Stiennon says Cisco's security is not actually "integrated, except on the purchase order, because for years and years they haven't delivered on an effective central management platform for the enterprise." Customers are stuck managing the security functions from different consoles anyway even if it's inside the switch or router, he says.
Some security managers in organizations with large Cisco networks are searching for the middle ground, open to using products from Cisco or the pure-play security vendors competing in IPS, UTM, firewall/VPNs and also network-access control.
James Perry is executive director of IT security and information security officer for the University of Tennessee. Cisco routers and switches provide the university's network foundation, but the five main campuses each went their own way in choosing a network security path. A variety of Check Point, Juniper, TippingPoint, Cisco appliances co-exist on the Cisco router and switch network, and logged security data is consolidated through an ArcSight system.
The Knoxville campus a few years ago tried testing the Cisco firewall services module when it was still new, but Perry says it didn't work well at the time for the data center, so the university decided on the Juniper NetScreen 5400 instead.
That's not to say Perry is opposed to services modules or Cisco security gear, and other campuses at the school use Cisco's multipurpose Adaptive Security Appliance, which combines security functions.
"It all depends on the goals of your project," says Perry, who's starting a network access control evaluation for the university to enforce policy-based access for students and staff. Candidates with NAC-style options under review are TippingPoint, Juniper, Cisco and Microsoft, among others.
Cisco's success in the security market is unlikely to abruptly slow down, says Andrew Hanson, associate research analyst for network security and endpoint security at IDC. But he notes that the firewall market, where Cisco dominates, is expected to start declining this year, possibly displaced by multipurpose UTM-style products.
Will Cisco be able to hold the security fort? "Cisco is a giant and is always going to be a player," Hanson says.