Cisco, FireEye Announcements: A Microcosm of the Enterprise Cybersecurity Market

Just as the leaves started to turn here in New England, I headed out to Silicon Valley last week to present at an IT event. While I was in California, there were two announcements that illustrate the state of the cybersecurity industry.

First, Cisco Systems announced a milestone with its announcement of Cisco ASA with FirePOWER services. This is a first step toward integrating the best of the Sourcefire next-generation IDS/IPS with the best of Cisco’s NGFW. It also moves beyond NGFW basics like application and user controls by adding “threat-focused” functionality for preventing, detecting, and responding to advanced malware.

This announcement should please shareholders as it demonstrates that Cisco is managing the merger and executing on an integration plan. Beyond Wall Street, however, Cisco’s announcement is much more important as it really responds to market requirements. 

In a recent survey, ESG asked enterprise security professionals to define the most compelling features of a next-generation firewall (note:  I am an ESG employee).

• 47% said, “consolidation of multiple security services into a single system”
• 37% said, “advanced network security analytics capabilities”
• 35% said, “advanced malware detection capabilities with static and dynamic malware inspection”

So with its announcement, Cisco is addressing all of these areas; namely integration, analytics, and advance malware detection – the exact features that users want. Others like CheckPoint, Fortinet, McAfee, and Palo Alto are following the same game plan.

In another announcement last week, FireEye announced “FireEye as a Service,” and FireEye Advanced Threat Intelligence. Why the services play from a product company? While all organizations need better advanced anti-malware detection and response technologies, many don’t have the right skills to use them effectively. In fact, ESG research indicates that 25% of organizations have a current “problematic shortage” of IT security skills – especially in high-IQ areas like security analytics. FireEye is combining its technology and sophisticated skill set to bridge this gap. FireEye can also add threat intelligence so its customers can utilize “in-the-wild” information to strengthen their defenses against targeted attacks.

The Cisco and FireEye announcements are a microcosm of what’s happening in cybersecurity. Large organizations are abandoning individual point tools in favor of integrated cybersecurity technology architectures – exactly why Cisco bought Sourcefire and is now bringing the best of both companies together. Aside from technology alone, CISOs also need to supplement internal infosec resources with the right skills. FireEye is now addressing this.

These trends are not a secret – other vendors including HP, IBM, RSA, and Symantec have their own plans for integrated security technology architecture and managed/professional services. This may be the market direction but it’s important to note that the move toward integrated security architecture and managed services represents a major cybersecurity transition for enterprise organizations. Vendors who can guide customers through this evolution with the right project plans, reference architectures, and industry-specific implementation guidelines will put themselves in the best position.