Comment on Cisco’s Security Solutions Webinar

I attended a web based event today on Cisco Security “Vision” which was hosted by Fred Kost, Director of Security Marketing.

First impressions were, nothing new, pushing the any client to any application security model.

Several mentions of “comsumerised end points” i.e. employees using Apple iphones etc. To access their company network.

Their “SecureX” architecture was discussed which seems to be a vision statement based on how to link all their recently acquired security products together, rather than what will this do for my company’s security posture?

There was a “real world” scenario given by Tom Gillis, VP of Security whereby a hapless American corporate executive, “Kevin”, loses his ipad in a bar after a few beers and thereby risks a major security incident because his password was “1234” and therefore easily guessed by a thief.

The saviour in this scenario was the Cisco Security Intelligence Operation which correlated a duplicate logon and killed the stolen ipad after wiping its contents.

Apart from the fact that no corporate application would allow such a password to be setup and used in the first place, I do wonder what real damage such an opportunistic thief could have done with “Kevin’s” login details.

I imagine the unauthorised user could have sent malicious emails to Kevin’s contact list, but apart from that, probably not very much?

Another analogy that was used was Kevin using his company pc to login to a twitter site on a TV program which contained malware, which was automatically prevented by Cisco’s “context aware” technology. Well, again, is that anything new? What would have happened if he had downloaded that malware onto his PC? Any antivirus package / firewall setup could / should have prevented any serious damage?

The only interesting item came from Gordon Thompson their Director of Security for Europe. He announced their plans to launch a security user license which will cover all of Cisco’s security products, thus avoiding the need for organisations to manage multiple Cisco Licenses for their different security products. This is due out in August.

I did think this would genuinely save time and hassle for IT/Security managers keeping track of different Cisco license which run out at different times of the year. It is obviously similar to Microsoft’s Enterprise or Campus license. I asked Gordon if the Cisco equivalent will include non Cisco products such as WebEx. The answers was, no. They have enough on their plate introducing a security only user license and there seems to be no plans to have a single “Cisco Client User license”, at least not yet?

No more phone bills, the promise of SIP circuits

Over the next few months all major Telco’s are set to launch SIP Circuits (Session Initiation Protocol).

If adopted by the SME market it is aimed at, these circuits will make the phone bill a thing of the past for many businesses.

At the moment, a business may have an ISDN30e circuit with 10, 20 or 30 x channels (telephone lines).

They will be billed around $24 per month per channel for rental, and then on top of that they’ll be charged for the phone calls they make over those lines.

As well as phone lines, most SME size organisations will have a separate dedicated circuit for connection to the internet, and will pay around $15,000 per year for a 10M dedicated internet circuit.

By contrast with a SIP circuit Telco’s will offer, for example, a 10M circuit that will combine internet connectivity with connectivity to the PSTN network on the same circuit. They’ll allow for say 10 or 20 “SIP Channels” costing $24 per channel per month, but will include 5,000 minutes of calls per channel per month included in this rental. The result is the customer will effectively get free calls on their Internet circuit and will no longer require a separate ISDN30e circuit.

If your organisation has a modern IP Telephony system, then the SIP circuit will connect directly to it. If you’ve got an older, TDM based telephony system, they’ll put a black box on site to convert the E1 signal from your PBX into IP for use on the SIP circuits.

The reduction in line rental and call costs may save a company tens of thousands of dollars per year, depending on their call pattern.

Voice quality is protected by setting quality of service at the end point and the destination point can be any SIPS or non SIP client.

The only loser in this move will be the Telco’s who will lose out in revenue terms, although by switching to the IP based circuits, their internal management costs should be much less than supporting the platform which the old ISDN30 circuits.