Its a tough world out there, full of bad people constantly trying to take down the forces of truth, justice and, of course, Internet commerce.
Viewers of the popular television show "24" watch the battle against these evildoers play out every week, and, on a recent episode, Jack Bauer and the gang at CTU (Counter Terrorism Unit) Los Angeles had a new ally in their fight against the bad guys. No, it wasnt Dennis Hopper, Lou Diamond Phillips or any other guest actor who helped stop the terrorist bad guys. It was none other than Cisco hardware and its Self-Defending Networks.
The tension on the show, which aired May 9, was building. An evil, sophisticated and seemingly unstoppable terrorist group was hacking the United States anti-terrorist network. But then, emblazoned across the computer screens of the anti-terrorist network (and viewers TV screens) were comforting Cisco logos—almost as if to say, "Theres no need to fear; Self-Defending Networks are here."
And, just like that, the forces of evil were thwarted, and CTUs computer experts were back on the job. (These computer experts, by the way, seem more likely to hack their own security code together than to use off-the-shelf products—that is, when they arent taking out bad guys with automatic weapons.)
As it turns out, though, CTU was lucky that the attacker was only a super-sophisticated terrorist group that had already hacked several layers of U.S. network security. If the attacker had been, say, a 16-year-old Swedish school kid, things might have gone much worse.
Thats because on the same day that Cisco was saving the day in the fictional world of "24," the company was admitting that, in the real world, the source code for its IOS—which runs most Cisco hardware—had been stolen by a young Swedish hacker. The fact that this source code is now out in the wild could lead to serious security problems for Cisco products.
Of course, security breaches such as this happen to a lot of vendors, even to some of the best and most experienced security companies. Im not singling out Cisco for allowing this code theft to happen.
And I have to admire Ciscos inspired use of product-placement marketing. Im sure that marketing executives everywhere were impressed with how Cisco was able to get its Self-Defending Networks pitch into a popular television show.
But this over-the-top product placement for Self-Defending Networks and many of the other pitches coming from Cisco only serve to remind me of how much of a novice Cisco really is in the world of high-level enterprise security.
Those of us who have followed the security market for a while have seen all this posturing and overpromising before. We remember how many of the first- and second-generation enterprise security products made impossible claims of near-invulnerability. And we remember how these companies ended up with egg on their faces when they inevitably suffered from security problems.
These events taught security vendors the important lesson of humility. The current generation of security products now offers levels of protection that would have been unheard of even just a couple of years ago, but, for the most part, their marketing messages are fairly measured—at least compared with what they were previously. Its rare nowadays to find a vendor boasting about near-invulnerability or promoting a single solution over a layered and heterogeneous security approach.
So, while I applaud Ciscos move toward increased security awareness and improved capabilities in its products, the company might want to tone down its marketing a little bit. Instead of spreading hype, Cisco should be realistic with its customers about how effective Self-Defending Networks are. And Cisco should continue to respond quickly to remedy problems from the hacks and break-ins that are bound to happen eventually.
As many more-experienced players in the security market have learned, a realistic, humble but confident style is best when it comes to promoting a product—or a philosophy. Leave the over-the-top promises and unlikely plot leaps where they belong—in the minds of Hollywood screenwriters.
Labs Director Jim Rapoza can be reached at firstname.lastname@example.org.