Security was a big part of this week’s Cisco Live event, including extending its Advanced Malware Protection and Data Center offerings and its announcement of its acquisition of ThreatGRID. The New York-based company’s ‘dynamic analysis capabilities both on-premises and in the cloud, complements AMP and allows enhanced aggregation and correlation of data for advanced threat intelligence across the extended network and across Cisco security solutions and services,’ according to a Cisco statement.
In a new blog, Jon Oltsik, Senior Principal Analyst, Enterprise Strategy Group, said Cisco, which used to be a dominant force in information security technology, recognized its cybersecurity death spiral and began executing on a comeback strategy around 2011, building a new team, innovating, and acquiring a market leader in Sourcefire. “Based upon what I saw the week at Cisco Live, I believe that the company has turned a corner.”
There were a number of security announcements at the customer and partner conference, including enhancements to its ASA firewall family which support advances in Software-Defined Networking (SDN) and Application Centric Infrastructure (ACI) environments. Cisco said the AMP updates make it ‘the first solution to correlate Indications of Compromise (IoC) data between network and endpoint, with integrated threat defense, shared intelligence, and pervasive protection against zero day threats.’ It also has added Mac OS X support and a Private Cloud Appliance, an on-premises solution that delivers continuous analysis.
ThreatGRID provides dynamic malware analysis and threat intelligence technology to analyze file behavior, enabling organizations to accurately identify attacks and better defend against advanced cyber attacks, said Martin Roesch, SourceFire founder and VP, Chief Architect, Cisco Security Group, in a new blog. Together with the other announcements, these developments “underscore our imperative to remain threat-focused and help customers go beyond addressing threats at a point-in-time to deliver unrelenting detection and response capabilities across the full attack continuum—before, during and after an attack.”
Oltsik said the network giant’s security architecture is “just about ready for primetime. Cisco deserves kudos for the way it integrated Sourcefire products and people into its security division.” In addition to moves like a “FireAMP everywhere” strategy that will place advanced malware detection technology on Cisco e-mail and web security products and various endpoint devices, the company is actively filling architecture holes with acquisitions like ThreatGRID for network and cloud “sandboxing” to detect malware threats.
“All of the puzzle pieces are in place today or arriving soon.” He added that Cisco is also investing in services, and is well positioned to align security with IT transformation.
“As a large IT provider, Cisco is in the middle of numerous IT initiatives around cloud computing, data center transformation, mobile computing, and the Internet of Things (IoT). This gives Cisco a great opportunity to integrate its security portfolio everywhere.”
However, while Oltsik believes Cisco is moving in the right direction and has the resources to continue to acquire point products and invest in its organization, it still has some work ahead. To continue on the comeback trail, Cisco must: compete at the product and solution layer; play the “open” card; and deliver a real security management portal.
“Cisco’s Achilles heel has always been management software that was too complex, required too many management consoles, and was geared toward CCNEs with CLI chops. This simply won’t fly for an integrated enterprise security architecture.”
Cisco has to up its game if it wants to remain relevant, if not a leader, in a network security market that is increasingly drawing the attention of the C-Suite. Very few CEOs of major companies are intimately familiar with their own security operations — and they should be, according to Craig Carpenter, chief cybersecurity strategist of AccessData Group Inc. He said that cyberthreats are so pervasive and potentially damaging to brands that C-level executives and board members “cannot afford to not know what’s going on.”
There is massive overconfidence in enterprise security strength, according to a recent study by the Ponemon Institute, sponsored by FireMon. And in the Verizon 2014 Data Breach Investigations Report provides ample evidence of cause for growing concern: “After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime – and the bad guys are winning,” said Wade Baker, principal author of the Data Breach Investigations Report series.
Oltsik also cautioned that its competitors are upping their game too. “Cisco still faces real competition as FireEye, IBM, McAfee, Palo Alto Networks, and Trend Micro are building their own enterprise security architectures that span networks and endpoints. Others like HP and Symantec could easily acquire their way in. To truly succeed, Cisco must remain humble, execute flawlessly, and continue to recruit top talent. A difficult but achievable strategy.”
The Fiddly Bits (& Bytes)
New capabilities in the AMP product portfolio include:
-AMP for Endpoints — Delivering advanced analytics and correlation enhancements, AMP accelerates investigation of Indications of Compromise and file behavior, and prioritizes the top areas of a compromise that require the greatest attention. New Elastic Search enables users to quickly hunt down the scope of attack, while Remote File Analysis furthers the solution’s retrospective security capabilities with the ability to retrieve and store files for later scoring and analysis. Cisco is also extending AMP for Endpoints to Mac OS X, enabling organizations to protect their entire heterogeneous environments.
-AMP Private Cloud Appliance — For customers with high privacy requirements that restrict using a public cloud, the new on-premises AMP Private Cloud Appliance delivers comprehensive advanced malware protection using big data analytics, continuous analysis, and security intelligence stored locally.
-AMP for Networks – High performance networks and requirements to accelerate time-to-detection are driving the need for optimized advanced malware protection on the network. New multi-source Indications of Compromise capabilities correlate and prioritize events across a variety of solutions for enhanced intelligence, while automatic Dynamic Analysis utilizes a cloud-based sandbox to evaluate files with an unknown disposition to provide increased protection against unknown threats. Users can also create custom detections to immediately block files, while the new File Capture feature allows teams to store and retrieve files for further analysis.
-New AMP FirePOWER Appliances — For customers who need enhanced processing and storage, Cisco is now delivering two new dedicated AMP for Networks appliances: the FirePOWER AMP8150 with up to 2 Gbps of performance and the FirePOWER AMP7150 with up to 500 Mbps of performance.