The topic of network and security convergence has been front and center in the industry over the last year. The line between networking and security continues to blur, with collaboration increasing across traditionally siloed IT functions and technologies used by these teams continuing to inch closer together. One of the more notable initiatives is secure access service edge (SASE), and both enterprises and vendors alike are now embarking on their SASE journey.
Cybersecurity & Networking
-
-
This week Cisco held its annual customer event, Cisco Live, for its global audience. With over 100,000 attendees from over 200 countries, this may be one of the best attended Cisco Live events. Despite most organizations having to work from home over the past year, it certainly hasn’t slowed down the innovation and productivity from the Cisco engineers. The theme of this year’s event was Turn IT Up, something that organizations across the globe have been doing since the pandemic hit and Cisco was quick to call out the IT heroes that worked tirelessly to transition to work-from-home environments and enable businesses to continue operations.
To help those organizations thrive in this new environment, Cisco launched an impressive number of announcements presented by a highly talented and diverse group of Cisco executives. The major announcements included providing its customers choice in how they want to consume Cisco solutions with an as-a-Service program called Cisco Plus, bringing out an expanded SASE architecture to cover endpoints to the cloud, delivering greater visibility into distributed cloud environments by integrating AppDynamics and Thousand Eyes, enhancing Webex, improving security with passwordless authentication using Cisco Secure (Duo), and deliver an inclusive internet of the future with its silicon and optics.
Let’s take a closer look at some of these announcements:
Cisco Plus. Described as everything you already love about Cisco, Plus or It’s Cisco, Plus so much more. Increasingly organizations are looking to shift on-premises infrastructure, software, and services purchases from traditional perpetual licenses to as-a-service consumption-based models. ESG research highlights that almost half (48%) of respondents to this year’s Technology Spending Intentions survey would prefer a consumption-based model, and those numbers only increase if respondents are currently using cloud services or have a cloud-first strategy. The decision to create this was an easy one. Cisco needs to provide customers choice in how they consume on-premises solutions. The goal is to deliver all Cisco application, compute, network, observability, security, and storage offerings as a service with unified subscriptions that simplify consumption and use. Obviously, creating network-as-a-service will be a top priority, especially to support distributed cloud environments (on-prem, multiple public clouds, and edge locations). Expect NaaS-based SASE solutions later this year, but users in North America and select European countries can take advantage of the first offer, Cisco Plus Hybrid Cloud. Cisco also stated these services will be available via the CX cloud later this year as well. Cisco Gold Partners will play a key role in delivering these as-a-service offerings.
SASE. The secure access service edge framework has been gaining a lot of momentum and certainly a tremendous amount of buzz in the news lately. Given the highly distributed nature of modern business applications and workforces, it is well warranted. Cisco’s goal is to help simplify these complex, distributed environments by bundling core Cisco network and security offerings that cover the endpoint to the cloud into a single offer. This starter kit would include networking, remote access, cloud security, ZTNA, and observability solutions. Over time, Cisco will expand the functionality to provide DLP, RBI, and malware detection with Umbrella as well as simplify SD-WAN integration with major cloud providers and interconnects like Alibaba, AWS, Azure, GCP, and Megaport. Plus Cisco is planning on integrating ThousandEyes into their offering – delivering visibility into the internet itself for end-to-end visibility. Duo will be leveraged to deliver zero-trust network access. The bottom line here is that SASE is a rapidly evolving space, with plenty of confusion surrounding what is part of the framework. Cisco has done a nice job articulating what is included in their initial SASE architecture and has provided a clear roadmap to guide users on their SASE journey.
ThousandEyes, AppDynamics, & Cisco Switch Integration. With applications becoming distributed across on-premises data centers, multiple public clouds and edge locations, the ability to observe the connections to these applications is becoming increasingly important. The internet is now an integral part of the corporate network and organizations need to be able to quickly and efficiently determine what is causing an application performance problem that negatively impacts customer experience. By integrating ThousandEyes with App Dynamics, Cisco has extended the application path visibility from application (wherever it is) to the user device (wherever it is) to ensure positive customer experiences and simplify problem detection and resolution. The ThousandEyes Internet and Cloud Intelligence will be integrated with AppDynamics Dash Studio and Catalyst 9300 and 9400 series. This capability provides organizations with the ability to effectively manage applications in a distributed cloud environment and deliver optimized experiences.
