Cisco announced a new managed threat detection service that collects real-time telemetry from a customer's network, alerts the enterprise's IT team when a threat has entered the network and offers guidance for remediation.
The new Cisco managed security services offering, Managed Threat Defense (MTD), begins with a Hadoop 2.0 cluster that enterprises deploy within their networks. The minimum footprint is a two-rack Cisco Unified Computing System comprised of 30 servers.
"The cluster is ingesting various forms of telemetry -- like NetFlow -- as well as full packets [captured at data center and Internet ingress and egress points]," said Pablo Salazar, manager within the Cisco Security Solutions organization. "[The cluster] ingests full packets and stores them for forensic purposes, as well as extracts metadata which we use for analytics."
Metadata from the Hadoop cluster traverses a VPN link to Cisco's 24-by-7 security operation centers (SOCs) where Cisco engineers detect threats by applying a variety of Cisco's behavioral analysis and threat detection technologies, as well as using threat intelligence data collected and analyzed by Cisco's Security Intelligence Operations.
"This operationalizes anomaly detection," said Bryan Palma, senior vice president of Cisco Security Services. "We don't tell customers an incident might have happened. We tell them when it happened, what it is and what they need to do to take remediation."
Managed Threat Defense: Part of broader Cisco managed security services strategy
Cisco has been building up its security services business since September, when it hired Palma away from an enterprise security role at Boeing. At the time, Cisco said it would introduce new managed security services. MTD, the first offering to emerge from this effort, combines Cisco's myriad security technologies into a nearly-automated threat detection service.
Cisco is also integrating recent security acquisitions into this service, including advanced threat detection specialist Cognitive Security and intrusion prevention specialist SourceFire, said Christina Richmond, program director for infrastructure security services at Framingham, Mass.-based IDC.
Big price tag for Cisco managed security services
The baseline edition of Cisco MTD has a list price of $2.5 million for an annual subscription and Cisco requires a multi-year agreement. Cisco is initially targeting IT teams at Fortune 500 companies, Palma said, but a less expensive version of the service could be available in the future.
The price tag might be prohibitive to some enterprises, IDC's Richmond said. "But if you're looking at a government agency or a financial institution, that's not too much money -- not for a highly-regulated organization when you think about what they're offering for that. Malware and advanced persistent threats are wreaking havoc and the adversary is winning."
The need for a managed threat detection service is even more pronounced in light of Cisco's claim that the IT industry is facing a shortage of 1 million security professionals, Palma said.
Although MTD offers IT teams guidance on remediation, the service itself cannot remedy the breach, Richmond said.
"I believe it would behoove [Cisco] to develop their remediation capabilities in the future," Richmond said. "Even if [Cisco is] not doing the remediation themselves, I still think it's a very good tool that identifies incidents that slip through the cracks. Hackers are very good at evading security and this is one way [to address that evasion]."