“Just because you’re paranoid doesn’t mean they aren’t after you.”
Joseph Heller, Catch-22
With most of the cybersecurity world gathered in San Francisco for this week’s RSA Conference 2018, the timing was impeccable: on Monday Cisco made significant endpoint and email protection announcements; that was also the day the U.S. Computer Emergency Readiness Team issued a warning that ‘Russian hackers are attacking networking devices, network management protocols and the Cisco Smart Install Client that belong to governments, infrastructure providers and businesses.’ According to the networking giant, more than 168,000 systems are potentially exposed via that client.
“Russian state-sponsored cyber actors have conducted both broad-scale and targeted scanning of Internet address spaces. Such scanning allows these actors to identify enabled Internet-facing ports and services, conduct device fingerprinting, and discover vulnerable network infrastructure devices,” said the April 16 alert, which was based on results of analytic efforts between the Department of Homeland Security, the FBI and the United Kingdom’s National Cyber Security Centre.
Cisco noted several incidents in a release on April 5. “We are taking an active stance, and are urging customers, again, of the elevated risk and available remediation paths.”
While Cisco might rue the timing of the hacker alert, it is generally a good time to be in the cybersecurity business:
-the data protection market is expected to grow from $57.22 billion in 2017 to $119.95 billion by 2022, at a Compound Annual Growth Rate of 16%, and,
-the total cybersecurity market will grow at a CAGR of 11%, from last year’s $137.85 billion to $231.94 billion by 2022.
The reason this market is so hot, is because the threats are escalating even faster:
– malware attacks increased 18.4% year-over-year to 9.32 billion in 2017;
-while ransomware attacks dropped from 638 million to 184 million between 2016 and 2017, ransomware variants increased 101.2%;
-the average organization will see almost 900 file-based attacks per year hidden by SSL/TLS encryption;
-32% of breaches affected more than half of respondents’ systems, compared with 15% in 2016;
-more than half of all attacks resulted in financial damages of more than $500,000, including, but not limited to, lost revenue, customers, opportunities, and out-of-pocket costs;
-complexity is growing: in 2017, 25% of security professionals said they used products from 11 to 20 vendors, compared with 18% in 2016; and,
-time to detection has improved from the 39-hour median TTD reported in November 2015, and the 14-hour median reported in 2017.
To add injury to insult:
-only 66% of organizations are investigating security alerts, and businesses are mitigating less than 50% of attacks they know are legitimate; and,
-in almost all breaches (93%), it took attackers minutes or less to compromise systems, and data exfiltration occurred within minutes in 28% of the cases.
Recent studies from IBM and Raytheon – both conducted by Ponemon – reinforce just how bleak the future looks. IBM found that 77% of firms surveyed (2,800 respondents) lack proper incident response plans; while 69% report funding for cyber resiliency is insufficient. The Raytheon results were worse: -82% of 1,100 respondents predict their workplace will suffer a catastrophic data breach in the next three years as a result of unsecured IoT devices “Every day the cyber threat is growing more sophisticated and aggressive, posing a real threat to global businesses across all sectors,” said Raytheon Chairman and CEO Thomas A. Kennedy.
Mobility is another cybersecurity sore point, according to Verizon Wireless Business Group. A survey of 600 mobility professionals found that while ‘93% admitted the growing use of smartphones and tablets is creating greater security risks, almost one third admitted sacrificing mobile security to improve business performance.’
The results indicated that was a really bad choice:
-companies that had sacrificed security were 2.4x as likely to have experienced data loss or downtime as a result of a mobile-related security incident;
-68% hadn’t sacrificed security and 19% of those had suffered data loss or downtime;
-32% had sacrificed security and 45% of those had suffered data loss or downtime.
Cisco led the group of four vendors – in descending order IBM, Blue Coat/Symantec and McAfee – that were the preferred choices for enterprise security, said cybersecurity guru Jon Oltsik, principal analyst at Enterprise Strategy Group. ‘While these vendors have the highest enterprise-class cybersecurity vendor mindshare, it’s important to remember that the cybersecurity market remains wide open with something like 1,200 vendors competing for around $90 billion in revenue’, he blogged. ‘Others not mentioned here (Check Point, Fortinet, Palo Alto, Trend Micro, etc.) could easily join this list.’
