As one of the largest networking and IT companies, Cisco has always had a natural place in the cyber security market.
With its oversight of the pipes of the network themselves, Cisco has been well-placed to monitor the traffic moving over them.
Yet in a world of constantly evolving threats, how is Cisco keeping up with it?
According to Terry Greer-King, Director of Cyber Security at Cisco UKI, Cisco’s strategy hasn’t changed. He frames it simply as two objectives: protecting customers and helping drive digitisation.
The first of these goals is fairly intuitive; the second means allowing to deal with the new threat landscapes created by developments such as the Internet of Things and the cloud.
According to Greer-King, the key to doing both of these things is providing a “unified architecture.”
“If you look at security traditionally it is made up of an awful lot of disparate vendors,” he says.
“The reason is that security has grown quite simplistically through there being an attack or a threat. The vendor comes up with a solution, forms a company and companies buy that companies buy that.”
He says that this approach doesn’t work; the high number of alerts simply confuses IT organisations.
“You can’t have an already strained security resource looking at 70 different vendors’ appliances’ logs and trying to work out what’s going on.”
This desire to build a unified platform has led Cisco to undertake a series of acquisitions in the security market.
One that Greer-King highlights as particularly significant is OpenDNS. OpenDNS provides advanced threat protection for all devices. The acquisition aimed to boost Cisco's Security Everywhere approach by adding broad visibility and threat intelligence from OpenDNS’s cloud platform.
Other technology capabilities bought by Cisco include Lancope, the analytics and intelligence company, and CloudLock, a cloud access security broker.
There have also been the acquisitions of Portcullis Computer Security, a UK-based cyber security consultancy. Portcullis’s services include assessments to identify vulnerabilities, forensic testing, first responder training to prepare for attacks, policy review and creation, security awareness training, and overall security posture audits.
Greer-King says to “expect more from us” regarding acquisitions.
“I would think we will remain highly acquisitive,” he says.
Greer-King caveats that while he cannot say exactly where these acquisitons will be made, analytics and services are expected to be a key part of the mix.
This raises the question of how much focus Cisco will be placing on the endpoint security market.
The two disciplines of network and endpoint security grew up in parallel to each other. The basic difference is that network security monitors traffic moving through the pipes of the network and between different segments of it, regardless of the destination.
Endpoint security sits on the devices and monitors activity on them, only protecting that specific device.
Greer-King says that endpoint security is an area of “great interest”, but reiterates the company’s focus on the network.
“Fundamentally, everything needs to transport across the network. Whether a sensor or endpoint is attacked, it has to travel across the network.
“If we can enable the network as a sensor, then all threats have to travel across the network.”
However, Greer-King says that Cisco is not just a networking security company, but is “threat-centric”.
“We are concerned about threats and understanding where they are occurring,” he explains.
“We always want to be the best in the world at what we do. I’d say in security we are now,” says Greer-King.
