During the last year, we’ve heard a lot of disturbing news about the growing pervasiveness of cyber attacks. While I’m sure you have heard of the incident at
It’s pain points like that one that make for a great business, and we’ve seen cybersecurity stocks like KEYW Holding (KEYW), FireEye (FEYE),
As a recent NSS Labs report detailed that’s what we have when it comes to Cisco’s cybersecurity business. I won’t spoil the details, but as you’ll see in the coming conversation with Jason Brvenik, principal engineer of the Security Business Group at
Many still think of Cisco as a router company, but with the Internet of Things and rise of cyber threats what is the right way to think about Cisco?
The Internet of Things (IoT), with devices everywhere getting connected and sharing information is changing everything about the way we implement, manage and protect our technology investments. Cisco is Information Technology company with market leading solutions in Routing, Switching, Wireless and also in Voice, Web Conferencing, TelePresence, Security and is a top 2 provider of Blade servers and Storage Area Networks. From a security perspective, which is my area of focus, it is our goal to be the leading partner in the market whenever a customer thinks of Cybersecurity by solving the hard problems holistically and cost effectively.
With that, we help customers address the Internet of Everything (IoE), which builds on the foundation of the IoT by adding network intelligence that allows convergence, orchestration and visibility across previously disparate systems.
What is the relationship between the Internet of Things and cyber threats?
In today’s world of IoT, security needs to be top of mind as the number and type of attack vectors will continue to increase as will the amount of data, creating a daunting challenge for companies and those responsible to defend the infrastructure.
The IoT is an incredibly empowering evolution of the internet and will be a force multiplier for all businesses and consumers. Along with this empowerment, every company and every home will become and IT driven organization in one way or another. In the case of businesses it will drive operational efficiencies and decisions making processes to the next level of cost savings.
To capitalize on the vast opportunities that the IoE brings doesn’t just require networked connections but secure networked connections. Security is not just a top consideration with the IoE, but one that is foundational to delivering on the promise of the vision.
Protecting all of the interactions of the IoE is crucial in enabling people and organizations to benefit from these advances. The number and diversity of connected devices and associated applications is so large and growing so fast, that the very foundation of many of our cybersecurity assumptions is being challenged. That’s why Cisco is advocating a new, threat-centric security model that is as pervasive as the IoT and the threats themselves, while also spanning a range of attack vectors and addressing the full attack continuum – before, during, and after an attack.
What is Cisco doing to increase the security of its customer environments?
Through the acquisition of Sourcefire, Cisco reinforced its commitment as a security partner to its customers. In addition to our own work, we are actively seeking proposals from the broader community (Grand Challenge - https://www.ninesights.com/community/cisco ) for securing the Internet of Things. We have continued the open source heritage of Sourcefire and are committed to maintaining our partnership with the security community. We recently released OpenAppID, an open, application-focused detection language and processing module for Snort. We are also focused on delivering AMP everywhere to combat Advanced Threats and recently introduced Managed Threat Defense, a managed solution which applies real-time analytics to data across the extended network. Through our Buy, Build, Partner approach, we will continue to evolve the capabilities of our products and services to better help customers address the evolving challenges of securing their environments.
It’s been almost 3 quarters since the acquisition of Sourcefire. How is this changing or otherwise effecting Cisco's security business or its approach to this market?
The reception of Sourcefire into the broader Cisco organization has been nothing but impressive. Within 6 months of the closing of the acquisition we have integrated the Advanced Malware Protection offering into the Content security portfolio. We have extended our commitment to Open Source with the release of OpenAppID, the first open application framework for visibility and control of applications. We are engaged with every part of the business and actively pursuing ways to bring effective security solutions to market that leverage all available points of presence. It is our belief that security needs to be pervasive and cost effective in order to reduce the number of incidents that are all too common these days.
What’s been a misconception in the market place about Cisco’s cyber security business?
A misconception would be that Cisco security is just an add-on to Cisco network deployments. Cisco and the Security Business Group are committed to providing good security everywhere possible. Our solutions provide great security for any organization, not just ones with Cisco networks. You can consume Cisco security products affecting everything from Email to intrusion prevention and are delivered as product or cloud services depending on the needs of the customer. We will continue to ensure that our security offerings provide the best security available independent of the networks and technology in use by our customers.
Cisco talks a lot about protection before, during and after an attack. What does that really mean and how does it affect Cisco’s product offering and competitive position?
The attackers don’t care what method they use to compromise a target and as a result we believe that the Cybersecurity challenge is a pervasive one. In order to have an informed discussion about the appropriate tools and resources necessary to effectively defend against attack we found it necessary to think about the attack continuum as having three distinct phases. Before, During, After the attack. In doing so it is possible to understand which capabilities you have and determine which ones you need for any given attack scenario. Having an understanding of the problem in this way and what technologies best help you address attacks in each phase creates and informs better decisions making and response practices that matter the most when a compromise does happen.
Before the attack you should be gathering information, controlling access, limiting exposed attack surface, managing configurations, and developing consistent response practices and procedures that are informed by this work.
During the attack you should leverage the tools you have to interdict in every way possible. This may be as simple as instating new IPS policies to as comprehensive as implementing nee Indicators of Compromise that are tailored to the attacks you are currently defending against. These are point in time mitigations that help you contain the attackers and move to the response phase of a compromise.
After the attack a compromise has already happened. You are informed about the state of your environment from Before the attack. You know what mitigations and responses you put in place During the attack. You have defended and hopefully extricated the attackers. Now you can focus your efforts on answering those business critical questions. What did they get? Why did they get it? Where did they go? Are they still here? With these answers you can take appropriate actions to prevent further attack, inform the board about possible exposures and necessary disclosures, and begin the process of ensuring that you have comprehensive controls and mitigations in place for any gaps identified during the compromise.
--
Disclosure: Subscribers to PowerTrend Profits were alerted to the long-term opportunity in the shares of Cisco Systems in September 2013.