In addition to being the preferred choice, Cisco also benefits from a growing vendor consolidation trend, noted Oltsik: 24% of enterprises are consolidating the number of cybersecurity vendors they do business with while 38% are doing so on a limited basis. ‘Think of the 24% as leading-edge customers with the rest of the market emulating this behavior over the next few years.’
Back in July Oltsik reported that cybersecurity was the fastest growing business unit at Cisco, although he cautioned that it’s success could be an issue. Should its cybersecurity business be tightly coupled to networking or run as a completely independent business?
Another concern is the sheer size of its product portfolio which he said ‘is difficult if not impossible to navigate. Although I’ve never been a Cisco employee, I feel like I have a Ph.D. in Cisco and even I can’t follow all the product names, brands, acronyms, initiatives, etc.’
Well now Jon can add some new items to his list. Monday’s update to Cisco’s cloud-managed endpoint security solution, Advanced Malware Protection (AMP) for Endpoints, are intended to address the 1% of ‘threats that evade detection using sophisticated techniques.’ The additional capabilities include:
-detection and protection mechanisms to stop threats such as ransomware, and cryptomining;
-threat investigation with Cisco Visibility, a new cloud application built into the endpoint console which simplifies and accelerates security investigations; and,
-new Email Security offerings, based on an OEM deal with Agari, including Cisco Domain Protection and Cisco Advanced Phishing Protection.
The company also announced an expanded relationship with ConnectWise for managed service providers (MSPs).”Through our expanded partnership, investments, and technology innovations, we are committed to delivering to our customers the best email and endpoint protection,” said Jeff Reed, Senior VP of Product for Cisco’s Security Business Group, in a prepared statement.
Two weeks ago NSS Labs released the results of its 2018 Advanced Endpoint Protection (AEP 2.0) Group Test, which evaluated 20 products for security effectiveness and total cost of ownership (TCO). The average TCO per Protected Agent (Value) was $690; twelve products demonstrated value above the average, and nine demonstrated value below the average. In addition to Cisco AMP (v6.0.5), other products tested included: Bitdefender GravityZone Elite v22.214.171.1245; Carbon Black Cb Defense v126.96.36.199; Comodo Advanced Endpoint Protection v3.18.0; Cylance CylancePROTECT + OPTICS v2.0.1450; Endgame Endpoint Security v2.5; enSilo Endpoint Security Platform v2.7; ESET Endpoint Protection Standard v6.5.522.0; FireEye Endpoint Security v4; Fortinet FortiClient v5.6.2; G DATA Endpoint Protection Business v188.8.131.52; Kaspersky Lab Kaspersky Endpoint Security v10; Malwarebytes Endpoint Protection v184.108.40.206; McAfee Endpoint Security v10.5; Palo Alto Networks Traps v4.1; Panda Security Panda Adaptive Defense 360 v2.4.1; SentinelOne Endpoint Protection Platform (EPP) v220.127.116.1148; Sophos Endpoint Protection 10.7.6 VE3.70.2; Symantec Endpoint Protection and Advanced Threat Protection (ATP) Platform v14.0.3876.1100; and, Trend Micro Smart Protection for Endpoints v12.0.1864.
“In this year’s test, only 75% of the products tested achieved 90% or higher security effectiveness,” said Jason Brvenik, Chief Technology Officer at NSS Labs. The Security Effectiveness of verified products ranged between 59.4% and 99.4%, with 10 of the 20 verified products achieving a rating greater than 95%.
The company was also listed as a Visionary in Gartner’s January 2018 Magic Quadrant for Endpoint Protection Platforms (EPP). While this was its first year participating in the report, it won’t be the last, blogged Jason Lamar, Senior Director, Security Product Management Group, Cisco.
‘This is but the latest in a multi-year, continuous investment in endpoint security and changing the security equation through integrating technologies with innovation. We believe our inclusion as a visionary reinforces the growing importance of an integrated security architecture from the cloud, to the network, to the endpoint in order to continuously optimize time to detection and prevent incidents.’
DISCLAIMER: A number of companies referenced in this article are represented in my investment portfolio.