Cisco’s Lancope acquisition aims to improve network security from the inside out

Enterprise IT has gone through many major shifts over the past several decades. The industry currently sits in the midst of another major transformation as more and more businesses are striving to become digital organizations. The building blocks of the digital era are technologies like cloud computing, mobility, virtualization, and software defined networking, which are significantly different than legacy technologies.

But what about security? In addition to new IT tools and processes, businesses need to think about how to secure the digital enterprise. While the technologies listed above allow us to work and serve customers in ways we never could before, they also create new security vulnerabilities.

Security used to be fairly straightforward, as there was a single ingress/egress point in the company network. Protect the Internet connection and odds are the business would be secured. 

Today, the security challenge is significantly more difficult. Wi-Fi, BYOD, cloud computing, and other trends have increased the number of attack surfaces by at least an order of magnitude. Cybercriminals are smart enough to know that penetrating a firewall is extremely difficult, so it’s much easier to breach the network from the inside, through a phishing attack or some sort of persistent threat brought in through an infected mobile device.

As good as perimeter security is, it does nothing to find threats that are emanating from inside the network. To solve this challenge, Cisco has been positioning the network as both a security sensor and an enforcer to detect and remediate threats.

To strengthen its position in security, this week the company announced it is acquiring Lancope for $425 million. Cisco has a long history with Lancope, as the two companies have had a strategic partnership for a number of years. Lancope’s flagship product, StealthWatch, gives businesses unparalleled visibility into what’s happening on the network and the analytics to help quickly identify the threats that need to be removed from the environment.

Lancope’s visibility and analytics capabilities are keys to the network becoming a sensor and enforcer. If the business understands what normal traffic looks like on the network, then any anomaly could indicate a possible breach. It might not be, but it’s certainly worth investigating.

For example, take an organization that has a disgruntled employee. When an employee leaves the organization, he or she may decide to download the entire customer database to a USB stick to bring to the new employer. In this case, the organization could have over-engineered perimeter security, but since this traffic isn’t going through the perimeter, those security tools won’t be able to catch it.

However, if the organization is running StealthWatch, the anomalous traffic patterns would be identified, the offender’s computer quarantined, and the security team able to investigate the cause of the strange traffic patterns. The faster this is done, the smaller the blast radius of the breach.

Because of Cisco’s dominant share in network infrastructure, the company has an opportunity to deliver on the vision of the network being a sensor and enforcer. Lancope brings advanced analytics and visibility, bolstering Cisco’s ability to find and eliminate internal threats.