Cisco Live: Why point security solutions compromise an effective security posture

Threat-intelligence feeds reduce time to detection and highlight the value of integrated security platforms

Seamless sharing of new threat information has pushed CSOs to give integrated security platforms more strategic urgency than in the past, a senior Cisco Security executive has warned as the company fills out its own platform offering to address increasing customer demands.

Many businesses for years had built their security infrastructure around loosely affiliated point products from multiple vendors, opting for best-of-breed solutions that often proved difficult or impossible to integrate. And, over time, security practitioners had gotten used to working with the inconsistencies between products.

However, Cisco vice president of security marketing Jeff Samuels told attendees during the Security Innovation Day at the company’s Cisco Live! conference in Melbourne, customers facing the complexity of hybrid cloud, mobile and other security paradigms were rapidly warming to better-integrated platforms that worked in lockstep with evolving threat-intelligence services.

The company’s evolving roster of security products had accomplished this, he said, through integration with the company’s back-end Talos threat intelligence services. Threat-intelligence platforms are “a standard way that we communicate the intelligence part of the defence,” he continued.

“Sharing of information, policy, events, contextual awareness, and intelligence are the foundations of effective security – and very good point-product vendors are trying to come up with a platform message because they know this.”

Cisco – which has been rationalising the fruits of several recent acquisitions under its Umbrella, Advanced Malware Protection (AMP), CloudLock and other brands – has been pushing the message hard to get customers thinking about the potential benefits of its integrated architecture.

Rapid updates across a variety of security tools were more than a nice-to-have, noted Earl Carter, a threat researcher within Cisco’s Talos Security Intelligence and Research Group.

“Many people deploy 20, 30 or more security vendors in their networks – but a lot of those don’t have a way to share data to the other devices on your network,” he said. “And if you can’t share that intelligence across your devices, there are going to be gaps on your network.”

Since malicious actors know that their targets are actively defending against their work and working to shut down their campaigns, he warned, many cybercriminals were shifting from one attack technique to another in a matter of hours.

“These guys are always looking to get past point solutions,” he said, “and we are constantly trying to find ways to identify that, and to get that out to our security products. But they know it takes about 5 hours to get an updated antivirus signature completed – so by that time, they’ve already moved on. Once you get data [about attacks] you have to be able to get threat intelligence from it, and have a single source of intelligence going out to all devices.”

Ultimately, Samuels said, the ongoing and ever-changing threat climate meant that the real judge of a security platform’s effectiveness came down to two simple questions: “is our security posture effective? And is it going to be more effective tomorrow as the landscape evolves?”

“Threats are going to get in,” he continued. “One of the keys to an effective security posture is making sure that the time to remediate a threat and respond to it, is as close to zero as possible. And when we do that, we feel we can take a deep breath, at least, and think about tomorrow. That’s what an effective security posture is.”

Tags ciscoCisco LiveCyber Security StrategyCSO AustraliaCybersecurity Innovation Day#CLMel

Show Comments