Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Cisco-Sourcefire Integration Takes Shape

When Cisco acquired Sourcefire last year for $2.7 billion, there were a lot of questions about how the networking giant would integrate the IPS vendor's technology into its portfolio. On Monday, Cisco began filling in the blanks by unveiling the first phase of its integration efforts.

The integration includes adding Sourcefire's Advanced Malware Protection (AMP) technology into its email and Web security appliances, as well as its Cloud Web Security Service. Cisco also announced additions to the FirePower network security appliance line it acquired from Sourcefire, and expanded its open source efforts by adding open source application detection functionality into the Snort engine. Snort is the open source IDS engine created by Martin Roesch before he founded Sourcefire.

More Insights


More >>

White Papers

More >>


More >>

At a media event in San Francisco as RSA Conference 2014 was kicking off, Chris Young, senior vice president of the Cisco Security Business Unit, called the Sourcefire integration a "new security model" that reflects the need for pervasive protection before, during and after an attack.

"You're always being attacked in today's world," he said. "We have to operate knowing that we're always under attack."

AMP uses a combination of file reputation, sandboxing, and a technique called file retrospection for analyzing threats that have made it into the network. File retrospection monitors and tracks user devices that have been exposed to malware so that a company can take steps to remediate the problem.

Rick Holland, principal analyst at Forrester Research, said the integration of AMP into Cisco's content security products and services bolsters the company's position in the anti-malware space.

"Prior to the acquisition of the Sourcefire, Cisco didn't have as competitive of an anti-malware story. I actually think that AMP will be one of the most beneficial aspects of the acquisition," he said in an email interview.

For customers considering competing products such as FireEye, Cisco can counter with its integrated products, he said.

"This reduces operational friction for enterprises by avoiding the deployment of 'yet another point product' into an environment," he said. "Being able to take advantage of integrated capabilities gives companies flexibility to allocate their limited resources where they will have the most impact."

AMP will be available as a license option for Cisco's Web and email security appliances and cloud service.

The new FirePower 8300 series targets datacenter and core networks with a performance boost. Cisco said it provides 50% increase in throughput and up to four of the appliances can be stacked for 120Gbps throughput. FirePower devices start with IPS functionality and customers can add on next-generation firewall and AMP functionality.

Cisco said the addition of open source application detection and control to Snort, through its new OpenAppID language, will give users the ability to create custom app detection and control for their unique environments.

Roesch -- who is now a vice president and chief security architect at Cisco -- said that it will essentially allow users to "build open source next-generation firewalls." Next-generation firewalls allow users to write controls around applications, such as allowing users to run Gmail with two-factor authentication, but not another email program, he said at Monday's event.

Cisco said the OpenAppID preprocessor included in its special release of the Snort engine, as well as a future general Snort release, includes support for application detection on the network and blocking of apps by policy. The company is offering a library of more than 1,000 OpenAppID detectors through the Snort project.

Roesch said OpenAppID shows Cisco's commitment to open source, something it wasn't known for in the past. The company understands the open source community is a powerful way to develop software, he said, adding, "Cisco has picked it up and started running with it."

Cisco on Monday didn't reveal any details about future integration efforts to address technology overlap questions from the Sourcefire deal. Cisco has its own intrusion-prevention products.

Forrester's Holland said he likes the integration of AMP into Cisco's email and Web appliances, but it's too early to say how Cisco is doing with the Sourcefire integration overall. "We don't know the full story yet," he said. "Once we know what the firewall/NGFW/IPS roadmap is going to look like, we will be better positioned to evaluate the overall integration of the two organizations."

Marcia Savage is managing editor at Network Computing.

Related Reading

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013

TechWeb Careers