January 19, 2015 at 11:45Cisco Information Security 2014: Summary
The recent 2014 year was a great success for Cisco in terms of information security. We managed to strengthen our position in the market and confirm the correctness of the previously chosen strategy for the development of the network security area, the main drivers of which, in our opinion, are the solution of 3 key problems that any enterprise has to face:
To solve these problems, we took several steps:
In previous years, we made annually 1, maximum 2, announcements about the release of new solutions or a major update of existing ones. In 2014, there were 5 such announcements (!), Which once again testifies to the attention that Cisco pays to this topic.
Of the new solutions presented in the past year, I would like to focus on the following:
By the way, you could pay attention that last year we increased our activity in the virtualization segment and currently we have virtualized solutions for all hardware security solutions - ASAv, vESA, vWSA, vISE, NGIPSv, VSG, vCTD, vSCE, virtual defense center, etc.
In addition to developing its own product line, Cisco pays great attention to integrating its products with the solutions of our partners. In particular, for this, we proposed pxGrid (Cisco Platform Exchange Grid), which allows the exchange of contextual information for more efficient network control and access control. Last year, using pxGrid, we connected Ping Identity authentication solutions to our infrastructure, Bayshore industrial network and ICS protection tools, Endace Emulex packet capture and network incident investigation tools, NetIQ SIEM solution, as well as Tenable vulnerability scanner.
In addition to the development of integration with international players in the information security market and taking into account the attention that is currently being paid to local products in the field of information security, Cisco has intensified its cooperation with Russian developers of information security tools. In particular, the integration of Positive Technologies MaxPatrol security analysis system with FireSIGHT management system was completed, which allows you to use information about services and applications running on nodes in the network, as well as vulnerabilities on them, and correlate this data with information from the Cisco FirePOWER NGFW firewall , intrusion prevention systems Cisco FirePOWER NGIPS, anti-malware systems Cisco AMP, Cisco ASA with FirePOWER Services, etc.
But this is not the only example of integration with domestic products. Having started cooperation with the S-Terra CESP company several years ago, last year it received a new development. A joint VPN solution certified by the FSB was transferred to the new UCS-E platform, the production of which we started in Russia. Now, the CSP VPN Gate running on it can work 2-2.5 times faster than before. This trusted UCS-E platform has served as a platform for other domestic security solutions:
The effectiveness of defenses today depends on how the company is able to quickly learn new, dynamically changing threats, and equip its knowledge with this knowledge. Cisco also does not stand still in this regard, and the year 2014 was marked by the acquisition of another company specializing in research in this area. We are talking about the company ThreatGRID, the research of which was used by very many eminent players in the information security market in the world. At the moment, the integration of ThreatGRID technologies into the Cisco product line is nearing completion, which will make it possible to organize effective detection and neutralization of threats even in an enterprise completely isolated from the Internet, which cannot update its funds from the cloud update service.
ThreatGRID specialists, as well as all other Cisco information security research units (Sourcefire VRT, Cisco SIO, Cognitive Security, etc.), were united last year into Cisco Talos, which now operates on five key directions:
Such a number of new products allowed Cisco to reaffirm its leading position in the 3 “magic squares” of Gartner (Secure Web Gateway, Secure Email Gateway, Network Access Control), as well as gaining leadership in two more segments - IPS and UTM. In Russia, according to IDC, Cisco is also a market leader in network security.
After the acquisition of Sourcefire, many asked us about the future of open source projects conducted by Sourcefire. First of all, everyone was worried about the fate of Snort; but other solutions (ClamAV, Razorback, MoFlow, DaemonLogger, etc.) were also worried by many users. We eliminated all doubts in February 2014, when we announced the OpenAppID network security application application description language, which allowed us to catch not only network, but also application threats. Six months later, we announced another major project in this area - the OpenSOC open platform for building our own security control centers, which allows us to collect alarms from various security tools, correlate them, analyze and visualize them. And already on New Year's Eve, in mid-December,
Another acquisition we made last year was the acquisition of Neohapsis, a leader in information security consulting. This purchase was the next step in the development of security services, which the company began to activate last year.
Work continued on the certification of Cisco solutions to Russian information security requirements. Over 50 new certificates were received, but we would especially like to note the certification as the firewall of the Cisco 2911R router manufactured in Russia. We also completed the certification of the Cisco 2951 Router, as well as the next-generation Sourcefire NGFW firewall.
All of the above achievements confirm not only that 2014 was a very successful year for Cisco in the field of information security and was marked by very important and interesting announcements and new products, but also that Cisco continues to be a leader in the global and Russian network security market. In 2015, we will continue to maintain our leading position by offering our customers and partners the best products and services to detect and repel various threats, including new integration solutions with Russian companies.
Threat. Also, this note, but in a slightly more advanced version, was presented to us in the form of a video on YouTube.
- new business models (clouds, mobility, Internet of things, SDN, etc.)
- threat landscape dynamism
- complexity and fragmentation of defenses.
To solve these problems, we took several steps:
- new security solutions released
- existing solutions updated
- presented several new integration solutions with both foreign and Russian developers of information security tools
- acquired several new companies dealing with various issues of information security
- new research unit formed
- developed new services in the field of information security.
In previous years, we made annually 1, maximum 2, announcements about the release of new solutions or a major update of existing ones. In 2014, there were 5 such announcements (!), Which once again testifies to the attention that Cisco pays to this topic.
