Forgot your password?
typodupeerror
Businesses Communications

Cisco to Acquire Perfigo 110

Posted by CowboyNeal
from the buy-this dept.
MisterFuRR writes "Looks like Cisco is going to acquire Perfigo. Perfigo is a developer of packaged network access control solutions that provide endpoint policy analysis, compliance, and access enforcement capabilities. I can just see it now: Linksys routers with stickers that say 'Perfigo Ready.'"
This discussion has been archived. No new comments can be posted.

Cisco to Acquire Perfigo

Comments Filter:
  • Well... (Score:3, Funny)

    by Anonymous Coward on Thursday October 21, 2004 @09:41PM (#10594347)
    ...if you can't innovate, just acquire and extort. It worked for Microsoft.
    • Re:Well... (Score:2, Insightful)

      by Anonymous Coward
      Cisco has always made a practice of purchasing companies that have technology they want. Why innovate when it's easier to acquire a company? Cisco is full of small dev teams that come from acquired companies. Linksys just happened to be a large purchase for them.
    • Re:Well... (Score:5, Informative)

      by _Hellfire_ (170113) on Thursday October 21, 2004 @10:17PM (#10594513) Homepage
      Yeah absolutely!

      Cisco hasn't really done anything for networking in their entire history. Oh except for Standby Router Protocol, and IGRP (Interior Gateway Routing Protocol). They also innovated on their own design with EIGRP (Enhanced Interior Gateway Routing Protocol) Oh they also did Spanning Tree Protocol, VLAN Trunking Protocol, Skinny (a VoIP standard) and Hot Standby Routing Protocol.

      Not to mention Multiple Spanning Tree (MST), a new IEEE standard that grew from Cisco's proprietary
      Multiple Instances Spanning Tree Protocol (MISTP) implementation.

      They also invented NetFlow and WCCP (Web Cache Control Protocol).

      So yeah! No innovation at all from this company that has become the baseline in security and reliability for networking.

      Show some respect, because that Internet connection you're on at the moment is probably brought to you courtesy of Cisco innovation.
      • Re:Well... (Score:2, Informative)

        by pyite (140350)
        You seem to have left out a couple. Let me enlighten you!

        SRP (Spatial Reuse Protocol) [cisco.com]
        DPT (Dynamic Packet Transport) [cisco.com]

        which of course have gone on to inspire the IEEE 802.17 standard RPR (Resilient Packet Ring) [rpralliance.org].
      • VLANs (Score:5, Interesting)

        by macdaddy (38372) on Thursday October 21, 2004 @10:44PM (#10594673) Homepage Journal
        Don't forget VLANsm. Yes, I know they didn't technically invent them but it their entirely fucked up implementation that we're stuck using today. Use of Cisco's pre-standard implementation of VLANs was so widespread that the IEEE working group for 802.1Q had to more or less disregard all other implementations, some superior and some not, and give a thumbs up to to Cisco or they risked writing a standard that no one would use because the world's largest LAN infrastructure company wanted to do it their own way. Think of it like Microsoft deciding to ignore the W3C's newest HTML or XML standard and writing their entire suite of applications to embrace their own competing standard. In the end Cisco's VLAN implementation is what we're stuck with and it sucks when compared to what we could have had. Cisco's implementation didn't even have rudimentary authentication built into the standard. 802.1Q devices implicitly trust the VLAN advertisements they get on a trunk port as gospel. Thanks Cisco for fucking this up. We netadm's sure do appreciate it.
      • Apart from (extremely long list), what have the Romans ever done for us?
      • Re:Well... (Score:3, Insightful)

        by jd (1658)
        Agreed with the above points, but CISCO's strength has tended to lie more in implementing other people's standard well, than in revolutionising the network protocol world.

        The Cisco Discovery Protocol is cool, but closed so other people had to invent their own, and most of them don't talk to each other. (GateD's discovery protocol, for example, is wonderful. Assuming the only router you ever want to use is GateD.)

        Cisco's deployment of IPv6 was surprisingly slower than that of, say, Bay or Telebit. (For a

      • Skinny is not a standard. It is proprietary for Cisco products only.. unlike MGCP and SIP which are wide open.
    • If you can't beat'm, buy'm
  • by e9th (652576) <{e9th} {at} {tupodex.com}> on Thursday October 21, 2004 @09:42PM (#10594348)
    [Cisco] NAC provides a rich ecosystem...

    You know, that's the worst abuse of the word ecosystem I've ever heard.

    I guess *BSD is the spotted owl here.

  • I see... (Score:5, Funny)

    by Anonymous Coward on Thursday October 21, 2004 @09:45PM (#10594364)
    'Perfigo is a developer of packaged network access control solutions that provide endpoint policy analysis, compliance, and access enforcement capabilities.'

