Cisco held its annual customer event this week in Orlando FLA and invited the industry analysts to attend. CEO Chuck Robbins highlighted the company’s commitment to security in his CiscoLive keynote while other executives elaborated on more security product and services details.
After a few days of meetings, I believe Cisco’s cybersecurity strategy focuses on:
- Product integration. Cisco wants a common cybersecurity product architecture that spans endpoints, networks, data centers, and the public cloud, and that can service most of its customers' cybersecurity technology needs. As a result, Cisco is busy integrating products and services like AMP, Umbrella, Firepower, Talos, etc. Cisco demonstrated its platform and discussed its future roadmap in detail.
- Openness and programmability. Beyond gluing its own products together, Cisco’s cybersecurity platform is built with connectors and APIs for third-party integration and programmability. To illustrate its technology alliance partner ecosystem, Cisco crowed about dozens of partners including Anomali, IBM, LogRhythm, and McAfee. Cisco’s intent-based networking programmability also extends to security for service providers taking advantage of APIs and building value-added services on top of Cisco security tools.
- A foundation of threat intelligence. CiscoLive started last Sunday with a day-long session by the Talos team on security research and threat intelligence. Beyond the data, the Cisco team focused on teaching customers how to operationalize threat intelligence for threat detection, hunting, and risk management. Clearly, Cisco believes that Talos threat intelligence can give the company a strategic advantage versus narrowband security vendors, so it is anchoring all security products with Talos threat feeds. The company is also bolstering market education to get the Talos word out more broadly.
- Comprehensive cloud security. Cisco wants customers to know that it can protect workloads in the public cloud with a one-two punch of Tetration and StealthWatch cloud. Beyond IaaS and PaaS, Cisco also promoted its CloudLock CASB product for SaaS management and data protection. Finally, Cisco is offering several "security from the cloud" services, such as Umbrella and email security to safeguard mobile workers and branch offices.
- Operational simplicity. When it comes to security operations, Cisco understands that many of its customers are under-staffed, lack advanced skills, have too many point tools, and still rely on manual processes. To address these shortcomings, Cisco demonstrated a security operations platform called Visibility, a common SOC analyst workbench for threat detection, incident response, and risk remediation. In its current iteration, Visibility supports a handful of Cisco products, but the company previewed an aggressive roadmap for integration of additional Cisco and third-party products.
- Professional and managed services. What many customers may not realize is that Cisco professional and managed cybersecurity services are growing like a weed. Cisco plans to expand its services portfolio to provide flexible consumption options and help customers benefit further from all its security products.
While Cisco realizes it must compete with best-of-breed products, its security go-to-market is now focused on campaigns, providing solutions for security threats like ransomware defense, breach response, and data center security. These strategic solutions often encompass an integrated bundle of several Cisco products at once.
I’ve been following Cisco for over a dozen years and firmly believe that the company’s security business is stronger now than it has ever been. That said, many cybersecurity professionals continue to consider Cisco a networking company or retain bad memories of products like the Cisco Security Agent (CSA) or Cisco Monitoring, Analysis, and Response System (MARS). To promote its cybersecurity prowess and gain attention within the infosec diaspora, Cisco should:
- Support its platform with marketing and add-on services. The platform wars are just beginning, but customers are already confused by the myriad of offerings from vendors like McAfee, Palo Alto Networks, Symantec, and Trend Micro. Cisco should use its enterprise relationships to build a security platform market education campaign for CISOs, complete with project plans, success metrics, and add-on services. The goal? Educate and influence executive security decision makers and give them the tools and support to help them through two- to three-year security platform deployment projects.
- Flex more innovation and technology leadership muscle. Cisco’s scale and security resources are pretty impressive. For example, Cisco Umbrella sees 125 billion DNS queries per day, while the company employs an army of data scientists working on artificial intelligence/machine learning for cybersecurity. So, what’s the problem? Those who don’t come to CiscoLive have no idea these assets exist, so the company can be outflanked by more boastful cybersecurity startups. Beyond CiscoLive, Cisco should host more security-only events, develop training courses with organizations like the SANS institute, and reach out to professional organizations like ISSA to spread the word on all the security research, development, and innovation going on in San Jose.
- Take an industry leadership position on cybersecurity architecture standards. Cisco should rally customers and recruit partners to support more industry cooperation around open standards like OpenC2. For starters, Cisco should turn pxGrid over to a standards body with the goal of making it an industry standard.
Cisco is in as good a position as any other vendor and could take its cybersecurity business to $5 billion over the next few years if it continues to execute. I’ll be watching.