Cisco and their Security Strategy

The Security Strategy from Cisco has become vague and ill defined. The rumoured death of CS-MARS and EOL of Cisco Security Agent show a change in focus away from end point protection to network protection. And the fact that Cisco still doesn’t have an application proxy (other than IronPort which is for web and email only, and still looks like an independent company suggesting that Cisco executives have moved into the top jobs yet) means that their edge / network strategy has some very big holes in it.

What about VPN ? First a push into SSL VPN, then a backflip to support IPSec again. The ASA stateful firewall is same product from five years ago except for minor tinkering. IDS systems have the same problem, minor tinkering and lack of a good management platform (no, Cisco Security Manager is NOT a good platform for managing IDS).

Cisco Security Manager won’t get the LONG overdue updates for another six months, and the important new features until late next year.

I guess all the R&D money got spent on developing Android tablets and Flip cameras. Oh and Telepresence, that’s not going to so well for HP or Cisco either.

Caption Text.

Cisco Security Strategy.(Click for a full size image)

Other Posts in A Series On The Same Topic

  1. Poster: Manager, Engineer, Architect, ITIL Consultant (12th March 2013)
  2. Poster: Keep Calm, Do Networks Everywhere (21st November 2012)
  3. Poster: Cloud Price Negotiations (6th April 2012)
  4. Poster: Cloud Kittens (21st February 2012)
  5. Poster: The Eight Levels of Vendor Acceptance (30th September 2011)
  6. Poster - Cisco VPN Client Licensing (13th August 2011)
  7. Poster: Servers, Tablets. Just Desktops and Printers to Go. (21st January 2011)
  8. Cisco and their Security Strategy (3rd July 2010)
  9. Poster - Reassuringly Expensive (3rd July 2010)
  10. Cisco Borderless Networks Motivational Marketing Poster (24th March 2010)
About Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at and on Twitter @etherealmind and Google Plus

You can contact Greg via the site contact page.

  • MikeInSeoul

    > CSM is NOT a good platform for managing IDS

    I have no argument with you here. Really, it’s not a good platform for managing ANYTHING. Even on the newest, beefiest workstation/server combo, using it (3.x) is still like a slow death. However …

    > CSM wonít get the LONG overdue updates for another six months

    Are you talking about the release of version 4.0? That’s a pretty major update, and it just came out last month (June 18).

    What kind of other “important new features” are in the wings? I’ve always had high hopes for CSM, but always end up being disappointed.

  • Ralph


    Totally agree. I harass our CAM all the time about when the ASA or other security product line updates are coming. Especially after he sent me the announcement about the tablet.

    Listened to the recent PacketPushers where you commented about liking the Juniper SRX. Have you had to do any remote access VPN on it?

    Have you played with Palo Alto box yet?

Subscribe For Weekly Updates by Email

Get a Weekly Summary of Latest Articles and Posts to your Email Inbox Every Sunday

Thanks for signing up. Look for the email from MailChimp & make sure you confirm your email address. You may need to check your spam or gmail settings to be sure of receiving the email.

Note: You can unsubscribe at any time using the link at the bottom of every email.