Cisco security chief: How to beat back security system complexity

Tim Greene

On the partnerships, is that to bring other vendors’ security gear under better centralized management through Cisco or is that for technology Cisco does not have?

It’s both. We want to be able to build our architecture in a way that’s open and extensible. A good example is our identity services engine which gives a lot of network context about users. We have an open API to that called [Platform Exchange Grid] and we have a whole ecosystem of partners that when they have an IP address, they can basically get information from our identity system that tells what the user is, what device they’re on, where they’re at. It allows our partners to get a lot more contextual information about users on the network as opposed to just devices.

So you’re making it possible to integrate third-party devices into Cisco networks?

A lot of integration work is left to the customers, and they’re really struggling with it because it just means adding more and more products which means more and more complexity which means complexity is the enemy of effective security. We’re really driving an architecture that allows, as we add more capability to the architecture, we actually simplify as we go.

What’s an example of that?

[W]e have a cloud-based advanced malware system, and then we’re going to integrate that across our entire portfolio. We have a connector to that cloud-based intelligence system that we can deploy on our email gateway. You can deploy it on a web gateway. You can deploy it on a firewall. You can deploy it on a next-gen IPS. There’s an endpoint version. There’s a version for Linux. Basically there’s a version for an ISR edge router. Basically your entire infrastructure. You’re able to deploy a software upgrade that gives you a connection to an advanced malware system.

[T]he traditional vendors will come in and say -- Put a box behind your email gateway and manage it as a separate element in your network. We come in and say -- No, upgrade the infrastructure you already have to one large system. That system is tied together by the cloud and there are huge advantages of that. When I see something, when I find a threat on any attack vector across any of those points in my network, the cloud knows about that and then I’m protected across every attack vector. I only need to see something once and I’m protected everywhere.    

We built that architecture and then we acquired ThreatGRID, which gives us advanced malware sandboxing capabilities and we integrate it into that architecture as a feature as opposed to saying go deploy this box everywhere in your network. That leads to an advanced malware franchise we have today called AMP (Advanced Malware Protection).

Previous Page  1  2  3  Next Page