Cisco has said it will do whatever it takes, including working alongside competitors, in order to ensure that it has the best security offering that covers customers 100 percent of the time.
Admitting that the 100 percent statement is a “bold claim”, Scott Harrell, VP of Product Management in Cisco’s Security Business Group, explained that it means Cisco will provide protection for customers whether they are on business premises or working remotely.
“What we’re talking about is the fact that you as customers, you as network administrators, as partners, who are trying to find and deploy these complex networks, your problem’s not just a firewall at the edge … your problem’s more than that,” Harrell, speaking at the second day of Cisco Live Las Vegas, said.
“You have diverse infrastructures, you have campuses, you have datacentres, you have branches, you have users that are sales personnel that never come back on-prem, they spend their whole life off-prem and seldom connect back into the VPN, you have applications that you’re being pushed to move to the cloud by your line of business.
“What Cisco’s seeking to solve is to help you make that transition, and that’s what we mean by 100 percent — that we’re going to help you protect your users, your devices, your machines 100 percent of the time.”
Harrell conceded that this does not mean preventing or stopping all security threats; rather, it’s about both extending protection to all devices all of the time, regardless of location, as well as making detection and post-attack protocol part of a business’ security policy.
“The reality is we’re not saying you’re going to stop 100 percent of threats … when we talk about having 100 percent protection, what we’re really talking about is coming at it from a concept and a thought process that says two things,” Harrell said.
“One is that you have a diverse environment; you need to protect users whether they’re on-prem or off-prem, so instead of just protecting the 75 percent of the time they’re on-network, they also want to extend that off-network.
“The second thing it’s really talking about is that I need to understand that no matter how good an effort I make, and no matter how incredible — and make no mistake, our intelligence is incredible, it’s nation state-worthy type of stuff — that we’re still going to miss attacks, because the whole goal in life of an attacker is to evade whatever defences you put in place, and so then how do you design the system that enables the enterprise to deal with … how to drive down the time to detection?
“So it’s not just to do with what do we do before or during an attack; it’s also about how we start to think differently, and how the customers can do that whole life cycle including after the attack.”
One of the ways in which Cisco plans to achieve this vision is by partnering with its competitors, because it recognises that its rivals’ systems may also be implemented by Cisco customers as part of security layering.
“Where needed, we will partner directly with our competitors, even though we sell against them every day, because that’s what’s in your network, that’s the real world in security. And if needed, we’ll even take those third-party products and, where it makes sense, integrate them directly in our products,” Harrell said.
In fact, one of the reasons Cisco bought OpenDNS for $635 million last year was because it has “proven integrations” with competitors FireEye, CheckPoint, and others.
“The reason we’re so passionate about this and we believe this has to be done is that the security market itself is highly fragmented; there’s a lot of different competitors, and so for us to actually help customers to solve the problem, we’ve got to understand that they’re going to have third parties in their infrastructure, and for us to reduce that complexity, we need to work with them whether or not there’s someone that’s complementary to us, or whether or not there’s someone that’s directly a competitor to us,” Harrell explained.
According to Harrell, Cisco’s forward-moving cloud security strategy — which he called part of the “most relevant security portfolio in the industry” — is based on three core principles: Making security simple, open, and automated.
“Number one is we want to make security simpler to use … simpler to deploy, simpler to scale, simpler to operate, simpler to manage,” he began.
“We want to make security more open. Security has not adopted some of the same principles that we’ve seen happen in network around SDN and open APIs [application programming interfaces]. We’re going to drive to that, we’re going to build, we’re going to buy, we’re going to partner to make that happen, so that you can start to bring these systems together. It needs to be community-source based, it needs to have everybody in the world participating in the defence, and so we are committed to open source as well … where you can customise your defences to your environment. It needs to be open to third parties.”
Making it open is where working with competitors comes into play, Harrell said.
“Finally, it needs to be automated. When you have those APIs, the next step is to actually start to bring these products together to share context,” he explained.
“To be able to react in real time, machine time, in attacker time, and be able to have the products cooperate in your defences automatically. And when you do these three things together, you will get more effective security.”
David Ulevitch, VP of Cloud Security Strategy in Cisco’s Security Business Group, said Cisco’s cloud strategy starts with the domain name system (DNS) protocol, because it is so widespread — another reason why Cisco acquired OpenDNS.
“DNS is a fundamental protocol that’s being used across every application on the internet. Every time you open it, it’s used on every device; any time you send an email, go to a web page, open an app on your phone, you’re using DNS,” Ulevitch stressed.
“But for most people, they’re not using DNS for security … DNS is the easiest way to get visibility across all the network traffic — on-network, off-network, on-VPN, off-VPN … we need to provide security 100 percent of the time. We can’t just do it when they’re in the office; we have to do it when they’re on the road, and so DNS is a fundamental building block we use to give you visibility.”
During his Cisco Live keynote, Cisco CEO Chuck Robbins labelled security as being critical to Cisco’s overarching strategy, with the company announcing on Monday three new technologies for its Digital Network Architecture (DNA) — Umbrella Branch, Stealthwatch Learning Network License, and Meraki MX Security Appliances with Advanced Malware Protection (AMP) and Threat Grid — as well as three other security products: Cisco Umbrella Roaming, Defense Orchestrator, and Security for Digital Transformation.