Cisco Cybersecurity Renaissance and Opportunity

A few short years ago Cisco was deep in the cybersecurity doldrums. In spite of years of market leadership with products like Cisco PIX firewalls, IronPort (email security) and IDS/IPS blades on Catalyst switches, the company seemed to have squandered its enviable market position. Alas, Cisco had swung and missed on security management (MARS) and endpoint (Okena) and had fallen behind companies like Fortinet, Juniper, and Palo Alto in its own network security backyard.

There was no question that Cisco needed to make a bold move to stay relevant, and to its credit, the company did just that. In 2013, Cisco scooped up Sourcefire and did a good job of blending the two companies, retaining key employees, and maintaining the goodwill of the open source SNORT community. 

Yup, Sourcefire was just what the proverbial doctor ordered for Cisco, and the company has executed pretty well since the acquisition by integrating FirePOWER with its ASA firewall portfolio to create a very competitive network security offering, and jumping into endpoint security with FireAMP. Since the Sourcefire deal, Cisco made a few other key cybersecurity moves like creating a security services group under Bryan Palma, and purchasing other cybersecurity assets such as ThreatGRID for security intelligence/malware analysis, and Neohapsis to bolster its security services resources. 

Fast forward to 2015 and Cisco is again well-positioned in network and enterprise security. And while Cisco was getting its own house in order, the cybersecurity market started booming on the back of a constant stream of data breaches at organizations like Target, JPMC, Sony Pictures, Anthem, and even a U.S. government breach announced yesterday. 

So Cisco seems to be sitting pretty and the growing cybersecurity market is there for the taking. Great position, but in order to take the next step in its cybersecurity comeback and capitalize on market opportunities, Cisco must:

• Make sure its cybersecurity products can stand on their own. Cisco security used to ride shotgun on top of its networking products, making it easy for the company to win deals. Over the past few years, however, CISOs have been given more purchasing authority for network security products, opening the door for firms like Blue Coat, FireEye, Intel Security, and PAN to elbow their way in. Additionally, cloud-based alternatives like Proofpoint and Zscaler are also encroaching on Cisco’s historical turf. Yes, Cisco networking will still give its security products a seat at the RFI/RFP table, but Cisco cybersecurity sales and marketing must be able to demonstrate that its products are be best-in-class – as scalable, high-performing, and feature-rich as anyone else. Cisco also needs to double down on SaaS-based managed services to profit from current and future MSSP momentum. 
• Educate and support the market on its network security architectures. Cisco has a great set of offerings for endpoint profiling, network access control, network identity management, and policy enforcement with technologies like AnyConnect, ISE, pxGrid, and TrustSec. Unfortunately, many customers don’t know about this architecture or remain confused, often turning to others like ForeScout, Great Bay Software, and Tanium to fill gaps. To some extent, Cisco is just another prisoner of the cacophony of cybersecurity market noise and end-user confusion regarding next-generation cybersecurity solutions. Nevertheless, Cisco needs to dedicate ample resources to educate the market about its cybersecurity architectures, supplementing awareness campaigns with reference architectures, case studies, and professional services. 
• Establish a leadership position in cloud/virtual security. When VMware was on fire with ESX, Cisco shrewdly introduced the Nexus 1000V and grabbed a fair share of the virtual switching market. Great marketing move, but many organizations never really figured out how to take advantage of virtual switching capabilities. As network security technologies like firewalls, IDS/IPS, network segmentation controls, and WAF become virtual network security services, Cisco needs to push its way into the market AND teach its customers how to fish. Oh, and Cisco needs to do this across ACI, NSX, OpenStack, and cloud providers like Amazon, Google, and Microsoft Azure. 
• Build an industry-leading partner ecosystem based upon openness. To be fair, Cisco does have a partner ecosystem and visible partners like AirWatch, Citrix, HP, Lancope, and Splunk. That said, Cisco partners are often pigeon-holed into product categories, giving the impression that they take a back seat to Cisco proprietary initiatives. Cisco needs a visible ecosystem based upon things like open source (i.e. Netflix’s FIDO, SNORT), industry standards (i.e. STIX/TAXII), and Cisco integration technologies like ACI and pxGrid. Cisco was careful not to upset the SNORT apple cart when it acquired Sourcefire. The company should build upon this by becoming the cheerleader for openness in cybersecurity. This could be beneficial to Cisco and the entire cybersecurity community at large.

Finally, Cisco should build Bryan Palma’s professional services organization to help its customers consume, optimize, and operate a new wave of complex cybersecurity technologies. Lord knows they need the help. 

I’ll be attending Cisco Live next week and will carefully assess where Cisco stands in each of these areas. Look for a future blog where I report back on what I learned.