Cisco Security Leader Tom Gillis: Point Products Aren’t ‘Getting The Job Done’

Cisco Systems has released the results of a survey that gauged the cybersecurity readiness of businesses around the world. The results? Not great. But the findings highlight areas of opportunity for partners to fill in the gaps. That’s according to Tom Gillis, senior vice president and general manager of Cisco’s Security Business Group who rejoined the company in January.

The survey found that 60 percent of respondents have had a cyber incident in the past 12 months and the average cost of a cyber incident hit these companies with a price tag of $500,000. It’s no small sum for many businesses and the current approach that many companies are taking – deploying best of breed, point security solutions, isn’t working, Gillis said.

Cisco, a longtime networking leader, has a plethora of strong point security solutions, but the tech giant hasn’t had an integrated security platform until just last year. Cisco in June unveiled its strategy to help enterprises connect their entire security architecture via a new platform, Cisco Security Cloud. The integrated platform, says Gillis, will help partners and end customers get a better vantage point of their entire environment and give much-needed context to incoming data and telemetry.

Gillis caught up with CRN to talk about the surprising results of the cybersecurity readiness survey, the opportunity for partners and the work that Cisco has been doing behind the scenes to pull some of its strong security solutions into one platform – Security Cloud – for solution providers and end users.

Here’s what Gillis had to say.

The survey found that only 15 percent of organization have a cybersecurity posture ‘mature’ enough to defend against threats of a hybrid world -- define mature?

We think that there’s a combination of products and services for how we make this all work. From a product standpoint, the industry has been focusing on point solutions; I put a security solution on an endpoint on a laptop, I put a security solution at the perimeter with a firewall, I can put a security solution on the public cloud. And what has happened is attackers have gotten so good that they can look like legitimate behavior, and they can bypass any one of those solutions. So, there’s very much a movement towards a systems approach where I can correlate what I see on the endpoint with what I see happening in the infrastructure. So, for example, we have our threat intelligence group, Talos. Talos sees more and more incident response anyone outside of the federal government, so we very much have an understanding of what attacks look like. Seventy-five percent of the ransomware attacks that we see have come from a process that was spawned out of a PowerShell script. What it means is that if you see PowerShell running on someone’s laptop and then it spawns some new process that then connects to the network and asks for 200 million credit card numbers -- If you see all of those things together, you’re like: “Wait, that’s not real behavior.” But if you’re only looking at the endpoint -- there are legitimate reasons why you would run PowerShell, so it’s not enough context to say: “This is bad.” Cisco’s unique in that we see the inner workings of the laptop, we see email natively, we see DNS and web traffic, and of course, nobody knows the network like Cisco. So, we have the ability to look across these multiple domains.

Where I think there’s a really, really important opportunity for our partners, is that customers more and more are looking to consume this as a managed service. At Cisco, we very much believe this in the age of the partner, and I’ll especially put an exclamation point on the need for a managed service because [businesses] are looking for that expertise and that thought leadership to, first of all, acknowledge the problem and then say: “Here’s how we can solve the problem in a unique way.” And we’re not the only company telling this story. But we’re one of only a few security companies that have the breadth to be able to work across all these domains. But it’s our partners that bring this thinking and the solution to bear with the customers.