Cisco Security Agent

Cisco Security Agent (CSA) was an endpoint intrusion prevention system software made originally by ''Okena'' (formerly named StormWatch Agent), which was bought by Cisco Systems in 2003.

The software is rule-based and it examines system activities and network traffic, determining which behaviors are normal and which may indicate an attack. CSA was offered as a replacement for Cisco IDS Host Sensor, which was announced end-of-life on 21 February 2003. This end-of-life action resulted from Cisco's acquisition of Okena, Inc., and the Cisco Security Agent product line based on the Okena technology would replace the Cisco IDS Host Sensor product line from Entercept.

As a result of this end-of-life action, Cisco offered a no-cost, one-for-one product replacement/migration program for all Cisco IDS Host Sensor customers to the new Cisco Security Agent product line. The intent of this program was to support existing IDS Host Sensor customers who chose to migrate to the new Cisco Security Agent product line.

All Cisco IDS Host Sensor customers were eligible for this migration program, whether or not the customer had purchased a Cisco Software Application Support (SAS) service contract for their Cisco IDS Host Sensor products.

CSA uses a two or three-tier client-server architecture. The Management Center (MC) (Management Console) contains the program logic. An MS SQL database backend is used to store alerts and configuration information. The MC and SQL database may be co-resident on the same system.

The agent is installed on the desktops and/or servers to be protected and communicates with the Management Center, sending logged events to the Management Center and receiving updates on rules when they occur.

A Network World article dated 17 December 2009 stated, "''Cisco hinted that it will end-of-life both CSA and MARS''"—full article linked below.

On 11 June 2010, Cisco announced the end-of-life and end-of-sale of CSA. Cisco did not offer any replacement products.

See also

*Network Intrusion Prevention System

Related certifications

Although Cisco Security Agent (CSA) reached end‑of‑sale in 2010, several current Cisco certifications now cover the host‑based intrusion‑prevention concepts that CSA pioneered:

* Cisco Certified CyberOps Associate (exam CBROPS 200‑201) – introduces endpoint threat analysis, host‑based controls and incident‑response fundamentals.
* Cisco Certified CyberOps Professional (core exam CBRCOR 350‑201 plus concentration) – expands on advanced endpoint forensics and extended detection and response (XDR) workflows.
* Cisco Secure Endpoint Specialist – product‑focused training on Cisco Secure Endpoint (formerly AMP for Endpoints), the direct successor to CSA.
* CCNP Security – Securing Networks with Cisco Firepower (exam 300‑710 SNCF) – covers correlation of host‑intrusion telemetry within Firepower Management Center.

These credentials provide a contemporary learning path for professionals interested in the capabilities once delivered by CSA.

References

External links

{dead link, date=August 2017 , bot=InternetArchiveBot , fix-attempted=yes - "Surviving the Cisco CSA Transition" Endpoint Security Whitepaper
* aspersky.com Alternative to CSAbr>End-of-Life Announcement
– Cisco Press Release

– Cisco's product page for the Agent software

about Cisco Security Agent


Cisco hinted EOL for CSA
– Network World article

Internet Protocol based network software
Computer network security
Windows security software
Solaris software
Cisco products