M+E Connections

Cisco continues to make strides on its security initiatives amid ongoing malware and other challenges, according to David Goeckeler, EVP and GM of Cisco’s Networking and Security Business.

Cisco’s “thesis” has long been that the “threat landscape was going to get more and more severe,” he said June 7 at the Bank of America Merrill Lynch Global Technology Conference in San Francisco.

The company went on to “build the most effective security portfolio in the industry,” he said. But he told the conference: “Everybody understands now that you cannot keep every threat out of the enterprise. You cannot block everything.” A company can’t just build a “moat around my enterprise” anymore due to factors that include “the emergence of cloud” and the growth in mobile users, he explained. So, while you “can’t keep everybody out of your network … you better defend … the interior of your network,” he said.

What’s important is to find out “who is inside” one’s network who shouldn’t be there “as quickly as possible [and,] while the threat actors are inside your network, you need to constrain their operational space,” he told the conference. Once a hacker gets ahold of somebody’s credentials, “lateral movement becomes a very big issue” and every company must make sure to prevent such movement inside the network, he said, adding: “This is especially important” in an Internet of Things (IoT) “world” where there are many devices accessing a network at the same time.

He told the conference that once you find somebody in your network who shouldn’t be there, “you have to automate the response, but you have to respond as quickly as possible” also. It’s very important for an organization’s network and security technologies to “work together” when a device in a network is believed to have been “compromised,” he said, adding: “I want the network to automatically put that user in a segment where all they have access to is the Internet,” and they can be automatically quarantined.

Meanwhile, as the transition to the cloud continues, the “security stack is going to transition to the cloud as well,” he said. As a result, he predicted: “You’re going to see a convergence of networking and security functions in a cloud delivered edge network — and that’s a transition that has been playing out over years. We’re just seeing it now. We started investing in it several years ago. But I think three years from now, the way that market looks is going to be very different than the way it is today.”

He went on to tell the conference: “Security is a market driven by innovation and security is a market unlike any other market I’ve been in or I’ve managed, in that in the security market you start thinking about the market from the perspective of your adversary.” And that person has a “profit and an ego motive,” he said, adding that as a result of that: “Anything you do in security, there is going to be somebody trying to figure out a way around it as quickly as possible.”

One of the reasons Cisco’s advanced malware offerings have done so well is that it started publishing a number about three years ago on the average time for malware detection, which is when something hits an endpoint that made it through all an organization’s security apparatus, he said. It’s important to know how long it takes Cisco to find malware that couldn’t be figured out the first time, he noted, adding: “Like two and half years ago, we had that [at] about 40 hours…. We’ve been publishing that number every six months and now we are down to I think 3.8 hours was the latest number we published in our last cyber security report.”

The “strength” that Cisco saw in its security business in its recently-ended third quarter (ended April 28) was “driven by our integrated architecture combined with best-of-breed products,” Chuck Robbins, its CEO, said, adding the company was also “leveraging artificial intelligence on machine learning to reduce time to detection and remediation.”