These were just a few of the significant announcements made by Cisco to enable organizations to accelerate their digital transformations, enable the future of work (hint: it will be hybrid), and power an internet that will be inclusive for all. Not surprisingly, in addition to the technology innovation, Cisco remains committed to diversity and helping the community, and has been long before it was popular to do so. Chuck Robbins reported on their pledge to help one billion people globally by 2025 and he was able to report 527,000,000 people have already been helped. I wasn’t a math major, but that certainly sounds like they are ahead of schedule!
Moving forward, Cisco is focused on six pillars to enable organizations to thrive. They include:
- Delivering secure, agile networks
- Optimizing application experiences
- Enabling the future of work (hybrid)
- Building the internet for the future
- Enhancing capabilities at the edge
- Providing end-to-end security solutions
Many of the announcements this week mark the start of a journey, especially in regard to SASE, the inclusive internet, and delivering Cisco solutions as-a-service. I look forward to tracking their progress over the rest of this year. The programs are big and ambitious, something we have come to expect from an organization committed to imparting positive changes – for both technology and our community. To learn more about these announcements and many more, check out www.ciscolive.com.
-
Secure access service edge (SASE) has continued to garner significant interest in the market due to the need to ensure that security and networking strategies and technologies are aligned to better address the increasingly distributed nature of the modern enterprise. In this video, Bob Laliberte and I discuss some of the different vendor approaches to SASE, the balance between platforms and best-of-breed approaches, and the organizational issues users must consider with regards to SASE.
-
In my last blog post, I described how the market for eXtended Detection and Response (XDR) is evolving and how CISOs should approach this new and promising technology. It was good and useful information, if I do say so myself, but it didn’t directly address the question of why security professionals should care about XDR in the first place.The answer: Because XDR has the potential to accelerate threat detection/response while streamlining security operations.
-
ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.
This Master Survey Results presentation focuses on identifying the role of cybersecurity within the overall corporate mission and understanding the existing processes and communications between security managers, business executives, and corporate boards.
-
Threat detection and response is a core component of modern security programs, driving investment in tools to improve visibility, efficacy, and efficiency. As organizations commit to and extend EDR, NDR, or other security analytics solutions in support of broad threat detection and response programs, new opportunities arise for XDR. Organizations can increase business agility when threats are better understood and controlled. Rapidly and effectively correlating alerts across multiple threat vectors leads to increased threat visibility, more rapid and automated response and mitigation, and a reduced dependence on highly skilled security analysts.
-
In my continuing video blog series on Modern Email Security, I have had the opportunity to talk with many of the leading innovators tackling some of the toughest challenges in email security. The email threat landscape has been quite volatile over the past year, with so many criminals leveraging the human fear associated with the pandemic to fool unsuspecting users into handing over credentials and sensitive data.With the almost overnight migration from on-prem email solutions to cloud-delivered email, many of the early-stage email security companies have been focused on the opportunity to strengthen the native email security controls offered by the CSPs. These same companies are tackling some of the more sophisticated, multi-stage email attacks involving phishing and other impersonation techniques.
However, while a majority of organizations are now depending on cloud-delivered email as their preferred email solution, we can’t take our eye off of on-prem email deployments. The recent Microsoft Exchange Server attack highlights the number of organizations still depending on on-prem email solutions. In my most recent ESG email security research, 60% of organizations reported the use of both cloud-delivered and on-prem email, so while most are depending on cloud-delivered email as their primary email application, pockets of on-prem Exchange usage continue to have a long tail. This means that email security teams need to not only maintain both environments, but also need to ensure that both are capable of defending against the highly dynamic, email threat landscape.
I’ve been impressed with the progress that many of the email security vendors have been making in stopping attacks involving phishing, often leading to more sophisticated and targeted threats. However, I worry that the long tail Exchange users may be getting left behind. And given that socially engineered attacks often leverage phishing across multiple communication mechanisms (SMS, collaboration tools, social media apps, and more), email security is only part of the larger defense platform required. Maybe we need to consider on-prem email as simply another communication channel that needs to get figured into the broader solution?
