Cisco’s European cybersecurity director says company can break down barriers to digitisation, simplify security processes and make the most of talent
Cisco isn’t a name that comes to mind when you think of major security vendors but the company claims it has the “largest security business on the planet”, with 5,000 staff and $2 billion in revenue.
In recent years, Cisco has moved away from its core networking business into other areas and security is an important pillar of its ‘digitisation’ strategy – or the fancy new name it’s given the Internet of Everything (IoE), which is more or less the Internet of Things (IoT).
Digitisation comprises networks, cloud, software, analytical capabilities and security, but it’s the latter that Cisco’s director of cybersecurity for EMEAR believes is holding back many companies from digitising and that’s why it’s investing so much money and resources into the business.
He argued that security had become too complex for many businesses, who in many cases are “throwing” money at additional equipment and software that doesn’t necessarily increase protection at a time when the IoT is creating more attack surfaces for hackers.
“I think there is a collective realisation that they can’t be 100 percent secure but they can be more secure. There is a better way of reducing risk than the way they’re doing it. There’s a realisation from IT and security teams, but also executive leadership.”
Exacerbating the problem is a lack of talent. Cisco says there are one million cybersecurity positions unfilled, a figure it predicts will reach 1.5 million by 2019, and 35 percent of firms are struggling to hire the right people. It says salaries are rising nine percent faster than other IT positions too, making recruitment lengthy and expensive.
Cisco’s aim is to simplify matters and holds up its next generation firewall (NGFW) as an example. Automated threat defence, improved management capabilities and third party integrations, Philpott says, can free up some of this expensive talent to be used elsewhere.
“What we’re not saying is one box solves all your problems, but we can reduce your complexity,” he said. “We can free up your high cost talent by deploying hardware in that fashion.”
Cisco has spent millions in recent months on high profile acquisitions, such as OpenDNS and Lancope, to strengthen this strategy and has devoted significant resources to internal development.
“We took stock of what we’d got, what we could develop internally and what could we bring in,” said Philpott. “We aim for every product we make to be the best in class.”
But do organisations actually see Cisco as a major security company? Philpott concedes many might not: “I don’t think they do. We’re a huge security company.”
Talos, Cisco’s security intelligence and research group, is helping to keep Cisco customers safe but also raise the profile of the company’s activities. Each day the unit finds 1.5 million unique malware samples and encounters 19.7 billion threats a day – three blocks per person on the planet every 24 hours.
As of February 2016, Talos had 100 zero-day vulnerabilities awaiting publication and each year Cisco publishes an annual security report – although Phipott maintained the main priority was to protect customers.
“We have invested heavily in a talented group of individuals,” he said. “As soon as we find something our customers are secure.
“There’s not a silver bullet that will make us well known as a security company.”
However protecting customers from external threats is no use if Cisco’s own equipment isn’t secure.
Following the discovery of a backdoor in rival Juniper’s firewall software, Cisco said it would check all of its products for unauthorised code. It said it had a strict ‘no backdoor policy’ in place and is adamant that its development process makes it difficult for malicious code or security bypasses to be introduced.
Although not a backdoor, Cisco did issue a patch for a serious vulnerability in some of its firewalls in February, but Philpott said that if companies decided to digitise with Cisco, they could be absolutely confident that it would do everything it could to be secure.
“We are very public in our trustworthiness [in terms of] how we develop, test, package software and even our supply chain,” he said. “We are responsible about how we disclose and find vulnerabilities. We are very rapid about how we patch.
“We have a trustworthy approach.”
Do you know the secrets of Cisco? Take our quiz!