2921: Innovative Defenses: Tom Gillis on Cisco's Latest Security Solutions

[00:00:01] Are you and your organization prepared for the future of cybersecurity? Well, today I'm joined by Tom Gillis, Senior Vice President and General Manager of Cisco Security Business Group. And yes, I'm here at the Cisco Live event in Vegas.

[00:00:20] And Tom is not only a seasoned leader in the security industry, but he's also a pivotal figure in steering Cisco security strategies. Now, obviously Cisco are known as a networking company.

[00:00:32] So today I want to find out more about the cybersecurity aspect of the organization and how they're helping enterprises around the world. And with a rich background spanning from startups to major corporations like VMware and obviously Cisco, Tom has first-hand insights into the evolution and transformation of cybersecurity.

[00:00:54] And today he's here to share the latest security innovations from Cisco Live and discuss how Cisco is shaping the security landscape to tackle modern enterprise challenges.

[00:01:05] So buckle up and hold on tight as I beam your ears all the way to Las Vegas, where you can join myself and Tom here at Cisco Live. So a massive warm welcome to the show.

[00:01:18] Can you tell everyone listening a little about who you are and what you do? Yeah, Tom Gillis. I'm the General Manager for the security products here at Cisco. Watching you on the keynotes, there was one yesterday that I saw and it was mentioned again today.

[00:01:29] It was a great note that was Cisco innovated more in 2023 than the previous 10 years combined. And in 2024, it's going to be multiple of 2023. But I've got to ask, what excites you about Cisco Live? Well, I joined Cisco right at the beginning of 2023.

[00:01:47] And so is that why we innovated so much? Or maybe I was just good luck, good timing on my part. But seriously, I chose to come to Cisco for a reason. I'm a security veteran. I've been doing products in security at a number of different startups.

[00:02:02] Most recently, I was at VMware for five years. And I had this idea about building a distributed network security system that looks nothing like anything anyone's ever seen before. And it's the kind of thing that only Cisco can build.

[00:02:17] And that's why I came to Cisco. And that is what we announced in April. It's called Cisco HyperShield. And at the show here, we made another announcement, an enhancement to HyperShield and some of the hardware support. So I can describe what that is and why that matters.

[00:02:30] But yeah, I think that there are places where Cisco can do things in security that no other company in the world can do because it's areas where security meets the network. I suppose before we talk about any solutions to set the scene for our conversation,

[00:02:46] for all the conversations that you have with customers around the world, what do you see as the most pressing cybersecurity challenges that are facing enterprises today? Yeah, I think the biggest concern is a little bit of a nuts and bolts issue.

[00:02:59] But what we see with all of this explosion of AI tools, every enterprise is powered by their applications. Remember Mark Andreessen's quote, software is eating the world. So a corporation is defined by the apps that run the corporation. And those applications, because they're software, they have vulnerabilities.

[00:03:20] They have weaknesses. What has changed is that attackers have gotten unbelievably agile at exploiting a known vulnerability. So when a vulnerability is announced, it's announced to the world, and there's always a fix that comes with it. But you can't just automatically apply that.

[00:03:39] The fix is called a patch. Patching takes time because you have to test it and make sure it's not going to break something. And so to give you a dimension for the scale of this problem, a typical enterprise customer might have 500 or even 1,000 vulnerabilities every week.

[00:03:58] So every week you have to go through and look at like, oh my goodness, I've got 500 or 1,000 patches that I have to apply. And it used to be that you could take your do it in an orderly fashion and take a couple weeks,

[00:04:10] or you could do a bunch of them all at once. But now with these attackers exploiting these vulnerabilities within hours of their being announced, it is simply not reasonable to patch all of your applications within hours. It's just not reasonable.

[00:04:27] And so with Cisco HyperShield, we have the ability to address this problem directly by applying what's called a compensating control. So think of it as a little plug that can deliver the digital resilience that a customer needs, the app key stays up and running.

[00:04:44] Yes, you still need to patch it, but we've got to put this shield in place to make sure that an attacker is not able to exploit it. And boy, people are lining up for that. I could well imagine.

[00:04:56] In a former life, I was the IT guy in change management. Okay, so you understand what I'm talking about. Patching is hard, right? Yes. I mean, getting the downtime for that critical application. Correct. So can you share any other recent innovations or upcoming developments

[00:05:09] in Cisco security solutions that have been highlighted here at Cisco Live for anyone that's been unable to attend? Yeah, I think the other thing that is often discussed, but there's a reason for that because it is really transformative,

[00:05:22] the tools that we're building with AI are transforming the day-to-day, oftentimes repetitive tasks of managing cyber infrastructure. So for example, managing firewall rules. So from your IT days, you remember the process, oh, I want to change or update the firewall. What happens?

