Cisco’s Security Vision: Connecting Dots to Secure the Network

Cisco plans to double down on its security strategies of the network-security convergence, platform approach, and full-stack observability, SVP and GM of Cisco’s Security Business Group Tom Gillis told SDxCentral.

Gillis said that Cisco is well-positioned to provide customers with unique security solutions because of its deep understanding of multiple security and networking domains, including email, Domain Name System (DNS), network traffic, and endpoint protection.

The networking and security giant introduced its unified platform, dubbed Security Cloud, to integrate security and networking services across hybrid multi-cloud environments for the entire IT ecosystem last June.

Gillis, who previously served as SVP and GM of VMware’s Networking and Advanced Security Business Group, discussed why he made his way back to Cisco, and his plans to enhance the Security Cloud platform and differentiate Cisco’s security portfolio from other major security vendors.

SDxCentral: What are your vision and goals for the Cisco Security Business Group?

Gillis: I'm from the industry right? So, I came in with a lot of context about what I think is important and how companies can solve our customers' problems, especially these new and more sophisticated attacks, where the attackers find a foothold somewhere and then they move laterally in the infrastructure.

Cisco is one of a small number of companies that have the breadth to be able to identify this and this is what we call a security platform. The term gets used a lot but the way we define a security platform is — it is a system of subsystems. So you've got maybe an authentication solution, an email solution, DNS, network traffic, and we're able to look across all of those and connect the dots, and to correlate.

For example: Hmm, that's interesting, we saw a strange looking email from a friendly Nigerian prince, [and] someone clicked on it. It spawned a weird looking process on an endpoint. That process made a connection to a server that looks strange, where you track that with that flow and put those pieces together in a way that I think will be quite unique and quite valuable to customers.

So the reason I came to Cisco: I'm very, very passionate about product excellence, like let's make something really good, the customers love. And Cisco was the perfect place to do this because of the breadth of our portfolio, because of the capabilities that we have. Not just in security, we have a strong presence in each one of the major security domains but it's then integrating into the other parts of the Cisco portfolio, like the network, and it's kind of obvious, but into some of the newer parts of the portfolio like our full stack-observability solution with AppDynamics … so, a perfect example of differentiation of one of our offerings by leveraging componentry from across the portfolio.

SDxCentral: As you mentioned, Cisco has a strong portfolio of both networking and security. Will this convergence continue to be Cisco’s focus?

Gillis: Totally. Cisco has been explicit security is a top priority, I think the top priority. And again, that's why I'm here. That's why they wanted me and that's why I want to be here, because there's just an amazing opportunity to build this vision that Cisco has already had. It's not a new idea of building what we call the Security Cloud and leveraging this platform where the individual pieces can show you things that you wouldn't see otherwise.

There's a little bit of duality to that because we're very proud of the fact that we have deep understanding of email, deep understanding of DNS, deep understanding of network traffic, and endpoint — maybe less obvious but is hugely deployed in enterprise. And we pull those things together. But we recognize it's a heterogeneous world, so we're always going to work with other third parties as well. And we think we can do a better job when there's Cisco componentry in place because of the depth of the understanding of that email traffic or that DNS traffic, etc.

We focus on the systems approach, and then unifying the experience and making it easier for the customer to deploy and operationalize this stuff. So one place to log in, one common set of policy, one data lake on the back end, where we keep track of all this stuff and share information. And that's still a work in progress, but we've got very meaningful points along the way.

SDxCentral: Are there any upcoming new pieces or enhancements Cisco plans for the Security Cloud platform?

Gillis: Here's an example: Kenna is deployed in a customer's environment and it's going through looking at all of the vulnerabilities in a server. We also have firepower, Intrusion Prevention System, that's deployed in the network. Can the Security Cloud connect those dots and say: Oh, here's a web server that maybe has a Log4j vulnerability. Let's make sure that we're protecting it.

Those are the types of things that we're working on to execute this platform approach to security. The Security Cloud is the thing that does it. When we talked about it last year, it's kind of a concept. This year, it's released code, so you can see it and we'll show you the use cases. We have half a dozen that are coming.

And what's nice from my perspective is we've done a lot of work on the framework. There's some plumbing that you have to do to build all this stuff out and build common componentry. That's done which allows us to then rapidly innovate and bring up new services because we don't have to reinvent the user login, don’t have to reinvent how we present data, how we do billing and metering, all of that stuff is already in place.

SDxCentral: In an earlier earnings call, Cisco Chairman and CEO Chuck Robbins noted the vendor was doubling down on its security business and moving “resources” into its “important” Enterprise networking space and its growing security operations. What’s your plans around those resources and investments?

Gillis: I love products, I love to build interesting, innovative, unique products. And so Cisco has given me the latitude and the resources to do some pretty bold things, and not just one. I think we can do a couple of really interesting, highly unique things. And the things that motivate me are not just an interesting security capability, but what are the security capabilities that Cisco can do uniquely?

So what are the things that Cisco is good at that CrowdStrike or Palo Alto [Network], they don't have those same attributes? Well, let's think about it. No one understands the network like Cisco, and we process something like 80% of the world's network traffic, just a massive massive quantity. And that's not just in the data centers, that's the wide area network. With ThousandEyes, we instrument and we can see how networks behave, drawing on those insights, allows us to make really strong security decisions.

And we have large teams of engineers that are looking at this and I'm bringing in more and more folks that I've known from the industry, [including] machine learning (ML) experts, artificial intelligence (AI) experts, systems type people that can figure out how we take assets that Cisco has and do something special.

This interview was edited for length and clarity.

Photo: Tom Gillis. Source: Cisco

Cisco’s Security Vision: Connecting Dots to Secure the Network

Tags

AI Data Centers: Scaling Up and Scaling Out

Advanced Networks for Artificial Intelligence and Machine Learning Computing

DCD>Survey: Data center networking trends

Future-proof your datacenter with DDC S-Series