Cisco Unveils a New Security Architecture at CiscoLive

As someone with more than 25 years in the IT industry, I have to give strong kudos to Cisco for putting on a great show this week. CiscoLive is being held in Orlando which is totally appropriate as Cisco has made the event the “magic kingdom” of all things IT. Surrounded by abundant symbols of the “Internet of Everything,” Cisco really presents itself as the one vendor CIOs should look to for the future. Heck, even the tacky dance routine before John Chambers’ keynote featured humanoid women, cyborgs, and a comic book image of 2050 or so. Everything screams a common message; Cicso is perfectly aligned with long term IT strategy.So how does Cisco’s security strategy line up with the “Internet of everything” and future shock? Surprisingly well. I heard some common themes in Chris Young’s keynote presentation on Monday that were supported throughout the event. Henceforth, Cisco security will feature:1. An architectural approach. Cisco security products will be integrated together through common APIs, services, and management consoles to cooperate in policy management, enforcement, and reporting. Even Cisco switches and routers can be included in this architecture, acting as policy enforcement points for blocking malicious IP packets.2. Integrated intelligence. Cisco introduced something called PXgrid which appears to be publish/subscribe-type middleware. Cisco will publish network metrics here which can then be consumed by analytics, SIEM, and risk management systems. Additionally, the Cisco security architecture will be supported by Cisco Security Intelligence Operations (SIO), and recently acquired Cognitive Security for machine learning. These on-premise and cloud intelligence sources can collaborate and provide rich correlated data for anomaly detection, accelerated response, and automated remediation.3. Lots of opportunities for integration and enhanced functionality. Cisco will use CiscoONE and other APIs to open its architecture to partners. The goal? Become a security integration hub and establish a strong partner ecosystem. For example, Cisco is already partnering with several SIEM vendors including HP/ArcSight, LogLogic, and Splunk. Cisco also discussed a future that includes integration with its OnePK which may act as a catalyst for numerous SDN/security use cases.ESG believes that large enterprises can no longer anchor security with point tools and manual processes, so Cisco’s security architecture is certainly well timed. And as always, Cisco security will benefit from the company’s global market presence, security installed base and ubiquitous networking footprint. Nevertheless, Cisco will compete for enterprise security architecture with strong competitors like IBM, McAfee, and RSA Security so its success is far from guaranteed. To win future enterprise deals, Cisco must:1. Compete on best-of-breed products. Yes, an architectural approach is based upon the theory that the whole is stronger than the sum of its parts, but typical CISSPs are conditioned to think in terms of the short-term and best-of-breed point tools. Cisco has to present its architecture on the back of strong individual products that can compete with Check Point, Palo Alto Networks, and Sourcefire. In other words, Cisco has to win in the boardroom and the security trenches.2. Establish air cover. Cisco security marketing has been relatively dormant for the past few years opening the door for other vendors to become security thought leaders. Cisco needs reach and frequency for its security architecture message in order to seed the market and make sales phones ring in San Jose.3. Work on its sales model. Cisco sales people are used to selling multi-million dollar networking deals and then bundling in security products. This was fine in the past but enterprise security architecture sales will be based upon “C-level” discussions, strong project planning, phased implementation, and solid security, risk management, and ROI metrics. It’s likely that Cisco will need a new type of security sales specialist with enterprise software pedigree to pull this off.4. Educate the market. For every CISO who understands the need for an enterprise security architecture, there are another 10 who don’t. Cisco (and other vendors) need to invest resources to educate the market. Security is a sober topic based upon facts rather than whiz-bang marketing. Cisco needs to treat it as such.Cisco hasn’t been the bell of the security ball for a number of years so it has a lot of work ahead once the magic of CiscoLive ends. True, but enterprise security architecture is a burgeoning transition with no clear technology or thought leaders. If John Chambers and Co. can introduce a few competitive products, educate the market and focus its vast distribution resources on selling enterprise security architecture, Cisco may bounce back in a big way.