Check out my modern email security video series to learn more about how the innovators are tackling this and many other important email security issues.
-
This Master Survey Results presentation focuses on the extension of EDR, NDR, and other security analytics solutions in support of broad threat detection and response programs via emerging XDR technology solutions.
-
Beyond threat detection and response, CISOs should think of XDR as a catalyst for modernizing the SOC, automating processes, and improving staff productivity.According to Enterprise Strategy Group research, enterprise organizations claim that improving detection of advanced cyber-threats is their highest priority for security operations. As a result, 83% of organizations will increase threat detection and response spending over the next 12 to 18 months.
This is no surprise—threat detection and response is always a high priority. Unfortunately, the data reveals something else. Despite spending millions of dollars on cybersecurity technology over the past few years, most organizations still can’t detect or respond to cyber-attacks in a reasonable timeframe. It’s also fair to say that things are getting worse—just ask any organization using SolarWinds for network monitoring.
Recognizing the need for better mousetraps, the security technology industry is proposing eXtended Detection and Response (XDR) as a possible solution. I posted a blog about XDR last June where I defined the term and speculated on how the market would develop. As I suspected at the time, XDR innovation has steadily progressed, and I expect big things from the supply side for the remainder of the year.
To be clear, XDR is still an emerging technology, not a panacea. Nevertheless, there’s a lot of industry innovation and investment going into XDR, and it may help organizations bolster security analytics efficacy, streamline security operations, and anchor their SOCs with a tightly integrated security operations and analytics platform architecture (SOAPA).
Given its potential, organizations should have a game plan for XDR in 2021. I suggest that CISOs do the following:
- Cast a wide net with lots of upfront research. Only 24% of security professionals claim they are “very familiar” with XDR, which is understandable due to new technology and lots of confusing marketing. Given this knowledge gap, the first thing organizations should do is learn about all types of XDR: Platform-based (i.e., multiple controls with analytics and a control plane), software only (i.e., a software layer on top of existing controls), open XDR, etc. This will help the SOC team decide on a strategy where XDR can supplement or replace existing tools and processes. As a consolidation architecture, it’s likely that many existing and trusted vendors will be pitching XDR as an outgrowth of their EDR, NDR, or security analytics technology. At this early stage, CISOs should invite strategic security technology partners in to educate the security team on XDR and outline their product roadmaps. This should get the team up to speed and help them start to craft an XDR strategy.
- Identify organizational weaknesses and blind spots. Before moving forward with yet another threat detection and response technology, it’s worth digging into existing tools and processes to see what’s working and what’s not. Is the SOC team fully utilizing EDR, NDR, and SIEM or is there a skills or resource gap? Are there process bottlenecks that slow mean time to detect/mean time to respond to threats that have nothing to do with technology? If either of these things are true, SOAR and professional services may make more sense than another analytics tool. Since modern cyber-threats move laterally across networks, it’s also worth investigating if the organization has any weaknesses or blind spots when it comes to security monitoring. For example, ESG research pointed to security monitoring weaknesses related to public cloud infrastructure. In cases like this, XDR should start by improving cloud security visibility and integrating cloud security analytics with existing EDR, NDR, threat intelligence, etc.
- Pick a starting point for project planning. XDR is an architecture, not a product, so it may take a few years to fully deploy and configure XDR. That said, you must start somewhere. Based on the previous point, it’s not surprising that 43% of survey respondents speculated that their organization would start a project by implementing an XDR solution with threat detection and response capabilities for cloud-based workloads and SaaS. This is a reasonable starting point, but XDR technology can evolve from tactical to strategic coverage. Regardless of where an organization starts an XDR deployment, the security team must look forward, identify points of integration, map out engineering projects, and define a set of metrics it will use to measure XDR and project effectiveness.
