Innovation spiral: How Cisco navigates escalating security threats for the enterprise
In the 1960s, the Cuban cartoonist Antonio Prohías wrote a comic strip for Mad magazine called “Spy vs. Spy.” It featured one character dressed in white and one in black who were continually at war with each other, inflicting harm and alternating between victory and defeat.
At the time, Prohías’ cartoon was a commentary on the Cold War, but it could well serve as a metaphor for the current state of the information-security world today. Hackers break into systems and then security professionals strike back to reclaim lost data and improve defenses using new technologies. The cycle is ongoing as the threats multiply in scale.
In its role as one of the largest networking companies in the world, Cisco Systems Inc. finds itself playing an increasingly significant role in computer security. Its position was amplified during the firm’s Cisco Live gathering in Barcelona last week as a number of security-related announcements were made, which, in aggregate, highlighted the “spy vs. spy” climate that has infused the enterprise security world.
“It’s kind of an innovation spiral,” TK Keanini, distinguished engineer and product line chief technology officer for analytics at Cisco, said during an interview with theCUBE, SiliconANGLE’s mobile livestreaming studio, at Cisco Live. “We innovate, we make it harder for them, and then they innovate and make it harder for us. On Monday, we’re safe. On Tuesday, we’re not. And on Wednesday, it switches again.” (* Disclosure below.)
Here’s the video interview with Keanini:
Tracking suspicious behavior
What is Cisco’s answer to security’s innovation spiral? Based on several of the company’s recent announcements, behavioral analysis will be key.
At its event in Barcelona, Cisco rolled out a security architecture for industrial internet of things clients that included new software branded as Cisco Cyber Vision. When combined with the firm’s Edge Intelligence software, the goal is to provide anomaly detection and real-time monitoring in IIoT environments.
Cisco’s security architecture is built to understand what normal traffic in an industrial environment should look like and which behaviors should be categorized as suspicious. If a server suddenly starts communicating with a computer in another country, machine intelligence will trigger an alert.
“We just have to invent new ways of detecting,” Keanini said. “Direct inspection is a thing of the past; we just can’t depend on it anymore. We have to have tools of inference, and it’s given rise to a lot of innovation in behavioral science.”
Integration of Stealthwatch
Cisco has been applying behavioral analysis in its use of another key product: Stealthwatch. Using machine learning and behavioral modeling, Stealthwatch provides a visibility and network traffic analytics solution for threat detection and response.
In November, Cisco integrated Stealthwatch across its security portfolio and included new cloud protection capabilities for the internet gateway. Device behavior matters and Cisco is clearly targeting this area for its customers, including one unnamed financial institution.
“We were able to identify rogue DNS servers, unsecured telnet going on, SQL injections, all within 30 minutes of us coming in there and taking a look,” recalled Kyle Michael Winters, technical marketing engineer of CXTechnology & Transformation Group at Cisco, during his interview with theCUBE. “We’re able to profile different devices based on the nature of their behavior.”
Here’s the interview with Winters, along with Ken O’Reilly, Cisco’s director of customer experience:
Protection for DNS
In addition to behavioral modeling, Cisco is also training its security strategy on a critical part of the computer world: Domain Name System. It’s basically the backbone of the internet, a complex system of domain names linked to IP addresses that users rely on to navigate the web.
DNS vulnerability is a somewhat overlooked yet highly important element in the security picture because false DNS records are what allow malicious actors to create fake websites and propagate malware. DNS hijacking continues to be a challenging issue within the security community.
In April, Cisco Talos uncovered “Sea Turtle,” a new state-sponsored cyber threat campaign designed to manipulate DNS systems. And last month, cybersecurity expert Brian Krebs warned that nearly 80% of the largest organizations in the world remain at risk due to lack of a Registry Lock Protocol, which prevents one registrar from arbitrarily transferring a domain.
Cisco has been addressing DNS security through its Umbrella solution, which proactively prevents connections to malicious sites at the DNS layer. Last year, Cisco integrated its Viptela-powered SD-WAN technology with Umbrella to strengthen network security from the cloud.
“With Umbrella, we’re going beyond DNS and taking multiple security services and bringing them into a single cloud platform,” said Meg Diaz, manager of product marketing for the Security Business Group at Cisco, during an interview with theCUBE. “That’s where you’re seeing the market going.”
Here’s the interview with Diaz:
The market is also moving in the direction of a programmable infrastructure driven by software, a central element of Cisco’s evolving strategy. With the 2014 launch of DevNet, Cisco’s developer network, components can be programmed and applications are integrated to change a wide range of enterprise functions, including security.
“It’s not about a single pane of glass anymore,” Keanini said. “It’s Stealthwatch as code, your router as code. DevNet is basically Cisco as code, and it’s beautiful.”
Umbrella offers an example of Cisco’s programmable approach to security. It allows users to employ a number of application programming interfaces to perform security functions without having to configure a dashboard or console.
By leveraging Umbrella APIs, customers can create custom integrations between in-house systems and a cloud-delivered security service.
“We have a network device API to make it easy to integrate a number of different devices that you have to Umbrella,” Diaz explained. “Even with all the intelligence behind Umbrella, we make it available through our Investigate API. A lot of organizations use that to enrich their subscriber identity module or threat intelligence platform.”
Despite building its own sizable security business, Cisco has also partnered with other key players in the technology world on security. In 2017, the company announced a partnership with IBM Corp. to integrate its security suite with IBM’s QRadar security analytics platform.
Since then, the two companies have collaborated on an encompassing solution that combines Cisco’s networking security tools with IBM’s storage solutions to protect critical data.
“It’s a holistic strategy for the end user,” said Eric Herzog, chief marketing officer and vice president of worldwide storage channels for IBM’s Storage Division, during an interview with theCUBE. “Network security is semi thought about; storage security is almost never thought about. We give you a whole strategy that’s going to work and bring the data back.”
Here’s the interview with Herzog:
In a blog post for Cisco last year, Keanini noted that the only thing more important than the right answer is the right question. And in this “spy vs. spy” game of protecting networks against hostile adversaries, the question must be asked: Is this an impossible task?
“The adversary is talented, patient and well-funded,” Keanini said. “Is it impossible? No. Can we make it harder for them? Yes.”
There’s much more of SiliconANGLE’s and theCUBE’s coverage of the Cisco Live event here. (* Disclosure: Cisco sponsored these segments of theCUBE. Neither Cisco nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Photo: Cisco Live Europe
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.