It wasn't too long ago that Cisco was a dominant force in information security technology. The company was a market leader in firewalls, IDS/IPS, and email security and was actively pushing products for endpoint security and SIEM as well as security "blades" for Catalyst switches. Heck, Cisco even articulated a bold vision of "self-defending networks" with security policy, enforcement, and intelligence all baked into the network.
Somewhere around 2008 however, Cisco security went into a prolonged slump. Cisco security products didn't offer the performance of rivals like Crossbeam (now Blue Coat), Juniper, or McAfee. Cisco missed markets like next-generation firewalls, opening the door for savvy startups like FireEye, Palo Alto Networks, and Stonesoft. Cisco products such as the Cisco Security Agent (Okena) and MARS (Protego) were abject failures and discontinued by the company. Finally, Cisco's security team itself imploded as management and engineering leaders fled San Jose for greener valley pastures.
Cisco recognized its cybersecurity death spiral and began executing on a comeback strategy around 2011, building a new team, innovating, and acquiring a market leader in Sourcefire. Based upon what I saw the week at CiscoLive, I believe that the company has turned a corner. Cisco can now return to a leadership role in enterprise security technology because:
1. Its security architecture is just about ready for primetime. Cisco deserves kudos for the way it integrated Sourcefire products and people into its security division. For example, Cisco has a "FireAMP everywhere" strategy that will place advanced malware detection technology on Cisco email and web security products and various endpoint devices. Additionally, Cisco is actively filling architecture holes with acquisitions like ThreatGRID for network and cloud "sandboxing" to detect malware threats. Finally, Cisco has momentum in other areas like TrustSec and ISE. Its soon-to-be-released pxGrid completes these granular network access control offerings with a middleware repository for publish-and-subscribe data about endpoints and users. All of the puzzle pieces are in place today or arriving soon.
2. Cisco is investing in services. New security requirements are challenging to all organizations - even those with deep security skills and resources. Cisco recognizes this gap and is building a global services organization to offer help. As of now the professional services staff is relatively small but it is highly-skilled and growing. In the meantime, Cisco is also jumping into the managed security services market with both feet. For example, it now offers a big data security analytics managed service for incident detection, investigations, and forensics. While Cisco uses a physical Hadoop cluster on the customer premise, the service is fully managed by Cisco security analysts and customers pay for it on an annual subscription basis. Cisco will continue to expand upon managed security solutions moving forward.
3. Cisco is well positioned to align security with IT transformation. As a large IT provider, Cisco is in the middle of numerous IT initiatives around cloud computing, data center transformation, mobile computing, and the Internet of Things (IoT). This gives Cisco a great opportunity to integrate its security portfolio everywhere. For example, Cisco can work with large customers to add Application-Centric Infrastructure (ACI) functionality to their data center networks. Once customers are comfortable with Cisco's software-based network control for configuration, provisioning, and segmentation, Cisco can introduce a host of L4-7 security functionality as part of an overall transformation project. Given its role in these other ongoing IT initiatives, Cisco has a clear advantage over pure-play security technology vendors.
Aside from these advances, Cisco also (author's comment: Finally!) created an overlay salesforce focused on security sales alone. This could give Cisco the right skill set to sell security architecture technologies and services at the CISO level.
In my humble opinion, Cisco is moving in the right direction and the company certainly has the resources to continue to acquire point products and invest in its organization. That said, Cisco still has some work ahead. To continue on the comeback trail, Cisco must:
1. Compete at the product and solution layer. CISOs want to build enterprise security architectures, but this transition will take time as point tools are replaced with new security technology components built for integration. This means that vendors will need best-of-breed tactical products, integration middleware, and project management skills to build an architecture over time. As a networking vendor, Cisco doesn't have much street credibility in areas like endpoint security, middleware, or security analytics - especially since it walked away from some of these areas over the last few years, hanging some of its customers out to dry. Cisco's done a lot of work on the product side, now it must convince the market that it offers leading architectural and services skills for the long-term. Finally, Cisco needs to be able to work at the CISO level on detailed security architecture implementation plans that fit their security, financial, and industry needs.
2. Play the "open" card. Those of us with grey hair remember Cisco's "embrace and extend" attitude toward industry standards. Cisco was onboard as long as it controlled the standard, tweaked them for its own feature set, and maintained proprietary ownership of the code. Surprisingly, Cisco has become much more flexible about opening up its security software strategy. For example, Cisco's acquisition of Sourcefire made the company the steward of SNORT and ClamAV and it continues to encourage and support each community. Cisco's big data security analytics services is based upon open source tools like Hadoop, MapR, and Mahout that can be customized by customers with open source tools. Finally, Cisco is an active member of the Trusted Computing Group (TCG) and is working to align its pxGrid with future plans for IF-MAP. Cisco could greatly benefit by going further and becoming a visible champion of open security standards henceforth. To do so, Cisco should promote promoting standards, become a visible contributor to open source projects, trumpet the community benefits of open security standards, and encourage other vendors to join in.
3. Deliver a real security management portal. Cisco's Achilles heel has always been management software that was too complex, required too many management consoles, and was geared toward CCIEs with CLI chops. This simply won't fly for an integrated enterprise security architecture. Without a simple but powerful GUI-based management portal for central command-and-control, Cisco product and architecture progress will all go for naught.
Cisco still faces real competition as FireEye, IBM, McAfee, Palo Alto Networks, and Trend Micro are building their own enterprise security architectures that span networks and endpoints. Others like HP and Symantec could easily acquire their way in. To truly succeed, Cisco must remain humble, execute flawlessly, and continue to recruit top talent. A difficult but achievable strategy.