Manish Gupta, Vice President, Product Marketing and Management Cisco: security is part of the company’s DNA and a key priority for Cisco
September 2012 by Marc Jacob
Global Security Mag: What kind of offers and strategy will you present during the Assises de la Sécurité ?
Manish Gupta : We are in the middle of several major market trends and transitions, including Mobility, Cloud and Virtualization. Security is at the center of these massive transitions, and our customers tell us that they want simplicity and solutions seamlessly integrated into their network architectures.
But there is a bigger problem we have to solve: Do we lock it down, or do we free it up? In the security community, we are constantly torn between these extremes. At Cisco, we believe we don’t have to make this compromise. We realize that we can do both, and that it can be enabled by the network. During this presentation at Assises de la Sécurité , I will discuss how the network is critical in the Security landscape because it ties together customers’ IT resources and touches all the key control points – from the data center to the end points.
GS Mag: What new threats have you identified?
Manish Gupta : During the past decade, Cisco’s security posture has evolved from focusing on unprotected desktops, to unmanaged desktops, and now to proliferating device types, and to a future of cloud-connected ecosystems. Malware considerations have evolved from simple worms and viruses to rapidly changing malware, and we have a greater number of sophisticated targeted attacks.
Network behavior has moved from disruptive with remotely controlled hosts and infected hosts that exfiltrate data, to a future where threats are cloaked as normal traffic.
Criminals will create threats in various shapes, forms and sizes so they can use different tactics to breach security protections, or to fool people into trusting that their downloads and attachments are safe.
The one thing we can say these criminal efforts have in common is that they are blended threats. In other words, they’re highly sophisticated. No threat looks exactly like the next one, and they do not fit into easy categories like exploits or vulnerabilities.
GS Mag: How your offer will evaluate facing the new threats ?
Manish Gupta : We have developed a multi-layer approach to the design and development of the features and functions that we build into our products so that we can provide the most trustworthy products and platforms possible.
Cisco’s advanced research team of security experts continually monitors the ever-changing threats and landscape to provide both security warnings on vulnerabilities and mitigation solutions to de-risk Cisco’s products. These are folded into not only the requirements for the next release of products, but are incorporated into the reference architectures and common componentry for all relevant products so that we optimize their implementation.
By analyzing vast amounts of real-time data across a spectrum of traffic, including web, email, network, cloud, and endpoints, Cisco is able to identify and deliver critical, real-time security updates to network and security devices to protect organizations from threats as they are occurring, as well as reputation-based information in order to significantly enhance the accuracy and effectiveness of local tools analyzing network traffic.
In addition to these elements, certification baselines, implementation of common cryptographic technology, and security updates for 3rd party software used in Cisco solutions, and other functionality are implemented across the Cisco portfolio via Secure Development Lifecycle processes, adding another level of product security in the software.
GS Mag: What will be your strategy for 2013 ?
Manish Gupta : Cisco’s architectural approach will be a strategic differentiator for its security business in 2013. Addressing security with an architectural approach rooted in the network is the most effective way to tackle today’s difficult security challenges. Without weaving into the network, security is blind and less effective.
Cisco makes security a deployment decision, just like the rest of your network, with consistent security that enables policies to work throughout hybrid environments – physical, virtual, and cloud. Because we’re part of the network fabric, rather than a bolted-on point-product vendor, we deliver security when, where, and how you need it — irrespective of your implementation decisions — to deliver a flexible, comprehensive security solution.
GS Mag: What is your message for the CISO ?
Manish Gupta : Cisco is committed to security. Whether it’s in the data center, cloud, mobility, or collaboration, security is part of the company’s DNA and a key priority for Cisco.
Our strategy starts with a trusted infrastructure of secured and tuned devices. The network is far more than plumbing, but becomes the core of both your network services and security. The network provides real-time information for visibility into what is happening on the network, context-based information about such things as where devices are located, what resources they are attempting to access, etc. This is the “who, what, when, where and how” that then allows for enhanced control of the environment so that granular security decisions to be made with precision. This context-based information can then be used, not just at the network layer, but can be shared to contribute to a variety of enforcement points, either integrated into network devices, operating as an overlay appliance, or even into the cloud.
Core to this is the ability to centrally create policy about whom and what can access the network, and how resources are used, across a wide spectrum of scenarios, including time, place, device, groups, etc. And then, take this centralized policy and push it across the entire networked environment for distributed enforcement. This allows for consistent security implementation (including consistent access control for users, devices, and guests) across network zones, branch offices, remote workers, virtualized devices, remote workers, and cloud-based services.