pict rider - Fotolia

Network visibility remains the key to safe digital transformation, says Cisco

Accessing analytics to deal with incidents is the future of information security, according to Terry Greer-King

The security risks attached to digital transformation are best addressed by employing better network visibility, Terry Greer-King, cyber security director for Cisco in UK, Ireland and Africa, has told Computer Weekly.

Moreover, from a security perspective it’s “important to note that digital transformation is typically led by the business and not IT”, he added.

Adding to the security risk, organisations are typically looking to move quickly to take advantage of new opportunities and many digital transformation programmes involve the use of internet of things (IoT) devices.

“Currently, estimates put the number of connected devices at around 15 billion, but that is expected to grow to 500 billion by 2050, which increases the attack surface and means that all the security issues we are facing at the moment are about to get a whole lot worse,” said Greer-King.  

This is going to be a serious challenge, he added, particularly if organisations continue to use traditional IT security technologies and approaches.

“The traditional approach has been about protection and control, and has tended to put the brakes on business,” he said.

“However, in the increasingly digitised world, security professionals need to help the business to move quickly to benefit from new technologies in a way that is secure,” said Greer-King.

The drive towards visibility

“Really, the drive towards that has a lot to do with visibility, as if you can see what is actually connected across your network, what data flows are taking place, who is connected to what, as well as establish what is a ‘normal state’, then you stand a chance of staying ahead of the business,” said Greer-King.

“With greater visibility you get more responsibility within the organisation and across the supply chain,” he said.

Greer-King said applying analytics across the whole network to get more actionable information is an important part of visibility, as for many organisations the traditional approach is not working.

“This is particularly true where there are pressures on human resources with multiple security technologies deployed in silos and humans trying to control, operate and respond to threat feeds,” he said.

In fact, this “will only get more difficult as more IoT devices come online”, he added.

Securing the domain name system

To provide this support for digitisation, Cisco has invested $5bn in security measures in the past three years and increased the number of its security engineers from 750 to around 3,000.

It has also made several strategic acquisitions, including SourcefirePortcullis and OpenDNS. The acquisition of OpenDNS was driven by Cisco discovering that 91% of the most destructive malware is delivered across the internet’s domain name system (DNS).

“Research has shown that 68% of organisations do not monitor DNS, which means more than two-thirds are not keeping an eye on the main malware distribution mechanism,” said Greer-King. “OpenDNS brings in threat information that helps protect organisations from this chief source of malware.”

The acquisition of Sourcefire, he said, contributed significantly to the company, by growing to around 2,000 members Cisco’s internal Talos security team, which also protects all Cisco customers.

“The Talos security team accesses Cisco’s threat feeds and 80% of the global internet traffic that goes through Cisco systems, with 250 people dedicated to threat research,” said Greer-King.

“The combination of analytics and services results in reduced detection time, something increasingly in demand as organisations begin to understand that piling up security products in silos is not necessarily stopping all the attacks,” he said.

Data breach detection speeding up

According to Cisco research, it can take organisations up to 200 days to identify that they’ve had a cyber breach, compared with Cisco’s current internal average of just 17.5 hours.

“That is only possible with advanced analytics and a large team of dedicated information security professionals, which is something more companies are going to have to tap into in the next two years, as they prepare for compliance with the European Union’s General Data Protection Regulation (GDPR) which requires organisations to notify of data breaches within 72 hours,” said Greer-King.

“Data breach notification requires visibility, and as organisations move to greater digitisation, we are championing the idea of security everywhere rather than it being a piece of technology bolted on,” he said.

According to Greer-King, Cisco is helping organisations transform their approach to security, mainly through supporting services and analytics integrated across the whole of Cisco’s architecture, such as Cisco’s advanced malware protection (AMP) that works across all Cisco security appliances.

“We are talking to them about their processes, how they evaluate risk, and how to determine appropriate risk policy, aided by our acquisition of the UK’s advanced penetration testing firm, Portcullis,” he said.

Relying on others for your security

The current cyber threat environment, said Greer-King, means that most organisations need to lean on other companies, such as Cisco, that have greater security resources and can provide “threat-centric, actionable” information to enable them to protect themselves a whole lot better.

In the face of the 19.7 billion threats Cisco blocks every day and the worldwide shortage of people with the right cyber security skills, he said it is debatable whether any organisation whose core business is not security could deploy enough security, or do a reasonable job, on its own.

According to Greer-King, one of the reasons he joined Cisco nearly three years ago is he believes the world has moved on from small, dedicated security players being able to meet all the needs of an organisation.

“I think you need a broad umbrella portfolio, you need to deploy unified architecture and you need a huge security team working on your behalf. Having access to analytics professionals to help with general security and deal with incidents is where the future of information security lies,” he said.

Read more about digital transformation

Read more on IT suppliers