1 Introduction
Cisco Systems, Inc. is a multinational technology company headquartered in San Jose, California, USA. Founded in 1984 by the pioneers of the multi-protocol network router concept, the company has quickly grown into the world’s largest manufacturer of networking hardware and telecommunications equipment. The company’s stock is a part of the Dow Jones market index, and it’s also included into the S&P 500 and NASDAQ-100 indexes.
With over 71 thousand employees in over 80 countries and a large global partner network, Cisco maintains a truly worldwide presence and leading positions in many regional markets in both their core areas of network hardware, as well as in many other technologies like VoIP services, wireless networking, cloud technologies and information security.
Throughout its history, Cisco has acquired a large number of companies to integrate their products and technologies into their portfolio or to expand into new markets. Several acquired companies, like WebEx, have grown into large business units with billion-dollar revenues within Cisco. The company’s Security unit offers a broad portfolio of products and services in various areas of information security, including firewalls and other network security solutions; web, email and cloud security; identity and access control; as well as advanced malware protection, which is partially based on recent acquisitions of SourceFire and Threat Grid technologies.
As cyber-attacks are becoming increasingly advanced and persistent, and the very notion of a security perimeter has almost completely disappeared, organizations have to rethink their cybersecurity strategies. Traditional security tools, such as signature-based anti-malware products or intrusion detection systems are no longer able to reliably protect from sophisticated attacks that combine multiple vectors and can remain undetected for months. Thus, the focus of modern security solutions has gradually shifted from perimeter protection towards monitoring corporate networks to uncover malicious activities as quickly as possible to allow experts analyze the threat, contain it and minimize its damage.
However, Security Information and Event Management (SIEM) solutions, created and popularized as an ultimate solution for these problems, have largely failed to deal with the growing number of threats. Even a large dedicated team of experts operating a SIEM-powered security operations center is eventually overwhelmed by a sheer number of (possibly false) alerts and cannot identify a real threat quickly enough. Thus, the latest generation of security analytics solutions has recently emerged, utilizing various Big Data analytics algorithms to correlate security data across multiple sources and identify patterns and anomalies in real time. Such solutions are strongly focusing on automating tasks for security analysts and support them in identifying, analyzing and remediating security threats as quickly as possible.
Cisco delivers their own take on this challenge with a range of security products under the common AMP brand, which can be deployed at various control points, from endpoints to network to the cloud, to enable continuous monitoring supported by dynamic malware analysis technology and a global threat intelligence network. Together, they provide an integrated defense ecosystem that can be further extended with 3rd party integrations via a set of standard-based APIs.