Scott Harrell, Cisco Systems’ vice president of product management for security, noted that a customer of the company revealed that it worked with more than 90 security vendors. But when asked if that made it more secure, the customer couldn’t say for sure.
Speaking as part of a panel discussion on cybersecurity at the Cisco Live 2016 conference in Las Vegas, Harrell said that that kind of thinking crystallizes some of the challenges businesses face in making sure their data, devices and networks are secure. Harrell, vice president of product management for Cisco’s security business group, said that even with the focus Cisco and other vendors place on security, attackers are often successful, which is a “failure on us as a group.”
That’s happening because “there is a fundamental flaw with how we’re trying to protect these complex, diverse, ever-changing networks,” he said.
Often, businesses just “get another box” or security service, or put their data into the cloud, Harrell said. Yet adding more vendors to a security environment does not necessarily make a company more secure, he added. That opens up what Cisco has dubbed the “security effectiveness gap,” where businesses see diminishing returns for the solutions they are adding, as the growing complexity of managing them outweighs the benefits.
A Simpler Approach
How does Cisco plan to tackle that and help businesses improve security? In addition to delivering best-of-breed products, Harrell said, Cisco wants to make those products simpler to use and better integrated.
Harrell also said that Cisco is willing to partner, even with competitors, and is committed to open-source technologies and communities like Snort that help businesses customize their defenses.
Additionally, he said, Cisco is committed to investing in threat research through its Talos research team and driving intelligence from Talos into the products it makes.
Harrell also talked up the security solutions Cisco unveiled at the conference this week. One is Cisco Umbrella Roaming, a cloud-based solution that is now embedded as a module with AnyConnect, Cisco’s VPN solution. Cisco says it lets organizations add a new layer of off-network protection that blocks connections to malicious sites without deploying another agent.
Another new solution is Cisco Umbrella Branch, which the vendor says gives businesses more control over guest Wi-Fi, with easy content filtering, and lets companies upgrade Cisco Integrated Services Routers (ISR) for enhanced security at branch locations. That way, companies can deploy one device at the network edge and get full visibility into network traffic at branch locations.
Yet another is Cisco Meraki MX Security Appliance with Advanced Malware Protection (AMP). This offers businesses a cloud-based dashboard for unified threat management. With AMP, companies’ branch offices can get malware protection that checks files against a cloud database to identify malicious content, blocking the files before users download them. AMP can even alert a company about the presence of a malicious file that wasn’t classified as malware when it entered a network, but then became classified as such due to updated threat intelligence.
The AMP tool also lets businesses check on particular devices that have encountered malware, see how they are connected to the network and what software the device is running, and block the device from accessing the network remotely.
Clear Stakes for Security Breaches
Ashley Arbuckle, vice president of Cisco Security Services, said that in a world in which companies suffer breaches seemingly every week, and where malware — especially ransomware that targets companies with health data — is becoming a much more prevalent threat, IT professionals and business owners are rightfully worried.
They might be wondering, he said, “when is the security industry ever going to catch up to the adversaries? Is my organization next? And if it is next, how is it going to respond?
Arbuckle said that over the next decade, $7.6 trillion of value is at stake, with $5.9 trillion, or 78 percent, dependent on the ability to improve security practices to drive innovation and growth. Meanwhile, $1.7 trillion, or the remaining 22 percent, will apply to protection of intellectual property and avoiding data breaches.
Cisco conducted a study of more than 1,000 executives in IT and lines of business in more than 10 countries, and learned that “there is an acute problem” related to the impact security can have on innovation. The study found that 71 percent of respondents said concerns over security are impeding innovation, and 40 percent said they had halted mission-critical initiatives due to security issues.
Arbuckle said companies need to think about security holistically. “When we can help organizations to look holistically across their enterprise and look at the dependencies in aggregate across all of their transformative initiatives,” they will position and fund security differently, he said.
Read articles and check out videos from BizTech coverage of Cisco Live here.