Cisco Security Cloud Could Satisfy ‘Lacking,’ Cohesive Security Portfolio
The networking giant has a security portfolio of strong point security solutions, but Cisco hasn’t had an integrated security platform until now and that approach has hindered adoption, according to Cisco partners. The Cisco Security Cloud platform, revealed in June, is meant to remedy that.
Cisco Systems, a longtime networking leader, has a plethora of security solutions. But the portfolio has yet to break through in the same way that some competing security vendors have in the enterprise and midmarket.
Cisco has strong point security solutions, but the tech giant hasn’t had an integrated security platform until now. It’s that distinction, says Cisco partners, that has affected adoption.
“The entire, cohesive security solution is lacking for Cisco.” said Matthew Ogden, CTO for MNJ Technologies, a Buffalo Grove, Ill.-based solution provider and Cisco Partner. “Whereas, if you look at Palo Alto Networks, for example, it’s all built together— it’s all one platform with the licensing and everything,” he said.
Cisco has done a good job of seeking out the pieces it has needed to fill out its security portfolio in the form of acquisitions, such as Duo Security in 2018 for multi-factor authentication and Kenna Security in 2021 for risk-based vulnerability management. But the company hasn’t brought all the parts together in a package that makes the most sense for customers, Ogden said. “The problem they’re running into is the midmarket cannot buy three different products at Cisco pricing,” he said.
And for partners, it creates an additional integration challenge that lands on their plates. “You have to pull three pieces together to get one solution that other providers already have,” Ogden said.
Enter Cisco Security Cloud
“What we have not done a great job of was in the past, we did not integrate our portfolio the way we should have. I think the market is now very clearly expressing an appetite desire and a preference to buy an integrated platform rather than point solutions,” Jeetu Patel, Cisco’s executive vice president and general manager of security and collaboration, told CRN.
Businesses are shifting to a platform-based approach for security, so Cisco needs to move in the same direction, Patel said.
“We’ve got a pretty large security presence … we have the broadest set of solutions in the market — everything from user, device, network and applications,” he said. “You will see us move away from the best of breed, point solution-based approach, to getting to an integrated platform.”
The tech giant in June unveiled its new overarching security strategy that starts with a single platform:
Cisco Security Cloud. The unified, open-standards-based platform is the basis of the company’s security plan for the future. It will ensure security across hybrid and multi-cloud environments with capabilities for securely connecting people, applications and devices located anywhere. The platform includes threat prevention, detection, response and remediation at scale, with no vendor lock-in, and it’s similar to the approach that Cisco took with its flagship Webex collaboration platform, the company told CRN prior to RSA 2022 last month.
Cisco’s security platform approach will be a multi-year effort, Patel said. “We’ll keep getting better and better at it.” Cisco is also opening APIs for its Security Cloud platform that 3,500 vendors on the market will be able to tap into, he added.
It’s still important to have a broad range of security solutions because security is a “data game,” according to Patel. But point solutions often correlate weakly to each other as opposed to an integrated platform, he said.
“The more data you have, the better you’re going to be at predicting when a breach has occurred and being able to stop that breach, or when a breach already infiltrated your organization. And that happens way better when you’ve got telemetry on the network, and on the endpoint, and on the user. Our goal will be to continue to make sure that we have an integrated platform that goes across multiple personas — NetOps and SecOps,” he said.
Cisco’s End-To-End Security segment consistently posted double-digit growth during the pandemic, until its fiscal second quarter of 2022 which ended January 29 when the business unit reported 7 percent growth. During the company’s most recent fiscal quarter — Q3 2022, which ended April 30 — Cisco’s security segment reported 7 percent growth during quarter with revenues of $938 million, which Cisco CFO R. Scott Herren said was driven by strength in the company’s zero-trust portfolio.
Cisco is focused on unifying experiences across its entire portfolio — not just security — a strategy the vendor promoted heavily at Cisco Live 2022 in June. Customers want a more simplified approach to IT buying across the board and security has made its way into every technology purchase, according to one Cisco partner who asked to remain anonymous.
“I think what they’re trying to do — bundling in their security products into the broader portfolio — is smart,” the partner said. “So even if maybe [the customer] doesn’t buy their security products today, they already have access to it through a different licensing mechanism. And over time as their other contracts expire, or Cisco develops something new, it might give them the chance to start turning it on or take a second look at it.”
Patel said that partners will play a very strategic role on every aspect of Cisco’s security strategy, whether they focus on network security and secure connectivity, zero trust, or working with Cisco’s Threat Intelligence Team. But there will need to be a “re-education” on all the pieces that Cisco Security Cloud will bring for the channel, he said.
“We’re going to rely a lot on our partners to build great technology, but then enable them so that they can take it to our customers,” he said. “We want to make sure that we do that because there’s this tremendous amount of trust that customers have with the Cisco brand and networking and security so intrinsically tie together. You can’t be in the connectivity business and not be in the protection business. I just don’t think that works.”