May 31, 2017
I was lucky enough to be invited to IBM's 3rd annual Security Summit in NYC for about 300 of its customers. IBM used the event to showcase a new IBM and Cisco joint security initiative whereby the two will work to integrate their security solutions to better combat advanced threats. The philosophy of the partnership represents the idea that cyber defenders need to collaborate as well as cybercriminals seem to when it comes to sharing techniques and intelligence. The announcement is notable for a few reasons:
- Two of the security industry’s largest portfolio players are teaming up. IBM and Cisco have become two of the largest portfolio players in the security industry, so most would expect the two to see each other as primary rivals rather than collaborators – particularly in the race to become the CIOs and CISO's trusted advisor in cybersecurity – a position that, in my opinion, is currently occupied by the security groups of the major management consultancies.
- There are some areas of overlap but the two portfolios are very complementary. The complementary nature of the portfolios makes this both a smart and safe partnership:
- Cisco leads in network-based security solutions and advanced malware protection.This includes NGFWs, NAC, network analysis, and they've done a great job extending their Advanced Malware Protection (AMP) capability beyond the network to endpoints, email, web security gateways etc. Cisco has made a lot of great investments in cloud security, especially with its acquisitions of OpenDNS and CloudLock.
- Cisco has major gaps in data security, app sec, IAM, and comprehensive visibility/ management. Cisco doesn’t have any solutions to address protecting sensitive data at rest through obfuscation, addressing app vulnerabilities and protecting them in production, governing and managing user identity and access management, or providing CISOs with a unified view of security threats across the enterprise and orchestrating complex responses to threats.
- IBM excels in Cisco’s gaps. Where Cisco is weak or lacks a solution, IBM is particularly strong: data security, app security, IAM, security analytics, and services. IBM's security analytics platform, QRadar, has become one of the leading and most widely deployed platforms, and IBM's acquisition of Resilient gives the company a foothold to meet the growing demand for security automation and orchestration. IBM is also one of the largest managed security service providers and consultancies. Cisco has some growing consulting capabilities and services, but nothing the scale and scope of IBM's security services.
- It's an acknowledgement that CISOs desperately need integrated solutions that support automation. CISOs are not only begging for more integrated security solutions, but solutions that can enable and automate response the moment the SOC has detected a serious threat to the business. Breaches have become so numerous and devastating to business strategy, customer experience, growth, and profitability, that response must be immediate.
- It shows the complexity of this problem. When IBM and Cisco have to partner to solve an issue, it shows how big and ugly it is. The current state of security APIs is depressing, which this shows. In the same way that process maturity is a barrier to automation for clients, tech integrations are as well.
- This also signals a beginning of "thinning the herd" of security companies. There are far too many features pretending to be products, and in an industry where CISOs are seeking to reduce complexity and cost by axing overlapping point products and products that don’t live up to their hype, these vendors won’t survive. This also demonstrates the power of QRadar (and Watson) for IBM. The current success of QRadar and the promise of Watson are driving other security brands to play in IBM’s playground.
Some of the highlights of the agreement/alliance include:
- Cisco will develop security applications that will be included IBM's App Exchange in QRadar
- IBM Resilient will integrate intelligence from Cisco's ThreatGrid into its IR orchestration and automation capabilities
- The two firms are working on specific, automated security actions/capabilities, such as with Cisco's oddly named NAC solution, the Identity Services Engine (ISE)
- Threat intelligence sharing and the ability of QRadar to ingest threat intelligence and other security information from Cisco solutions (e.g. AMP, ThreatGrid)
- IBM will be launching new managed security services on top of/using the Cisco security portfolio
Cisco's, SVP and GM of its Security Business Group, David Ulevitch, was present at IBM's Security Summit today and IBM plans to have a large presence at Cisco Live in a few weeks. As someone who was once a technical architect specializing in the joint industry solutions/integration of two industry behemoths, I know the success of an alliance like this will require:
- Ongoing commitment and passion over the long haul from two sides that truly view each other as equal partners;
- Field-level go-to-market incentives for sales, systems engineers, and partners to accurately represent, sell, and implement the joint solutions;
- Joint agreements for unified customer support, no finger pointing when there are issues;
- Continued rollout of new integrations with a detailed roadmap that both sides can communicate to the market and joint customers
- Real world case studies demonstrating and quantifying the benefits of the alliance and its joint solutions. Let me highlight that word quantify again.
Cynics, a category in which I often like to include myself, would say this alliance is nothing more than two companies seeking to block mutual competitors from their joint customer accounts rather than any deep rooted altruistic motivation to propel the security industry forward. I say those two motivations don't have to be mutually exclusive and I'm particularly eager to see how the rest of the industry will respond. We have too much "expense in depth" security strategies, and there have been too many startups that have come to market with solutions that are features–not truly disruptive technologies–with the goal of selling themselves at the highest multiple within a few years. If this alliance spurs similar alliances and integration across competitors and technology partners alike, I'm all for it.