Today’s threat landscape is more dynamic than ever before. Rapid changes in the world around us, driven by cloud, mobility and the Internet of Everything, are considerably affecting traditional security approaches. The notion of the “perimeter” no longer exists and threats are able to circumvent traditional, disparate security products.
The marketplace needs a pervasive, continuous security architecture that addresses each phase of the attack lifecycle. Today, we are excited to announce the acquisition of Sourcefire (NASDAQ: FIRE), which directly supports Cisco’s strategy to constantly defend, discover and remediate threats – with the ultimate goal of covering our customers before, during and after an attack.
Sourcefire, based in Columbia, MD, is a leader in intelligent cybersecurity solutions. Sourcefire delivers effective, highly automated security through continuous threat research, detection and protection across its portfolio of next-generation intrusion prevention systems (IPS), next-generation firewall, and advanced malware protection solutions.
Sourcefire couples its technology with automated, real-time visibility across the extended network that includes virtual, mobile and endpoints. These solutions work not only at a point-in-time, but also provide continuous threat protection and retrospective remediation across the network.
Having led security innovation for more than 12 years, Sourcefire has assembled a world-class team with deep security DNA that will help drive Cisco’s execution of its security strategy. Sourcefire was founded by Marty Roesch, who pioneered their success through open source, creating a community of security technologists working together to build an industry leading intrusion prevention system. Sourcefire also is home to the Vulnerability Research Team, a group of elite security experts who work around the clock to proactively discover, assess, and respond to the latest trends in hacking activities, intrusion attempts, malware and vulnerabilities.
Sourcefire’s open source model is expected to strengthen and accelerate Cisco’s ability to build a strong ecosystem of security partners who can bring real time threat intelligence and innovations to customers through integration with our technologies and platforms.
Security is a critical component to Cisco’s overall strategy to be the No. 1 IT company. Earlier this year, we acquired Cognitive Security, a security software company that applies artificial intelligence techniques to detect advanced cyber threats. Cognitive Security and Sourcefire are expected to help Cisco achieve our goal as we offer more best-in-class security services; more intelligence sources for continuous protection; and an open platform to enable a threat-aware network.
We believe that Cisco and Sourcefire customers will benefit from the combination of world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud.
I am delighted to welcome the entire Sourcefire team to the Cisco family, and look forward to a prosperous future together.
In closing, I would simply like to remind you that this blog contains forward-looking statements which are subject to risks and uncertainties, including the risk factors discussed in Cisco’s most recent reports on Form 10-K and Form 10-Q filed with the SEC on September 12, 2012 and May 21, 2013, respectively, and in the press release announcing this transaction. Such risks could cause actual results to differ from those contained in the forward-looking statements. For further information, please consult such Form 10-K, Form 10-Q, and Cisco’s Form 8-K covering such press release, each available free of charge at the SEC’s website at www.sec.gov or by going to Cisco’s Investor Relations website at http://www.cisco.com/go/investors.
Cisco published earlier this week the 2013 Cisco Global IT Impact Survey, exploring the relationship between IT and the business goals of the companies they support. Among other things, 42 percent of those interviewed responded that they know about the Internet of Things, “as well as I know Einstein’s Theory of Relativity.” In other words, beyond a passing knowledge of e=mc2, the relevance of the Internet of Things to IT is about as illuminated as a black hole.
Does that really matter at this point? you might ask. Isn’t the Internet of Things about Nike FuelBands and talking toasters? In fact, a lot of what we call “industrial automation” or “safety and security” is the leading edge of the Internet of Things. It’s already here today, called into the service of greater efficiency, productivity, and safety. This is “operational technology” instead of “information technology”: in other words, technology that directly monitors or controls physical objects and processes, such as assembly lines on a factory floor.
This has enormous implications for IT:
1. Security threats go from the merely cyber to the cyber-physical. Gartner summed it up nicely in the WSJ last week. And let’s not even talk about Shodan.
