Back in July of this year, I wrote a piece about Cisco’s acquisition of Columbia, MD-based cybersecurity company Sourcefire, and why this was an important development on several scores. The acquisition was recently finalized, and it seemed like a good time to catch up with Cisco as it continues to expand its security solutions to meet the needs of IT security professionals who are facing a rapidly changing security landscape on a myriad of fronts.
I was fortunate to have the opportunity to discuss the state of IT security challenges and Cisco’s take on things with Cisco CTO of Security Bret Hartman, and wish to share the insights that came out of that conversation.
Let me start with a personal observation. Despite a robust security portfolio, and having been an early leader on the network security side of things, Cisco has not received the leadership recognition in this space it has exhibited. The addition of Sourcefire, along with its vision on the future of risk mitigation, is poised to change that. I say this acknowledging that I rely on the Cisco Security blog as one of my several “go-to” sources for news and insights on what bad actors are doing and how the industry is working to mitigate the risks of their behavior.
image via shutterstock
Where Hartman and I started was in delving into the challenges IT faces right now. As he noted, “There is a fundamental dilemma. Everything we do is dependent on IT. Think about the risks we face in looking at the explosion of vectors of vulnerability caused by BYOD, the cloud, etc. It raises the question as to what is the best I could do is to eliminate the risks.”
The dilemma Hartman says is based on the fact that, “The best thing would be to make everything transparent. In that world you could hold organizations totally accountable. Interestingly industry, and public-private partnerships, for sharing information about threats is moving that way. We can and must all be in this together. However, as we have seen as a result of the Snowden revelations there is major concern that in the process you remove the notion of privacy. In addition, it is still very difficult to tell who is good in bad, and then have the tools to react efficiently and effectively.”
In fact, as he also noted, “As an architect, it is a great time to be in the business. It impacts the future of not just e-commerce but geopolitics as well. We are at a real watershed moment this is very exciting as well as very challenging.”
What Hartman elaborated on in regards to those challenges is that so much chaos on devices, the apps they use, the private and cloud servers they interact with revolves around the lack of what he describes as a “consistency of trust.” This is not just about from a technology perspective of addressing the risks at both needs of the equation, endpoints and servers, but also the needs of people, i.e., IT and end users.
The reality is that technical and personal trust are both in short supply. Plus, as Hartman notes, “When everything is connected to everything else it is hard to enforce policies. I have to do something that is pervasive otherwise people will go around it. This means architecting solutions that can be managed over a vast plain. It also means that while we as an industry have paid a lot of attention to solutions to aimed at the cyber threat prevention, i.e., the BEFORE issues, attention now needs to be paid as well to the DURING and AFTER time frames.”
What does that mean in terms of investment strategies? For Cisco what it meant was the expansion of its portfolio to include the Sourcefire solutions. These enable them to offer IT strong capabilities before, during and after based on employing different technologies to solve each challenge by plugging solutions into the overall security architecture fabric.
As Hartman explained, recommendations for a rich security architecture, and where investments in next generation capabilities should be made, include:
The first step is to put good controls in to prevent the bad guys from getting inside the enterprise. This means using traditional tools such as encryption, firewalls, VPNs, virtualization, etc. The problem is that even though most large enterprises have such capabilities (and many if not most SMBs) over time effectiveness of such solutions are diminishing. The explosion of vectors makes this too complicated to make perfectly secure. The gates are now relatively easily circumvented and there is truth in the characterization that authentication/identity is the new perimeter.
Such prevention remains “must haves,” but as Hartman stated, “The before has been about putting up the gates and about meeting compliance mandates. While table stakes, the rapidly changing landscape has the entire industry looking more at during and after.”
Security as a result of the BYOD, third-party storage services, the cloud, etc., has diminished visibility and context in real-time to events as they are taking place. The old model of set it up once and analyze it like crazy is not enough. As Hartman noted, finding out quickly what is going on, plugging the hole and greatly reducing the time in which problems are detected and remediated is a function of better visibility, contextual awareness of the entire enterprise “E”vironment and having the tools to respond quickly. The bar has been raised on the destruction than can be wreaked as well as the time in which it can happen, and enterprises need to be investing in solutions that increase visibility at a deeper level regarding devices (set-up, location, who, what is accessing), along with context about the status and integrity of the data itself, whether at rest or on the move.
Let it or not, attacks are changing and rapidly as bad actors look to exploit any vector that is vulnerable. And, as recent reports show, attacks are becoming more sophisticated, more frequent and hacking has gone from hobby to a very lucrative business. In a world where much of remediation has been manual, investments need to be made in automating responses, and investing in “smart” solutions that can learn from previous attacks, including from shared information, and automatically detect them and quickly apply a remedy.
IT enterprise security today is at a watershed moment. As a result of all of the technology trends impacting the exponential increase in vectors of vulnerability, coupled with the breakdown in trust between IT and end users ready, willing and ability to get what they want, when they think they need regardless of company policies and rules, trust is breaking down and the control required to keep the enterprise safe has been diminished.
This does not have to be the case. It is going to be hard work, but trust can be reestablished. It can be by deploying the necessary controls for risk management, policy enforcement and without compromising end user needs. This does put a premium on having a strategic as well as tactical approach to online security. Such an approach must involve buy-in by all stakeholders including ecosystem partners. It is going to take investment in the tools visibility and context-based that IT can use for before, during and after to prevent and mitigate risks. And it is going to involve a lot of education and cooperation.
This all starts with the recognition that not responding to increased risks is not an alternative. There is a lot of talk in the industry about “balancing” needs. Where balance may be most needed is in the development of a security blanket that balances where before, during and after investments should be placed based on each enterprise’s unique situation, and as Cisco rightly has positioned its offerings not only does each area command attention, but assuring IT has the ability to easily manage and respond quickly to whatever happens as well as whatever comes next is why architecture along with execution are so important.
Edited by Ryan Sartor