[00:05:43] You open a ticket, that ticket goes through security review, it goes through engineering review, it goes through change control, five or 10 days later that the rules get updated. So the rules go in with a huge amount of energy. When do those firewall rules come out? Never. Yeah. Right?

[00:06:02] So the rules go in, they never come out, and the rules grow and grow and grow. What happens is no one knows what these rules do anymore, right? Because they're these very cryptic low-level rules. So with our AI policy assistant, you could ask plain English,

[00:06:14] common sense questions to your firewall. Hey, can Tom access the source code repository but not access the financial system? And that is transformative if you're an administrator, because you used to be reading these policies that were basically a bunch of numbers.

[00:06:32] It was IP port and protocol, and it looks like assembly code, right? So it's very difficult to decipher. So having a natural language interface on a firewall is available now. That's a big deal. And it's not just firewalls.

[00:06:45] So we're building all of our Cisco AI capability in one constant framework so that you can understand and troubleshoot problems across all Cisco networking infrastructure. Wow. Yeah, it's a really big deal, right? Yeah.

[00:07:00] So if you think the customer is saying, hey, I can't connect to this asset, where's the problem? Well, I don't know. It could be the switch, it could be a router, it could be a firewall, it could be an access point, it could be your client.

[00:07:11] We now have the ability to understand and troubleshoot at that layer, and I think that's going to be transformative in terms of how a customer operates their infrastructure day-to-day. Does that mean the end of those tech notes by Jim Lindsay that left the organization eight years ago?

[00:07:27] I hope so. I hope what it means is the end of network outages due to misconfiguration. And I don't think that's so aspirational. I think that's well within reach. And for you personally, I mean, given your experience with VMware and obviously now Cisco,

[00:07:40] how do you approach integrating endpoints, security, networking, and load balancing to create that overall comprehensive security strategy? It's very complex, isn't it? The big trend that we see is that customers have realized

[00:07:54] we used to have these very specialized point solutions that were super good at what they do. And I was part of that. So I started a company called Ironport. Ironport did one thing, it was a spam filter. Really, really good at it.

[00:08:06] And over time, what happens is a customer accumulates more and more and more of these tools. And it becomes very difficult to get the value out of managing 90 or 100 or 150 different security tools. And so there's been a big shift in the industry to focus more on platforms.

[00:08:25] And a platform is an integrated solution that may look across email and web and network and endpoint, right? With one login, one set of policy. And by having this integrated solution, I think many customers are finding

[00:08:39] they can get a better security outcome than they would with specialized solutions. Each of which is excellent, but it's too hard to... The customer becomes the integrator when you're doing the work with all these piece parts. So integrated solutions is the name of the game.

[00:08:54] We were pleased to have Microsoft join us here at Cisco Live. And one of the announcements is that Cisco and Microsoft are collaborating. And so as we think about our security platform, aligning it with Microsoft is very, very important.

[00:09:08] Meaning we're going to work together to make sure these things are not competing with each other, but rather they're complementing each other and delivering a better outcome for our customers.

[00:09:17] In what, four or five years now since that we've seen the rise of remote and hybrid working at scale. So how is Cisco evolving security offerings to address these unique challenges

[00:09:29] posed by new working environments where you just expect to work on any network, any device, at any time? About a year ago, in fact exactly a year ago at Cisco Live, we introduced a capability called Cisco Secure Access.

[00:09:42] And it's designed to provide seamless secure access on any user on any device. For example, it's built natively into iOS. So when you're Apple iPhone, you just flick a switch, you don't have to deploy a client or anything

[00:09:55] and it's going to just talk to the Cisco infrastructure and provide secure access. That product is in the market. It's doing wonderfully well, been very well received. What we've added to that is the ability to understand your identity and apply analytics to it.

[00:10:10] So the use case that we're thinking about is if someone has compromised your system, stolen a credential and is trying to do something that is outside of the bounds of what we would do normally, we're able to detect that.

[00:10:23] So we can deal with not just access control, but we can look at stolen credentials, session hijacking, and we can do that very, very effectively. So Cisco Secure Access has been a big focus area for us. We have hundreds of customers up and running in production

[00:10:38] and we expect that to move to thousands in a very short order. And a question I've got to ask on behalf of any security team is alert fatigue. How are you getting around that? Yeah, so thank you for asking that.

