Cisco goes all-in on security integration with SecureX platform

Speaking to a growing supply-side conviction that the future of cyber security will prioritise product and service integration, simplification and interoperability, Cisco has unveiled a cloud-native security platform, unifying visibility across its portfolio and user infrastructure, enabling automated security workflows, and incorporating managed threat-hunting capabilities.

The SecureX platform was unveiled at RSA Conference 2020 in San Francisco – which is going ahead despite multiple suppliers, including AT&T and IBM, pulling out owing to coronavirus fears – and Cisco believes it will radically simplify how chief information security officers (CISOs) go about their day-to-day work, with what it claims is the “broadest, most integrated cloud-native security platform” in existence.

John Maynard, Cisco chief security officer, told Computer Weekly that the supplier was finally reaching the end of a path it has been walking since it started investing seriously in security acquisitions in the mid-2000s.

“We’re trying to solve the number one problem that every CISO has – that these environments have been built to be highly fragmented,” he said. “The vast majority of customers have a multi-vendor security estate, and struggle with orchestrating alerts and driving remediation at scale across that fragmented landscape.

“We see customers with up to 100 different vendors in their environment. Just being able to orchestrate across that is such a challenge, and frankly because of this a lot of this tech is not implemented or adopted, it’s just sitting on a shelf, or it’s in the environment but it’s not properly configured or optimised, so not actually doing the job it’s supposed to be doing.”

Cisco’s 2020 CISO benchmark study – which surveyed nearly 3,000 security professionals – found that 28% felt managing a multi-supplier security environment was very challenging, up 8% since the 2019 survey. Meanwhile, 42% of CISOs said they were suffering from what Cisco termed “cyber fatigue”, defined as basically giving up on proactively defending against threats and malicious actors. Of this group, 96% said multi-supplier environments were a headache.

Maynard said the security industry was guilty of forcing the problem of integrating multi-supplier environments onto its customers, leaving them to stitch everything together using supplier-provided application programming interfaces (APIs).

“We’re trying to solve the number one problem that every CISO has – that [security] environments have been built to be highly fragmented. The vast majority of customers have a multi-vendor security estate, and struggle with orchestrating alerts and driving remediation at scale across that fragmented landscape”

“Nearly one-third of organisations base cyber security monitoring and protection on more than 50 different security products. This not only adds cost and complexity, but also makes it harder to detect and respond to cyber security incidents in a timely fashion,” said Jon Oltsik, senior principal analyst and fellow at the Enterprise Strategy Group (ESG).

“Integrated cyber security technology platforms like Cisco SecureX have the potential to address these economic, technical and resource challenges by providing more comprehensive threat detection, automated incident response and ease-of-operations capabilities.”

The fully cloud-native and multi-tenant SecureX platform will provide unified visibility across security environments – including to third-party products – bringing metrics, activity feeds and product information.

It will provide analytics across the user’s infrastructure, from endpoints, to network traffic from switches and routers (including encrypted traffic), to private datacentres and public cloud environments including Amazon Web Services (AWS), Microsoft Azure and Google Cloud. Meanwhile, automation delivered through machine learning will serve to gather incident information, trigger workflows, isolate problem hosts and communicate issues to security admins.

Finally, SecureX will provide threat response with data enrichment from the various products in the environment, and threat intelligence feeds, letting security teams know what is being targeted and how to fight it, while a managed threat-hunting capability will incorporate Cisco’s Talos threat intelligence services to analyse telemetry from endpoints, networks and clouds to ward off threats.

“I think realistically this is the only way we can solve this security problem,” said Maynard. “Complexity is the enemy of security – every time you make your environment or controls more complex you are building more vulnerabilities into your operation.

“The way to reduce the overall vulnerability space of your environment is to reduce complexity, increase visibility, and improve your chance of detection and containment.”