Monday, 27 June 2011

cisco security agent

Before the consultant came out, I did some of my own research on CSA. I found that Cisco agreed to purchase Okena, Inc. in January 2003. Okena originally created StormFront, the product that later became the Cisco Security Agent.

CSA is considered to be a host-based intrusion prevention system (HIPS)—not an intrusion detection system. Detection systems just identify intrusions and let you know when it is usually too late to do anything about them. Prevention systems prevent the intrusions from happening and let you know what they prevented. CSA works by using a behavior analysis of operating system calls to detect and stop malicious activities (based on its definitions of those activities).

This is quite unique when you compare it to other firewalls or host-based IDS systems that rely on blocking ports, keeping track of registered applications, or having a database of "attack signatures."

CSA is supposed to protect you from "zero-day" viruses/worms, malicious code, or unauthorized operating system modifications. As you may know, when a new virus or worm is circulated, the antivirus companies must first get a hold of it, create a signature that uniquely identifies that virus, and distribute that signature out to all of their customers. This process usually takes some time and, certainly, some systems will be infected before they can be protected. A product that protects you from "zero-day" infections claims to protect your network without the traditional process mentioned above. It sounds almost too good to be true, doesn’t it? That is what I thought when I first heard about it as well. I was skeptical and wanted to see it work for myself.


No comments:

Post a Comment