[00:10:49] So let's think about alert fatigue in two regards. The first is everyone has realized that multifactor authentication is really, really important. But the challenge of multifactor authentication is that each time a user tries to do something new, access a new application, you're asking that user to reauthenticate.

[00:11:07] So we introduced a major enhancement that we call Duo Passport. And so we are able to authenticate you at the operating system level and we have continuous risk assessment. So when you log in, if you're on your machine and everything's properly configured,

[00:11:24] we're going to ask you for a second factor to authenticate one time. And then you could be using a browser-based app and you switch to Microsoft Outlook. We don't ask you to authenticate again. We know. And you might think, oh, okay, what's the big deal?

[00:11:37] It's only one click. Well, the thing I always point to is Amazon's one-click shopping service. It's not Amazon three-click. It's Amazon one-click, right? So delivering a flawless end-user experience is really, really important. And Cisco does that really well.

[00:11:52] That is built into Cisco Secure Access, that VPN remote access solution that I talked about. On the other end of the wire at the security operations center, all of these things that are happening, they generate alerts. And it's absolutely overwhelming for the security operations team.

[00:12:09] And so we've introduced a SOC assistant where the AI engines are looking at these alerts and then escalating the ones that they think are important to a human analyst. And we believe that this assistant is going to allow an entry-level analyst

[00:12:22] to perform at the layer, at the level of an analyst with five or six years experience. And so what this means for our customers are our customers are all short-staffed. It's hard to find the people with the skills necessary to run the security operations center.

[00:12:38] Now more entry-level people can start to fill those roles and perform at the layer. So we're addressing the skills gap with these AI tools. And we've done so well here at a tech conference recording a tech podcast. I think we've gone 15 minutes without saying AI,

[00:12:54] but can you expand on how Cisco is leveraging AI and machine learning in the security side of things to enhance things like threat detection and response capabilities? Yeah, sure thing. So there's kind of three ways we think about AI.

[00:13:07] So there's the AI policy assistance that help you manage a firewall, an existing product that helps you manage them better. And that's, you can't miss the impact because if you were using it without the assistant and now you have it, you can measure and feel the change.

[00:13:23] The second is with products like Cisco HyperShield, we couldn't have built them without AI. So here's an example. This product is a network security solution that upgrades itself. And the way it does it is for every instance of HyperShield, we run a digital twin,

[00:13:43] a second instance, and there's a local AI engine that compares them. So when you want to run a new version of the code, let's say you're running 2.0 as a production version, 2.1 as the new version, we run that, what we call a shadow data path.

[00:13:55] It runs right beside the primary data path. And the AI engine compares the two. And after three days, it says, look, I'm running these two things side by side. They're the same. Then we cluster between the data paths.

[00:14:06] And so we can seamlessly migrate traffic on. Now 2.1 becomes primary, 2.0 is shadow. The AI engine says these things are still the same. We load 2.2. So it's a network security system that upgrades itself. When customers see that, they're like, that is magical, right? That is magical.

[00:14:23] Because upgrading a traditional network security device is a very cumbersome process. You need that change control window you talked about. That wouldn't be possible without AI. So that's a product that exists because of AI. So that's what we call an AI native capability.

[00:14:36] So we have AI add-ons to existing products. We have new products that are built with AI from the beginning. And then the third area we're focusing on is how do we make sure that the AI that everyone is using, the AI itself is protected?

[00:14:50] So we're doing things to look at the interface between your premise and the AI applications and making sure you're not putting sensitive data out into a public model that is then being trained on and in the future we'll do things to ensure the integrity of the models themselves.

[00:15:08] So protecting AI itself is a third area of focus. Well, that's incredible. And go back to the change management thing. The traditional way was the testing environments. But this is a whole other level of that, isn't it, with digital twins?

[00:15:22] It's quite remarkable because we put so much time and energy into a testing environment and at best it's a weak approximation of what's happening. Now your entire environment is a testing environment, right? Because we can put it into the digital twin, not in the lab,

[00:15:38] but in hundreds or even thousands or tens of thousands of enforcement points around your infrastructure on live traffic because you're running to. Yeah, it's pretty cool. So what this means is that software will continue to have bugs,

[00:15:52] but a customer should never see it because we're going to have run this on live traffic and we know that it works before we expose it to a customer. Do you think that's the exciting part? It's not just the AI,

[00:16:03] but it's all the emerging technologies almost converging at just the right time. We were talking about digital twins and AI, et cetera. Yeah, I always think there are three building blocks that together allow us to build these products that I think are really mind-blowing for customers.

