Our recap of Interop 2014 continues with a focus on Cisco technology partner Embrane, who focuses on integration of layer 4-7 virtual services into cloud and data center networks, including its own virtual load balancer, firewall and VPN. Embrane describes its heleos platform and heleos Elastic Services Manager (ESM) solution as a virtual services lifecycle manager and orchestration engine, based on the ability to provision virtual security instances in minutes, automatically insert them in the network, assign rules and policies to a specific application, enable self-healing high availability (HA), and automate the licensing and usage monitoring for each virtual appliance.
Embrane was part of Cisco’s Application Centric Infrastructure (ACI) ecosystem at our initial launch last November, and at this most recent Interop also came out and endorsed ACI’s OpFlex protocol, which handles communication between network devices and the APIC controller. Embrane also recently announced the ability to provide its lifecycle management services to Cisco’s virtual security platforms, both the ASAv and Sourcefire. I had the chance to catch up with Embrane Founder, Dante Malagrino, in the Cisco booth at Interop and get a little deeper understanding of how Cisco is working with Embrane in these areas.
Long before becoming a part of Cisco, the Sourcefire team was aggressively addressing the advanced malware challenges our customers face daily. We believe that the most effective way to address these challenges is a continuous Advanced Malware Protection (AMP) approach that does more than just track malware at a point in time, but is also unrelenting in both monitoring and applying protection. Cisco shares this vision, which is why the combination of our technologies is so powerful. It’s not just about the network, or just about the endpoint— it’s about connecting these and everything in between for complete protection.
While our customers knew it and we knew it, the industry at large can now be certain that this continuous approach is the most effective for addressing advanced threats. NSS Labs tested AMP along with other security solutions for its 2014 Breach Detection System Security Value Map (SVM) and Product Analysis Report (PAR). NSS Labs defines Breach Detection Systems as solutions that provide enhanced detection of advanced malware, zero-day and targeted attacks that could bypass traditional defenses. The SVM results speak for themselves:
The SVM is a unique graphical representation of the security effectiveness and value of tested products. It’s no surprise to us that AMP scored as high as it did, but the results are great validation of our commitment to delivering this leading protection with the best total cost of ownership (TCO).
The SVM is also further proof that solutions marketed at addressing targeted advanced persistent threats (APT) and zero-day attacks can’t stop at only offering point-in-time detection. Advanced Malware Protection is the only solution to offer continuous analysis, retrospective security, and multi-source Indicators of Compromise (IoC) for protection before, during and after attacks across the extended network. These capabilities address an important gap that exists in all point-in-time products. Our AMP solution provides the continuous capability to “go back in time” and retrospectively identify and then remediate files that initially evade defenses.
Some highlights from testing:
AMP has the lowest TCO of any product tested
AMP is a leader in security effectiveness achieving detection of 99 percent of all tested attacks
AMP excelled in time-to-detection, catching threats faster than competing Breach Detection Systems
When we talk about AMP with our customers, we call it “AMP Everywhere” because it can protect from the cloud to the network to the endpoint. It has been available as a connector for endpoints and mobile devices, a standalone appliance, and as part of Next-Generation Firewall and Next-Generation IPS for the last two years. It has also recently been integrated into Cisco’s portfolio of Web and Email Security Appliances and Cloud Web Security. With web and email interactions remaining one of the primary vectors for malware infection in organizations, AMP integration on our leading email appliance and web security gateways provides our customers with even stronger protection wherever a threat can manifest itself.
“AMP Everywhere” is a reality. An extremely effective one, at that. I encourage you to see the results for yourself. Download a free copy of the 2014 NSS Labs Breach Detection Systems SVM and PAR for Advanced Malware Protection.
Malware is everywhere and it’s incredibly challenging to combat, using whatever unprotected path exists to reach its target and accomplish its mission.
Malware has become the weapon of choice for hackers. According to the 2013 Verizon Data Breach Investigation Report, of the top 20 types of threat actions last year, malware is the most common method used, followed by hacking and social engineering. Increasingly, blended threats that combine several methods – for example, phishing, malware and hacking – are being used to introduce malware, embed the malware in networks, remain undetected for long periods of time and steal data or disrupt critical systems. More specifically on blended threats, the report tells us that more than 95 percent of all attacks intended for conduct espionage employed phishing. What is more, a prominent recent retail breach began with a targeted email phishing attack that ultimately led to access to payment system data via malware uploaded to PoS systems.
One of the big lessons I learned during the early days, when I was first creating Snort®, was that the open source model was an incredibly strong way to build great software and attack difficult problems in a way that the user community rallied around. I still see this as one of the chief strengths of the open source development model and why it will be with us for the foreseeable future.
As most every security professional knows, cloud applications are one of the most prevalent attack vectors exploited by hackers and some of the most challenging to protect. There are more than 1,000 new cloud-delivered applications per year, and IT is dependent on vendors to create new visibility and threat detection tools and keep up with the accelerating pace of change. The problem is that vendors can’t always move fast enough and IT can’t afford to wait. Countless custom applications pile on even more complexity.
So today, Cisco is announcing OpenAppID, an open, application-focused detection language and processing module for Snort that enables users to create, share, and implement application detection. OpenAppID puts control in the hands of users, allowing them to control application usage in their network environments and eliminating the risk that comes with waiting for vendors to issue updates. Practically speaking, we’re making it possible for people to build their own open source Next-Generation Firewalls.
Last October , Cisco confirmed that Sourcefire was now part of our family of security products and solutions .
“With this acquisition, we take a significant and exciting step in our journey to define the future of security. As one company, we offer an unbeatable combination that will greatly accelerate our mission of delivering a new, threat-centric security model. Through the addition of Sourcefire’s competitive talent and technologies, I see vast opportunities to expand Cisco’s global security footprint in both new and emerging markets, broaden our solution sets and deepen our customer relationships “
“Beyond the technology, one of the things that is important to me is that Cisco and Sourcefire both share key values that transcend our company names, HQ locations and number of employees. Much like Sourcefire’s Firemen Principles, you can be confident that these values will continue as one team at Cisco.”
Martin Roesch, Sourcefire founder and CTO and now VP and Chief Architect of Cisco Security Group
in his blog ONE Team
These days , John Stewart , Senior Vice President, Cisco Chief Security Officer , announced that we completed the deployment of Sourcefire at Cisco . John Stewart oversees at Cisco the Threat Response, Intelligence and Development ( TRIAD ) organization .
The implementation is already giving us insights into our data center that we never had before
The Cisco security architecture helps data center networking teams take advantage of security capabilities built into the underlying data center fabric, to accelerate safe data center innovation. There are three important security measures that every IT organization should follow to securely support data center innovation. To learn more, download the Cisco white paper “Three Must-Have Security Measures that Accelerate Data Center Innovation.”
Tell us what do you think of the acquisition of Sourcefire by Cisco .