Cisco Blogs


Cisco Blog > Security

RSA 2013: That’s a Wrap

RSA 2013 ends and I both miss it and breathe a sigh of relief that it’s over. Let me explain. As a security guy, it’s nice to be around other security like-minded people.  We all speak the language. You needn’t really justify why you are worried about things most people have never heard of. It’s exciting to see so many people try so many different things, be it startups, big companies, or inspired individuals. It’s great to see government employees, corporate executives, and pony-tailed security geeks all talking to one another.  In a slightly strange way, it’s therapeutic.

That said, RSA is an incredibly intense week, and this year’s conference was no exception. In four-and-a-half full days (and this is just my schedule), I had:

  • Eight customer meetings
  • Eight dinners (working out to 1.78 dinners per day.)
  • Four press interviews: two on-record, one background, 1 live videocast via Google+
  • Four bizdev/company review meetings
  • Two panels
  • Two  analyst interviews
  • Two partner meetings
  • One customer breakfast talk along with with Chris Young

And this doesn’t include the countless run-ins with friends, a quick word here or there, and emails that all have to be managed along the way. In some respects, you don’t get enough time with really good friends (if there really is such a thing as enough time for such people in our lives), and in the end, it’s a huge blur from meeting to meeting.

I posed a question in my blog earlier this year: Are we making progress in cyber security? I say yes, yet not nearly enough, and now I am thinking hard about how to change it before RSA 2014.

Tags: , , , , , ,

Defense in Depth with Software Defined Networking

Last week at the RSA Conference in San Francisco, I had the pleasure of speaking to thousands of security professionals about the opportunities and risks associated with using Software Defined Networking (SDN) for security, which will be the underlying fabric of our next generation data centers and networks. SDN-enabled security will provide a better way to secure our most valuable applications, users and data, now and in the future.

Each vendor has a different definition of how the network is changing, and there are many different terms being used, such as software defined data center and software defined storage. Cisco calls this Application Centric Networking, for example, because we are introducing programmable APIs with a focus on distributed control plane intelligence so that applications can get value directly from the network.

It’s obvious why the networking industry is embracing SDN: lower operational costs and the ability to deploy applications and network services in a quicker, more scalable manner. Cloud bursting, which is about flexible compute in the cloud, is another SDN benefit that gives us the ability for applications to interact directly with the network in ways that do not happen today.  For example, applications will be able to query the network for location of users to manage Quality of Service and deliver highly targeted content.

So why should the security industry care about SDN? As the threat landscape evolves, the opportunity is to make Security a key application for SDN. We can use SDN to build a Network-based Threat Defense System. I see three key elements to this system:

Read More »

Tags: , , , , , ,

Acquisition of Cognitive Security Bolsters Cisco’s Cyber Threat Defense Capabilities

In a world where malware and advanced cyber threats are enterprises’ greatest concern, the need for innovation in security is at an all-time high. Mobility and cloud are drastically changing the IT security paradigm, and our attackers are radically increasing the sophistication of their attack methods. Cisco has been listening to our customers’ concerns and we are investing in threat intelligence and defense.

As part of our investment to strengthen the network with more analytics and intelligence to target today’s complex and disruptive threats, Cisco has announced the intent to acquire Cognitive Security, a privately held company headquartered in Prague, Czech Republic. Cognitive provides security software that is focused on applying artificial intelligence techniques to detect advanced cyber threats.

When Cognitive’s technology is combined with traditional firewalls, network security, content security, and Intrusion Detection and Prevention Systems, it provides a complete detection and mitigation solution that enables customers to protect against advanced attacks and zero day attacks in near real-time.

Why is this important? Well, think of this simple use case: An employee’s own personal device is infected outside the perimeter of the enterprise. Once the employee brings that device on to the network, the enterprise’s perimeter defense solution cannot protect against the threat because the device has already been infected. This can cause a full range of negative impacts on the enterprise and the data center. With Cognitive’s technology integrated in to existing security tools, unknown abnormal network behavior is quickly and automatically identified and subjected to further analysis and enforcement.

The Cognitive software will be integrated in to Cisco’s Security Intelligence Operations (SIO), bringing together global security intelligence from the cloud with local intelligence on a customer premise to protect against advanced cyber threats.

