He wrote that Cisco will rely on a threat-centric security model with a heavier focus on threats rather than policy and controls.
“Given the fast-changing threat landscape, an organization’s approach to reducing the time from breach to recovery needs to be integrated, pervasive and continuous, as well as open,” Young wrote. “Through our threat-centric model, we will provide broad coverage across all potential attack vectors, rapidly adjust to and learn from new attack methods, and implement that intelligence back into the infrastructure after each attack.”
Additionally, Cisco's Sourcefire acquisition shows the company's continued commitment to open technology. Sourcefire founder and CTO Martin Roesch in 1998 developed Snort, an open-source intrusion-detection and prevention engine that Cisco officials said they plan to integrate within their own security solutions.
Competitors have consistently criticized Cisco for what they say are closed and proprietary solutions, However, Hartman and others point to Cisco’s support of such open protocols as OpenFlow for software-defined networks and its participation in groups like the OpenDaylight Project—a vendor-driven effort to create a standards-based SDN platform—as evidence of the company's support of open technology. Roesch, who will become vice president and chief architect of Cisco’s Security Group, said he is confident that Cisco is the right home for both Sourcefire and Snort.
“I can assure you that Sourcefire’s standard for security innovation will thrive under Cisco with our shared commitment to provide market-leading, threat-focused capabilities,” he wrote in a post on the Sourcefire blog.
Cisco’s push to expand its reach in the data center and cloud is placing it in greater competition with a range of top-tier tech vendors. Where once the company’s primary concern was other networking vendors, such as Juniper Networks, Cisco is now competing with the likes of IBM, Hewlett-Packard, EMC and Dell as enterprise IT vendors.
“It’s no longer just about the classic set of network vendors,” Hartman said. “A lot of the bigger companies are building out” their enterprise solutions portfolio.
For Cisco, part of that effort is convincing people to look at it as a company providing a broad range of IT offerings beyond its networking portfolio. And people now are recognizing it for its security capabilities, Hartman said.
“It’s definitely changing,” he said, when asked about customers’ perceptions about Cisco and security technology. “We’ve made massive progress getting people to see Cisco as a … security vendor.”