After many years of a strong preference for ‘best of breed’ security tools, the tides are turning. There’s growing fatigue of the operational downsides – managing countless alerts and manually correlating threats, for example – inherent in this approach. Security products today need to include out-of-box integrations, interoperate with third–party solutions, share threat and contextual information, leverage automation, and above all else, simplify operations. This trend has a name: the security platform.
Products like firewalls have historically been evaluated primarily on their merits as a standalone solution. This was logical since the firewall had always been viewed as a fundamental component of any organization’s security posture. This was also largely reinforced by vendors and industry analysts alike who would widely publish specific categories of firewall feature sets, deployment guides and performance characteristics. But as networks became more interconnected and threats grew more sophisticated and stealthier, the role of the firewall as a “standalone” and isolated solution became increasingly challenged.
As any security engineer will tell you, the answers to difficult questions like “are we vulnerable to this new threat?” or “what is the extent of this compromise?” are rarely found in a single tool. It takes an integrated and coordinated approach to really understand the scope of today’s cyber-threats. To that effect, how should you evaluate a point product like the firewall in the new world of the security platform? It starts with viewing the firewall as the foundation of a robust security platform.
The Future of Firewall
The firewall has long been the star player of any organization’s security stack. But as trends like cloud and mobility have taken off, it has greatly increased the size of the attack surface of our infrastructure and made the job of protecting our networks, data, users, and applications more complicated. What was once a single network perimeter has evolved into multiple micro-perimeters, and traditional firewalls are being augmented by a mixture of physical and virtual appliances and services.
The importance of the firewall hasn’t diminished – in fact, it’s more relevant than ever – but it’s time to think about it differently. We must look beyond form factors like physical or virtual appliances to think about ‘firewalling’ as functionality. Firewalling is now about delivering world-class security controls – the key elements for preventing, detecting, and stopping attacks faster and more accurately – with common policy and threat visibility delivered where you need it: in the data center, in the cloud, at the branch office.
The firewall has added many advanced capabilities and integrations over the years, but at a certain point, you need something more. You need a single view across your entire security estate. A single point of multivendor integration. And a single place to conduct workflows and track key operational metrics. That’s where the security platform comes in.
The Rise of the Security Platform
The security industry has done a wonderful job of introducing exciting and new product categories. One estimate pegs the number of cybersecurity product categories at 70. As more categories are introduced, the level of noise and complexity rises. And this complexity can be clearly seen mirrored inside any organizations’ security stack.
Businesses are struggling to operationalize disparate security solutions to maintain consistent policies and uniform threat visibility. According to our CISO Benchmark Study, only 35% of respondents said it was easy to investigate the scope of a compromise, contain it, and remediate it. In response to this challenge, a new product category has begun to take root: the security platform. Sometimes called XDR, the security platform is the central point of integration for a multitude of products. And it’s a welcome solution for the complexity problem that has overwhelmed us.
Some firewall vendors claim to already have a security platform. As Gartner described in the 2019 Magic Quadrant for Network Firewalls, “With firewall providers embedding multiple security features in firewalls and enabling integration and automation capabilities with other security products, firewalls are evolving into network security platforms.” While we applaud these efforts, no other vendor has the breadth of security portfolio and level of integration to deliver a security platform experience like Cisco.
Recently announced at RSA Conference, Cisco SecureX connects the breadth of Cisco’s integrated security portfolio – including market-leading firewall – and the customer’s infrastructure for a consistent experience that unifies visibility, enables automation, and strengthens your security across network, endpoints, cloud, and applications. By connecting technology in an integrated platform, SecureX delivers measurable insights, desirable outcomes, and unparalleled cross-team collaboration.
Investing in a firewall should do more than just meet your needs for today. Ensure that your firewall helps you confidently secure your business as part of an open, integrated platform that will scale to support your organization’s growth and innovation well into the future.
Let’s explore some of the defining characteristics of a security platform – specifically, Cisco SecureX – and discuss what they mean in the context of the firewall.
Visibility has long been touted as a critical need on which to base security. Users, endpoints, applications, etc., as the old adage goes “if you can’t see it, you can’t secure it.” Cisco NGFW offers robust visibility into the users, hosts, applications, mobile devices, virtual environments, threats, and vulnerabilities that exist in your constantly changing network.
Our SecureX platform takes visibility to a whole new level. It expands the aperture and shows your entire security environment in a single view. There’s no time wasted pivoting from one dashboard to the next; alerts are aggregated and prioritized so that you know where to direct your attention first.
SecureX provides unified visibility across all parts of your security portfolio – Cisco or third-party solutions – delivering metrics, an activity feed, and the latest threat intelligence. Crucially, SecureX can deliver key operational metrics to help track the success of your security program: Mean Time to Detection, Mean Time to Remediation, and Incident burndown times. These metrics are derived from full case management capabilities native to the SecureX platform.
Most firewalls today offer numerous integrations with other point products – for example, endpoint protection, sandboxing, or DNS security solutions. Organizations have done their best to integrate a functioning security infrastructure, but incompatible interfaces, steep learning curves, and siloed communication limit interoperability. Making these systems work together is a constant struggle that requires hard-to-find expertise. It’s no wonder that 91% of security leaders think integrating solutions is a significant challenge.
SecureX reduces complexity by integrating products with out–of-the-box interoperability. It connects the breadth of Cisco’s integrated security portfolio and the rest of your infrastructure for a consistent experience across network, endpoint, cloud, and applications. By connecting technology in an integrated platform, SecureX delivers measurable insights, desirable outcomes, and unparalleled cross-team collaboration.
Automation has enormous potential to help organizations to save time and bridge the talent gap. It’s already used with great success today in products like Cisco NGFW. For example, Firepower Management Center automatically correlates security events with the vulnerabilities in your environment so that your team can see which events they need to prioritize. It also automatically recommends security policies to put in place.
A security platform is the perfect place to enable truly powerful automation and orchestration. SecureX will deliver pre-built playbooks focused on common use cases, and customers can easily build their own using an intuitive, drag-and-drop interface.
For example, the SecureX incident workflow uses cross-product automation to gather information relevant to the incident from across technologies and teams into one place. High-fidelity events detected by your firewall or network analytics engine are promoted to Incidents in the Threat Response component of SecureX. From there, the SecureX automated Incident playbook will:
- Run an investigation on the information provided in the Incident record against all your SecureX-capable technologies
- Save a snapshot of the investigation results
- Assign all related observables to a casebook
- Alert the security team.
To deliver this capability, the playbook pre-processes the incident to extract observables, determines the verdict for observables, hunts for targets involved and enables you to take mitigation and/or preventative actions such as isolating the targets and blocking domains, IPs, and files.
Sign up for SecureX
These are just some examples of what you’ll be able to do with the first iteration of SecureX. The platform will continue to evolve so your security can keep up with the speed of business, and your business can keep taking new leaps.
SecureX will be generally available in June.
To stay updated on the latest about SecureX