    It's all so clear to me now.
    • by Black Parrot (19622) on Thursday October 21, 2004 @09:49PM (#10594385)


      > > 'Perfigo is a developer of packaged network access control solutions that provide endpoint policy analysis, compliance, and access enforcement capabilities.'

      > It's all so clear to me now.

      Unfortunately your PHB will feel like he has to pretend to understand it, because all the other PHBs are pretending they understand it and yours doesn't want to look like the only person in the room who doesn't get it. So he'll bring home a million dollars worth and tell you to install it.

      • I am not familiar with Perfigo, but it seems as though they make equipment which will not allow a device to obtain non-trivial network access unless/until it has been shown to be up to snuff according to various configurable criteria. Something like "Now that Nessus says you're cool, you get routed out of this prison".

        • Re: I see... (Score:5, Informative)

          by ShinmaWa (449201) on Thursday October 21, 2004 @10:46PM (#10594681)
          I am not familiar with Perfigo, but it seems as though they make equipment which will not allow a device to obtain non-trivial network access unless/until it has been shown to be up to snuff according to various configurable criteria

          Got it in one! Right on.

          That's exactly what Perfigo does. Its becoming rather popular on college campuses to protect their networks from morons coming back from summer vacation with their laptops and desktops loaded with worms, virii, trojans, major security holes, etc.
          • Yep, my university now uses Perfigo. Last year we had a flood of worms, viruses etc. that nearly shut down our network. This year we implemented Perfigo SmartEnforcer on all student computers to keep that from happening again. SmartEnforcer basically scans the computer it's on and determines whether Windows Update and Norton Antivirus are up-to-date; only if they are will it allow network access. Only problem is that most of our student's aren't up-to-date, and can't follow our simple directions for upd
    • the perfigo.com FAQ [perfigo.com] says it much better than the article:

      Perfigo offers network security and control solutions that strengthen network security and resilience by regulating access based on user and device compliance with security policies. The CleanMachines product is a software solution from Perfigo that automatically detects, isolates, and cleans infected and/or vulnerable devices that attempt to access the network. It identifies whether machines are compliant with security policies and repairs these v

  • by WhatAmIDoingHere (742870) <sexwithanimals@gmail.com> on Thursday October 21, 2004 @09:55PM (#10594414) Homepage
    Can we /. Cisco?

    If we manage to do it, I will be very impressed.
  • by eingram (633624) on Thursday October 21, 2004 @09:56PM (#10594422)
    I can just see it now: Linksys routers with stickers that say 'Perfigo Ready.'"

    I just see more open WAPs myself. =D
  • Thanks! (Score:3, Funny)

    by ljavelin (41345) on Thursday October 21, 2004 @10:17PM (#10594514)
    Thanks for the nice press release. Notice how the Perfigo [perfigo.com] website didn't make the posting - Maybe Perfigo was in fear that it'd stuffer from the /. effect?
    • by jd (1658)
      Which means your evil, evil post containing a link to them has utterly ruined their efforts to keep online the rest of the night. You do realise that, by posting the link, Cisco now owns exactly one large crater where the server room once stood, plus the obligatory pair of smoking boots?
  • by RR (64484) on Thursday October 21, 2004 @11:27PM (#10594908)
    At UCSC, we use Perfigo's SecureSmart servers for making it safe to plug the students' computers into the school network. It's bad.

    The server is constantly going down. Get this: It checks every 6 hours to make sure that it's currently registered. Frequently, it forgets that it's registered or Perfigo's registration server scrambles its licenses or something, because the dorm network then goes down. This happens about once per week.

    The system is based on a router running Red Hat 7 on commodity x86 machines. Last I heard, it was still using Linux 2.4.9. The upgrade procedure is a drive reimage. The actual routing goes on in a proprietary routing program with fairly low performance. The scanning is done with a customized Nessus. The administration is some custom PHP (IIRC) code, with no security roles and complete control via a single password.

    Furthermore, the source to the free software they use, they refuse to send to the customer. Somebody really should see if they can sue Perfigo for violation of the GPL.

    Ignoring the above, the Resnet administrator has set up the SecureSmart server to scan PCs for the usual Windows problems. If it finds one, he has it set up to let the user see only antivirus pages and Windows Update. Then it's supposed to scan the user's computer again after 24 hours. What usually happens is that the user's computer doesn't get an IP address anymore, ever, and the administrator has to unblock the specific MAC manually (using his single password).

    I'm guessing that we're still using it because the administrator feels that he has invested too much effort into it already. I don't know exactly what Cisco was thinking. Perfigo is just a bad investment.

    If you're also going to UCSC, you should check out https://api.alkaid.org/ [alkaid.org] It's currently a bit out of date, but it shows that the administrator should have known not to use Perfigo.
    • Not only that, the perfigo boxes can be horribly confused, fairly easily.

