30 Jun Cisco Live Day 3: Leaning Into Security

Wednesday’s keynote opened with a dramatized video of a police interrogation

Today I’ll be wrapping up my analysis of Cisco Live 2017, which I attended this week in Las Vegas. I’ve been busy this week, publishing recaps of both Day 1, and Day 2—today we’ll finish out with Day 3’s security keynote.

Many know Cisco Systems creates one of the most well-known security reports, but unknown to many, Cisco Systems is the #1 enterprise security vendor in terms of revenue. Much of this growth has come through acquisitions like CloudLock, Lancope, OpenDNS, FineGround Networks, and ThreatGRID, but a lot has been organic.  Cisco says they have 5,000 people dedicated to security and are creating a $3B “franchise in security” covering the network (Stealthwatch, Identity Services Engine, NG Firewall), the endpoint (AnyConnect, advanced Malware Protection, Email), and the cloud (Umbrella, CloudLock) with Talos and services spanning all three areas.

New cyber-threats, new detection methods 

Wednesday’s keynote opened with a dramatized video of a police interrogation—a detective demanding to know how exactly a hacker got into a company’s system. Turns out, he planted malware onto an outdated, unsecured bowling league’s website, which in turn compromised an employee’s laptop, which was then brought into the company’s office. Then, the smart thermostat of the office was compromised (still using a factory default password), and the hacker made off with 75 bitcoins after wiping the entire system and causing millions of dollars in damage. The video was silly, of course, but it did serve to highlight a few of the new types of security threats emerging today—namely the exploitation of unsecured networks and IoT devices. It was a fun way to set the stage for the conversation of the day: network security.

Cisco’s SVP of security, John Stewart, kicked the day off. Stewart gave the audience several statistics about the current state of security—2 of 5 executives surveyed say they have stopped a project because of security reasons. Over 70% of executives say that security risks are slowing business down, and that they would like to be able to move faster. Stewart went on to say that that if a company doesn’t get better at combining the goals of its business with its goals of security, it will find its competitor winning out. He continued to say that Cisco’s security infrastructure is currently protecting its customers from 2 million new pieces of malware a day.

Cisco’s SVP of security, John Stewart, kicked the day off

Stewart mentioned Cisco Systems’ new Encrypted Traffic Analytics (ETA) programs, which I’ve already written a fair amount on in my columns earlier this week. These programs allow Cisco to scan and detect threats hidden inside encrypted traffic, without having to decrypt and compromise privacy. Stewart boasted about the additional, increased visibility these programs give to protect users. Where it typically takes over 100 days (industry average) to detect threats, Cisco says that it has managed to lower its time-to-detect to 3.5 hours. Stewart also spoke some on what Cisco is doing to prepare for the next generation of cybersecurity professionals, noting that there are currently 1 million jobs in security that are not being filled. With that in mind, Cisco has invested $10M to various grants and scholarships designed to train people in cyber-security.

Cisco Encrypted Traffic Analytics (ETA) in action

Stewart also talked about Cisco’s new approach to “measure relentlessly” the results of its security products—putting a set of fundamental metrics on Cisco.com, that businesses can use to make sure security is working right for them.

From my point of view, Cisco Systems is doing great things in these areas, but I think much of this part of the keynote was about Cisco trying to get credit for being leading edge and comprehensive in security. I think they did pretty well.

Security in government with Theresa Payton 

Stewart then brought Theresa Payton (former CIO at the White House) to the stage. They led off the segment with a brief get-to-know-you Q&A session, and then dove into security. When asked what she would change, if she could change one thing about the current state of security, she said security needs to build itself counting on the aforementioned talent shortage, making it simple, elegant, and friendly for users. Payton also said that when it comes to government and security, she’d like to see the government sharing with everyone else the best practices it’s seeing in heavily regulated environments. She went on to say that the government needs to become better at addressing security threats in real time—adding that by the time they typically have issues addressed, everyone already knows about it on CNN. Payton also brought up the interesting idea of incentivizing security for businesses by providing tax credits for every dollar spent.

Cisco’s Stewart and Theresa Payton (former CIO at the White House)

When asked what security strategies were working well within government, Payton cited machine learning and behavioral-based analytics. I’m sure Stewart was happy for that answer, given the work Cisco Systems has been doing in those areas. She continued on to say that another thing that is currently working well is the sharing of threat intelligence. This is another thing Cisco does well. Payton complimented the work Cisco has been doing to create products that automate and take care of themselves, saying that this will be key moving forward in an understaffed cybersecurity industry. Stewart then asked Payton the somewhat awkward question of where she thought Cisco had missed the mark with its security products. She answered diplomatically, saying that it’s important to take a hard look at products and ask whether or not it will take years of training and thousands of dollars to reach competency with the product. If the answer is yes, then clearly more time needs to be spent on innovation and automation.

Looking to the future, Payton said that she would like to see the justice system start putting cybercriminals in jail. She also said that she expects machine learning and behavioral analytics get to the point where it is stopping threats in real-time, without businesses having to respond. As a result of that shift, Payton said she expects security teams’ functions to change, from having to actually respond to threats, to holding more of a product engineer role. The final challenge Payton posed to the audience was for everyone at the conference to go back to their businesses and do a “walkabout”—asking around in IT to see what processes make it difficult for people to do their jobs, and listening to figure out what areas need to be improved upon. The other important point she finished on is to always assume everything will fail you—be prepared for the worst. If you protect your data as much as you possibly can, it will reduce attackers’ abilities to move laterally once they’ve breached your defenses, so that they can’t take everything. Like the first segment, this segment was all about thought leadership and positioning. If you had to bring someone else on stage out of the US government, Cisco had choices like the White House, FBI, groups like the DNC, and even NSA. Well…. HPE had the FBI on-stage at Discover, the NSA is the cause behind many of the malware attacks we’re experiencing like WannaCry, NotPetya, and the DNC… well, that’s obvious. So I liked the White House choice, even if there was little insight actually given into White House security.
Wrapping up 
While the Cisco Systems Day 3 security keynote pretty much stuck to the big picture concepts, I thought it was engaging and illuminating. The prior two days touched on actual security technology, so it was okay that Stewart and Payton kept things more theoretical and forward-looking. Cisco is clearly very focused on the future, both in security, and with the network as a whole. Cisco believes the Network Intuitive is the next big thing, and after hearing more about it this past week, I’m inclined to think they might be right. I’ll be watching with interest.