As Cisco eyes an $80 billion cybersecurity opportunity, Cisco EVP for Security and Collaboration Jeetu Patel says the vendor is “doubling down” on four strategic areas: zero trust, secure access service edge (SASE), threat detection and response, and application security.

“We’re doubling down on our overall pace of innovation in some very specific areas to solve our customers biggest problems,” Patel told investors during last week’s investor day.

However, as was pointed out during the virtual event, Cisco’s security business, which posted $823 million in revenue for its most recent earnings quarter, only grew 1% compared to a year ago, and that represents much slower growth compared to its competitors like Palo Alto Networks and Fortinet.

CEO Chuck Robbins blamed supply-chain constraints and its large hardware business for the slow growth. “If you look at our hardware business in security, as an example: The network firewall business is materially larger than some of these other businesses,” he said.

Most customers are moving to cloud- and software-delivered security services, he added. “It’s probably a scale issue based on the size and the fact that a lot of the competitors are virtually all software-based portfolios at this point,” Robbins said. “We’ll be more competitive in the next 12 months.”

In an interview after the event, Patel provided more details about Cisco’s plan to boost its security business and capture a greater share of the $80 billion market by 2025. “You can think about four key areas that are all going full speed,” he said. “Zero trust is definitely one of them. SASE is a big one.”

Up first: zero trust. Cisco acquired Duo Security for $2.35 billion in 2018 and has since been building out its identity and access capabilities in addition to some of its other zero-trust security technologies such as network segmentation and policy enforcement.

Most recently, the Duo team debuted passwordless authentication, and it’s also developing continuous trusted access, Patel said.

“Continuous trusted accesses says: OK, what happens now that you’ve gotten in? We still want to monitor your behavior, take a bunch of telemetry on who you are, where you’re coming in from, is this a common pattern of usage, and what are you doing once you’re in,” he explained.

This looks for anomalies in user behavior and continually validates whether a user should be granted access based on the behavior that they exhibit.

The vendor is also developing device insights to provide zero-trust security for all devices including IoT. “This correlates the data from multiple tools to provide a unified view of every device that accesses the environment,” Patel said. “It ties into SecureX, so that when a vulnerability is identified you know which devices are impacted. And you can automatically limit their access and orchestrate response.”

SecureX is Cisco’s extended threat detection and response (XDR) platform, and this is another area where the vendor sees an opportunity to grow revenue and market share. That product now has 8,000 customers, and Cisco continues to integrate Kenna Security’s risk-based vulnerability management technology with SecureX, Patel said. “The big area that we’ve found to be a challenge is: It’s really hard for organizations to figure out which vulnerabilities to patch that are most important that lower the risk the most for you as company,” he explained.

To do this, Kenna uses a machine-learning model to help customers prioritize threats. “It gives you the likelihood that the vulnerability can create a huge amount of exposure for you, and which ones you want to address,” Patel said.

Most organizations don’t have unlimited resources to track down and fix every vulnerability across their IT infrastructure. “That’s just not possible,” he added. “So what we do is reduce the amount of risk by getting the most likely vulnerabilities patched as soon as possible.”

Cisco’s SASE stack includes its Viptela and Meraki SD-WAN, Umbrella security platform, Duo identity management, and ThousandEyes network visibility platforms. On this front, the vendor continues to tightly integrate its security and networking capabilities and provide them as a cloud-delivered service, Patel said.

Traditionally, the networks operations team pushes the networking policies while the security operations team bears responsibility for those tools and policies. “It’s a very cumbersome exercise,” Patel said. “Imagine if you could put this together. You have your NetOps and SecOps people in the same UI that has SD-WAN capability, secure internet gateway capability, remote access capability, and it can set policy for the applications within the organization so that users can frictionlessly use those applications.”

Finally, application security is the fourth growth area for Cisco’s security business, and it rolled out its Secure Application product earlier this year. This product, built into its AppDynamics platform with integration to SecureX, continually scans code execution to prevent exploits and adds security into application runtime.

“Over time, developers will be able to embed application security in their code with technologies from us,” Patel said.