The acquisition of Cognitive supports Cisco’s focus and investment in security and is integral to all three key components of our security strategy: 1) Cloud-based threat intelligence and defense; 2) Common policy management and context; and 3) Network enforced policy – where we truly make the Network part of the security paradigm, as opposed to sticking yet another security “box” in the network and expecting it to do all the work for us.

I am delighted to welcome the Cognitive team to the Cisco family and look forward to working with them to ensure that we are delivering always on, integrated security that empowers our customers to realize the benefits of a mobile, cloud enabled business.

Tags: , , , ,

Security Industry Visionary Joins Cisco

We are in the middle of several major market trends and transitions, including mobility, cloud and virtualization. Security is at the center of these massive transitions, and our customers tell us that they want simplicity and seamlessly integrated solutions for their network architectures. These industry disruptions require new thinking to create innovative technological solutions that will solve our customers’ biggest problems.

Enter Bret Hartman.

Bret has joined Cisco as the new Chief Technology Officer (CTO) for the Security Technology Group, which encompasses all of Cisco’s core security products. For Cisco, Bret will define our overall security technology strategy, particularly as it relates to how security technology integrates across the network infrastructure. Ensuring that our strategy transitions into value-added customer solutions will be critical as we move to an integrated security architecture that leverages the network.

Read More »

Tags: , , , , , , , ,

Welcoming former RSA Security and VMware leader Chris Young to Cisco as our New Security Group Leader

As our customers and partners well know, security has been front-of-mind for Cisco this year. As far back as February, our CEO John Chambers announced that security was to become a top engineering priority for the company. The pace of innovation and development has been rapid ever since.

During the year, we unveiled our context-aware distributed security solution, Secure X, introduced the Cisco Identity Services Engine to simplify management of organization-wide security policies, and we brought new security to branch offices by adding Cisco ISR Cloud Web Security to the Cisco ISR G2 branch router.

We also elevated the role of our amazing Cisco Threat Operations Centers in helping customers chart the escalation and sophistication of security threats designed to exploit new business models that emphasize mobility, social collaboration and cloud computing.

Even with all of this momentum in security, we still saw opportunities to do more; to move faster; and to address our customers’ security challenges more completely.

It’s with those goals in mind, that I am delighted to announce today a senior executive appointment to further strengthen Cisco’s security business. For the first time, the security engineering team will be led by an SVP, reporting directly to me. We are pleased to share that Chris Young will be joining Cisco in on November 14th to fill this new leadership role.

Chris is an outstanding technology, business and security industry leader. He joins us from VMware, where he was Senior Vice President and General Manager, responsible for strategy, products, engineering and delivery across all of VMware’s end user computing solutions.

Prior to joining VMware, Chris served as Senior Vice President, products at RSA, the Security Division of EMC, where he was responsible for strategy, product management, product marketing, engineering and delivery of products across all of RSA’s Identity and Access Assurance, Security Information and Event Management, Governance Risk and Compliance (GRC), and Data Security solutions.

While at RSA, he built the company’s highly successful Identity Protection and Verification business, which includes products such as RSA Adaptive Authentication that today protects more than 200 million online bank accounts globally. Chris’ role grew to include responsibility for all products in the RSA portfolio and during his tenure he led several successful acquisitions, including Cyota Inc., Passmark and Archer Technologies among others.

Chris will assume responsibility for a new integrated security engineering team and for Cisco’s overall security vision. His new team combines our security technologies group and our global government security solutions into a single entity.

As we welcome Chris, we say goodbye to Tom Gillis, VP of our security technologies business unit. Tom joined Cisco through our acquisition of Ironport and has been instrumental in driving our overall security business thus far. Tom is keen to pursue his entrepreneurial passion outside Cisco. We thank Tom for his leadership and wish him well in his future endeavors.

We said during our Q2 earnings call that we would continue to take further actions that allow us to address market transitions with greater speed, agility and consistency. Today’s news is a good example of that commitment: we are evolving our operating model and investing in and strengthening our team with new talent in the process. We look forward to welcoming you to Cisco, Chris!

Tags: , , , ,