[ed. Note: This post was updated 7/9/2014 to include new information not available to the author at the time of original publishing]
I just returned from the Gartner Security Summit at the Gaylord Resort in National Harbor Maryland. Each morning I took my run along the Potomac River and passed this sculpture of a man buried in the sand.
In speaking with many IT executives they expressed specific concerns around their IT security, and this sculpture of the “man in the sand” took on new meaning for me. I could see how they might similarly feel overwhelmed and buried given their limited resources and the abundance of threats to their environments. Yes, I’ve been in this industry too long! Anyway, throughout all of my conversations it was abundantly clear that people were looking for a new way to approach securing their networks and applications. Customers are recognizing that unsecured access to the network is a critical threat vector; however, when leveraged properly, the network itself also provides a significant platform that offers comprehensive protection to close those gaps. So, what do I mean by that?
The network uniformly sees and participates in everything across the threat continuum, whether before, during or after an attack. If we can leverage the insights and inherent control the network provides, IT organizations can truly augment their overall end-to-end security across this continuum. If done correctly, this augmentation can happen without investing a large amount of time, energy, and resources in filling all the gaps to secure their environments -- regardless of legacy network, endpoint, mobile, virtual, or cloud usage models
Cisco strongly believes that the network must work intimately with various security technologies in a continuous fashion to offer protection for networks, endpoints, virtual, data centers and mobile.
Given Cisco’s breadth and depth of security, we did not have room to exhibit our networking devices. However, within much of our networking (and even security) offerings, we have embedded security capabilities that provide more comprehensive protection across the entire threat continuum.
An example of this is Cisco TrustSec embedded network access enforcement, which provides network segmentation based on highly differentiated access policies. Cisco TrustSec works with Cisco ISE to provide consistent secure access that is mapped to IT business goals. Cisco ISE and TrustSec are part of the Cisco Unified Access solution and leverage a superior level of context and simplified policy management across the entire infrastructure in order to ensure that the right users and devices gain the right access to the right resources at any given time.
Cisco’s integrated approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection, which, in turn, allows customers to prioritize more efficiently and act more quickly - before, during, and after an attack. Through Cisco’s New Security Model, we help you achieve a more pleasant experience and get you dug out of the sand. To learn more and go beyond just a shovel and pail, go to Cisco’s Security Page.
#CiscoChampion Radio is a podcast series by Cisco Champions as technologists, hosted by Cisco’s Amy Lewis (@CommsNinja). This week Chris Young, SVP Security Business Group Cisco, and Bill Carter, Senior Network Engineer and Cisco Champion, talk about Intelligent Cyber Security for the real world.
Highlights: How Cisco deals with fragmentation in Security market
Attack-driven model for Security, before, during and after
How Sourcefire acquisition fits in with Cisco Security Open Source Security around Snort CommunityRead More »
A recent Bloor Research Market Update on Advanced Threat Protection reminds us of something that many security vendors have long been loath to acknowledge: traditional, point-in-time technologies, like anti-virus or sandboxes, are not entirely effective when defending against complex, sophisticated attacks.
This is due to something we have said before and we will say again: malware is “the weapon of choice” for malicious actors. We know blended threats introduce malware. Our 2014 Annual Security Report notes that every Fortune 500 company that was spoken to for the report had traffic going to websites that host malware. Bloor tells us all, once again, that attack methods are becoming more complex.
To put it plainly, when it comes to networks being breached, it is not a case of if, but when.
Our recap of Interop 2014 continues with a focus on Cisco technology partner Embrane, who focuses on integration of layer 4-7 virtual services into cloud and data center networks, including its own virtual load balancer, firewall and VPN. Embrane describes its heleos platform and heleos Elastic Services Manager (ESM) solution as a virtual services lifecycle manager and orchestration engine, based on the ability to provision virtual security instances in minutes, automatically insert them in the network, assign rules and policies to a specific application, enable self-healing high availability (HA), and automate the licensing and usage monitoring for each virtual appliance.
Embrane was part of Cisco’s Application Centric Infrastructure (ACI) ecosystem at our initial launch last November, and at this most recent Interop also came out and endorsed ACI’s OpFlex protocol, which handles communication between network devices and the APIC controller. Embrane also recently announced the ability to provide its lifecycle management services to Cisco’s virtual security platforms, both the ASAv and Sourcefire. I had the chance to catch up with Embrane Founder, Dante Malagrino, in the Cisco booth at Interop and get a little deeper understanding of how Cisco is working with Embrane in these areas.
Long before becoming a part of Cisco, the Sourcefire team was aggressively addressing the advanced malware challenges our customers face daily. We believe that the most effective way to address these challenges is a continuous Advanced Malware Protection (AMP) approach that does more than just track malware at a point in time, but is also unrelenting in both monitoring and applying protection. Cisco shares this vision, which is why the combination of our technologies is so powerful. It’s not just about the network, or just about the endpoint— it’s about connecting these and everything in between for complete protection.
While our customers knew it and we knew it, the industry at large can now be certain that this continuous approach is the most effective for addressing advanced threats. NSS Labs tested AMP along with other security solutions for its 2014 Breach Detection System Security Value Map (SVM) and Product Analysis Report (PAR). NSS Labs defines Breach Detection Systems as solutions that provide enhanced detection of advanced malware, zero-day and targeted attacks that could bypass traditional defenses. The SVM results speak for themselves:
The SVM is a unique graphical representation of the security effectiveness and value of tested products. It’s no surprise to us that AMP scored as high as it did, but the results are great validation of our commitment to delivering this leading protection with the best total cost of ownership (TCO).
The SVM is also further proof that solutions marketed at addressing targeted advanced persistent threats (APT) and zero-day attacks can’t stop at only offering point-in-time detection. Advanced Malware Protection is the only solution to offer continuous analysis, retrospective security, and multi-source Indicators of Compromise (IoC) for protection before, during and after attacks across the extended network. These capabilities address an important gap that exists in all point-in-time products. Our AMP solution provides the continuous capability to “go back in time” and retrospectively identify and then remediate files that initially evade defenses.
Some highlights from testing:
AMP has the lowest TCO of any product tested
AMP is a leader in security effectiveness achieving detection of 99 percent of all tested attacks
AMP excelled in time-to-detection, catching threats faster than competing Breach Detection Systems
When we talk about AMP with our customers, we call it “AMP Everywhere” because it can protect from the cloud to the network to the endpoint. It has been available as a connector for endpoints and mobile devices, a standalone appliance, and as part of Next-Generation Firewall and Next-Generation IPS for the last two years. It has also recently been integrated into Cisco’s portfolio of Web and Email Security Appliances and Cloud Web Security. With web and email interactions remaining one of the primary vectors for malware infection in organizations, AMP integration on our leading email appliance and web security gateways provides our customers with even stronger protection wherever a threat can manifest itself.
“AMP Everywhere” is a reality. An extremely effective one, at that. I encourage you to see the results for yourself. Download a free copy of the 2014 NSS Labs Breach Detection Systems SVM and PAR for Advanced Malware Protection.