Cisco goes to the cloud with broad enterprise security service

Cisco has unveiled a cloud-based security platform it says will go a long way in helping customers protect their far-flung networked resources.

Cisco describes the new SecureX service as offering  an open, cloud-native system that will let customers detect and remediate threats across Cisco and third-party products from a single interface. IT security teams can then automate and orchestrate security management across enterprise cloud, network and applications and end points.

"Until now, security has largely been piecemeal with companies introducing new point products into their environments to address every new threat category that arises," wrote Gee Rittenhouse senior vice president and general manager of Cisco's Security Business Group in a blog about SecureX.

"As a result, security teams that are already stretched thin have found themselves managing massive security infrastructures and pivoting between dozens of products that don't work together and generate thousands of often conflicting alerts. In the absence of automation and staff, half of all legitimate alerts are not remediated."

Cisco pointed to its own 2020 CISO Benchmark Report, also released this week, as more evidence of the need for better, more tightly integrated security systems. The study's findings include:

Many of those findings and others are behind the development of SecureX. For example, simplifying complex security environments is key, Cisco says. With SecureX, customers log into a single sign-on account and see the products they own and what other packages they might be integrated with. The service also offers an activity feed that includes new incidents and threat research that can initiate prebuilt or constructible "playbooks" that define and automate workflows such as threat investigation and remediation.

"With our phishing playbook for example, end users can submit suspicious email to SecureX to get a recommendation of whether it is malicious or not," wrote Jeff Reed senior vice president of product for Cisco's Security Business in a blog.

"If the submitted email is malicious, the end user will be notified of recommended next steps, and an event will be generated in SecureX alerting the security team. To deliver this capability, the playbook pre-processes email to extract observables, determines the verdict for observables, hunts for targets involved and takes mitigation and/or preventative actions such as isolating the targets involved, blocking the malicious domain as necessary."

The service also includes the latest security threat intelligence from Cisco Talos that will let customers hunt for new threats.

"Multi-domain managed threat hunting detects threats by using a combination of intel and data techniques to surface activity that might have slipped past traditional threat, behavioral, and [machine-learnng]-based techniques," Reed stated. "High fidelity threats confirmed by our Talos and security research teams are then communicated to customers through the SecureX activity panel as well as via emails with detail artifacts, targets involved, and remediation recommendations."

According to Cisco there is nothing new to buy, deploy or integrate to use SecureX which will be available in June - if customers already have a Cisco Connection Online Identification (CCO) they can login and add products to SecureX by providing API keys and adding on-prem devices.  If they don't have a CCO account, they can create a SecureX account on the homepage and add products to SecureX by providing an API key.

If the name SecureX sounds familiar, it is. That's because in 2011, it used the name for a "narrow architecture across a few network security products which had the SecureX name associated with it. Unlike an abstract architecture, this platform is real with customers logging into it, and it'll realize the earlier promise," Cisco said

SecureX is yet another step Cisco is taking to utilize cloud services to address enterprise security issues. Analysts say it's also part of an overarching move toward the notion of zero trust. Cisco 's Threat Response platform is based on those principles and includes a number of core Cisco products, among them Umbrella, advanced malware protection for endpoints, and intrusion protection.

Experts predict Cisco will continue to fill out and improve integrations with its threat platform especially where it involves the cloud and access at the network edge.

"Cisco remains one of the strongest top-tier competitors in enterprise security today, particularly on the network side, but often overlooked are the tremendous strides Cisco has made in cloud security," said Eric Parizo, a senior analyst at Omdia.

"Its Umbrella cloud-delivered security solution is one of the most popular and fastest-growing offerings in Cisco's security division, thanks in large part to its ease of use and variety of flexible features. When paired with its other cloud-based offerings including Threat Grid, Stealthwatch Cloud, and Duo, all of which Cisco is integrating with its other security solutions like its firewalls and network access control solutions, Cisco will remain a force to be reckoned with in enterprise security for some time."