‘Security is a USD 2 billion business for Cisco’
 Harshal Kallyanpur spoke with Tom Gillis, VP and GM of Cisco's Security Technology Business Unit to gain insights on Cisco’s renewed thrust on security, and the overall evolution of physical devices to virtual ones
What is Cisco’s security business like? How do you see the overall security market evolving?
Globally, Cisco is one of the largest enterprise security vendors. The overall revenues touch USD 2 billion per year. We mainly focus on five markets: firewalls, intrusion prevention systems (IPS), VPN or remote access, web gateway and e-mail gateway. We own about 20 to 30 percent market share in each of these segments.
We believe that the next five years will see a significant change in the enterprise security market. This change will be driven by two factors: an increase in mobile devices and a significant shift towards cloud computing. Looking at the increasing demands of video and data on mobile devices that are beyond the traditional perimeters of the network, we have introduced a new network architecture called Borderless Network. It allows seamless access to data on any device—anytime and anywhere—and ensures security and policy enforcements.
Currently, several security functionalities are integrated within network devices or appliances at the gateway or router level. Do you think security offerings will be offered separately in the future?
Yes. In the future, there will be an insatiable demand for innovation which will create opportunities for focused companies to deliver innovative solutions to customers. However, we also need to determine the relative value of these focused solutions as opposed to integrated solutions such as our own.
Cisco has a sizeable business opportunity in the security market. Despite the likely onslaught of novel solutions, customers are still likely to choose an integrated solution over a point solution since the former simplifies and streamlines operations without compromising security.
How big, according to you, are the opportunities on the cloud model—from both a services and an infrastructure point of view?
It is actually becoming difficult to draw a line between functionalities that can be cloud-based and those that are on-premise. The security opportunities on the cloud are quite substantial. In the next five to seven years, of the total USD 6 billion business, around USD 2 billion-worth network security business could be delivered via a cloud.
Underlying all Cisco products and services is Cisco Security Intelligence Operations, which aggregates information from tightly integrated data derived from multiple Cisco devices and services to continuously assess and correlate threats and vulnerabilities. The results generated are channelized to the enforcement engines on our security products (appliances), which apply the security.
What other products work symbiotically with the cloud?
For our Intrusion Prevention Service (IPS), we use cloud-based Global Correlation for Threat Defense. We look at threats across e-mail and web traffic, generate the intelligence in the cloud, and push it down to the network device as a description service. The IPS receives intelligence from the cloud, which allows it to make better decisions about blocking or allowing traffic.
The Global Correlation technique has increased the efficacy of the IPS by 200 percent—a definite edge over traditional signature-based approach. The customer just has to turn the service on. It works automatically pushing intelligence down from the cloud to the IPS and also pulling information from it to gain more insight into threats. Also, based on information gathered, the IPS can identify attacks beforehand.
Will security be a big part of the Unified Computing offering?
It is already a very big part of the equation. We have invested heavily in building virtualization into our firewall. Cisco ASA appliance can be partitioned into multiple virtual firewalls known also as Security Contexts. Each security context acts as a separate firewall with its own security policy, interfaces and configuration.
In year’s time, we will debut new technologies that will provide dynamic ability to these virtual firewalls. They could be then moved around, along with the Virtual Machines (VMs). Hence, the firewall policies could also be dynamically applied to those VM. This technology, Service Insertion Architecture, is a complex functionality. It requires changes to be made at the TCP/IP level. We are working to provide this functionality.
|