Lancope CISO: Palo Alto, Check Point Cannot Compete 'Effectively' Against Cisco's New Security
Taking The NaaS Approach
In the wake of Cisco unveiling its new security approach to embed security "everywhere" throughout the extended network, competitors like Palo Alto Networks and Check Point Software "simply cannot deliver" the same level of security, said Andrew Wild, chief information security officer for the networking security vendor Lancope.
The Alpharetta, Ga.-based security vendor is integrating its Lancope StealthWatch technology into Cisco's entire network infrastructure to increase visibility and control via the network as a "sensor and enforcer."
Wild, a security veteran who's held executive positions at EMC and Qualys, said using the so-called Network as-a-Sensor (NaaS) approach will win against its security competitors in the market and create differentiation for partners. Here's why.
Can Palo Alto Networks and Check Point compete with Cisco's new security approach to utilize the network as a security sensor?
Not effectively, because they simply cannot deliver the security at the infrastructure level. The Network-as-a-Service objective is to turn your infrastructure and architecture itself into a sensor, leaving the adversary no place to hide and persist. Competitors can only be placed in certain parts of the network. It's no longer realistic to think that a strong perimeter defense will stop attacks.
Can you tell me why using the network as a sensor is a good security move for customers?
As organizations realize that their preventative security controls cannot achieve 100 percent efficacy, they seek to improve their ability to quickly detect and respond to attacks on their systems. A key component of detection is visibility. Because all attacks at some point traverse the network, enabling the network you already have to become a sensor with [Cisco IOS] NetFlow [Cisco's traffic monitoring feature] is a very effective way for organizations to quickly gain complete visibility inside their environment. The value of the network telemetry data can be enhanced with additional context, such as identity data, correlating IP flows with a specific user, enabling more intelligent response.
How will this approach differentiate channel security partners when going to market?
Attackers are no longer breaking into a network. By the time they get to your network, they have credentials for your users and administrative accounts and they simply log in. NaaS gives you the visibility so that anomalous activity can be brought to your attention and acted upon before the attacker can escalate to their objective.
All attacks must traverse the network to achieve their objective, and by using your network as a sensor, you are more likely to detect malicious activity that could lead to a major breach. We believe the time is now for the Network-as-a-Sensor [approach] to start shifting the balance of power toward those who should truly have the most information about their own networks.
How is Cisco, through partnerships like Lancope, going to win the security market?
Normal security tools are still waiting around for the attack to ensue and most of the time, these days, that is simply a diversion. The attackers have advanced their methods and NaaS is the appropriate advancement of defenders.
What opportunities does NaaS provide for VARs/solution providers?
Network-as-a-Service provides the necessary telemetry to VARs and solution providers so that they can make informed decisions with their customers on the care and feeding of the infrastructure. It is how networks need to be instrumented today given the pace of business and the active threat environment.
What does the future have in store for the Cisco-Lancope partnership?
Cisco and Lancope will help you out-innovate your attackers. As defenders get better at defending, we force adversaries to innovate new tools, tactics and procedures. Lancope will continue to deliver superior intelligence to help drive the business continuity required in the face of these advanced threat actors.