2. Beyond BYOD. The consumerization of personal electronic devices transformed the enterprise networking landscape. IT adapted to the new security threats posed, figured out how to associate multiple devices to a single user, etc. Now imagine “bring your own programmable logic controller.”
3. Redefining networking scalability and data management. And we thought video was a huge driver of traffic on the network. SAP and Harris Interactive recently estimated that 4 billion terabytes of data will be generated this year alone. (For some idea of the scale, take a single IoT use case — smart meters. Jack Danahy estimated 400MB of data per year. Not much, you say? Multiply that by, say, 1 million households, and you get 400 terabytes already. For a single use case. In one city.)
IT has much to offer, and should. As proprietary connectivity networks converge onto TCP/IP, IT can bring its expertise in securing IP-based networks. With experience in deploying cloud services, IT can bring in network management best practices. And with expertise in software-defined networking, IT can help re-architect networks to support immense scale, real-time requirements, analytics at the edge, and more.
From the outside-in, the Internet of Things may seem like a fast-moving train that’s zooming by too fast to board. But if you’re in IT, get on board: you’ll experience relativity and relevance.
The concept of crowd sourcing cyber intelligence may sound like an unstructured process, but there’s more to it than that. First, you need to remember that all crowds consist of collections of individuals contributing to the community knowledge base. Second, someone has to take responsibility for gathering data from the crowd, analyzing it, and refining it into actionable information that crowd members can apply to their unique situations.
One of the main reasons I’m excited about my job is that I work for an organization with unique qualifications to lead the movement to collective, crowd-sourced cyber security. Cisco has customers all over the globe that have agreed to share threat intelligence data with us for analysis and redistribution back to the community. This process evolved as a byproduct of our main line network products, solutions, and services business. It also hasn’t escaped our notice that these efforts not only deliver huge benefits to our current customers, but also carry with them a truly compelling business value proposition. I really shouldn’t say more, but do it any way in a video blog post you can access here.
A couple of weeks ago, I announced a new name and a new mission for the group I lead at Cisco. I’ll do my best to minimize reader exposure to boring administrative details, but the long and the short of it is that the former Cisco Global Government Solutions Group (GGSG) has become the Cisco Threat Response, Intelligence, and Development (TRIAD) organization.
Any organizational name change is only a label placed on more fundamental transformations in missions, strategies, and desired outcomes. While the new organization will continue to serve government customers, the time has come to mobilize the expertise we have built up over the years to help critical infrastructure and enterprise customers strengthen their abilities to deliver IT-based services and value with minimal disturbance from unauthorized sources.
Vectoring the organization’s mission to threat is the key to understanding what TRIAD is all about. Through our work with Cisco customers, observation and analysis of phenomena visible in Cisco and customer networks, and application of innovative thinking about security practices and processes, we see enormous potential for developing and delivering threat-focused approaches to cyber security into products, services, and solutions. Read More »
RSA 2013 ends and I both miss it and breathe a sigh of relief that it’s over. Let me explain. As a security guy, it’s nice to be around other security like-minded people. We all speak the language. You needn’t really justify why you are worried about things most people have never heard of. It’s exciting to see so many people try so many different things, be it startups, big companies, or inspired individuals. It’s great to see government employees, corporate executives, and pony-tailed security geeks all talking to one another. In a slightly strange way, it’s therapeutic.
That said, RSA is an incredibly intense week, and this year’s conference was no exception. In four-and-a-half full days (and this is just my schedule), I had:
Eight customer meetings
Eight dinners (working out to 1.78 dinners per day.)
Four press interviews: two on-record, one background, 1 live videocast via Google+
Four bizdev/company review meetings
Two analyst interviews
Two partner meetings
One customer breakfast talk along with with Chris Young
And this doesn’t include the countless run-ins with friends, a quick word here or there, and emails that all have to be managed along the way. In some respects, you don’t get enough time with really good friends (if there really is such a thing as enough time for such people in our lives), and in the end, it’s a huge blur from meeting to meeting.
I posed a question in my blog earlier this year: Are we making progress in cyber security? I say yes, yet not nearly enough, and now I am thinking hard about how to change it before RSA 2014.