Once more unto the breach
Steve Rogerson reports from last month’s Cisco Live in Las Vegas on how the networking company is tackling security.
It was like being at a rock concert. Thousands of people in a massive hall in Las Vegas waiting, not for the Rolling Stones or Meat Loaf, but for Cisco Chief Chuck Robbins to give his keynote speech and open Cisco Live.
This annual event attracted 28,000 delegates, many of them self-confessed geeks, to hear about the latest technologies and the direction the networking giant was planning on taking over the next year. For Robbins, this was his first experience of Cisco Live since taking over the reigns last year, but he showed no nervousness as he walked onto the stage.
“We are living in one of the most unbelievable times,” he said. “Technology is now fundamentally the strategy of any organisation. Technology will fundamentally change the way you live.” He says ‘fundamentally’ a lot. Over time, he said, anything could be connected. The question though is what is the value that comes out of that connection?
This change has to start at the top, where company leaders need to see not only the possibilities but also the dangers, which was why Cisco used the conference both to show how the IoT was moving forwards and, just as crucially, how to make it is secure. And that was about using IoT and M2M technologies themselves to protect against the hackers.
“There is a synergy between networks and security,” said Robbins. “Machine learning can be used to detect threats.”
David Goeckeler, Cisco Senior Vice President, added: “The security starts with the network. We can’t keep everything out, so we have to limit the damage and track them down quickly. The network becomes fundamental in security.”
A key element of this is the company’s Stealthwatch product that both detects threats and requires a response. However, more important is its machine learning capabilities, which let it adapt as new threats emerge.
“It is a machine learning process that runs on your routing infrastructure,” said Cisco Senior Vice President Jeff Reed. “It looks at all the traffic that flows through your network. It looks for anomalies and learns what are real anomalies. If you add a service, it alerts the admin. The admin will look to see if it is an anomaly or a new feature and tells Stealthwatch and it learns.”
David Ulevitch, who is also a Vice President in Cisco’s Security Business group, said security was about more than just visibility. “When you give us visibility, you also need to have the ability to take action,” he said. “Se we took our product for visibility and turned it into one for enforcement.”
The importance of this was stressed by Scott Harrell, a Vice President in charge of Cisco’s Security Business group. “We all feel a lack of control as machines come onto the network that we can’t monitor,” he said. “The attackers keep coming, again and again. They are relentless. They will not stop. It doesn’t matter what industry you are in. And, more times than not, they will succeed.”
Mind the gap
There was a fundamental flaw, he said, in how companies were trying to protect modern, complex, diverse and ever-changing networks. This he called the ‘security effectiveness gap’, where each new protection measure added to the network was less effective than the previous one while the abundance of these increased the complexity of the network exponentially.
“We want to close the gap so as we add security we dampen down complexity,” he said. “Security must evolve and there must be an architectural approach. There is no silver bullet for security. You don’t want something that just solves one security problem. The security problem is bigger than that.”
Ashley Arbuckle, who is a Cisco Vice President for Security Services, said that as new threats appeared, organisations were often left scrambling. “This is what leads to the security effectiveness gap,” he said. “We know the game is changing. A different approach is going to be needed regarding security. Seven out of ten executives tell us that security is impeding innovation and 40% have halted mission critical initiatives because of security.”
Harrell said the goal was to make security “simpler to use, simpler to deploy, simpler to scale, simpler to operate and simpler to manage.”
However, to do this Cisco realises it must not only develop its own technology but also invest in other companies that are working in the cyber security field. One of these is Israel-based Illusive Networks. Founded in 2014, the company set out to tackle the problems of cyber security.
“We have pioneered a method of cyber security,” said Vice President Tracy Pallas. “The fully advanced attackers will find their way in. We want to notify and stop that breach as quickly as possible.”
She said the average network breach lasted 205 days without being detected. And 69% of the time a breach was found, it was from an external source. What Illusive’s technology does is make it harder for the attackers to find their way around the network with lots of false paths and end points. If the attacker follows one of these, then an alert is triggered.
“The attacker in your system cannot see which resources are real and which are false,” said Pallas. “If they track a false one, it alerts a breach.” She said the easiest way into a network was by compromising a PC.
“The PC may not have serious security information on it, but it can be the entry point,” she said. “They can see where the connection points are to get where they want. But by deploying decoy data, all of a sudden there are a lot more connections. If they try to go to a fake spot, there is an alarm straight away. Once the breach is alerted, we can show exactly where it is on the network.”
Cisco is investing in this technology, and she said it was looking at ways of building this alert system into its portfolio. Partnering such companies is now a key strategy for Cisco. As Harrell pointed out: “We will partner directly with our competitors, people who we sell against every day. We will take third party products and integrate them into our products.”
Security, he said, needed to be architecture-based to react in real time, “In machine time, in attacker time.”