Cisco Security Agent

Last updated

Cisco Security Agent
Developer(s) Okena/Cisco
Stable release
6.0.2.130 / 7 June 2010;14 years ago (2010-06-07)
Operating system Cross-platform
Type Security / IPS
License Per-computer, through Cisco
Website Cisco Security Agent

Cisco Security Agent (CSA) was an endpoint intrusion prevention system software made originally by Okena (formerly named StormWatch Agent), which was bought by Cisco Systems in 2003. [1]

Contents

The software is rule-based and it examines system activities and network traffic, determining which behaviors are normal and which may indicate an attack. CSA was offered as a replacement for Cisco IDS Host Sensor, which was announced end-of-life on 21 February 2003. This end-of-life action resulted from Cisco's acquisition of Okena, Inc., and the Cisco Security Agent product line based on the Okena technology would replace the Cisco IDS Host Sensor product line from Entercept.

As a result of this end-of-life action, Cisco offered a no-cost, one-for-one product replacement/migration program for all Cisco IDS Host Sensor customers to the new Cisco Security Agent product line. The intent of this program was to support existing IDS Host Sensor customers who chose to migrate to the new Cisco Security Agent product line.

All Cisco IDS Host Sensor customers were eligible for this migration program, whether or not the customer had purchased a Cisco Software Application Support (SAS) service contract for their Cisco IDS Host Sensor products.

CSA uses a two or three-tier client-server architecture. The Management Center (MC) (Management Console) contains the program logic. An MS SQL database backend is used to store alerts and configuration information. The MC and SQL database may be co-resident on the same system.

The agent is installed on the desktops and/or servers to be protected and communicates with the Management Center, sending logged events to the Management Center and receiving updates on rules when they occur.

A Network World article dated 17 December 2009 stated, "Cisco hinted that it will end-of-life both CSA and MARS"—full article linked below.

On 11 June 2010, Cisco announced the end-of-life and end-of-sale of CSA. Cisco did not offer any replacement products.

See also

Related Research Articles

An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically either reported to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms.

Internet Security Systems, Inc., often known simply as ISS or ISSX, was a provider of security software and managed security services. It provided software and services for computers, servers, networks, and remote locations that involve preemptive security against threats before they affect a business. Founded in 1994, the company was acquired by IBM in 2006.

Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, which is controlled by the network administrator. Users choose or are assigned an ID and password or other authenticating information that allows them access to information and programs within their authority. Network security covers a variety of computer networks, both public and private, that are used in everyday jobs: conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access. Network security is involved in organizations, enterprises, and other types of institutions. It does as its title explains: it secures the network, as well as protecting and overseeing operations being done. The most common and simple way of protecting a network resource is by assigning it a unique name and a corresponding password.

<span class="mw-page-title-main">Snort (software)</span> Open-source intrusion prevention system

Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) created in 1998 by Martin Roesch, founder and former CTO of Sourcefire. Snort is now developed by Cisco, which purchased Sourcefire in 2013.

Cisco PIX was a popular IP firewall and network address translation (NAT) appliance. It was one of the first products in this market segment.

A dedicated hosting service, dedicated server, or managed hosting service is a type of Internet hosting in which the client leases an entire server not shared with anyone else. This is more flexible than shared hosting, as organizations have full control over the server(s), including choice of operating system, hardware, etc.

Enterprise software, also known as enterprise application software (EAS), is computer software used to satisfy the needs of an organization rather than its individual users. Enterprise software is an integral part of a computer-based information system, handling a number of business operations, for example to enhance business and management reporting tasks, or support production operations and back office functions. Enterprise systems must process information at a relatively high speed.

<span class="mw-page-title-main">LAMP (software bundle)</span> Acronym for a common web hosting solution

A LAMP is one of the most common software stacks for the web's most popular applications. Its generic software stack model has largely interchangeable components.

Network Admission Control (NAC) refers to Cisco's version of Network Access Control, which restricts access to the network based on identity or security posture. When a network device is configured for NAC, it can force user or machine authentication prior to granting access to the network. In addition, guest access can be granted to a quarantine area for remediation of any problems that may have caused authentication failure. This is enforced through an inline custom network device, changes to an existing switch or router, or a restricted DHCP class. A typical (non-free) WiFi connection is a form of NAC. The user must present some sort of credentials before being granted access to the network.

Check Point Integrity is an endpoint security software product developed by Check Point Software Technologies. It is designed to protect personal computers and the networks they connect to from computer worms, Trojan horses, spyware, and intrusion attempts by hackers. The software aims to stop new PC threats and attacks before signature updates have been installed on the PC. The software includes.

Network access control (NAC) is an approach to computer security that attempts to unify endpoint security technology, user or system authentication and network security enforcement.

Data loss prevention (DLP) software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.

<span class="mw-page-title-main">Sourcefire</span> American computer security company

Sourcefire, Inc was a technology company that developed network security hardware and software. The company's Firepower network security appliances were based on Snort, an open-source intrusion detection system (IDS). Sourcefire was acquired by Cisco for $2.7 billion in July 2013.

<span class="mw-page-title-main">Symantec Endpoint Protection</span> Computer security software

Symantec Endpoint Protection, developed by Broadcom Inc., is a security software suite that consists of anti-malware, intrusion prevention and firewall features for server and desktop computers.

Okena is an intrusion detection company based in Waltham, Massachusetts. It was acquired by Cisco Systems on January 24, 2003, for $154M, in an all-stock transaction.

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet.

Arista Networks, Inc. is an American computer networking company headquartered in Santa Clara, California. The company designs and sells multilayer network switches to deliver software-defined networking (SDN) for large datacenter, cloud computing, high-performance computing, and high-frequency trading environments. These products include 10/25/40/50/100/200/400/800 gigabit low-latency cut-through Ethernet switches. Arista's Linux-based network operating system, Extensible Operating System (EOS), runs on all Arista products.

Data center security is the set of policies, precautions and practices adopted at a data center to avoid unauthorized access and manipulation of its resources. The data center houses the enterprise applications and data, hence why providing a proper security system is critical. Denial of service (DoS), theft of confidential information, data alteration, and data loss are some of the common security problems afflicting data center environments.

Cisco Talos, or Cisco Talos Intelligence Group, is a cybersecurity technology and information security company based in Fulton, Maryland. It is a part of Cisco Systems Inc. Talos' threat intelligence powers Cisco Secure products and services, including malware detection and prevention systems. Talos provides Cisco customers and internet users with customizable defensive technologies and techniques through several of their own open-source products, including the Snort intrusion prevention system and ClamAV anti-virus engine.

References

  1. "Cisco Security Agent". oit.va.gov. Retrieved 23 September 2022.