Cisco’s David Goeckler Software on how proliferation of security point products can be reduced with upgrades.
Cisco’s security chief says that, Cisco has bought their security vendors very aggressively and they worked into existing Cisco gear on integrating their software production, making more secured, flexible network and simpler.
David Goeckeler, senior vice president and general manager of Cisco’s Security Business says, “the customers we talk to have around 50-60 different vendors in their network who delivers their security postures. According to him, “What is happening in the industry is just the complexity of managing all different products and it is overwhelming their effectiveness”.
Cisco is making new security features which is available as software and it is done to beat back that complexity. The software can be deployed easily on existing devices like Cisco ASA firewalls. It is also cloud services via its acquisition of OpenDNS, which adds security protection without requiring new gear or upgrades.
Recently, David Goeckeler spoke with the Network World Senior Editor Tim Geene about all these and also about the other departments in Cisco’s evolving security architectures. It is an edited script of that interview.
What is Cisco’s broad Approach To Security?
Mr. David Goeckeler Says “our customer have a patchwork of point products. It is quite very difficult for them to tie those all together and so we continuously thinking about what should be done to decrease complexity and how to build security platforms that are open and extensible, automation, drive enhanced visibility, these kinds of issues basically give more capability to our customers and at the same time reduces complexity.
Do you mean a patchwork of Cisco product when you say reduce the complexity because customers have a patchwork of products, or a patchwork of other vendor’s products?
Mr. David Goeckeler – A patchwork of security products. The customers whom we talk to have average of around 50-60 vendors in their own network who delivers their security postures. I spoke to many customers who have more than 100s. Whatever is happening in the industry is just a complexity to manage all those different products and is overwhelming effectiveness of them.
In the security market, we want to deliver new innovations. For this, we need to figure out new ways that we are actually not. Every time when we add a new products, we are not actually adding a new box to the network, a separate management point. To deliver a more simpler and effective solution to our customer, we addresses this with security architecture where products works together.
On the partnerships, is that to bring other vendor’s security gear through Cisco under better centralized management or is that for technology Cisco does not have?
Mr. David Goeckeler – It’s both. We want to build our own architecture in a way that is open and extensible. A very good example is our identity services engine which provides lots of network context about users. We have an open API to called (Platform Exchange Grid)and we have a whole ecosystem of partners and they have an IP address. They tells about what the user is, what they are at, what device they are on, by getting information by our identity system. It also allows our partners to get many more contextual informations about users on the network when compared to just a device.
So you are making it possible to integrate third party devices into Cisco networks?
Mr. David Goeckeler – A lot of integrating work is left and this is making customer really go struggling with it. It just means adding more & more products which means more & more complexities and also which means complexity is the enemy of effective security. We are driving am architecture that allows to add more capabilities to the architecture.
How much you answer require people to toss out point products they already have versus being able to integrate them and also I am wondering about reducing complexity.
Mr. David Goeckeler – It is really need to think really hard about it because security is the market people are not supposed to be going or toss out for everything they own. We are bringing the security architecture all across networking point of presence. That’s where the data is, that’s where their users are. I spoken about AMP. You can add software upgrade of AMP on top of ISR router which is the mist ubiquitously deployed edge router for campus branch type of things.
What about minimizing damages when breaches occur?
Mr. David Goeckeler – Our TrustSec architecture is the segmentation we can drive with an architecture like Network as an Enforcer. Here, to enforce policy, you can use network fabric. You assign users a certain policy when they come on the network and then policy will be enforced by network fabric, so if a user does not go to certain part of the network, the switching infrastructure supports that. This limits lateral movement. Well, it is necessary because when somebody gets inside your network, you will surely want to find them quickly so that you can set their limit where they can go.