      In one instance the SecureSmart server was convinced that my Linux laptop was infected with a doze virus...
    • Actually, my evaluation of the Perfigo hardware in a set of controlled, and "in the wild" tests at TAMU sound they were reliable and worked well. I suspect the note on the alkaid.org site, saying the on-campus implementation was flawed, was closer to the truth.
    • We've got a similar setup with our 'campus manager' 'solution'. I swear, it causes more trouble than the benefits it provides.

      RESNET admins, for the most part, are generally control freaks who lack the skills to track down problems on their own, have no idea how to fix them, and need vendors and consultants to handle everything. It usually has a lot to do with occupational succession in a school environment, I think.

      Anyway, we're already wasting resources on our 'remediation server' for next year, and our
      • "RESNET admins, for the most part, are generally control freaks who lack the skills to track down problems on their own, have no idea how to fix them, and need vendors and consultants to handle everything. It usually has a lot to do with occupational succession in a school environment, I think."

        I take some serious offense to this broad statement. In reality many ResNet admins are overworked, understaffed, underbudgeted, and given more computers to handle than most other roles out there. Given that these
        • I agree every bit with you. Where I am not a ResNet admin, I work directly with them and actually end up helping them most of the time. The previous guy mentioned allowing everyone access, I don't know what kind of bandwith they have...but we would not be able to allow one person full access if their machine is contributing to floods or virus propegation...it just doesn't work. At the same time, I do not agree with perfigo. From what I have seen it just doesn't work. We simply run the scans our selves, an
        • OK. My apologies. I _DO_ work in a resnet environment, so I know what it's like. I'm sorry for generalizing, almost all resnet folks are overworked and underbudgeted. But I also see a lot of old-school thinking that prevents implementation of modern solutions. I see a lot of 'lets find a vendor instead'.
    • We also use Perfigo at our University and have had almost zero problems past the first week. I have a feeling the admins there either have their server misconfigured, without enough ram, or some other mistake that is making it crash because ours is rock solid without a reboot since August. As far as your GPL concerns, there may be some but I'm just concerned with the stability of the platform which has been great for us.
      • We also use Perfigo at our University and have had almost zero problems past the first week.

        I have to wonder whether you're actually using your system from the students' perspective, because people are used to taking a lot of abuse without complaint. See Bill Gates' comment some years back about Microsoft software not having any significant bugs. See also your term, "almost zero problems".

        A friend of mine administers the network at another university, where they use Perfigo's system, on hardware that Perf

    • The same thing was recently put in place at the University of Tulsa with the same results. Perfigo is horrible and has made our unreliable network even more so. A friend of mine wrote script so that Linux boxes will automatically login to the system, since a lot of people don't regularly use a browser on their Linux boxes. It only becomes clear that Perfigo has shutdown your internet when you try to ssh in or access a webpage hosted on the box and can't.
    • That's not entirley correct. I had the opportunity to see a rapid implimentation of this over the summer(only from a tech's perspective...), and while it was not easy, it was necessary due to the EXTREME number of machines that come in drasticly infected. I don't think I ever fixed that many machines in my entire life, and all in a matter of days.

      The only problem I see w/ perfigo is that it doesn't prevent new infections, but is there anything out there that does?

      Sure, there may be better ways... I am no
  • I thought that read Crisco aquires Perfigo?????
  • In my router configuration it says "Linksys, a division of Cisco."

    will this now become:

    "Linksys, a division of Cisco. Perfigo ready!"

    at what point will Cisco stop? I can see it now "Cisco acquires Sysco" (Where Sysco will be its retail arm.) --

    "Linksys, a division of Cisco. Perfigo ready! Distributed by Sysco."
  • NetPass [sf.net] is an opensource alternative that's rapidly approaching 1.0 status.
    • Is there any documentation available for NetPass? I didn't see any on the site. I'm interested in how the quarantine is handled. Is this a netreg type solution? Thanks in advance for the assist.
  • Small colleges like the one I work at do not have the bandwith/resources to weather a huge worm/virus/ddos hit so we evaluated Bradford, Perfigo, StillSecure and Cisco's products. Cisco was ~100,000 and we'd have to put in end to end switches, we're a all-girl liberal arts private college so that is out of the question money wise. Bradford didn't understand the impact of firewalls on the market (at the time, they've changed their tune recently). StillSecure has a great roadmap, but a 5 year old could get
  • Gee, Cisco bought another bad-aid partial solution to the worm and virus problem, that only addresses symptoms and does not have any hope of working on a zero-day worm in a production environment. That is what, five they have bought now, none of which solve the problem?

Old programmers never die, they just become managers.

Working...