me know more ( because I can’t find you ) ?

Filed Under: Blog, Featured Tagged With: ,
About Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus

  • http://convergingontheedge.com CJ

    I have not even heard of Cisco SecureX….I don’t understand why they need so many different lines of products that mud up the waters.

    It is interesting as I study for more and more Cisco Certs how they seem to love to include everything they have ever produced, including old outdated technologies…weird…hopefully they are not getting to big for their own good. At the end of the day I really enjoy working on their products.

  • http://Crankypotato.com Ian

    I think you’ve nailed it on the head. Currently at Cisco Live Melbourne and it is conspicuously absent from the schedule.

    • http://etherealmind.com Greg Ferro

      Sigh. Nice to have it confirmed, but I do wish Cisco was doing a better job.

  • simon

    From what I have been presented by Cisco, they are coming out with a new platform and strategy for integrated security with the main product will be called ISE, which will host the ACS and all the NAC services will run as services on a single platform amongst other security services. (ACS is meant to go away in its current form) Anyconnect will become an integrated client to connect to everything dot1x/vpn/webvpn/etc and provide connectivity to all sorts of devices (iPhones/Android/laptops etc.)

    Strategy adn full architecture is meant to come out this spring.

  • Tom

    I think Cisco should have started concentrating on all the ‘next generation security’ stuff maybe one or two years earlier. There’s a lot they could learn from Palo Alto Network’s Next Generation Firewalls. I’ve had a real good experience with these devices so far – with features that Cisco could never give me so far.

    Greetings from Germany
    Tom

  • Smukatele

    Juniper has had “SecureX” for several years at least. They have a single appliance, UAC, that acts as authentication server, NAC appliance, policy engine, etc. It can send vlan info, ACLs, and so on to any .1x capable switch (not just Cisco). It can also communicate the client info with Juniper firewalls so that those firewalls can make dynamic policies based on AD groups, client security posture, or whatever else you want. It can then tie in to any security appliance that supports if-map which means that your SSLVPN can share info with your firewall and your switches and everything else via UAC.

    The only news here is that Cisco is somehow able to make everyone believe they are leading rather than following here.

    • http://www.facebook.com/diegoarmandocambronero Diego Cambronero

      Can Juniper offer profiling? And posture ?? And guest services ?? all together?? Does it work with BYOD?