Three steps to robust security

Tom Gillis, head of Cisco’s Security Business Group, shares his top tips for detecting, preventing, and remediating security threats.
Tom Gillis and Cisco Hypershield

Cybersecurity has never been easy. But today’s threat landscape is beyond anything we could have imagined even a few years ago.

The good news is that organizations can fight back decisively — if they implement the right defenses and strategies.

We spoke with Tom Gillis, senior vice president and general manager of the Cisco Security Business Group (SBG), for his top three tips to creating a resilient security posture.

As Gillis stresses, his suggestions are not radically new concepts. What is radically new is how Cisco uplevels their effectiveness with AI-driven solutions that are easier to implement and maintain, while offering the most advanced detection and automated responses.  

Update Zero Trust Network Access

Ever since cybercriminals figured out that it’s easier to log in than break in, identity-related attacks have been on the rise. Zero Trust and least-privileged policies are a common way to fight back. By limiting users to only the data and apps they need to do their jobs it lessens the damage from a breach. As Gillis explains, “The idea is that the salespeople can access sales applications, the IT people can access IT applications, but you probably don’t want salespeople getting into IT apps.”

That may sound simple, but with thousands of apps, multiple firewalls, “app connectors,” and highly distributed users, it’s not. But Cisco has a comprehensive, platform-based solution.

“Cisco solves this problem uniquely by combining our proven widely deployed traditional VPN with modern Zero Trust into one integrated solution we call Cisco Secure Access,“ Gillis explained. “It allows you to deliver a great end-user experience on Day One.”

“Whether I'm going to one of those legacy apps that needs VPN support,” he continued, “or a more modern app that can fit into that least-privileged framework, Cisco handles all of that. All the user knows is that it works.”

“The icing on the cake,” Gillis believes, is Cisco ThousandEyes. It can pinpoint the source of a problem, whether it’s the broadband provider, a cloud-based app, or even your own laptop.

“We deliver that great end-user experience and we measure it,” Gillis said. “So, we've integrated ThousandEyes, which is our network monitoring capability into this solution so that if the user experience isn’t great, we can tell you exactly why.”

Protect your apps with AI

As with user identity, bad actors will exploit a compromised app or connected machine rather than hack directly into a network. So, Zero Trust must extend beyond humans and into the data center.

As Gillis explains, segmentation is a foundational strategy for defining the ways in which an application can communicate. That limits hackers’ access once they get into a particular app.

Again, it’s not as simple as it sounds. Event-driven applications can respond to normal business changes in unpredictable ways. So, it’s difficult to determine when one is truly acting in nefarious ways.

Cisco has good news.

“With Cisco's new Hypershield technology,” Gillis said, “we use the power of AI to deeply understand what an application is doing and how it's operating so that we can predict which policies should be put in place to prevent that application from doing something that it never should.”

Beyond segmentation, Cisco Hypershield adds application-level vulnerability management. It’s a highly automated, AI-driven capability to protect your apps, know which ones need patches, and isolate them if compromised.

“To stop against the modern attacks we're seeing,” Gillis added, “you need to understand the application and the vulnerabilities that reside within the application. This is a unique capability of Cisco Hypershield. We have the ability to put an enforcement point almost everywhere. We can put a little tiny baby enforcement point right close to the application, and we understand those vulnerabilities and we apply what's called a compensating control that can shield those vulnerabilities while the app team is working at patching and updating the application.”

Uplevel analytics

As we’ve seen, attackers are faking their way into networks by mimicking legitimate users and apps. So, analytics that tell friend from foe are another essential line of defense.

Gillis cites Cisco XDR (extended detection and response) as a great starting point.

“Cisco XDR is an analytic engine that draws telemetry from our user-protection suite and sees all that user activity,” he said. “And our cloud-protection suite, which is protecting those apps either in private clouds or public clouds, pulls that telemetry together in near real time and identifies things like ransomware at the very early stages of an attack. It then provides a path to automate the recovery from ransomware. It's a unique and innovative solution that leverages the infrastructure that Cisco has already put in place.”

Cisco’s acquisition of Splunk will supercharge these already formidable capabilities, creating a transformative combination of networking, security, observability, and AI.

“The Splunk platform and enterprise security capabilities that sit on top of it are by far the most sophisticated security analytics systems on the market today,” Gillis said. “It has the ability to do security analytics regardless of where your data is living. So, it will work on-prem. It'll work on Cloud A, it'll work on cloud B, and it ties it all together with Splunk's unique federated search capability.”

Given these three core capabilities — and all that Cisco and now Splunk add to them — any company can excel at security.

“Whether going from infrastructure to highly automated analytics with security XDR or to more powerful analytics platforms like Splunk,” Gillis concluded, “Cisco brings it all together.”