By combining its network visibility and breadth of integrated products, Cisco aims to make it simple for distributed and mobile businesses to deploy effective security while reducing the complexity required to manage it.
Digital transformation. It's a reality that few companies today can escape. For some, the process is well underway. For many others, it's an oncoming inevitability. Whichever side of the gap your organization is on, you're probably facing a "security effectiveness gap" as the process brings more users, devices and applications online, creating an ever-expanding attack surface.
CIO June/July 2016 issue
CIO June/July 2016 Digital Magazine: These CIOs mean business
Cover story: this year’s CIO 100 honorees are serious about winning customers and driving revenue.
Cisco today moved to close that gap with an architectural approach to services and cloud-based security solutions that it says will make security more effective and simpler for customers.
"The problem we're trying to address is helping our customers to close the security gap," says Ben Monroe, senior product marketing manager, Security Business, Cisco. "There's a disparity between what our customers are trying to do, the tools they're being provided with to do it and the challenges the external threat landscape is pushing onto them."
More security products make you vulnerable
Companies today are deploying up to 70 disparate security products to address a variety of needs, Monroe says. But that practice is difficult to manage and can ultimately make businesses more vulnerable, not less. In many cases, he notes, adding a new feature to your layered defense can dramatically increase the complexity of managing that defense.
"It's very hard to tell customers that a layered approach is important when each of those layers is operating independently — different operating consoles, interfaces, not sharing data," he says. "When a customer adds a new product, they are gaining sometimes not very much more in terms of security capability, a small percentage point more effectiveness, whereas the complexity they're adding is exponential."
By combining its network visibility and breadth of integrated products, Cisco aims to make it simple for distributed and mobile businesses to deploy effective security where needed — whether at the branch office, headquarters or with the end user wherever they go. Cisco's approach is to embed security into the points of connection that users traverse so that the network, access points or endpoints are safe before a user even logs on.
Cisco announced the following solutions and services today:
- Cisco Umbrella Roaming. This centralized, cloud-delivered protection is designed for removing off-network blind spots, guarding roaming employees wherever they work. It's embedded as a module with AnyConnect (Cisco's VPN solution), giving organizations the capability to add a new layer of off-network protection that blocks connections to malicious sites without needing to deploy another agent.
- Cisco Umbrella Branch. This cloud-delivered solution provides increased control over guest Wi-Fi use with content filtering. Businesses can upgrade Integrated Services Routers (ISR) to provide comprehensive security at branch locations.
- Cisco Defense Orchestrator. This cloud-based management application provides the capability to manage a large security infrastructure and policies in distributed locations across thousands of devices through a cloud-based console. Monroe says it allows users to manage security policies across Cisco security products ranging from ASA and ASAv firewalls to Firepower next-generation firewalls and ASA with FirePOWER Services featuring Firepower Threat Defense and OpenDNS.
- Cisco Meraki MX Security Appliances with Advanced Malware Protection (AMP) and Threat Grid. This cloud-managed unified threat management (UMT) solution is designed for advanced threat protection for the distributed enterprise. It provides branch offices with malware protection that checks files against its cloud database to identify malicious content, blocking the files before users download them.
- Stealthwatch Learning Networks License. This component allows the Cisco ISR to act as a security sensor and enforcer for branch threat protection. Businesses can use it to detect and track anomalies in network traffic, analyze suspicious network activity and identify malicious traffic.
Cisco also announced Cisco Security Services for Digital Transformation, a Cisco service that helps organizations examine core security fundamentals with an eye toward their readiness to adopt digital technologies. Through the service, expert advisers can recommend security strategies and provide tailored solutions based on industry trends and an organization's business needs.
"Not every organization is going to have an IT or security group with the number of resources needed to plan, execute and manage digital transformation," Monroe says, noting that Cisco aims to provide an easy-to-consume service that provides the necessary gap analysis and 24/7 maintenance, monitoring and optimization.
Cisco is also relying on its channel partners to play a strategic role in helping its customers build and manage their security infrastructures. The company says the new security offerings will help channel partners design simple, open and automated solutions for their customers, opening up new service opportunities for partners to manage customers' security services and tap into recurring revenues.