Effective security is simple, open, and automated. In the last blog, I described several efforts by Cisco to pursue simplicity. Now let's talk about how we are executing on the open part.
Openness is about playing well with others. As a kid I heard it from my parents, and now I find myself saying it to my kids. When kids play well together everyone is happier (including parents!), they get to play longer, and I see them building skills that will benefit them in the long run-working together, appreciating each other's strengths, and learning from each other.
The same holds true for security.
Today's threat landscape is vast and changes every day-beyond the ability of any single vendor to confront. That's why many security organizations report vendor sprawl as a challenge, adding new capabilities to overcome the lack of integrated effectiveness in others. Most organizations who pursue a best of breed approach believe there is a significant people and effectiveness pay-off, but often the chosen solutions don't play well together and result in a tough-to-manage "frankenstructure" for their operators. Some of them have even told me: "I probably wouldn't have invested in C if A and B worked together."
To truly be effective, security solutions must be built with openness in mind. Real openness fosters solutions that actually deliver on the promise of best of breed because they can interoperate. Customers can purchase technologies that solve incrementally more of their security problem and know that they will work together and strengthen defenses.
Cisco builds products designed to interoperate across your entire security infrastructure, not only across our portfolio. We are set on providing products that work well with others. Cisco has really accelerated its openness and multi-vendor integrations in the past couple of years, and I'm excited to share this progress with you.
We view open in three principal areas -open standards and API, open-source communities and our ecosystem of technical partners.
Open means that products include APIs to extend and automate their security services. Cisco offers more than a dozen APIs and integration points.
But openness is far more than just APIs.
Open source technologies and the communities that surround them allow the world's greatest minds to come together for innovation. We backup our commitment to openness through leadership in open source communities, such as Snort, OpenAppID, PhishTank, ClamAV, SenderBase and SpamCop. Indeed, open source security is woven into the fabric of Cisco's vision. Just in the last few months, our Threat Grid team has contributed a rules engine and a way to do rate limiting for multi-node web apps using Redis.
Let's look quickly at our progress with just 2 of these communities.
We continue to invest in community-based models that enable users to create, share, and implement novel solutions in this dynamic and rapidly changing world. This openness sets the stage for an ecosystem where, together, we accelerate innovation and security effectiveness. Stay tuned for more announcements on this in early 2017.
The Cisco Security Technical Alliance program assembles this ecosystem so you can get more from your existing security investments -better protection, faster detection and resolution of critical events, and lower TCO. We are open to over 120 security partners across all relevant security technology areas allowing our solutions to integrate with security components you have already deployed or plan to deploy-from SIEM to mobile device management to vulnerability management. Partners in the program integrate through open APIs, standards-track integrations like pxGrid, as well as point-to-point integration points. They benefit from interacting with a dedicated team that Cisco provides to help build and maintain integrations.
We won't stop with the above. Openness lets us integrate security for more integrated threat defenses. At Cisco, we leverage open standards like IPFIX to share flow data from any layer-2 or layer-3 device. As an industry we see more use of common threat languages like STIX and TAXII for a consistent way to share threat information between security products for more effective, automated security. Practically, this means formerly disconnected products like next-gen firewall, email, identity, and web security will now efficiently share and consume threat information, pushing us closer toward our goal of seeing a threat with one product and being able to protect against it everywhere plus deliver an enriched data set for consumption by tools from other vendors.
The need to play well with others is much more than just a rule for the school yard or the back yard. It's a watchword for one of the key elements of security effectiveness -openness. When products are built with openness in mind they make the entire ecosystem better and dramatically change the security landscape.
Can you say that your organization is leveraging all of the "open" capabilities already built-into the Cisco portfolio? Register for our Cisco Security Community and submit feedback on areas you'd like to see us innovate.
Stay tuned for the final part of the discussion when I'll focus on how Cisco is incorporating automation into our portfolio of solutions to make security more effective and take the burden off of IT teams.