3 min read

Cisco uses Sourcefire tech in new managed security service

InfrastructureManaged ServicesSecurity & PrivacyProject Squared Cisco enterprise collaboration

Cisco Systems may not be the first name that comes to mind when businesses are in search of a security provider, but the networking gear maker appears to be bent on changing that perception.

The company is offering business customers and channel partners a new managed security service which leverages the technology it acquired from its 2013, $2.7 billion purchase of security vendor Sourcefire.

Cisco’s Managed Threat Defense (MTD) is an on-premise service that includes hardware and software components. It makes ample use of Sourcefire’s FireAMP anti-malware detection tool to help users monitor, contain and analyze threats to the corporate network. MTD uses the analytics developed by Cisco and anti-malware and intrusion protection technology from Sourcefire.

Cisco’s MTD is available to resellers and service providers that want to bake it into their own managed service offerings.

Ahmed Etman

Ahmed Etman

The on-premise model is ideal for organizations that handle sensitive information and are reluctant to send corporate and client data to the cloud.

Many network security systems in the market today primarily focus on detecting threats before they enters the corporate network, according to Ahmed Etman, general manager, security at Cisco Canada. While effective, he said, this tends to leave a critical gap in company’s security posture during and after malware enters the system. So, this is the area Cisco is targeting its Managed Threat Defense service.

“We’ve seen less market focus in the ‘during’ and ‘after’ stages of intrusion. This is an area that is not well invested in,” he said. “Cisco is covering the whole before, during and after stages, but we are particularly focusing on after part.”

He said there are many products in the market that enable organizations to inspect and data packets entering and leaving the corporate network and even later sandbox or quarantine suspicious traffic. The problem is that many new polymorphic malware are able to bypass these filters.

“Malware are getting smart,” said Etman. “New sleeping techniques allow them to appear innocuous and slip into the network and once inside mutate and launch a polymorphic attack.”

Cisco’s MTD adds another layer of protection that kicks in when something like this happens.

FireAMP keeps track of traffic entering and leaving the network but also has a “host presence” that that monitors the state of devices and endpoints connected to the network to determine if these devices have been compromised.

The tool’s predictive analytics feature use Hadoop 2.0 to detect anomalous patters in an organization’s network.

This is critical, according to Etman, because in many cases the monitoring of devices is still being done manually and it could take days to months before all devices in a network are checked, giving a virus ample time to wreak havoc om a system.

MTD helps organizations cut the labour cost associated with network security monitoring because the on-premise service can be remotely managed by Cisco. Rather than hire additional staff to track and analyze potential threats, customers can rely on Cisco’s security experts. Cisco Cloud Web Security inspects 16 billion Web requests, 93 billion emails, 200,000 IP addresses and 40,000 malware samples each day. FireAMP evaluates 33 million endpoint files and 28 million network connects daily.