Security today requires a multi-layer approach, where all the elements of defense actually share intelligence about attacks and potential threats.
With that in mind, Cisco has plugged a gap in its security framework by completing its acquisition of Sourcefire, a provider of intrusion prevention systems (IPS). Bret Hartman, Cisco CTO of security, says Sourcefire will play a major role in an emerging layered approach to security that will be tightly integrated with Cisco networking equipment.
Hartman says this will be critical because networking is the only part of the IT environment that is both pervasive and relatively stable enough to provide a platform through which security polices can be consistently applied. In contrast, Hartman notes that endpoint environments are constantly evolving and changing, while many cloud service providers have given the security requirement short shrift.
Hartman says Cisco will integrate Sourcefire via application programming interfaces while continuing to make sure that contributions are made to the open source Snort codebase upon which Sourcefire IPS offerings depend.
Security at the network level, says Hartman, doesn’t preclude adding additional security elsewhere in the enterprise. It just means that any approach to threat management is going to require integrated security at the network level. That approach, says Hartman, is not only going to be more effective, it will also be less costly because the number of security products and vendors that need to be managed will be reduced. In fact, Hartman says it’s the seams between all those different security technologies that hackers are exploiting most, which is why Cisco felt compelled to add stronger IPS capabilities to its portfolio.
Sourcefire, says Hartman, will be part of an ongoing effort to identify threats, and also remediate the vulnerabilities those threats target. As part of a growing field of security intelligence offerings, the idea is to not only identify threats, but also substantially limit the amount of time an enterprise is exposed to them.
Ultimately, the goal isn’t to eliminate all security threats, which would be almost impossible to achieve. Instead, as the cost of launching successful attacks continues to rise, the economics of launching such attacks becomes a lot less attractive. Then, the number of individuals and organizations that can afford to launch such attacks should fall, which theoretically should result in a drop in the number of overall attacks.
Given the nature of the IT security arms race and all the automation tools that hackers have at their disposal, whether that actually occurs remains to be seen. But the one thing that is for certain is that the vast majority of those attacks would be a lot less troublesome than they are today.