• United States



Contributing Writer

Grading Cisco Cybersecurity after CiscoLive

Jun 12, 20154 mins
Cisco SystemsCybercrimeData and Information Security

Company showcased its rich product portfolio and strong cybersecurity commitment at CiscoLive. Great start but plenty of work ahead.

In anticipation of CiscoLive in San Diego, I posted a blog last week describing my thoughts on Cisco’s cybersecurity portfolio.  After attending the event this week, I’m ready to further elaborate on these opinions by grading Cisco Cybersecurity in a number of areas:

  • Cybersecurity commitment, A.  A few years ago, many people believed that Cisco was in the security market in order to bundle firewalls into big switching and routing deals.  This cynical attitude was a stretch back then but it is an absolute fallacy today.  Cisco is actively developing products and security architectures, hiring talent, building its security services prowess, and even actively working with partners like Arbor Networks, Lancope, Radware, and Splunk.  John Chambers publicly stated his goal of making Cisco “#1 in cybersecurity and embedding security everywhere,” in his keynote speech, while incoming CEO Chuck Robbins mentioned that he has asked Chambers to remain active in overseeing the cybersecurity business unit.  Cisco is also linking cybersecurity products, services, and skills with its work with large customers on disruptive Internet of Everything (IoE) applications.  All-in-all, Cisco exhibited a passion for cybersecurity that belies its historical position.
  • Cybersecurity products, B+.  Cisco is quite competitive just about everywhere it plays, and has leading products in areas like data center firewalls, advanced malware detection/prevention (AMD/P) for endpoints, and of course Sourcefire IDS/IPS.  Nevertheless, it still has some work ahead in order to gain market acceptance for some of its new product revisions and architectures.  Cisco must remember that it faces strong competitors like FireEye, Fortinet, IBM, Juniper, and Palo Alto across all of its products so it will need to use its resources and make sure its products remain on par or ahead at all times. 
  • Cybersecurity services, A-.  Cisco infosec professional and managed services are far more extensive than most people believe and the company continues to invest heavily in acquisitions (like Neohapsis), recruiting, and training.  The company is also rolling out some strong managed services for advanced threat defense that should gain traction in the market.  The only knock of Cisco cybersecurity services is its lack of market visibility.  Cisco marketing needs to step up with a dedicated air cover campaign to make sure that its cybersecurity services become much more familiar to CEOs, CIOs, CISOs, corporate boards, and cybersecurity professionals working in the trenches.
  • Cybersecurity architectures, B.  Cisco is on the right path here with cybersecurity architectures like its security services architecture (SSA) and the combination of ISE/pxGrid/TrustSec.  The issues here are immaturity and market confusion.  SSA is somewhat new and Cisco still needs to work on articulating a clear description to a skeptical customer base, quick to equate Cisco with a proprietary agenda.  Similarly, Cisco needs to flex some market muscle on ISE/pxGrid/TrustSec market education while bridging the gap between security, networking, and IT operations folks by pushing mutually-beneficial architectural benefits.  Finally, Cisco has to make sure that customers aren’t overwhelmed by the intersections between cybersecurity and various additional architectures like ACI.  Cisco’s technology development heavy lifting is fairly complete, but massive market conditioning work remains.
  • Cisco Cybersecurity marketing, B-.  This grade is probably self-evident and may be a bit generous based on my previous comments but allow me to elaborate a bit.  First, Cisco must remember that its customers have long memories.  So while Cisco FireAMP is a strong endpoint security product, some customers will disregard it outright based upon their experiences with the Cisco Security Agent (CSA, Okena).  Cisco needs to change minds here.  Second, Cisco needs to educate and convince the market with regard to its security architectures by pushing reference implementations, proof-points, and implementation guides.  And like all other cybersecurity vendors, Cisco needs more emphasis on vertical industry cybersecurity solutions.  Finally, Cisco has to shift its marketing tactics from FUD to true cybersecurity thought leadership applicable for boardroom and grassroots discussions.  In other words, Cisco should challenge the cybersecurity market with innovative ideas rather than tired scare tactic clichés in order to move the entire cybersecurity community beyond the status quo.  A lofty goal, but Cisco has the resources and skills to pull this off. 

I would be remiss if I didn’t end this blog by giving Cisco an A+ on CiscoLive.  The event was worthwhile as it helped get me up to speed on Cisco cybersecurity products, services, and strategy.  Furthermore, the Cisco management team – all the way up to John Chambers and Chuck Robbins – were accessible and truly engaged with analysts, customers, and the press.  Oh yeah, as an old Boston rockah (intentional misspelling for local emphasis), Aerosmith was a fantastic bonus!

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author