Consolidate your security vendors, urges Cisco
By Goh Thean Eu March 15, 2016
- Expects enterprises to reduce the number of security vendors
- Top security tip: Go back to basics, upgrade infrastructure
NETWORKING gear-maker Cisco Systems Inc expects enterprises and companies to consolidate the number of security vendors they use, as IT security becomes increasingly harder to manage.
“The major thing that is taking place right now is the level of complexity customers are struggling with, based on the ‘best of breed’ security approach or strategy,” says Stephen Dane, managing director of Cisco’s Global Security Sales Organisation in Asia Pacific and Japan.
“It is becoming a challenge with the level of threats and increasing number of attacks that are taking place today,” he adds, speaking to Digital News Asia (DNA) on the sidelines of the Cisco Live convention in Melbourne last week.
Currently, many enterprises are working with various vendors for different security needs. For example, they may appoint one vendor for malware protection, and another for its firewall solutions.
“Enterprises have multiple vendors offering the defence mechanism,” says Dane. “It is very difficult for them to operationalise and react to the defence themselves.”
“Adding another point product to the environment doesn’t really solve the problem – in fact, it makes it worse because it potentially creates gaps,” he adds.
READ ALSO: Automated security is now a reality
The platform approach
Cisco believes that the key is to simplify its customers’ complex infrastructure by providing them with security solutions via a platform-based approach.
“When we say platform, we mean that we are able to take advance malware production software, the next-generation intrusion prevention system (IPS) and firewall, and put them all into one box,” declares Dane (pic).
The company recently released its new FirePOWER threat defence, which currently comes in two form factors: The FirePOWER 9300 is targeted at service providers and large data centres; then there is a smaller box called FirePOWER 4100.
Dane argues that having various functionalities in one box will help enterprises get better visibility into, and control of, their security infrastructure.
“The new box combines IPS, malware protection and a firewall. It also comes with URL filtering and provides applications visibility and control.
“It has a single management interface so users can use one FireSIGHT Management Console to operate the firewall, IPS and other [features],” he adds.
The one-vendor approach
Despite the need to simplify, Dane is quick to add that it does not mean that enterprises should look at a one-vendor approach.
“There is no way one vendor will be able to do everything. What we are saying is, you can consolidate certain elements,” he says.
“You can actually correlate threat intelligence that we gather from the end-point and network to share information, and therefore be able to give customers a better chance to see something and do something about it,” he adds.
Dane advises companies to understand what assets they have, and which are the most critical to their business. They then need to prioritise protecting those data assets.
Cisco’s security solutions work well with its own networking equipment including switches and routers, and are able to give customers visibility into their network traffic.
“Within the local area network (LAN), we have the ability to take netflow data, and to do some benchmarking on that data,” says Dane.
“We also collect netflow data from the switching environment, routers and unified communications system (UCS) servers.
“We have an analytical tool that looks at all the traffic and collects multiple flows, and then creates a benchmark of what the traffic should look like.
“When it sees spikes in traffic or anomalies that shouldn’t take place, it will alert users,” he adds.
Top security mistakes
Meanwhile, there are some common mistakes that enterprises continue to make when it comes to security, laments Dane, who has more than 20 years’ experience in the ICT industry.
“There’s so much to do in the security space and we have to start with the infrastructure. There is a lot of aging infrastructure out there,” he says.
These include “browsers that are out of data, operating systems that haven’t been patched, or network infrastructure that hasn’t been updated. These are the easiest points of entry from an attacker’s perspective.
“So my message is: Start with the basics and upgrade your infrastructure because there’s constant vulnerability found in these areas.
“What you need to do is to make it as hard as possible for any attacker to get access to your organisation. If you make it easy, you are going to get hit badly. If you make it hard, it doesn’t stop attackers from gaining access if they are persistent, but it does reduce the attack surfaces,” he adds.
Goh Thean Eu reports from Cisco Live in Melbourne at the invitation of Cisco Systems. All editorials are independent.
Previous Instalment: Digital transformation not about ROI: Cisco exec
Cisco boosts security appliance with advanced malware protection
The six domains of network security, and fighting IT
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.