Cisco held its annual customer event, CiscoLive, in San Diego this week, while hosting industry analysts like me at C-Scape. As part of the agenda, the Cisco security team provided details on its present position and future strategy. Here are a few of my takeaways:
- Network changes drive security. Cisco believes that network infrastructure is rapidly changing, driven by SD-WAN, direct Internet access (DIA), and user mobility. These changes will drive emerging technologies like Wi-Fi 6 and 5G and Cisco believes that organizations will look to bolster network security as they transition their network infrastructure. Thus, Cisco is baking security into networking products like Meraki and Viptella and introducing a cloud-based secure Internet gateway (SIG) to safeguard users regardless of their location. These changes should help Cisco sell networking and security products while bridging the collaboration gap between cybersecurity and network operations teams.
- Cisco’s security portfolio is much broader than people think. Common wisdom is that Cisco makes all its security money selling firewalls and IDS/IPS. Yes, it is a market leader in these areas, but the company’s portfolio is far broader than perimeter network security. For example, Cisco is gaining share with AMP for endpoints, Tetration for micro-segmentation, and Duo for MFA. Like other large security vendors, Cisco is focused on product integration and interoperability. To accomplish this goal, Cisco provides a unified front-end with Cisco threat response (CTR) that amalgamates products for threat hunting and security investigations. Cisco products are also back-ended by Talos providing threat intelligence feeds that complement individual product alerts. The company offers different types of enterprise licensing models so its customers can easily consume all its wares.
- Zero-trust is a major part of Cisco’s strategy. Everyone’s talking about zero-trust these days, but trusted network connections are really nothing new. Furthermore, zero-trust is where networking meets security – an intersection that gives Cisco a homecourt advantage. Cisco is responding to market demand for zero-trust in three areas: the workforce (secure user/device connections to applications), workload (secure connections between applications across hybrid infrastructure), and workplace (secure all network connections). Cisco covers these 3 use cases with Duo, Tetration, and its SD-Access products today and plans to provide an integrated end-to-end solution over time.
- Cisco gets cloud-delivered security. Yes, Cisco still sells a lot of network security devices, but its security offerings are increasingly cloudy. The best example of this is Umbrella, Cisco’s DNS security offering that helps companies block connections to rogue domains. Cisco has expanded Umbrella to include SIG, a cloud-based proxy that can protect corporate, branch office, and roaming users. On another note, Cisco takes advantage of the cloud to offer a consolidated management plane called Cisco Defense Orchestrator (CDO). CDO can be used for common configuration and policy management across Cisco ASA firewalls and will soon include support for Firepower and Meraki products. Over time, CDO will cover more and more of Cisco’s portfolio, helping customers streamline and accelerate security operations across all their Cisco security products and SaaS.
- Cisco is serious about customer experience (CX). Rather than just sell products, Cisco wants to work hand-in-hand with customers throughout the product lifecycle and help them consume Cisco technology to its fullest. This means a lot more bundling of security products with staff augmentation and managed services. Of course, CX is a big cultural change for the company and the initiative is still in its early stages. Nevertheless, CX should be especially welcome by CISOs haunted each day by the global cybersecurity skills shortage.
Cisco is quietly executing on its cybersecurity strategy and is poised to be a $5 billion + player by 2022. To achieve this level of success, however, Cisco should:
- Focus on user education. Cybersecurity technology is proceeding through a major transition. Most cybersecurity professionals know that they can’t do what they’ve done in the past but aren’t sure how to move forward. Cisco should invest in user education, reference architectures, deployment guides, etc., to help guide the cybersecurity diaspora through these massive changes. This will not only extend a bridge from Cisco to the cybersecurity community but also allow Cisco to establish itself as a thought leader.
- Get closer to CISOs. While Cisco must be prepared for hand-to-hand combat in each security product category, the company should build messages and programs geared specifically toward CISOs. The goal? Work with CISOs to build cybersecurity strategies and programs that support digital transformation while mitigating cyber-risks. This may seem obvious, but most security technology vendors have no clue what CISOs actually do. Cisco is one of few companies that do and need to capitalize on this knowledge.
- Move security to the left. Cisco is an infrastructure security company, but public cloud computing is moving security closer to application developers, DevOps, and the CI/CD pipeline. Cisco needs to establish a relationship with this new community while reinforcing its enterprise security integration strategy with CISOs. It may need to acquire to fill product gaps here, but the investment would be worthwhile.