For a long time now, Cisco has been talking about the value of self-healing networks. Now Cisco is moving to apply that concept to security as well.
At the Cisco Live! event in London this week, Cisco announced it has acquired Cognitive Security, a provider of an advanced analytics application designed to detect security threats and vulnerabilities.
With this acquisition Cisco joins a growing list of vendors that are trying to increase their security intelligence quotient. The sad truth is that far too many security breaches go undetected for weeks, sometimes even months. According to Michael Fuhrman, Cisco vice president of engineering, the acquisition of Cognitive Intelligence gives Cisco access to a set of technologies that will eventually become embedded inside Cisco networking gear to not only identify breaches, but also automate the remediation process.
Long-term automated remediation of known threats and vulnerabilities will eventually become part of the standard customer service experience as Cisco moves to develop a closed-loop system that starts with feeding telemetry data into the Cognitive Security analytics application. In the meantime, Cisco plans to eliminate the need for the appliances that Cognitive Intelligence currently relies on to host its analytics applications.
By identifying patterns and anomalies, Fuhrman says Cisco expects to be able to even identify slow-moving malware that is moving laterally across the enterprise. That’s critical, says Fuhrman, because for all intents and purposes there is no network perimeter to defend anymore. The assumption should be that a system is already compromised, which means the goal is to identify and remediate that breach as quickly as possible. Advanced analytics applications coupled with IT automaton tools will represent a giant step forward in that direction.
Naturally, the debate will then shift to whether those tools should be applied to systems and networks from multiple vendors, or whether IT organizations are better off standardizing on a single vendor network that is optimized around a particular analytics and IT automation framework, which when you really think about will be the same as it ever was.