deepagopi2011 - Fotolia

Rethink needed on network security, says Cisco

At Cisco Live in Las Vegas, Cisco's Rowan Trollope says security must be built-in from the start as the world moves towards the next generation of the internet

As the world moves towards what Cisco has called “the next generation of the internet”, security has to be built-in from the start, according to Rowan Trollope, senior vice-president and general manager of Cisco’s IoT and applications group.

Many traditional approaches to securing networks and devices are no longer sufficient, said Trollope, due to industry shifts such as cloud computing and the internet of things (IoT).

“Internet 1.0 did not comprehend security into the initial designs. As we look to new protocols and extensions to the edge of the network, we are looking at it from a security-first point of view,” he said.

Security threats used to be a nuisance; a virus that made your computer crash, for example. But now we’re talking about threats to life and limb, mission-critical systems that cannot fail. Security has to be driven deep into the fabric of this next generation of the internet,” Trollop added.

David Goeckeler, senior vice-president and general manager of Cisco’ networking and security group, added that the advanced nature of many of today’s threats means a rethink on security is required.

“In the past, the idea was that you’d build a perimeter to keep everything out, but that’s not the reality anymore. The world is way too sophisticated for that. So the way we think about it is that security has to fundamentally change,” he said.

Security updates

Within this desire to build security into the heart of digital transformations, the networks of the future and IoT deployments, Cisco has unveiled a number of updates to various security products.

The first of these is called StealthWatch Learning Network License. According to Cisco, this is an anomaly detection tool that uses machine learning to sniff out threats in an organisation’s network, effectively turning the router into a sensor and blocker to keep threats away from branch networks.

Read more about network security

  • Rapidly changing environments, from sprawl to consolidation, increase the challenges of network risk analysis, proper segmentation, and policy and change management.
  • Stronger network security could be the key to preventing a ransomware infection. Expert Kevin Beaver has five ways organisations can improve their networks to stop this threat.
  • In an age of heightened cyber security risks, companies still aren’t spending enough to create a network security overview.

“This is about using the network as a sensor,” Goeckeler added. “How do we get information out of the network to find where the most advanced threats are in the world? Perimeter security is important, but it’s not sufficient anymore; there are threats in your infrastructure, so doesn’t it make sense to monitor the interior of the network to find those threats?”

Another is Cisco Defense Orchestrator, a cloud-based tool for security policy automation and orchestration, so on-premises policies can be pushed out across the cloud.

A further addition are Cisco Umbrella Branch and Umbrella Roaming, tools designed to protect branch locations and remote users connected to Cisco’s AnyConnect VPN.

Finally, the company announced Meraki MX Security Appliances with AMP and Threat Grid, which is a cloud-based unified threat management tool.

“There are three ways to think about security and the cloud,” Goeckeler concluded. “Managing security from the cloud, using the ubiquity of the cloud to manage devices and so on; security for the cloud, so protecting applications and workloads that are going to the cloud with the same policies used on-premise; and finally security delivered from the cloud. And Cisco is working across all three models.”

Read more on Network security strategy