2020 was a dark year for information security. Cyber-attacks and ransomware continued to grow. In Finland, too, we got a sad reminder of the immoral attacker in the Vastaamo company.  As the western countries discussed Huawei’s threat to national security, we received the news at the end of the year of the biggest and most successful cyberattack in history by Russian. The Solarwinds, the US network monitoring software, was hacked in early 2020, and the vendor distributed an updated version having with the back-door. The attack exposed 18,000 large companies to a dangerous situation for months.

Is it possible to protect the enterprise network from a cyberattack?

I’ve been tracking top enterprise network cyberattacks over the last ten years. There is a significant industry-linked problem in all of them. Security technologies and their operating practices have not met the challenge of protecting the target network in professional hacking activities. The necessary security solution is too expensive for the majority of companies. The companies targeted in the example of the Solarwinds cyberattack had outstanding and comprehensive security solutions and the Security Operations Center (SOC) at their disposal. This ugly truth makes many companies hesitant whether a secure digital future is a possible scenario at all?

The new Cisco Secure X respond to the challenge

The Cisco Secure X concept was announced in summer 2020 to combine numerous standalone network and IT security systems into a single management console.  The aim is to utilize the information generated by all enterprise network security systems and improve information security management and responsiveness. As a result, companies will have access to state-of-the-art SOC operations at significantly lower cost than in the previous decade. After exploring this concept and integrating a few  Cisco security services, I am impressed with the product. In this concept, Cisco has succeeded in its strategic choice and its thinking.

Summed up, Cisco Secure X turns the architecture of central security perception upside down. Instead of network systems and cloud services sending event data (logs or data) to a centralized system for analysis,  Secure X reads data from network devices and cloud services using the API.  Simultaneously, the API-based model provides workflow-based SOC automation, which is a prerequisite for cost-effective SOC functionality.

CIO and CISO’s strategic choice

So far, Secure X mainly supports Cisco Systems network, software, and cloud technology. The free product has significant added value for existing Cisco Systems customers and a handout to better security management. Naturally, it raises the question,  is it worth putting all the eggs in the same basket?  I don’t think there’s a right answer to that question.   However,  we all know that multi-supplier security solutions and siloed management did not even manage satisfactorily in the previous decade.

Another relevant question is whether it is worth building the SOC solution on Secure X if the company does not have Cisco Systems products and services at its disposal? Perhaps. It is interesting to look at the issue from another perspective, i.e., the total cost in the future network architecture. Below is compared to two primary principle solution.

Option 1 –  SIEM solution in SOC as a base system

SIEM solutions entered the market in the early 2000s as a basis for SOC operations. The SIEM software operation is based on an analysis of its device and software’s transaction log. The solution is excellent at best, but there are challenges.

  1. Logging data transfer puts a strain on the WAN network, which requires a significant increase in WAN (upload) capacity and costs. Do not underestimate how much data systems generate.
  2. Massive data processing and storage require efficient and fast server and storage systems and a careful maintenance process: more investments or fixed service costs.
  3. Event observation requires an advanced artificial intelligence algorithm and an expensive SIEM system with maintenance. On the other hand, artificial intelligence requires a lot of data. It means the price tag increases. Also, it costs money to transfer data out of the cloud. A high price tag typically causes limits the number of systems included in the SIEM, which dilutes the solution’s effectiveness.
  4. The network device and software’s ability to read traffic and events deep enough will ultimately determine whether the SIEM system detects security-relevant anomalies. The network’s equipment and security software often need to be updated to achieve sufficient capabilities.
  5. SIEM systems cannot command an extensive corporate network and its security features. This process must be carried out with a separate network automation system. Without automation, the security maintenance process is inefficient, expensive, and too slow to react.

Cisco Secure X is a potential de-facto SOC base system

The Cisco Secure X entity consists of the so far free Secure X cloud service, which communicates with Cisco’s security software, devices, and cloud services seamlessly using APIs. The benefits of the Secure X solution for the company are tangible:

  1. No need to transfer event logs or data away from devices or cloud services
  2. No massive log management software and disk system required
  3. No separate SIEM+AI system or service required
  4. Integrations with Cisco security products work with “plug & play.”
  5. Security workflow automation included in the product

CISO and IT department together should compare the total solution and operation costs of the SOC comprehensively. It is possible that,  despite the change of supplier, the new entity will make more economic sense. In addition to analyzing hardware and software exchanges, it is recommended to look at network modernization and cloud security utilization—for example,  the following basic enterprise solution is a good start.

  • Cisco Secure X (free SOC software)
    • Cisco Secure Endpoint (workstations, servers, and mobile devices)
    • Cisco Umbrella (Secure Web Gateway, Cloud FW, CASB)
    • Cisco Duo Multifactor authentication & access  control
    • Cisco SD-WAN (Office, Stores, Plants, Cloud)
  • Secure X – ServiceNow™ Security Operations integration
  • Secure X – Microsoft™ Security API (AD, Azure, O365)  integration

 

Stop Russian roulette in time

As business applications disperse into the cloud, users disperse into remote working, critical public Internet services, extended subcontracting networks, and requires industrial Internet solutions need a new corporate network strategy and professional security protection. Secure X is an exciting and evolving solution in this future business operating environment.

 

Hannu Rokka, Senior Advisor

5Feet Networks Oy