Cisco Bolsters Security Portfolio

By Jeffrey Burt  |  Print this article Print
cyber security

At Cisco Live, company executives unveil enhanced AMP offerings, new firewalls and the acquisition of ThreatGrid.

Amid Cisco Systems' talk about collaboration and cloud computing, security emerged as a key subject at during the Cisco Live 2014 event this week.

The networking company at the show unveiled a range of new and enhanced security offerings—including enhancements to its Advanced Malware Protection (AMP) products—and announced it is buying malware analysis vendor ThreatGrid, the third security acquisition Cisco has made this year.

As Cisco continues its efforts to become an enterprise IT solutions provider, security will play a key role, according to CEO John Chambers. In an interview with Bloomberg, Chambers said that the network can provide security that no other part of the IT infrastructure can. That will only help Cisco in its security ambitions.

"We are moving to become the number-one security company, because the only way you can defend [the enterprise IT environment] is from the cloud to the data center, the wide-area network to the edge to any device," the CEO said, noting the company's recent security acquisitions. "We are moving rapidly to all areas of security, not with individual pieces but an architecture that brings them together."

A cornerstone to Cisco's security efforts was the $2.7 billion acquisition last year of cyber-security vendor SourceFire. The upcoming purchase of ThreatGrid will bolster the AMP product portfolio, which Cisco inherited from SourceFire, and add to a security business that continues to grow. During a conference call with analysts and journalists May 14 to talk about quarterly financial numbers, Chambers said that in the first three months of 2013, security revenue for Cisco increased 10 percent from the same period last year, and orders jumped 20 percent.

The AMP technology is a key part of Cisco's security strategy, the foundation for what executives call the company's "AMP Everywhere" initiative.

"Given the dynamic threat landscape, we must be just as dynamic in evolving our advanced threat protection offering to enhance our already robust capabilities to aggregate and correlate data from across the extended network, to identify advanced and evasive cyber-threats, and provide intelligent cyber-security solutions for the real world," Martin Roesch, vice president and chief architect for Cisco's Security Business Group, wrote in a post on the company's blog, noting recent enhancements Cisco has made in its offerings.

"All of this work has been based upon a clear understanding of what a complete solution looks like in today's threat landscape. We must offer solutions that bring together both point-in-time technologies possessing strong detection rates with continuous analysis and retrospective security to 'go back in time' to remediate files that may have initially evaded defenses," he wrote.

At Cisco Live, the vendor rolled out updates to AMP that enable improved sharing of data regarding compromise to networks and endpoints, and also provide support for Apple's Mac OS X operating system. AMP offers continuous detection and response capabilities throughout the network, including endpoints, mobile devices, virtual machines, and Web and email gateways, according to the company. AMP for Endpoints includes a technology called Elastic Search, which enables users to quickly determine the scope of an attack, while Remote File Analysis can store and retrieve files that can be later scored and analyzed.

AMP for Networks includes multiple source indicators of compromises that can be prioritized in one console across AMP for Networks and Endpoints and various security intelligence feeds. In addition, users can analyze potential threats in a cloud-based sandbox.

Cisco also is offering AMP appliances for private cloud environments, and two new AMP FirePower appliances dedicated to AMP for Networks—the FirePower AMP8150 with up to 2G bps of performance and FirePower AMP7150 with up to 500M-bps capabilities.

Cisco also is adding new firewall capabilities through its updated ASA 5585-X and new ASAv. The firewalls bring greater security to software-defined network (SDN) environments and data centers running Cisco's Application Centric infrastructure (ACI) platform.



Originally published on www.eweek.com.