Organizations are awash in security-related information, but too often they use too little of it - at least until it's too late. In part, that's because trying to link data from disparate security tools - such as firewalls, sandboxes, intrusion protection systems, anti-virus and identify management tools - by using back-end integration isn't always successful, and thus is not stopping data breaches, says Martin Roesch, chief architect for security at Cisco Systems.
"We figure out something bad has happened in our environment, or maybe some technology detects something bad happening in our environment, and we have no way to consume that data and no way to turn that into a response effectively," Roesch says in an interview with Information Security Media Group.
Too often, back-end integration today requires manual intervention to collect and analyze data, he says. But along the way, that means a lot of useful information that network devices gather - and which provides clues to the overall state of network security health, and thus could help detect or mitigate breaches - gets lost.
Cue a new alternative being advanced by Cisco, which Roesch characterizes as "front-end integration." This approach would automate the collection of any type of data that has potential risk-related or vulnerability-related value, from various tools, to help organizations create a stronger and more unified cyberdefense.
'One Source of Truth'
The Cisco security platform would "externalize" the information generated from security tools to build "one source of truth" about the state of a network, and then build "applications on top of that" to "produce higher-value control" over the network, Roesch says. Such an approach could help systems not only better detect attacks, but automatically mitigate them, he says.
In an interview conducted at the Gartner Security and Risk Management Summit in National Harbor, Md., Roesch:
- Details the launch of the new, open system, which will see Cisco making its APIs public, so other providers can link their security wares to it;
- Explains why Cisco initially will not collaborate with other vendors in creating this new platform;
- Addresses how Cisco is rejiggering its staff to build the new security platform; and
- Discusses the challenges Cisco faces in creating this type of complex security system, including building a scalable data management platform.
"This is a big engineering project to do correctly," Roesch says. "It is an audacious goal, to some extent, but I think we can do it. We're a company that can pull off big things like this."
Roesch, who also is a Cisco vice president, is responsible for shaping the technology strategy and design of the company's security portfolio, and oversees threat research, including the Talos Security Intelligence and Research Group. He joined Cisco through the acquisition of Sourcefire, which he founded in 2001.