Skip Links

The Cisco security directive

By , Network World
June 05, 2012 04:56 PM ET
Chris Young

Page 5 of 5

You mentioned virtualized workloads and data centers, and given your history with VMware you're a perfect person to ask this question. It seems increasingly likely that all the security guys have to play nice with VMware. What kind of control do they have and what do you know about their security ambitions?

VMware, because of their increasing ubiquity in the infrastructure is, I would say, daily becoming more and more important as part of the security model. Just like servers used to be the front and center part of the infrastructure, now the VMware layer is taking that. And as VMware becomes more ubiquitous, I think their importance to security is increasing.

But we've been able to work with them at the switching layer with the Nexus 1000V to bring our zoning capabilities. And you'll see us bring more of our ASA firewall capability to that virtual machine layer over the course of the next couple of months. And you'll see us do more in the security virtualization area, primarily as it relates to protecting individual workloads and bringing policy-based enforcement.

Coming down to the end here, let's go back to the big picture. Any gaps in the Cisco security portfolio you have to fill?

In security new gaps are always being created. There will never be a static model. We're never done, right? Even in physical security, people still rob banks. We haven't even perfected that security model. We don't spend a lot of time thinking about it, but most of what happens in the cyber world is just a reflection of what happens in our physical world. It's just things move faster and the scale can be bigger, and therefore, we have to think a little bit differently about that model.

So to answer your question about gaps, there's consistently going to be new areas where we have to bring new threat intelligence capabilities. If we find superior solutions out in the marketplace that customers really want, obviously we'll follow the Cisco process and bring things onboard where they make sense. But, for the most part, I think we have a very strong portfolio and I'm getting a lot of great feedback on the announcements we have made, in particular our context-aware firewall and the uptake we're seeing in our Identity Services Engine and the relevance of that model to BYOD. And so I feel very good about where our portfolio is today.

Maybe we could close with your thoughts on an ancillary subject, the security of the national infrastructure. Have you, as a company, examined the problem?

We work closely with a lot of public sector entities around making sure the network infrastructure is resilient, is secure. That's a big area of focus, and we're working with public sector players in countries around the world. So it's a big part of what we do, a big part of what we see as our responsibility. Our networks are such an important part of our lives in many ways, so we take that responsibility very seriously.

Do you have a sense of how vulnerable the nation's critical infrastructure is?

I've been in security for a long time now. I've never been a naysayer about the level of security. I mean, think about all the great things we can do today, leveraging the power of the network. Most people transact online, and that's in our personal lives as well as in our enterprise lives. Transactions flow throughout the network on a daily basis between and among institutions. We couldn't do all of that if our security bar hasn't been consistently raised along the way. So while there are risks and while there's always more security that is necessary, we live our lives digitally today and are able to do so in a relatively safe and secure manner. None of us are resting on our laurels, but there's no reason for panic either.

So the sky isn't falling?

No, not at all. In fact, I think people should be encouraged by all the things that we can do as individuals, as organizations, because that's only been enabled by the security model that's grown up along with the network and the infrastructure that's out there.

The country, thought, seems to be dragging its heels on the national infrastructure stuff and won't get serious about it until something bad happens.

There are always examples of places where you can improve. What I will say is there's a lot of activity that people aren't able to talk about that is part of protecting national infrastructure. For critical infrastructure, there's a lot more intelligence and monitoring that goes on behind the scenes that would enable governments or quasi-governmental entities to actually take action if they saw attacks happening. It doesn't mean that targeted attacks don't happen. Like we talked about physical virtual world, espionage happens in physical worlds and espionage can happen in the digital world as well, but I don't think national infrastructure is as vulnerable as it might seem on its face. [Also see: "Researchers identify Stuxnet-like cyberespionage malware called 'Flame'"]

Good to hear. Anything else that we didn't touch on that you think is important?

The one thought I would leave you with is that, the days of IT handing you a device with all the security agents and controls in place is changing rapidly. Application access is changing, and even the structure of our applications is changing. Data is everywhere. But the one constant in all this is the network. And this is one of the reasons why, for me, coming to Cisco was a really compelling, because I think Cisco is really at a nexus point of being able to provide an integrated security model in a way that can really move the bar a lot higher and provide security in an integrated way.

Read more about security in Network World's Security section.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News