Thoughts on Cisco Self-Defending Network Book

I didn't exactly "read" Self-Defending Networks: The Next Generation of Network Security by Duane DeCapite. Therefore, I won't review the book at I definitely didn't read a majority of the text, which is a personal requirement for a book review. However, I'd like to discuss the title here.

The book has a ton of screen shots and is essentially a big marketing piece for Cisco's Self-Defending Network gear, which includes:

Why do I mention this, especially with product listings? Well, I realized the Self-Defending Network (SDN) is a security integrator's dream. I'm working with a client who has sold essentially this entire setup to a customer, and they want me to help get the most value from the deployment. I'm also going to assist with incident response planning.

The point is a security integrator can pitch this entire SDN suite as a coherent, one-brand "solution," and cover pretty much all the bases. That's impressive and I'm interested in knowing what sort of traction Cisco is getting with this approach. My sense is that it will sell well to non-technology companies who are really late in the security game. Yes, there are many companies who have no real protection, even in 2007. I severely doubt the readers of this blog are in that category, but what are you seeing?


Anonymous said…
Your comments about this solution being accepted by those who are late to the security game is accurate from what I have seen. Cisco sees health care as a huge market for this line of products, as health care has been historically lax with regards to IT Sec.

While I don't entirely buy the hype on the entire SDN concept, I have to say that CSA is one damn fine piece of kit.

I've worked with Entercept and Desktop Protector, and none of them really come close to the granularity that CSA provides. Anyone with an intrusion analysis background should have a pretty easy time with the product.

Due to the excellent reporting of CSA, it has made for a good product to lead into sweeping security changes on laptops or desktops. By putting the agents in test mode, you get to check if the systems are behaving as expected and within your defined policies. This allows you to shoehorn security into place before cleaning it up "properly" with things like group policy settings and software restriction.

CSA also adds another layer of data to NSM -- system and process related data that can help in identifying and scoping attacks. Have you had much opportunity to work with it in this capacity?
Unknown said…
This comment has been removed by a blog administrator.
Anonymous said…
This comment has been removed by a blog administrator.
Anonymous said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics