7 min

Between February 6 and 8, Cisco Live will take place in Amsterdam. Security is prominently on the agenda during those days. Luckily, we would argue, because the security market is far from clear. Many suppliers, many promises, but ultimately also many incidents. In short, organizations can no longer see the forest for the trees. Developing an integrated security architecture is important, but also difficult in practice. To achieve this, a platform approach sounds attractive. Cisco is seen as one of the stronger players in that field. What is its vision and strategy?

Resilience in general is an important issue for many organizations today. This involves several types of resilience. One is strategic resilience, which focuses primarily on how the organization as a whole maintains its place in the marketplace. There is also cultural resilience and operational resilience. These focus on corporate culture and the day-to-day realities of running a business, respectively.

Resilience, on the one hand, means that, as an organization, you must be able to “take a hit” in the above areas. However, this does not mean that you have to be rigid, but rather flexible. Otherwise you won’t be able to adapt or adjust the organization quickly enough when something new comes along. Needless to say, this is very important. If you cannot responsibly keep up with a new development, you will lose the battle with competitors who can.

Cyber resilience gives organizations a better market position

When you think of resilience, the security of an organization probably comes to mind. After all, good security makes an organization resilient against attacks. One could therefore argue that cyber resilience is a component of all the other forms of resilience we discussed above. There is a security component in all three.

Overarchingly, better security ensures that your organization is better positioned in the marketplace, especially as more and more people look at how secure suppliers are. Investing in cybersecurity was mostly seen as incurring costs for something you didn’t even know you would need. That made budget managers within an organization reluctant to invest. If, however, in addition to a better security posture, it generates more business, the assessment obviously changes. Then it is much more of an investment toward the future. A recent Security Outcome Study commissioned by Cisco made this clear as well.

World is becoming more complex

So cyber resilience plays an important role in the overall resilience of organizations. However, it’s not something you simply take care of with the purchase of a point solution. In particular, the distributed nature of organizations means that organizations need to think about this more carefully. Not everything is on-premises anymore. Employees work (a lot) from home and use all kinds of SaaS tools. Many organizations also use more than one public cloud provider.

Clearly, the set-up of organizations today is quite complex. This ensures that there needs to be more and more consistency between security solutions. That results, at least in theory, in fewer gaps for attackers to sneak through. In addition, well-integrated solutions also allow you to gain many more insights. These in turn can help you minimize your risk profile.

Cisco’s platform approach

The reality as we described above ensures that security solution providers must continue to evolve. It is therefore no surprise that many players in the market are increasingly moving toward a platform approach. In particular, developments around XDR (Extended Detection & Response) are a good example of this. At its roots, XDR is a further development of EDR (Endpoint Detection & Response). As we indicate above, a focus on endpoints alone is no longer sufficient. XDR links information from endpoints as well as other sources centrally. This means you have a better view of what’s happening. The result of this should be that you catch or prevent attacks sooner.

In addition to the “specialized” security vendors, Cisco has also been active in the security market for many years. With the company’s huge installed base and the data it can read through all kinds of tools within organizations, it is no surprise that Cisco has a platform approach. It operates in so many parts of organizations’ infrastructure that it would be crazy if it only came up with a point solution.

Ultimately, Cisco’s focus is on five components, we hear from Ernst van Maanen. Van Maanen is responsible for Cisco’s security business in Northern Europe: “We focus on the user, the device, the network, applications/data and cloud.” That’s also where Cisco has made a lot of investments in recent years. The acquisition of ThousandEyes got a fair bit of attention a few years ago because it was already a fairly well-known company. But Cisco has also invested in Application and API security, for example through its acquisition of Portshift in the late 2020s.

TIP: Apart from cybersecurity, Cisco also focuses on other areas. It has more or less the same objective there as it has in the security realm. That is, it wants to reduce complexity. In an article we wrote based on last year’s Cisco Live, we discussed what that means for some of the other parts of the organization.

Firewall is still important

In the body of this article, we primarily deal with Cisco’s overarching platform vision, with significant emphasis on SecureX. However, Cisco is also still committed to developing individual components. Just last year it came out with its new SASE offering, for example, but it also still focuses on the firewall.

If some security vendors are to be believed, the firewall is virtually obsolete and a relic we shouldn’t pay too much attention to anymore. You hear statements such as “the internet is the new network,” so why put up a firewall anywhere?

According to Van Maanen, however, the firewall is still important. We just shouldn’t see it as a box that you put at the edge of your organization anymore, according to him. The modern firewall has multiple manifestations. “Segmentation can be done in several ways,” he gives as an example. In part, you still do it the traditional way in a physical firewall, but you can also do it at the application, virtualized, even delivered from the cloud. In this way, Cisco is bringing the firewall into the 21st century.

Cisco believes the firewall still has a future. The fact that organizations have and will continue to have hybrid environments for some time seems to justify this. There will continue to be enough legacy for a long time to justify a traditional firewall. For modern, distributed applications, you can rely on the other manifestations of the firewall. Of course, it too is integrated and uses Talos to keep up with threats.

SecureX covers everything

In the picture below, you can see Cisco’s complete security architecture. You can see all the individual components, some of which we mentioned above. More interesting, however, is the layer that is on top of all those components. That’s SecureX, Cisco’s XDR platform. With it, it ties together the insights and notifications of all the individual components together. “That includes Kenna, for example; this vulnerability-management solution prioritizes vulnerabilities based on data-driven insights,” Van Maanen points out. As you can see, SecureX isn’t the top layer in the architecture. There we see Talos, which has all of the relevant threat intel that the components in the architecture need. This layer ensures that the underlying components focus on the right things. It provides clarity on what threats are out there.

Cisco’s Security Reference Architecture (click for large). Source; Cisco

So SecureX ensures that when it comes to security operations, you only have to navigate to one place. It aggregates all the data from all the sources. These, of course, are Cisco’s own sources, or proprietary point solutions. However, Van Maanen also puts a lot of emphasis on SecureX’s 3rd-party integration capabilities. “You actually never have a greenfield and no customer is going to put all its eggs in one basket,” he points out. There are customers who are very satisfied with a particular tool, but can’t get everything out of it. The idea is that you can if you connect it to SecureX.

As an aside, it is good to mention here that SecureX is not something for which you have to purchase additional licenses. If you purchase one of Cisco’s integrated tools, you get access to SecureX with it.

When it comes to integration with third parties, Cisco still has some way to go, admits Van Maanen. Achieving this in the highly fragmented security world is no easy task. That is why platform integration is a guiding principle for Cisco, even for solutions from direct competitors, says van Maanen. Also, the market as a whole will really have to consolidate a bit more. There are simply far too many solutions now. It is virtually impossible to build native integrations for all those solutions.

As far as we are concerned, this is an excellent objective. At least it gives the impression that Cisco really wants to solve the security challenges, not just get as many customers as possible into its own ecosystem. It reminds us a bit of the move toward Microsoft Teams that Cisco made with Webex. Reality wins out over theory, so to speak.

Toward the most complete open platform

Cisco’s goal is clear. “The goal is to deliver the most complete open platform for security,” Van Maanen tells us. “A security cloud that allows us to deliver networking and security centrally around the world, to all organizations.” Cisco is not there yet, but every step it takes is one in that direction. Openness is very important in this, because it achieves consolidation within organizations. There will still be many security vendors, but their insights, along with those of Cisco’s own tools, are brought together in a central place. And that’s what organizations need in today’s complex and fragmented environments.