- Use XDR to establish security operations best practices. Security operations are haphazard at many organizations, featuring many manual process and constant firefighting. Some SOC teams use SOAR to help them out of this mess, but SOAR platforms require staff resources and skills to create playbooks and code orchestration routines. XDR will likely act as a poor man’s SOAR by “canning” a lot of common security processes, which should be fine for most organizations. Some XDR platforms can also help organizations operationalize the MITRE ATT&CK framework—a big step forward. In selecting an XDR solution, CISOs should evaluate how each vendor supports and promotes security operations best practices and how well their organization can adapt to these changes.
- Get the IT operations team involved. Incident response requires strong collaboration and cooperation between security and IT teams. To support and improve the team effort, XDR platforms should adapt to existing process handoffs and integrate with existing security operations tools like ServiceNow, Jira, Microsoft OMS, etc. In other words, XDR projects should improve rather than disrupt existing data analysis, case management, incident prioritization, and mitigation efforts.
Cybersecurity tends to suffer from what I call “shiny object syndrome.” A new technology comes along, and the industry goes gaga. When organizations flock to these new tools, however, they don’t take the time to fully learn the technologies or modify security operations to achieve the maximum benefit. XDR is an architecture that will take months or years to fully deploy, giving organizations time to do things right. Therefore, CISOs should amalgamate XDR into formal projects and future strategies. In this way, XDR can act as a cybersecurity force multiplier, not just the next buzzworthy topic at RSA and Black Hat.
BTW: I’m excited about our new XDR research, so look for more blogs on this topic soon.
-
The global pandemic significantly impacted organizations last year in many different ways. The biggest was undoubtedly the swift transition to work-from-home programs and the need to stand up technology to enable this shift. As a result, many organizations reported that these efforts had dramatically accelerated their company’s digital transformation efforts. ESG research validates this acceleration and highlights that some of the top goals of organizations’ digital transformation initiatives are to drive greater operational efficiencies and deliver differentiated customer experiences. Therefore, it shouldn’t be a surprise that technology vendors are also accelerating their efforts to deliver solutions to enable greater operational efficiency to address the increasing complexity arising from a highly distributed IT environment. A great example of this vendor transformation can be seen in the steps taken by Juniper Networks.
-
As organizations embrace digital transformation initiatives, business outcomes become inexorably linked to technology areas like application development, cloud computing, and IoT devices. Therefore, these technology assets must be protected to ensure continuity of business operations. The link between cybersecurity and the business has led to an industry declaration that, “Cybersecurity is a boardroom issue.” This statement is true yet simplistic. Executives and corporate directors have a fiduciary responsibility to shareholders and/or owners, so they are ultimately responsible for everything that drives the business, including managing cyber-risk and safeguarding business-critical technology assets. That said, cybersecurity can be a highly technical discipline. This brings up a few questions: Do executives really understand cybersecurity and its role in the business? And as technology further dominates the business landscape, are they investing appropriately in cybersecurity and driving a cybersecurity culture throughout their organizations?
To explore the answers to these and other questions, ESG surveyed 365 senior business, cybersecurity, and IT professionals at organizations in North America (US and Canada) and Western Europe (UK, France, and Germany) working at midmarket (i.e., 100 to 999 employees) and enterprise-class (i.e., more than 1,000 employees) organizations
-
The broad adoption of public cloud services demands a retooling of identity and access management programs. Perimeter security must evolve from a traditional castle and moat model to one that focuses on cloud identities inclusive of service accounts, as well as individual users and the data they access. To protect sensitive cloud-resident data, cybersecurity and IT operations teams need to work with their line-of-business teams on strengthening identity programs with both the user experience and risk in mind.
In order to gain insight into these trends, ESG surveyed 379 IT and cybersecurity professionals at organizations in North America (US and Canada) personally responsible for evaluating or purchasing identity and access management and cloud security technology products and services. This research aimed to understand the problem space, organizational responsibilities, compliance implications, and plans for securing user access to a wide portfolio of cloud services. The study also looked at the current and planned use of various authentication methods, privileged access management, device profiling, unified directories, user activity analytics, and service account protection.
In my last 
In my continuing video blog series on 
Beyond threat detection and response, CISOs should think of XDR as a catalyst for modernizing the SOC, automating processes, and improving staff productivity.