With the emphasis on security techniques like data leakage prevention, there's a shift from network based security to application based security - agents on the desktop, monitoring tools, rights management, encryption, log analysis.
With that, Cisco has ambitions to be seen as more than an infrastructure provider. Unified communications and collaboration are part of the vision but so is security. We caught up with chief security officer John Stewart to ask him for Cisco's take on two big issues - application security and identity.
What does Cisco have to offer for application security today?
There are certain answers in the application security space that don't necessarily get called out as application security answers. In many cases, application security is a combination of four things. It's the teaching of the developers, commercial or internal. Second is penetration testing, where you're actively seeking application vulnerabilities, either in flight or active.
Then there's defence, where you start getting ahead of the application systems - in an attempt to ensure an application suite has got an application firewall, if you like. Take Cisco Security Agent. It is very possible - in data centres and on end points and externally facing or internally facing systems - that you can't patch fast enough or you can't fix fast enough, while still trying to keep your operation running. As a result, what you want is something that can, in a sense, try and anticipate the unknown. When you're anticipating the unknown, signature technology falls by the way so you have to go to heuristic-based anomaly detection.
We talk about CSA as being endpoint security but we put it on servers for the exact same reason. You're trying to ensure that if you can't patch fast enough or you don't have a signature-based system, you still have protection.
I've already talked to a couple of customers just this week with NT 4.0 in their data centre. There's no patch. They still need NT 4.0, they can't migrate yet. And as a result they still feel at risk unless they use something and CSA works on NT 4.0. It makes them feel confident that they're still ok in their applications in their data centre. You still don't see CSA as application security technology, yet it is. It's just presented as an endpoint system.
And the fourth stage?
The architectural review of the infrastructure itself, because it's not just one application it's typically a combination of systems.
Can you move application security into the network itself?
The ACE XML gateway work that we have done is very germane to talking about application firewalls, the true application layer inspection. And that's in our sweet spot: we have the ability in our switch fabric and our router fabric to start pre-filtering before an application ever sees a threat.
The anti-virus injection into some of our kit is doing on the fly screening we still talk about "anti-virus" but what it's really doing is mitigating threats in flight.
Cisco, in most people minds it'll be, yeah, you're the network security guys'. Well, networking security and applications - there aren't two separate domains any more.
Does that mean the application being more aware of the network a user is connecting over?
Applications need to know the network they're going to be on, the endpoints they're going to use and if necessary, how they might dynamically change in the middle of the conversation. You're using a service; you don't know where it is, it's transiting any number of networks.
You move from one network like GSM, to jumping over WiMAX, switching back to Wi-Fi; the medium changed and the application needs to know it. The service delivery might be a completely different model, your security context changes. You might go from a trusted network in your corporation to an untrusted network that's asserting trust differently yet still want to do the transaction. You might switch your endpoint. You're on a notebook, you decide the battery is getting low and you pop your phone out and you still get the context. You're still doing your work; it's just on your phone not on your notebook.
When we get to that seamless nature applications versus networks, this whole conversation is irrelevant. The two have to be so tightly coupled that the security of both is inherently intertwined.
So how do you deal with that security context? How can you choose to trust the same user less if they're in a coffee shop than if they're connecting from home? And how do applications need to change to make that work?
Take the way Cisco is using Cisco Security Agent on itself. CSA is network aware. You can decide, if it's on a certain network, to behave in a certain way and if it's on a different network to behave in a different way. You know what your home network is so you can decide what context of trust you want to assert when it's inside your network. And then you can decide that all other networks unknown and then you might up level the protection systems when you're on them.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Cisco claims new smart switches provide next-level perimeter defenseNews Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
-
Cisco is jailbreaking AI models so you don’t have to worry about itNews Cisco's new AI Defense security solution helps organizations shore up LLM security by identifying potential flaws.
-
Cisco dispels Kraken data breach claims, insists stolen data came from old attackNews Cisco has refuted claims it has suffered a data breach after the Kraken threat group posted stolen data online.
-
Cisco patches critical flaws in Identity Services EngineNews Cisco has issued patches for a pair of critical vulnerabilities affecting its Identity Service Engine (ISE).
-
Your office is now absolutely riddled with surveillance equipmentNews While workplace monitoring is shown to have a detrimental effect on morale, many firms are still charging ahead
-
Cisco confirms attackers stole data, shuts down access to compromised DevHub environmentNews The tech giant insists that no sensitive customer information has been compromised
-
Cisco confirms investigation amid data breach claimsNews The networking giant says its probe is ongoing amid claims a threat actors accessed company data
-
Rubrik partners with Cisco to bolster cyber resilience
News Rubrik now integrates with Cisco XDR and is listed on the connectivity giant’s SolutionsPlus program
