When you walk into a car showroom to buy a new vehicle, you don’t expect to walk out holding a set of brakes, or a steering wheel. You want the whole car. Too often in the security industry, customers’ needs are met with a single component that solves a single problem. It’s like an industry of potential car owners all walking out of showrooms with bags full of disparate tools, trying to figure out how many auto mechanics they will have to hire to put all the components together.
The experience of using a security platform should be more like entering a car showroom than a repair shop. June marks the general availability of our platform, Cisco SecureX. As the industry learns to define what we should all expect from a platform, let’s consider what we think it is, and perhaps, just as importantly, what it’s not:
The following might be confused with a security platform:
- An interface added as a new UI to one or two point products. Two products do not make a platform!
- Something that needs to be manually integrated by customers over the span of several months.
- Another product that adds cost and complexity to an already overburdened security organization.
- A SIEM or a SOAR.
Conversely, a true security platform should:
- Bring together an established, comprehensive set of security capabilities that are made better through integration.
- Include strong, out-of-the-box integrations that require minimal or no effort on the part of customers.
- Be free or low cost, and help to manage vendor sprawl instead of add to it.
- Go well beyond the functionality of existing products like SIEM or SOAR, enabling security teams to gain unified visibility and also take coordinated action through the platform.
It may seem like a tall order, but Cisco SecureX does all of that – and more. Here’s how…
The industry’s broadest, most integrated security platform
We are by no means starting from scratch with Cisco SecureX. Our platform is the culmination of over a decade of work building some of the most comprehensive, effective security solutions on the market. Our broad set of technologies protects against all threat vectors across your network, users and endpoints, cloud, and applications. Cisco SecureX unites an already strong, robust set of capabilities – allowing them to work together to bring you better visibility, greater automation, and stronger defenses.
The front end of our platform – which we began working on several years ago with Cisco Threat Response – enables you to visualize your integrated solutions in one place and use them in concert to solve your biggest security challenges. And in addition to operational metrics, the platform delivers ROI metrics so you can evaluate how your security is performing along the way.
Other companies claim to be offering a security platform, but what they’re really offering you is a dashboard. On the other hand, Cisco is offering you the whole car – and all of the various parts that go into it to make your business run. There’s a reason why we protect 100% of the Fortune 100. So when you’re offered a platform, make sure you check under the hood to see what’s really in there.
Does the platform bring together the capabilities of next-generation firewalls, email security, secure access, and threat detection? What about endpoint detection and response? Malware protection, cloud and application security, and web security? Does it deliver in-depth security analytics from across your entire infrastructure? And is it underpinned by one of the world’s largest threat intelligence organizations? Unfortunately, there are so many different inroads to your environment these days, and so many varied tactics for getting in, that you have to make sure whoever is trying to sell you a security platform has them all covered.
Stronger integrations than any other vendor
While Cisco’s enterprise cybersecurity portfolio is the broadest in the industry, we realize that we can’t do everything, and that you will inevitably have to work with other vendors to get the job done. That’s why, in addition to extensive integrations across our own portfolio, we’ve built an open ecosystem of 170+ partners that allows you to seamlessly connect with third-party technologies. And we will continue to add more integrations as time goes on.
According to our 2020 CISO Benchmark Report, 81% of organizations find it challenging to manage a multi-vendor environment. With Cisco SecureX, you can gain a unified view of your various security technologies from both Cisco and other companies through a single, cloud-native platform. And you can use these technologies together to investigate and remediate threats, without having to manually swivel between various interfaces – or integrate them yourself.
“Of all the vendors we evaluated, Cisco had the most mature integrations to bring security visibility together,” said Alan Zaccario, vice president of IT and cybersecurity at New Castle Hotels and Resorts. “But it’s not just about the platform — it has to be manageable by a small shop like ours if we’re going to use it.”
To further reduce complexity, Cisco SecureX includes built-in playbooks, and the ability to create custom playbooks, so you can easily use multiple technologies together for a specific workflow – such as threat hunting, or combating a phishing attack, for example. This functionality helps streamline the often onerous process of detecting, identifying, and containing threats.
Cisco SecureX also draws from our worldwide leadership in networking to integrate with core network and infrastructure solutions. That way, the platform not only benefits the security team, but also the IT and networking teams as they all collaborate to safeguard assets and keep organizations up-and-running.
Cisco SecureX is not a product, and it costs no extra
Cisco SecureX is available at no extra cost to any Cisco customer that owns one of our security products. Because that’s how it should be. Organizations are already struggling to manage too many vendors and products, and budgets are strained. A security platform should not be adding to these costs and complexity.
Instead, Cisco SecureX builds off what you already have. It makes your existing security capabilities better by allowing them to share intelligence and take automated, coordinated actions to mitigate threats or update security policies. In our recent CISO Benchmark Report, we learned that 77% of respondents are planning to increase their security automation to speed up response times – and we are confident that SecureX can spearhead this mission.
In addition to making day-to-day tasks easier, a security platform should also be simple to set up. You shouldn’t have to spend days or even hours to get it to work. And you shouldn’t have to buy a bunch of other products to see value from it. Customers can realize value from Cisco SecureX in under 15 minutes. Less than the time it takes to go out and grab a cup of coffee!
So much more than a SOAR
SOARs (and their predecessors, SIEMs) are designed to bring together disparate security information from different systems to help streamline threat analysis and incident response. However, they are not equivalent to a security platform. While they can be useful for aggregating information, they are a separate product not typically designed to be integrated with anything else.
The information they provide is not necessarily presented in an actionable format, and the onus of making sense of the data and defining corresponding mitigation actions often falls on the security team itself. On the other hand, Cisco SecureX draws upon multiple security products to provide cohesive, actionable information and also enable automated remediation all from one place.
Unlike our platform, which can be up-and-running and used with ease within minutes, SOARs are often difficult to deploy, learn, and use. And, they typically only account for security operations, providing little to no value to the IT and networking teams.
So, bottom line, if you have a SOAR, don’t fret. Just know that it’s not the same as a platform. Rather, it’s a type of security product that can be integrated into a platform like Cisco SecureX.
Get started with Cisco SecureX
So there you have it. If you want a car, don’t settle for a bag of components. And check under the hood to make sure it’s more than a dashboard you’re getting.
As the biggest security company in the world, we’re uniquely positioned to help you evolve the way you protect your business now and into the future. “Since implementing all of our Cisco security tools, up until now, we haven’t had any serious incidents or compromises,” said Don Bryant, CISO at The University of North Carolina at Pembroke. “We feel very well protected.”
"Under the Hood of a Security Platform" was written by Ben Munroe at the Cisco Security Blog on .
Original Post URL: https://blogs.cisco.com/security/under-the-hood-of-a-security-platform