Cisco to Acquire Perfigo

MisterFuRR writes "Looks like Cisco is going to acquire Perfigo. Perfigo is a developer of packaged network access control solutions that provide endpoint policy analysis, compliance, and access enforcement capabilities. I can just see it now: Linksys routers with stickers that say 'Perfigo Ready.'"

Re:LInksys makes crappy routers

[jesuscash]

It seems to be Cisco's business strategy lately to acquire other (smaller) companys so they don't have to plunk down the cash for R&D and so that they can make knee-jerk reactions to market demands. What results is a product not ready for prime time that they have little understanding of and the TAC's are as confused as the sys-admins. Their infrastructure devices seem to do a fairly decent job, but try to find any information on their IDS (formerly NetRanger). End of life for these things is less than a year away and documentation is sparse at best. At least their message boards confirm that others are seeing the same problems and we're not just crazy.

Re:More monopolization

[Anonymous Coward]

And the alternative produces rolling california blackouts. Point: utility monopolies.

VLANs

[macdaddy]

Don't forget VLANsm. Yes, I know they didn't technically invent them but it their entirely fucked up implementation that we're stuck using today. Use of Cisco's pre-standard implementation of VLANs was so widespread that the IEEE working group for 802.1Q had to more or less disregard all other implementations, some superior and some not, and give a thumbs up to to Cisco or they risked writing a standard that no one would use because the world's largest LAN infrastructure company wanted to do it their own way. Think of it like Microsoft deciding to ignore the W3C's newest HTML or XML standard and writing their entire suite of applications to embrace their own competing standard. In the end Cisco's VLAN implementation is what we're stuck with and it sucks when compared to what we could have had. Cisco's implementation didn't even have rudimentary authentication built into the standard. 802.1Q devices implicitly trust the VLAN advertisements they get on a trunk port as gospel. Thanks Cisco for fucking this up. We netadm's sure do appreciate it.

Please discontinue Perfigo's products

[RR]

At UCSC, we use Perfigo's SecureSmart servers for making it safe to plug the students' computers into the school network. It's bad.

The server is constantly going down. Get this: It checks every 6 hours to make sure that it's currently registered. Frequently, it forgets that it's registered or Perfigo's registration server scrambles its licenses or something, because the dorm network then goes down. This happens about once per week.

The system is based on a router running Red Hat 7 on commodity x86 machines. Last I heard, it was still using Linux 2.4.9. The upgrade procedure is a drive reimage. The actual routing goes on in a proprietary routing program with fairly low performance. The scanning is done with a customized Nessus. The administration is some custom PHP (IIRC) code, with no security roles and complete control via a single password.

Furthermore, the source to the free software they use, they refuse to send to the customer. Somebody really should see if they can sue Perfigo for violation of the GPL.

Ignoring the above, the Resnet administrator has set up the SecureSmart server to scan PCs for the usual Windows problems. If it finds one, he has it set up to let the user see only antivirus pages and Windows Update. Then it's supposed to scan the user's computer again after 24 hours. What usually happens is that the user's computer doesn't get an IP address anymore, ever, and the administrator has to unblock the specific MAC manually (using his single password).

I'm guessing that we're still using it because the administrator feels that he has invested too much effort into it already. I don't know exactly what Cisco was thinking. Perfigo is just a bad investment.

If you're also going to UCSC, you should check out https://api.alkaid.org/ [alkaid.org] It's currently a bit out of date, but it shows that the administrator should have known not to use Perfigo.

We use Perfigo here

[landimal_adurotune]

Small colleges like the one I work at do not have the bandwith/resources to weather a huge worm/virus/ddos hit so we evaluated Bradford, Perfigo, StillSecure and Cisco's products. Cisco was ~100,000 and we'd have to put in end to end switches, we're a all-girl liberal arts private college so that is out of the question money wise. Bradford didn't understand the impact of firewalls on the market (at the time, they've changed their tune recently). StillSecure has a great roadmap, but a 5 year old could get around the security. Perfigo was the best of what was out there, and we did have the disconnect problems described by the previous poster, but we worked with Perfigo and got everything fixed, no issues at all since the last (and did not have to re-image like the previous poster said) 10-minute patch. My fear is this: Perfigo's reporting engine was/is terrible, Cisco is not known for UI improvements, hell not even known for a UI. Plus, we got a great deal from Perfigo, they were understanding to our situation and worked on the price, Cisco could give a rats ass about our business, so I fear we'll not be able to afford Perfigo in the future. Perfigo has amazing support, and most people that I talk to that complain about their installation have never called Perfigo to work with them on the problem. Three months into the school year, we've had 0 worms hit us, 0 DDoS attacks going outbound, and we know that no rouge access points are connected to our tiny internet pipe (ok there is one was to get one set up, but this is a liberal arts college, kismet shows nothing out there).