Cisco Security Leader Tom Gillis: Point Products Aren’t ‘Getting The Job Done’

‘The stakes are high and the current approach of applying individual point solutions -- as good as the point solutions are -- that’s not getting the job done … I would expect to see more from us on integrating these products so that they work as a suite, kind of like Microsoft Office -- Word, PowerPoint, Excel, SharePoint -- there’s a level of commonality between that makes them work better together,’ Cisco’s new security leader Tom Gillis tells CRN.

Cisco Systems has released the results of a survey that gauged the cybersecurity readiness of businesses around the world. The results? Not great. But the findings highlight areas of opportunity for partners to fill in the gaps. That’s according to Tom Gillis, senior vice president and general manager of Cisco’s Security Business Group who rejoined the company in January.

The survey found that 60 percent of respondents have had a cyber incident in the past 12 months and the average cost of a cyber incident hit these companies with a price tag of $500,000. It’s no small sum for many businesses and the current approach that many companies are taking – deploying best of breed, point security solutions, isn’t working, Gillis said.

Cisco, a longtime networking leader, has a plethora of strong point security solutions, but the tech giant hasn’t had an integrated security platform until just last year. Cisco in June unveiled its strategy to help enterprises connect their entire security architecture via a new platform, Cisco Security Cloud. The integrated platform, says Gillis, will help partners and end customers get a better vantage point of their entire environment and give much-needed context to incoming data and telemetry.

Gillis caught up with CRN to talk about the surprising results of the cybersecurity readiness survey, the opportunity for partners and the work that Cisco has been doing behind the scenes to pull some of its strong security solutions into one platform – Security Cloud – for solution providers and end users.

Here’s what Gillis had to say.

The survey found that only 15 percent of organization have a cybersecurity posture ‘mature’ enough to defend against threats of a hybrid world -- define mature?

We think that there’s a combination of products and services for how we make this all work. From a product standpoint, the industry has been focusing on point solutions; I put a security solution on an endpoint on a laptop, I put a security solution at the perimeter with a firewall, I can put a security solution on the public cloud. And what has happened is attackers have gotten so good that they can look like legitimate behavior, and they can bypass any one of those solutions. So, there’s very much a movement towards a systems approach where I can correlate what I see on the endpoint with what I see happening in the infrastructure. So, for example, we have our threat intelligence group, Talos. Talos sees more and more incident response anyone outside of the federal government, so we very much have an understanding of what attacks look like. Seventy-five percent of the ransomware attacks that we see have come from a process that was spawned out of a PowerShell script. What it means is that if you see PowerShell running on someone’s laptop and then it spawns some new process that then connects to the network and asks for 200 million credit card numbers -- If you see all of those things together, you’re like: “Wait, that’s not real behavior.” But if you’re only looking at the endpoint -- there are legitimate reasons why you would run PowerShell, so it’s not enough context to say: “This is bad.” Cisco’s unique in that we see the inner workings of the laptop, we see email natively, we see DNS and web traffic, and of course, nobody knows the network like Cisco. So, we have the ability to look across these multiple domains.

Where I think there’s a really, really important opportunity for our partners, is that customers more and more are looking to consume this as a managed service. At Cisco, we very much believe this in the age of the partner, and I’ll especially put an exclamation point on the need for a managed service because [businesses] are looking for that expertise and that thought leadership to, first of all, acknowledge the problem and then say: “Here’s how we can solve the problem in a unique way.” And we’re not the only company telling this story. But we’re one of only a few security companies that have the breadth to be able to work across all these domains. But it’s our partners that bring this thinking and the solution to bear with the customers.

Why is this important now for Cisco to move away from point solutions to a platform approach to address security?

I think there’s a great opportunity for us to really think differently about how we build and deploy security solutions. We’re very focused on the word platform, sometimes you can think of it as a suite of functionality where security can span the endpoint, email, web, and the network and look holistically across all those domains. Customer interest there is very, very high.

In a very large-scale survey, we included 6,700 customers across all major regions and business owners, and we ask them questions about the state of their security controls. Only 15 percent of the people that responded thought that they had good controls in place. “I’ve got a product and I know how to use it” -- that’s important. It’s not just about having the product, it’s like: “Do you have these things configured properly?” We’ve seen over and over again that that simply owning, for example, an endpoint solution, or firewall, does not mean you’re not going to have ransomware. Another thing that came out of the study is that 60 percent of the respondents have had a cyber incident in the past 12 months. So, I think it’s fair to say that the both the severity and the frequency of attacks has been growing steadily, which is what underscores this need for a different security approach. And the average cost of a cyber incident in this survey was $500,000. Of course, the high-profile attacks cost millions. So, the stakes are high and the current approach of applying individual point solutions -- as good as the point solutions are -- that’s not getting the job done. That’s where I think a company like Cisco can really shine.

What have you been doing along with the team to shape the security portfolio into the Security Cloud platform?

What’s great is that my boss, Jeetu Patel [Cisco’s executive vice president and general manager of security and collaboration] has been here for more than two years, so the security platform is not a radically new concept at Cisco. When I arrived, most of this work was already underway, for example, the AnyConnect VPN with a huge deployment in the enterprise [and] we’ve taken our other endpoint properties, like our EDR solution and like our multi-factor authentication, and built them into this unified, secure endpoint. So, a single endpoint can provide these multiple functions in a modular way. When the customer buys into our platform and they’re like: “Look, I’ve got one endpoint and it can do zero trust, multi-factor authentication, Web security and antivirus all from a single endpoint. So much easier to manage much easier to deploy much lower cost because you have a centralized control point. The operational costs are lower than if you bought those individual components. So, I would expect to see more from us on integrating these products so that they work as a suite, kind of like Microsoft Office -- Word, PowerPoint, Excel, SharePoint -- there’s a level of commonality between that makes them work better together.

How does Cisco’s XaaS push apply to the security business?

Security fits perfectly into the Cisco Plus push. We have an offering called Cisco Plus Secure Connect. That’s an integration of our Meraki networking with our advanced security capabilities. So, the customer sits at their cloud-delivered networking dashboard and they say: “I want to turn the security on, “and it’s like: click, click, turn on. There it is. That cloud-delivered service that’s the market today is very channel friendly and very, very useful for small and medium customers.

What advantages does Cisco have in the security space that competitors don’t?

I think that in order to be great at stopping ransomware, you have to see telemetry from four different areas. You have to see what’s happening on the endpoint itself. Cisco has a very interesting asset in [endpoint detection and response] EDR solutions where it’s very fragmented market. The market category leader might only have 10 or 15 percent market share. But there’s another thing running on the endpoint, which is a VPN. And Cisco’s AnyConnect [VPN] has 200 million enterprise endpoints deployed, which is [about] five times more than any antivirus or EDR solution on the market. So, we have a very broad footprint of endpoints, and that VPN has security capabilities that allow us to see what the antivirus with the EDR solution is looking at and pass that telemetry on. Endpoint telemetry is actually a significant point of differentiation for us because of this huge footprint that we have.

Email -- email is always involved. With these new AI-powered tools, the level of targeting and specification, we’re going to see sophisticated phishing attacks exponentially increase. But we have native email capabilities. There are a few if any security companies that see the number of mailboxes that we do. we have the Web -- you have to see the websites that they’re going to. And then of course, there’s the behavior of the network itself and that’s us. So, we have all four of those domains and I don’t think there’s any other security company that has the breadth of data that we have.