Knowledge Base
Essential cybersecurity strategies shared by Cisco's expert security team
In the rapidly evolving landscape of cybersecurity, the challenges we face today are more complex than ever before. However, with the right strategies and defences in place, organisations can effectively protect themselves. Tom Gillis, senior vice president and general manager of the Cisco Security Business Group (SBG), shares three crucial steps to building a resilient security posture.
Identity-related attacks have become more prevalent as cybercriminals find it easier to exploit login credentials than to break into systems directly. Implementing Zero Trust and least-privileged policies helps mitigate this risk by restricting users' access to only the data and applications necessary for their roles.
Gillis explains that although this concept sounds straightforward, the execution is complex due to the multitude of applications, firewalls, and distributed users. Cisco addresses this challenge with its comprehensive platform-based solution, Cisco Secure Access. This integrated solution combines traditional VPN with modern Zero Trust capabilities, ensuring a seamless end-user experience. Additionally, Cisco ThousandEyes is integrated to monitor and pinpoint the source of any issues, enhancing the overall user experience.
Cybercriminals often exploit compromised applications or connected devices to infiltrate networks. Therefore, extending Zero Trust principles to the data centre is essential. Segmentation is a key strategy, defining communication paths for applications and limiting hackers' access if an app is breached.
Cisco’s Hypershield technology leverages AI to understand and predict application behaviours, ensuring appropriate policies are in place to prevent malicious activities. This technology also offers application-level vulnerability management, automatically identifying and isolating compromised apps and managing necessary patches. Gillis emphasizes the importance of understanding application vulnerabilities and applying compensating controls to shield them while updates are being implemented.
Sophisticated attackers often mimic legitimate users and applications to infiltrate networks. Robust analytics are vital in distinguishing between friends and foes. Cisco XDR (extended detection and response) is an analytic engine that aggregates telemetry from user and cloud protection suites, identifying threats like ransomware in the early stages and automating recovery processes.
Cisco's recent acquisition of Splunk enhances these capabilities, integrating networking, security, observability, and AI into a powerful analytics platform. Splunk’s sophisticated security analytics work across various environments, providing comprehensive security insights regardless of where data resides.
By focusing on these three core areas — Zero Trust Network Access, application protection with AI, and advanced analytics — organisations can significantly strengthen their security posture. Cisco’s solutions, enhanced by Splunk's capabilities, offer a robust framework for tackling modern cybersecurity challenges. As Gillis concludes, Cisco effectively integrates infrastructure, automated analytics, and powerful security platforms to provide a comprehensive security solution for any company.