Cisco is emphasizing to their networking partners that they need to rethink security, intertwining it fundamentally with networking, and driving automation, which can only truly come with a common architecture rather than a myriad of point products.
MIAMI BEACH — The messaging that networking and security are fundamentally intertwined isn’t exactly new. Cisco has been pushing the message for several years, and jump-started by their 2013 Sourcefire acquisition, and subsequent investments since, the company has risen to third among vendors in security sales. Still, the number of even Tier One networking partners with a security practice is still a decided minority. And so, Cisco took considerable pains at its Partner Connections event here to emphasize to their top networking partners why a security practice has become essential, and providing them with reasons why they should begin or expand their investment in the area.
Partner Connections is an invite-only event of 600 of Cisco’s top partners – an even more exclusive event than Cisco Partner Summit. Even here, however, most of the partners aren’t yet into security. David Ulevitch, VP/GM of the Security Business Group at Cisco, conducted a ‘show of hands’ poll during his keynote, and while such things are decidedly unscientific, they give a pretty good ballpark estimate when dealing with this kind of top-end sample size. Ulevitch reported that about a quarter of the audience presently have managed security practices, and another quarter are thinking about it.
“It has never been more important to unify networking and security technologies in order to keep our customers safe,” emphasized Jason Pernell, Director Worldwide DNA Sales at Cisco. “We are differentiated in the marketplace and we have to take that message to our customers.”
Pernell rhetorically asked his partner audience why is Cisco leading with this message, and then quickly answered his own question.
“A Morgan Stanley survey on why customers upgrade their network infrastructure indicated that the number one reason by far was the need to improve security – and it starts at that infrastructure layer,” he said. “Our messaging is all about reducing risk.”
Pernell discussed the security-focused themes of Network as a Sensor and Network as an Enforcer.
“If you can get your customer to endorse these, deal sizes go up tenfold,” he said. “It’s a $30 billion opportunity if we get 10 per cent of our accounts to adopt DNA security.”
Ruba Borno, Cisco’s VP, Growth Initiatives and the Chief of Staff to the CEO, stressed in her keynote that security is an important element of future proofing. Part of this is simply revenue opportunities.
“63 per cent say the highest gross profits comes from security, and 76 per cent earn the most total add-on revenue from security,” she said.
“The entire approach to security has to change,” she said. One element of this is moving away from point products, and another one is increasing automation, especially as analytics and the Internet of Things exponentially increase the number of devices.
“It is time to let the machines run the machines,” she said. This will enable IT to move from being in a constant state of reacting to problems, to being able to predict them, so it knows the customer issue before the customer calls. She compared it from IT moving from giving triage to becoming a brain surgeon, pinpointing the neuron that causes the problem.”
Ulevitch stressed these same themes in his own keynote.
“In order for security to be effective, you have to automate it, and Cisco has the breadth of portfolio to make that possible,” he said.
Data centres aren’t able to automate security effectively because they include a cornucopia of different vendor products, which don’t play well with each other.
“It’s a vendor buffet,” he said. “They have point products which are effective, but which don’t integrate.”
He noted that there were more than 600 security vendors at the last RSA event.
“Every company has up to 50 different security vendors in their environment. They don’t have 50 different networking companies. They don’t have 50 different CRM companies – they have Salesforce. To me it’s a ridiculous environment. We want to make sure every product we sell fits into an architecture – not just check off a box, ‘anti-virus, check,’ ‘secure log in, check.’ Having an architecture that fits everything together is the most important thing.”
Ulevitch was the founder and CEO of OpenDNS, a cloud security company that Cisco acquired in 2015, and he emphasized that security in the cloud is an important part of the Holy Grail because it unlocks integrations, not just APIs.
“The cloud is purpose-built for integrations,” he said. “The cloud becomes a really ideal management control plane
The Holy Grail itself is tightly coupling detection and response.
“It’s all about shortening that time, and the way we get there is automation,” Ulevitch said.
Ulevitch predicted this will facilitate a world in which most companies will soon be outsourcing their security.
“Outsourcing of the financials and the Fortune 100, I think most companies will be outsourcing security,” he said. “They don’t have the talent, cash and resources to manage it. I don’t think we’ve ever had an opportunity like this in the history of the security industry.”
Cisco and its partners are well positioned to grab a lion’s share of that, he concluded.
“We are doing $2 billion a year in security sales. The only others doing that are IBM and Symantec and we are the only one growing in double digits. We will be the largest – and soon.”