Cisco information security in 2014: a brief summary
The recent year 2014 was very successful for Cisco in terms of information security. We managed to strengthen our position in the market and confirm the correctness of the previously chosen strategy for developing network security, the main drivers of which, in our opinion, are the solution of 3 key problems that any enterprise has to face:
To solve these problems, we have taken several steps:
In previous years, we made annually 1, maximum 2, announcements about the release of new solutions or a major update of existing ones. In 2014, there were 5 such announcements (!), Which testifies to the attention that Cisco pays to this topic.
')
Of the new solutions presented in the past year, I would like to focus on the following:
By the way, you might have noticed that last year we increased our activity in the virtualization segment and by now we have virtualized solutions for all hardware security solutions - ASAv, vESA, vWSA, vISE, NGIPSv, VSG, vCTD, vSCE, virtual defense center, etc.
In addition to developing its own product line, Cisco pays great attention to the integration of its products with the solutions of our partners. In particular, for this we have proposed the pxGrid platform (Cisco Platform Exchange Grid), which allows you to exchange contextual information for more effective network control and access control. Last year, we connected pxGrid to our infrastructure with Ping Identity authentication solutions, industrial network protection tools and Bayshore automated process control systems, Endace Emulex packet capture and network incident investigation tools, NetIQ SIEM solution, and Tenable vulnerability scanner.
In addition to the development of integration with the global players of the information security market and taking into account the attention that is now being paid to local products in the field of information security, Cisco has activated interaction with Russian developers of information security tools. In particular, the integration of the MaxPatrol protection system of the company Positive Technologies with the FireSIGHT management system was completed, which allows you to use information about services and applications running on the nodes in the network, as well as vulnerabilities that exist on them and correlate this data with information from the Cisco FirePOWER NGFW firewall , Cisco FirePOWER NGIPS intrusion prevention systems, Cisco AMP anti-malware system, Cisco ASA solution with FirePOWER Services, etc.
But this is not the only example of integration with domestic products. Starting several years ago, cooperation with the company “S-Terra CSP”, in the past year it has received a new development. A joint VPN solution certified by the FSB was transferred to a new UCS-E platform, the production of which we started in Russia. Now, the VPN gateway CSP VPN Gate launched on it can work 2-2.5 times faster than before. This trusted UCS-E platform served as a platform for other domestic security solutions:
The effectiveness of remedies today depends on how the company is able to quickly examine new, dynamically changing threats, and equip their solutions with this knowledge. Cisco in this regard is also not standing still, and 2014 was marked by the acquisition of another company specializing in research in this area. We are talking about the company ThreatGRID, the studies of which were used by many famous players of the information security market in the world. At the moment, the integration of ThreatGRID technologies into the Cisco product line is being completed, which will make it possible to organize effective detection and neutralization of threats even in an enterprise completely isolated from the Internet, which cannot update its funds from the cloud-based update service.
ThreatGRID specialists, as well as all other Cisco divisions engaged in information security research (Sourcefire VRT, Cisco SIO, Cognitive Security, etc.), were united last year into the Cisco Talos organization, which now operates five key directions:
This number of new products allowed Cisco to reaffirm its leading position in the 3 “magic squares” of Gartner (Secure Web Gateway, Secure Email Gateway, Network Access Control), and also to take the lead in two segments - IPS and UTM. In Russia, according to IDC, Cisco is also the market leader in network security.
After the acquisition of Sourcefire, many people asked us a question about the future of open source projects that were conducted by Sourcefire. First of all, everyone was worried about the fate of Snort; but other solutions (ClamAV, Razorback, MoFlow, DaemonLogger, etc.) were also worried about by many users. We dispelled all doubts in February 2014, when we announced the application description language for network security tools OpenAppID, which allowed us to catch not only network threats, but also application threats. Six months later, we announced another major project in this area - an open platform OpenSOC for building our own security management centers, which allows us to collect alarms from various protection tools, correlate them, analyze and visualize them. And already completely on the eve of the New Year, in the middle of December, we announced the release of the preliminary version of Snort 3.0, built on a completely new architecture.
Another acquisition we made last year was the purchase of Neohapsis, a leader in information security consulting. This purchase was the next step in the development of security services, which the company began to activate last year.
Work continued in the part of certification of Cisco solutions for Russian requirements in the field of information security. More than 50 new certificates were received, but we would especially like to mention certification of the Cisco 2911R router produced in Russia as a firewall. We also completed the certification of the Cisco 2951 router, as well as the next generation Sourcefire NGFW firewall.
All of the above achievements confirm not only that 2014 was very successful for Cisco in the field of information security and was marked by very important and interesting announcements and novelties, but also that Cisco continues to be the leader of the global and Russian network security market. In 2015, we will continue to hold our leading positions, offering our customers and partners the best products and services for detecting and countering various threats, including new integration solutions with Russian companies.
Shl. Also, this note, but in a slightly more extended version, was presented to us as a video on YouTube.
- new business models (clouds, mobility, Internet of things, SDN, etc.)
- dynamic landscape of threats
- complexity and fragmentation of remedies.
To solve these problems, we have taken several steps:
- new security solutions released
- updated existing solutions
- Several new integration solutions are presented with both foreign and Russian developers of information security tools.
- acquired several new companies dealing with various IS issues
- formed a new research unit
- developed new services in the field of information security.
In previous years, we made annually 1, maximum 2, announcements about the release of new solutions or a major update of existing ones. In 2014, there were 5 such announcements (!), Which testifies to the attention that Cisco pays to this topic.