[00:16:18] The first is AI. That's a management tool. The second is advanced hardware acceleration, a thing like a DPU. And this is one of the other announcements we made is that Pensando AMD is one of our technology partners. They build very, very high-performance DPUs.

[00:16:34] It's a chip that is a data processing unit that can perform network security functions. We're putting that chip into Cisco UCS servers and we can perform this distributed networking, network enforcement on everywhere. And then the third building block is this modern software capability called eBPF,

[00:16:53] which allows us to look into the heart of the operating system without actually touching or modifying the heart of the operating system. So with these building blocks together all happening at once, we can build these transformative products that two years ago,

[00:17:08] it just wasn't possible to do. The ideas existed, but the building blocks weren't there to actually do this. So if we do dare to look into a virtual crystal ball, look ahead. Any other key trends emerging, especially around threats in cybersecurity

[00:17:22] that you believe organizations, maybe they should be preparing for right now? And how are you at Cisco positioning itself to help your clients navigate some of these? I think one of the most interesting things we're working on is as we start

[00:17:33] to bring Cisco and Splunk closer together is looking at lateral movement of an attack. Lateral movement by definition happens on the network, but for most customers, they have very little network data that they're ingesting into a SIM, Splunk or any other SIM

[00:17:50] because there's just too much of it. It's like three orders of magnitude greater than what is possible to ingest today. So our thought is with HyperShield, we're putting little tiny networking for some points everywhere in the fabric of the infrastructure.

[00:18:05] In the future, we can use that computation in that distributed system. So instead of moving network telemetry into the analytics, we're going to move the analytics closer to the network telemetry. So distributed network analytics powered by Splunk that'll run in the HyperShield infrastructure

[00:18:24] that'll identify lateral movement of an attacker far more effectively than ever. That's a big complicated problem. So it's still a year or two out there, but it's one of the things I think is going to be transformative. It's a unique benefit of Cisco plus Splunk.

[00:18:40] And I've been following you from afar this last couple of days. I've seen you on stage in the main arena, in the keynotes here. You're back-to-back in meetings, conversations with everyone on show floors everywhere. What are the big themes for all those conversations?

[00:18:53] Well, I think a lot of customers had sort of turned away from Cisco for security. And so when they hear the kind of innovation that we're doing, the reason it captures their attention is because we're focused where security meets the network.

[00:19:07] So it's security that can be uniquely implemented by integration with the network and with a networking company, right? So that has a kind of lightning strike effect. And so I find myself answering questions, telling that story over and over and over and over and over again

[00:19:22] because it's so interesting to customers. And there has been so many huge announcements, so many today alone. I know there's a lot more to come tomorrow. For anyone listening that's not attending and wants to find out more information, where's the best place for them to go?

[00:19:35] I think we post all this stuff on our website, on our homepage. There's a press release. It covers everything we talked about. There was some specific product announcements. We announced the Firepower 1200, which is a very high-performance firewall appliance. All of those details are up on our website.

[00:19:51] Well, again, I know how busy you are. So just a big thank you for coming on and talking about some of these announcements and the reasons why and what people are talking about. Thanks for joining me today. Awesome. Thanks for having me.

[00:20:01] So as we wrap up today's enlightening conversation, I find myself reflecting on the insights Tom shared about the future of cybersecurity and also the strategic innovations that have been announced here at Cisco Live. From integrating advanced technologies to addressing the unique demands of today's hybrid working environment,

[00:20:22] it feels like Cisco is at the forefront of developing solutions that promise to not only protect but also simplify that security experience for enterprises. So Tom, thanks for joining us and providing such valuable perspectives today. And for everyone listening,

[00:20:39] let me put the microphone in front of you for a moment. What are your thoughts on the future of cybersecurity and, indeed, some of the announcements that you've seen unveiled here at Cisco Live? How do you see these developments impacting your industry, your business?

[00:20:55] Please, I invite you to share your views and join the conversation. And if you are at Cisco Live, send me a quick message. It would be great to meet you in person. But thank you for tuning in today. I look forward to bringing you more updates

[00:21:09] from the heart of technology innovation here at Cisco Live. I cordially invite you to join me again tomorrow. I'll be waiting in your podcast feed with another episode. But thank you for listening as always. And until next time, don't be a stranger.