Ahmed Etman, General Manager, Security and Enterprise Networking, Cisco Canada
By Mark Cox
Cisco has not been top-of-mind historically when it comes to cutting-edge security. But the vendor has been looking to change that, with significant acquisitions and the infusion of significant internal resources. Now Cisco has introduced its new Managed Threat Defense [MTD], an on-premises service comprised of hardware, software, and analytics designed to monitor, capture, and analyze threats.
“This is another advancement in the security space from Cisco,” said Ahmed Etman, General Manager, Security and Enterprise Networking, Cisco Canada. “It reflects that Cisco will be focusing more on security, to the extent that three months from now, I will be dropping enterprise networking, and me and my team will focus exclusively on security.”
Etman said the growing importance of security against advanced persistent threats mandates such a focus. Customers face increased complexity and fragmentation in security, the result of changing business models combined with the dynamic threat landscape, in which new threats appear every day, and they change.
“We are confronting this with a new security model, in which we view the attack continuum in three phases – before, during and after the attack,” Etman said. The policies that must be implemented before the attack won’t stop it, but are designed to limit it. During the attack itself, defense relies on the best possible detection and blocking, but the expectation is still that some elements of the attack will be successful. Consequently after the attack, the goal is to scope, contain, and remediate, with the system keeping track of everything that goes through, even months later, in case it morphs into something malicious.
“Managed Threat Defense follows this model, and is a unique service which protects against zero day attacks against intelligent threats, not the traditional type of service offered by many vendors,” Etman said.
The new offering makes considerable use of technology from Sourcefire, which Cisco acquired late last year.
“At RSA [in February] we announced the integration of Sourcefire’s FireAMP anti-malware detection technology into our own e-mail and web gateways,” Etman said. “MTD is a mix of both Sourcefire and Cisco technologies. The anti-malware and intrusion protection technologies are from the Sourcefire side, while the analytics are in-house developed at Cisco.”
Those predictive analytics capabilities leverage Hadoop 2.0 to detect anomalous patterns against each customer’s unique network profile and determine suspicious behavior, complementing intrusion prevention and content security analytics.
“This is very unique in how many sources of feeds it captures before making a decision about a threat,” Etman said.
MTD identifies known attacks and vulnerabilities using pattern analysis and investigation against both Cisco-proprietary and community threat intelligence data. It also provides incident tracking and reporting via a subscription-based business model.
While MTD is an on-prem solution in a cloud world, there are a couple of caveats to that.
“It is an on-prem solution because the customers it is targeted at are very large enterprises like banks and public sector organizations, who don’t want the data leaving the customer premises,” Etman said. “There are also data sovereignty issues with cloud for some customers in Canada and elsewhere issues.
“While the MTD service isn’t offered in the cloud, it does heavily leverage cloud capabilities of our security intelligence operations,” Etman added.
Managed Threat Defense is available as a direct service from Cisco. It is, however, available for partners to resell through the Cisco Service Partner Program (CSPP).
“It is targeted at large enterprises, and so is more of a direct play, but there is still room for partners,” Etman said. “Certainly it is a niche play for the channel, but it is an opportunity for those partners with the right skills to wrap other services around it.”
Managed Threat Defense is currently available in the United States and Canada, and select locations in APJC including Australia, New Zealand, Singapore, Hong Kong, Malaysia, and Japan.