')
Of the new solutions presented in the past year, I would like to focus on the following:
- Cisco FirePOWER high-performance devices operating at 120 Gbit / s in NGFW mode and 60 Gbit / s in NGIPS mode
- AMP Everywhere - anti-malware solution that can be not only installed on PCs and mobile devices or implemented as a separate high-speed network gateway, but also integrated into the ITU Cisco ASA 5500-X, Cisco FirePOWER NGFW, Cisco FirePOWER NGIPS, Cisco Email Security Appliance, Cisco Web Security Appliance and Cisco Cloud Web Security
- AMP Private Cloud - a solution that allows you to manage the functions of AMP for Endpoint and AMP for Networks locally, bypassing the cloud, thereby reducing the risks of lack of Internet
- FirePOWER Services for ASA is a completely new solution that allows you to “raise” on the Cisco ASA 5500-X platform, in addition to the usual firewall and VPN, a new generation intrusion prevention system, new generation ITU, URL filtering system, anti-malware system, incident investigation system, security scanner, automated process control system protection system and a number of other important protective services
- ASAv is a virtual firewall that has all the features of Cisco ASA hardware, but works in a virtualized environment.
By the way, you might have noticed that last year we increased our activity in the virtualization segment and by now we have virtualized solutions for all hardware security solutions - ASAv, vESA, vWSA, vISE, NGIPSv, VSG, vCTD, vSCE, virtual defense center, etc.
In addition to developing its own product line, Cisco pays great attention to the integration of its products with the solutions of our partners. In particular, for this we have proposed the pxGrid platform (Cisco Platform Exchange Grid), which allows you to exchange contextual information for more effective network control and access control. Last year, we connected pxGrid to our infrastructure with Ping Identity authentication solutions, industrial network protection tools and Bayshore automated process control systems, Endace Emulex packet capture and network incident investigation tools, NetIQ SIEM solution, and Tenable vulnerability scanner.
In addition to the development of integration with the global players of the information security market and taking into account the attention that is now being paid to local products in the field of information security, Cisco has activated interaction with Russian developers of information security tools. In particular, the integration of the MaxPatrol protection system of the company Positive Technologies with the FireSIGHT management system was completed, which allows you to use information about services and applications running on the nodes in the network, as well as vulnerabilities that exist on them and correlate this data with information from the Cisco FirePOWER NGFW firewall , Cisco FirePOWER NGIPS intrusion prevention systems, Cisco AMP anti-malware system, Cisco ASA solution with FirePOWER Services, etc.
But this is not the only example of integration with domestic products. Starting several years ago, cooperation with the company “S-Terra CSP”, in the past year it has received a new development. A joint VPN solution certified by the FSB was transferred to a new UCS-E platform, the production of which we started in Russia. Now, the VPN gateway CSP VPN Gate launched on it can work 2-2.5 times faster than before. This trusted UCS-E platform served as a platform for other domestic security solutions:
- certified in FSB SKPI ViPNet Coordinator
- certified in FSB SKZI Dionis NX
- Application-level ITU Positive Technologies Application Firewall
- FSB-certified ViPNet IDS intrusion detection system
- Basic Trusted Module (BDM) Elvis +.
The effectiveness of remedies today depends on how the company is able to quickly examine new, dynamically changing threats, and equip their solutions with this knowledge. Cisco in this regard is also not standing still, and 2014 was marked by the acquisition of another company specializing in research in this area. We are talking about the company ThreatGRID, the studies of which were used by many famous players of the information security market in the world. At the moment, the integration of ThreatGRID technologies into the Cisco product line is being completed, which will make it possible to organize effective detection and neutralization of threats even in an enterprise completely isolated from the Internet, which cannot update its funds from the cloud-based update service.
ThreatGRID specialists, as well as all other Cisco divisions engaged in information security research (Sourcefire VRT, Cisco SIO, Cognitive Security, etc.), were united last year into the Cisco Talos organization, which now operates five key directions:
- development
- research
- response
- vulnerabilities
- PR.
This number of new products allowed Cisco to reaffirm its leading position in the 3 “magic squares” of Gartner (Secure Web Gateway, Secure Email Gateway, Network Access Control), and also to take the lead in two segments - IPS and UTM. In Russia, according to IDC, Cisco is also the market leader in network security.
After the acquisition of Sourcefire, many people asked us a question about the future of open source projects that were conducted by Sourcefire. First of all, everyone was worried about the fate of Snort; but other solutions (ClamAV, Razorback, MoFlow, DaemonLogger, etc.) were also worried about by many users. We dispelled all doubts in February 2014, when we announced the application description language for network security tools OpenAppID, which allowed us to catch not only network threats, but also application threats. Six months later, we announced another major project in this area - an open platform OpenSOC for building our own security management centers, which allows us to collect alarms from various protection tools, correlate them, analyze and visualize them. And already completely on the eve of the New Year, in the middle of December, we announced the release of the preliminary version of Snort 3.0, built on a completely new architecture.
Another acquisition we made last year was the purchase of Neohapsis, a leader in information security consulting. This purchase was the next step in the development of security services, which the company began to activate last year.
Work continued in the part of certification of Cisco solutions for Russian requirements in the field of information security. More than 50 new certificates were received, but we would especially like to mention certification of the Cisco 2911R router produced in Russia as a firewall. We also completed the certification of the Cisco 2951 router, as well as the next generation Sourcefire NGFW firewall.
All of the above achievements confirm not only that 2014 was very successful for Cisco in the field of information security and was marked by very important and interesting announcements and novelties, but also that Cisco continues to be the leader of the global and Russian network security market. In 2015, we will continue to hold our leading positions, offering our customers and partners the best products and services for detecting and countering various threats, including new integration solutions with Russian companies.
Shl. Also, this note, but in a slightly more extended version, was presented to us as a video on YouTube.
Source: https://habr.com/ru/post/248201/
All Articles