Q&A: Cisco's David Ulevitch on Security and the Brain in the Cloud

There is no denying David Ulevitch's aura of nerd cred.

Despite having his startup OpenDNS be acquired by Cisco, and despite being elevated to vice president and general manager of the Security Business, Ulevitch is no "suit." In San Francisco last month, he gave his RSA Conference keynote in a windbreaker, telling the audience that application program interfaces (APIs) are a "copout" because they only "shift the burden of automation to the customers."

Ulevitch is best known for founding OpenDNS. Now he's at the reins of a business that has a legitimate shot at becoming the leader in network security. He took a few moments at the RSA Conference to chat with SDxCentral in a quiet meeting room at the San Francisco Marriott Marquis, a couple of blocks away from the hubbub of the conference itself.

In your RSA keynote, you talked about using the cloud as a control plane and management plane for security. How would that work?

People think of AWS [Amazon Web Services] and [Microsoft] Azure as just this IT [attack] surface that you have to go protect. Which is true. But as a tool in our toolbox, cloud really is this capability that ties everything together. It's like a brain. It's a security state machine that has the long history of all security context and is able to look at historical patterns and understand the reputations of IP addresses and how those are changing over time.

But then, when you deal with integrations, you realize you don't need to have all the intelligence to every endpoint and every hardware appliance. You actually keep state in the cloud, and that's very powerful, I think.

So, how do you envision this cloud "brain" getting manifested? Does it take a Cisco-sized company to enable it?

If we do this the right way, if we really build this platform where people can get in the line of traffic or have access to the data or help affect policy, then what you're really doing is creating an ecosystem for security startups that they can plug into. They don't have to go fight to get the customer to deploy a new agent or fight to get the customer to deploy a new box. They can slipstream in to these intersection points, get into the line of traffic, get access to the data, and help affect policy.

What AWS did for compute and storage, we have the opportunity at Cisco to create for security. That should make it easier for security startups. We can give them a platform to build on, just like Salesforce did with Salesforce.com. So if a customer wants to use, say, AlienVault on top of their Cisco, we can say, "Great," and make it a check box. All of a sudden, your data flows into AlienVault, and you get all the insight that AlienVault gets you.

Look, I'm Switzerland [meaning neutral]. Cisco has built an entire reputation on building the network and making it interoperable. The same thing can be true with security. That is something I think Cisco is uniquely positioned to do.

I can see your point about Cisco being that platform and being Switzerland. When it came to making the network interoperable, though — other companies will say the way that happened was Cisco walking into standards meetings, plopping down a Cisco invention, and saying "Why don't we make this the standard." Wouldn't people have a problem with a 'neutral' platform built by Cisco?

I think we have a long way to go before people would say that. First, let's build that platform.

But I've only been at Cisco for 18 months, so I don't know if I have enough historical knowledge to be able to respond to that history.

You haven't been welcomed into the whole conspiracy theory?

Not yet. I keep waiting to find out! I tell people at Cisco that Cisco's not tough enough. Cisco needs to be tougher!

Look, Qualcomm gets the same criticism. Think about this: There's a new standard in the RFC standards track called SCIM [System for Cross-Domain Identity Management] that Cisco was an author of. It's an extension of SAML [security assertion markup language]. SAML is about authentication. SCIM is: What if they don't even have an account yet, and you automatically want to provision an account?

So we authored SCIM, and now Okta and Duo, and all those guys are adopting SCIM.

We have no identity play whatsoever. We just invested in doing the research. I don't even have a product that uses SCIM! And yet all the identity vendors are using it.

Hanging out at RSA, it becomes clear there are too many security companies. How are customers coping with that?

We see more and more customers looking to outsouce their security to MSSPs [managed security service providers]. That is probably the one trend that I did not see talked about here at RSA that, to me, is sitting right beneath the surface. We're building out our consoles so that one organization like Optiv or CDW or a reseller can actually sell our security on a customer's behalf. We're seeing this trend of customers looking for somebody not just to sell security gear, but to manage it for them.

If you take a superficial view of it, it would be: Customers can't figure out what to buy. If they figure out what to buy, they can't deploy it. If they somehow deploy it, then they really don't have the staff to manage it on an ongoing basis. So in addition to simplifying security and driving towards automation, the other trend we're going to see is the rise of managed security service providers. Sort of like a Geek Squad but like on steroids.

Companies like CapGemini and AllCovered are in this space. Optiv, which is the largest security reseller there is, is moving into this space. We're driving our architecture toward that.

So at this point at Cisco, what's your job? What's your goal?

The thing that's exciting to me is that security is a major issue for customers, and the market for security continues to grow — and yet, Cisco, which is one of the three largest security companies in the world, still has single-digit market share. None of the three largest security companies in the world have double-digit market share. The $2 billion-plus that I'll do in sales this year doesn't even get me double-digit market share. This is a dream for building a huge business.

I'm not coming into an engineering turnaround situation. Every acquisition we've done since SourceFire — I think we've done eight — every single one of those leaders is still with Cisco.

I have the opportunity to take a business from $2-plus billion to $5 billion or $10 billion in revenue. There's never been a security company in the history of the world that's done $5 billion in revenue. The number of people who have done that has been zero. I would like it to be one.

Q&A: Cisco's David Ulevitch on Security and the Brain in the Cloud

Tags

AI Data Centers: Scaling Up and Scaling Out

Advanced Networks for Artificial Intelligence and Machine Learning Computing

DCD>Survey: Data center networking trends

Future-proof your datacenter with DDC S-Series