Of the new solutions presented in the past year, I would like to focus on the following:
- high-performance Cisco FirePOWER devices operating at speeds of 120 Gbit / s in NGFW mode and 60 Gbit / s in NGIPS mode
- AMP Everywhere is a anti-malware solution that can not only be installed on PCs and mobile devices or run as a separate high-speed network gateway, but also integrated into the ITU Cisco ASA 5500-X, Cisco FirePOWER NGFW, Cisco FirePOWER NGIPS, Cisco Email Security Appliance, Cisco Web Security Appliance, and Cisco Cloud Web Security
- AMP Private Cloud - a solution that allows you to manage the functions of AMP for Endpoint and AMP for Networks locally, bypassing the cloud, thereby reducing the risk of lack of Internet
- FirePOWER Services for ASA - a completely new solution that allows you to “raise” on the Cisco ASA 5500-X platform, in addition to the usual firewall and VPN, a new generation intrusion prevention system, a new generation ITU, URL filtering system, anti-malware system, incident investigation system, security scanner, automated process control system protection system and a number of other important protective services
- ASAv is a virtual firewall that has all the features of a hardware-based Cisco ASA, but works in a virtualized environment.
By the way, you could pay attention that last year we increased our activity in the virtualization segment and currently we have virtualized solutions for all hardware security solutions - ASAv, vESA, vWSA, vISE, NGIPSv, VSG, vCTD, vSCE, virtual defense center, etc.
In addition to developing its own product line, Cisco pays great attention to integrating its products with the solutions of our partners. In particular, for this, we proposed pxGrid (Cisco Platform Exchange Grid), which allows the exchange of contextual information for more efficient network control and access control. Last year, using pxGrid, we connected Ping Identity authentication solutions to our infrastructure, Bayshore industrial network and ICS protection tools, Endace Emulex packet capture and network incident investigation tools, NetIQ SIEM solution, as well as Tenable vulnerability scanner.
In addition to the development of integration with international players in the information security market and taking into account the attention that is currently being paid to local products in the field of information security, Cisco has intensified its cooperation with Russian developers of information security tools. In particular, the integration of Positive Technologies MaxPatrol security analysis system with FireSIGHT management system was completed, which allows you to use information about services and applications running on nodes in the network, as well as vulnerabilities on them, and correlate this data with information from the Cisco FirePOWER NGFW firewall , intrusion prevention systems Cisco FirePOWER NGIPS, anti-malware systems Cisco AMP, Cisco ASA with FirePOWER Services, etc.
But this is not the only example of integration with domestic products. Having started cooperation with the S-Terra CESP company several years ago, last year it received a new development. A joint VPN solution certified by the FSB was transferred to the new UCS-E platform, the production of which we started in Russia. Now, the CSP VPN Gate running on it can work 2-2.5 times faster than before. This trusted UCS-E platform has served as a platform for other domestic security solutions:
- certified in FSB CIPF ViPNet Coordinator
- certified by the FSB CIPF Dionis NX
- ITU Application Layer Positive Technologies Application Firewall
- FSB Certified ViPNet IDS Intrusion Detection System
- Basic Trusted Module (BDM) Elvis +.
The effectiveness of defenses today depends on how the company is able to quickly learn new, dynamically changing threats, and equip its knowledge with this knowledge. Cisco also does not stand still in this regard, and the year 2014 was marked by the acquisition of another company specializing in research in this area. We are talking about the company ThreatGRID, the research of which was used by very many eminent players in the information security market in the world. At the moment, the integration of ThreatGRID technologies into the Cisco product line is nearing completion, which will make it possible to organize effective detection and neutralization of threats even in an enterprise completely isolated from the Internet, which cannot update its funds from the cloud update service.
ThreatGRID specialists, as well as all other Cisco information security research units (Sourcefire VRT, Cisco SIO, Cognitive Security, etc.), were united last year into Cisco Talos, which now operates on five key directions:
- development
- research
- response
- vulnerabilities
- PR
Such a number of new products allowed Cisco to reaffirm its leading position in the 3 “magic squares” of Gartner (Secure Web Gateway, Secure Email Gateway, Network Access Control), as well as gaining leadership in two more segments - IPS and UTM. In Russia, according to IDC, Cisco is also a market leader in network security.
After the acquisition of Sourcefire, many asked us about the future of open source projects conducted by Sourcefire. First of all, everyone was worried about the fate of Snort; but other solutions (ClamAV, Razorback, MoFlow, DaemonLogger, etc.) were also worried by many users. We eliminated all doubts in February 2014, when we announced the OpenAppID network security application application description language, which allowed us to catch not only network, but also application threats. Six months later, we announced another major project in this area - the OpenSOC open platform for building our own security control centers, which allows us to collect alarms from various security tools, correlate them, analyze and visualize them. And already on New Year's Eve, in mid-December,
Another acquisition we made last year was the acquisition of Neohapsis, a leader in information security consulting. This purchase was the next step in the development of security services, which the company began to activate last year.
Work continued on the certification of Cisco solutions to Russian information security requirements. Over 50 new certificates were received, but we would especially like to note the certification as the firewall of the Cisco 2911R router manufactured in Russia. We also completed the certification of the Cisco 2951 Router, as well as the next-generation Sourcefire NGFW firewall.
All of the above achievements confirm not only that 2014 was a very successful year for Cisco in the field of information security and was marked by very important and interesting announcements and new products, but also that Cisco continues to be a leader in the global and Russian network security market. In 2015, we will continue to maintain our leading position by offering our customers and partners the best products and services to detect and repel various threats, including new integration solutions with Russian companies.
Threat. Also, this note, but in a slightly more advanced version, was presented to us in the form of a video on YouTube.