Jump to content

Cisco Security Agent

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 69.25.204.162 (talk) at 14:25, 6 May 2016 (Change first sentence to past tense because the product was discontinued. Shortened part on Cisco not having a replacement product (it sounded like it was written by a bitter former customer).). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Cisco Security Agent
Developer(s)Okena/Cisco
Stable release
6.0.2.130 / 7 June 2010
Operating systemCross-platform
TypeSecurity / IPS
LicensePer-computer, through Cisco
WebsiteCisco Security Agent

Cisco Security Agent (CSA) was an endpoint intrusion prevention system made originally by Okena (formerly named StormWatch Agent), which was bought by Cisco Systems in 2003. The software is rule-based and examines system activity and network traffic, determining which behaviors are normal and which may indicate an attack. CSA was offered as a replacement for Cisco IDS Host Sensor, which was announced end-of-life on 21 February 2003. This end of life action was the result of Cisco's acquisition of Okena, Inc., and the Cisco Security Agent product line based on the Okena technology would replace the Cisco IDS Host Sensor product line from Entercept. As a result of this end-of-life action, Cisco offered a no-cost, one-for-one product replacement/migration program for all Cisco IDS Host Sensor customers to the new Cisco Security Agent product line. The intent of this program was to support existing IDS Host Sensor customers who choose to migrate to the new Cisco Security Agent product line. All Cisco IDS Host Sensor customers were eligible for this migration program, whether or not the customer had purchased a Cisco Software Application Support (SAS) service contract for their Cisco IDS Host Sensor products.

CSA uses a two or three-tier client-server architecture. The Management Center 'MC' (or Management Console) contains the program logic; an MS SQL database backend is used to store alerts and configuration information; the MC and SQL database may be co-resident on the same system. The Agent is installed on the desktops and/or servers to be protected. The Agent communicates with the Management Center, sending logged events to the Management Center and receiving updates in rules when they occur.

A Network World article dated 17 December 2009 stated "Cisco hinted that it will end-of-life both CSA and MARS". Full article linked below.

On 11 June 2010, Cisco announced the end-of-life and end-of-sale of CSA. Cisco did not offer any replacement product.

See also