deepagopi2011 - Fotolia

Rethink needed on network security, says Cisco

At Cisco Live in Las Vegas, Cisco's Rowan Trollope says security must be built-in from the start as the world moves towards the next generation of the internet

As the world moves towards what Cisco has called “the next generation of the internet”, security has to be built-in from the start, according to Rowan Trollope, senior vice-president and general manager of Cisco’s IoT and applications group.

Many traditional approaches to securing networks and devices are no longer sufficient, said Trollope, due to industry shifts such as cloud computing and the internet of things (IoT).

“Internet 1.0 did not comprehend security into the initial designs. As we look to new protocols and extensions to the edge of the network, we are looking at it from a security-first point of view,” he said.

Security threats used to be a nuisance; a virus that made your computer crash, for example. But now we’re talking about threats to life and limb, mission-critical systems that cannot fail. Security has to be driven deep into the fabric of this next generation of the internet,” Trollop added.

David Goeckeler, senior vice-president and general manager of Cisco’ networking and security group, added that the advanced nature of many of today’s threats means a rethink on security is required.

“In the past, the idea was that you’d build a perimeter to keep everything out, but that’s not the reality anymore. The world is way too sophisticated for that. So the way we think about it is that security has to fundamentally change,” he said.

Security updates

Within this desire to build security into the heart of digital transformations, the networks of the future and IoT deployments, Cisco has unveiled a number of updates to various security products.

The first of these is called StealthWatch Learning Network License. According to Cisco, this is an anomaly detection tool that uses machine learning to sniff out threats in an organisation’s network, effectively turning the router into a sensor and blocker to keep threats away from branch networks.

Read more about network security

“This is about using the network as a sensor,” Goeckeler added. “How do we get information out of the network to find where the most advanced threats are in the world? Perimeter security is important, but it’s not sufficient anymore; there are threats in your infrastructure, so doesn’t it make sense to monitor the interior of the network to find those threats?”

Another is Cisco Defense Orchestrator, a cloud-based tool for security policy automation and orchestration, so on-premises policies can be pushed out across the cloud.

A further addition are Cisco Umbrella Branch and Umbrella Roaming, tools designed to protect branch locations and remote users connected to Cisco’s AnyConnect VPN.

Finally, the company announced Meraki MX Security Appliances with AMP and Threat Grid, which is a cloud-based unified threat management tool.

“There are three ways to think about security and the cloud,” Goeckeler concluded. “Managing security from the cloud, using the ubiquity of the cloud to manage devices and so on; security for the cloud, so protecting applications and workloads that are going to the cloud with the same policies used on-premise; and finally security delivered from the cloud. And Cisco is working across all three models.”

Read more on Network security strategy

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Whether you build in security from the start or not, rethinking your network security is just good practice. It helps keep it relevant to the changing threat landscape while preventing it from becoming a static set of policies and practices.
Baking security into the next gen Internet is, of course, the right approach. Rethinking the entire structure and nature of security is essential. But, as @mcorum notes, that's not the end of our work. Hackers will keep on hacking in the hopes of finding a chink in the wall. And end-users need to be educated and trained.  
I think we will be seeing a lot more articles like this in the immediate future. What we're doing now isn't enough and it isn't working. Many people don't even know how to recognize a network attack and don't know, for instance, that something as innocuous as a printer can become a big part of an attack. (There's actually a good blog about how to recognize the signs of a network attack here: )
--Karen Bannan commenting for IDG and HP