In September of 2013, Cisco first revealed its intentions to launch a managed security services practice under Bryan Palma's leadership. Today Cisco formally announced the launch of its Managed Threat Defense Service as part of its managed security practice.
Palma is the Senior Vice President of Security Services at Cisco. He came to the networking giant after previously working in high-level IT security roles in the U.S. Secret Service, Boeing and PepsiCo. Palma told Enterprise Networking Planet that the entire managed security space is evolving.
It has evolved from a basic concept of managing customers' security devices and monitoring logs to managing the entirety of the customers’ security event lifecycle, from detection through to remediation.
"Part of this evolution is based on new consumption models, with vendor–owned assets or cloud and on analytics that are not just correlations but actual predictive statistical models," Palma said. "Many of the analysts that I’ve talked to call this MSSP 2.0."
Cisco has offered different types of managed security services over the years, though Palma noted that the new Managed Threat Defense Service is very different in multiple ways. For one, the consumption model differs in that Cisco owns the assets and the customer consumes those assets as operational expenditures. The sophistication of the analytics also sets the new service apart.
"Also, although we utilize Cisco security products in our on-premise stack, we don’t depend on the customer having an all-Cisco network or even an all-Cisco security infrastructure," Palma said.
In some security service deployments that Cisco has done in the past, the technical implementation has involved some manner of traffic or data redirection to Cisco, but that's not how the new Managed Threat Defense Service will work. Palma explained that in the new service, no traffic is redirected and most of the analytics are done on-premises.
"We instantiate a Hadoop 2.0 cluster on the customer’s premises," Palma said.
Hadoop is an open-source Big Data technology that is widely deployed around the world. Palma added that network telemetry is sent to the Hadoop cluster in two ways. The first is by way of traditional network logs and Netflow flow telemetry. The second mechanism is by way of packet capture along the network path.
"The vast majority of the data is at rest on-premise and only a small subset goes to the cloud," Palma said.
With the new service, Cisco is heading into a new competitive space against managed security services from vendors such as IBM and HP. Palma sees the Cisco Managed Threat Defense (MTD) Service as having competitive differentiation for a number of reasons, not the least of which is the use of Cisco hardware.
"MTD leverages Cisco’s new threat-oriented solutions, such as Cisco Advanced Malware Protection (AMP), to detect malware and eliminate unnecessary alerts, Sourcefire FirePOWER for threat detection, and Cisco’s existing Cisco Cloud Web Security for email and web filtering," Palma said. "These solutions make Cisco a major player in the threat space."
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.