What is driving the change in Cisco's approach to security?
There has been an increase in the scope and speed of threats that are attacking our customers. Companies are coping not only with the cost of the loss of critical systems and remediation, but also the significant costs of some of the approaches that have been traditionally applied to try to protect systems. There has been an immense effort to apply patches and keep systems up to speed as new threats and vulnerabilities are discovered. We think that an opportunity exists for a new way of looking at how security is traditionally done.
We are moving from a more reactive set of approaches to a more proactive and automated approach. For example, patch management is reactive. A proactive approach would be a behavior-based protection [system] where the technology is automated.
We also believe that security should be integrated into the network infrastructure in a fundamental way. If the security is embedded into the switches and routers, then the customers will not have to bear the increasing cost of a security overlay.
And we are moving from a point product approach to one where security is part of a system, involving end point hardware and software, network admission control linking to end point antivirus software back to a policy server. Multiple network elements are working in collaboration as part of a system. To follow through on your strategy, is it necessary to fold security intelligence into the network?
It's not as if all the intelligence is in the network. We have been embedding firewalls and intrusion prevention capability into routers and switches, but, for example, when a user logs onto the network, his or her device communicates information about its antivirus software to the policy server. The policy server checks that against the rules for that user. So, incorporating security capacity into the network does not just add everything into network device. Doesn't that lock customers into using only Cisco products in their networks?
Most of our customers have multiple types of firewalls and intrusion detection systems. We have put in a lot of work at the industry level to create common security event formats so that customers can easily correlate data from multiple heterogeneous environments.
But there are a lot of Cisco routers and switches out there, and customers are interested in knowing how to use the capacity on those routers and switches to enhance security. A system such as this will work best on an end-to-end Cisco network. Our Network Admission Control program and other initiatives we have are complicated enough. It is a challenge to make them work in Cisco environments. But that is how innovation works. A company innovates and adds value with its existing systems and then extends that to more heterogeneous environments. If you move intelligence from the edge into the network, don't you stifle innovation?
No. Part of this is going to accelerate innovation. Once you have a system that allows networks to provide enforcement against security threats, there is an incentive for technologies that can leverage that technology to detect more sublet threats or can correlate multiple types of events. We see this as putting ourselves and the industry on a path to another wave of technological innovation. Are network devices and operating systems the best place for all of this intelligence?
One way we do this is by essentially leveraging the capacity that we already have in routers and switches to do basic filtering. We can quarantine traffic and redirect traffic. We use security policy to drive the routers and switches. We also add accelerators to routes and switches to enable them to perform security functions in a scalable way. Cisco has announced a lot of security vulnerabilities lately. Does that hamper your ability to be authoritative about security?
I don't think there has been any significant increase in vulnerabilities. When we discover them, we voluntarily announce them, often with fixes. Many of the vulnerabilities have been industry-wide. We are active in making our systems more secure in terms of design and architecture.
I think it is a very different environment. We do not have the huge external development ecosystem that an operating system company has to deal with. There are significant advantages to the fact that most of the software is built by us and runs on our own equipment. With other product lines, Cisco has invested in small companies and brought them into the fold when they produce great technologies. Are you doing this with security?
Traditionally, we have pursued a combination of developing technology internally and through acquisitions and partners. Over the last few years we have acquired a good number of security-related companies. Okena Inc. was a key source for Cisco's security agent technology. We also acquired Twingo Systems, which has SSL technology, and Riverhead Networks, which focus on network anomaly protection and DOS attacks. What are some of the technologies that seem most promising?
The exciting vision is finding technologies and systems that can be more automated, more proactive and adaptive. Adding more intelligence to the network is a significant way to provide a richer and deeper sense of protection.