Cisco Increases Cybersecurity Push with Acquisitions and New Talent

With new leadership, key acquisitions, and a platform-first vision, Cisco is putting security first.

Cisco’s dominance in networking and telecommunications products and services is well-established, but its role in cybersecurity is less established. The company has been providing network security software and appliances for some time and is one of the dominant players in firewalls and network access control, according to Neil MacDonald, vice president and distinguished analyst at research firm Gartner. However, these segments are not growing as quickly as newer security areas such as secure access service edge (SASE), security service edge (SSE) and cloud security, MacDonald says.

Cisco was late with its SSE offering, Cisco Secure Access, MacDonald says, and the SASE offering is based on the Meraki core for Cisco Secure Connect’s midmarket offering. In addition, he says, Cisco has yet to deliver a unified SD-WAN offering based on Cisco Catalyst SD-WAN.

“For years, Cisco talked security but didn’t deliver it,” says Zeus Kerravala, founder and principal analyst at ZK Research. “While Cisco’s revenues are certainly near the top of the market, they did it by selling good products primarily to their network install base. One reseller best reflected this sentiment when he said, “Cisco had a collection of great products but no security strategy.”

That all changed last year with the arrival of Tom Gillis as the company’s new security chief executive. Gillis, who previously worked at Cisco but most recently at VMware, “was willing to sacrifice ‘now’ revenue for a better long-term plan” in the form of the Cisco Security Cloud platform, Kerravala says.

The platform unifies all of Cisco’s security products and enables the company to build more security offerings faster, he added.

Cisco has certainly made security a priority in its product strategy. “Over the past few years, we’ve significantly expanded our product portfolio to address many of the biggest security challenges our customers face,” says Jeetu Patel, executive vice president and general manager of security and collaboration at Cisco.

“The reality of our industry is that security has become too complex,” Patel says. “The industry has evolved as a collection of point solutions, and most organizations now have an average of 50 to 70 point solutions in their cybersecurity stacks. That has become unsustainable and makes us less secure.”

That’s why Cisco chose a platform approach, which Patel points out is “built from a pervasive AI fabric because security can no longer be done at a human scale alone. It has to be done at a machine scale.”

Security Sector Acquisitions Provide New Opportunities

Cisco recently announced several significant security-related developments and made key acquisitions.

Hypershield enables segmentation in distributed environments

The company introduced a new Hypershield “AI-native” architecture, based on technology acquired from Isolavent.

“Cisco is the dominant player in ingress/egress firewalls, but there’s a growing market interest in a rich set of network security services that can be enforced east/west,” says MacDonald. “Hypershield is exactly that—a distributed set of software-based network security enforcement points that can be managed through a centralized, cloud-centric control plane.”

Hypershield “is unique in the marketplace at this point, and its capabilities go far beyond simple firewalls and segmentation, although it can support those use cases,” MacDonald says. “It would make sense for Cisco to integrate this technology into its Catalyst switches, but there have been no specific plans or roadmaps announced for that.”

The Hypershield architecture represents “a completely different approach,” Kerravala says. “Think of traditional security as a series of fences around specific domains, like an endpoint or a network. Hypershield is designed as a framework where security capabilities are everywhere. That allows Cisco to do things like autonomous segmentation.”

Hypershield, which will be available in August, “adds security to the fabric of the network by giving customers thousands of distributed points of control across public and private data centers,” Patel says.

“With Hypershield, we’re solving big problems that haven’t been solved before. Segmentation in hyperdistributed environments is hard, so we’re automating it by using AI to learn application behavior over time and dynamically adjust segmentation rules to stop lateral movement.”

Splunk Security Integrations Strengthen Cisco XDR

At the recent RSA conference, Cisco announced plans to integrate its extended detection and response (XDR) platform with technology acquired through its acquisition of Splunk in March 2024.

With this move, Cisco aims to provide customers with enhanced security, including threat prevention, detection, investigation, and response. Among the products in the Splunk portfolio is a security information and event management (SIEM) technology that supports threat detection, compliance, and security incident management by collecting and analyzing security events.

“Splunk is adding a lot of data to Cisco’s security,” Kerravala says. “The cyber industry is moving from reactive tools to AI-based security platforms that can find needles in a stack of needles. The effectiveness of the AI will be based on the quality of the AI algorithms combined with (Cisco’s security). And Splunk is providing Cisco with more data than any other security vendor. It should be able to use that to create its own differentiation.”

The company also offers Splunk SOAR, which automates repetitive security tasks so teams can respond to incidents faster; user behavior analysis to secure systems against unknown threats; and Splunk Attack Analyzer, which automatically detects and analyzes the most complex credential phishing and malware threats.

“Like Palo Alto (Networks) and Microsoft, Cisco can now complement its security history with a security operations history that includes SIEM and SOAR technology,” MacDonald says.

Oort buys XDR option add-ons

MacDonald says not every organization needs a SIEM, which is why Cisco offers an XDR platform that was strengthened with its acquisition of Oort in 2023. Oort offers data analysis services from organizations’ identity and access management (IAM) systems to discover employee identities, protect them using best practices, and continuously monitor for identity threats.

In 2023, Cisco acquired Armorblox, a provider of AI- and machine-learning-based security software. Cisco said the acquisition will expand its AI/ML capabilities and talent. It also added email security telemetry capabilities, which is also key to building XDR, MacDonald says.

Previously, Cisco acquired Lightspin Technologies, which offers cloud security posture management (CSPM) across cloud-native resources. Lightspin uses graph-based technology to provide critical contextual, prioritization, and remediation recommendations. With the addition of Lightspin, Cisco says its customers will be able to identify and resolve cloud security threats without extensive configuration.

The Lightspin acquisition helped Cisco build a cloud application platform called Panoptica, MacDonald says. The platform offers a range of cloud-based capabilities, including attack path analysis, application security, code vulnerability detection, cloud detection and response, and cloud security posture management.

To Do: Strengthen Migration to Cisco Secure Access

Cisco continues to expand its security expertise and expand its product offering.

“We’ve been building our team in many areas, including through acquisitions that brought in new talent,” Patel says. “Security is a strategic priority for Cisco, and we’re committed to accelerating the pace of innovation.”

One of the biggest challenges Cisco faces is also an industry-wide challenge, Patel says, “which is the increasing sophistication of attacks and the way attackers are weaponizing AI in their attacks. The reality is that adversaries have always had an unfair advantage in that they only have to be right once, but defenders have to be right every time.”

AI and data will be key to tipping the scales in favor of defenders, Patel says. “And I believe you can’t be a great security company if you’re not a great AI company, and you can’t be a great AI company if you’re not a great data company,” he says.

“One of the key areas we’re focused on is where security meets the network,” Patel says. “If we assume the attacker is already in the network and all traffic is encrypted, the object of the game is to stop the lateral movement. And where does that lateral movement happen? In the network. And with Cisco Security Cloud, we have deep connections to the network and the infrastructure.”

Cisco needs to move quickly to migrate its significant worldwide installed base of AnyConnect VPN users to the Zero Trust Network Access Architecture (ZTNA) using the Cisco Secure client in conjunction with its cloud-based Secure Access offering, MacDonald says. Similarly, it needs to migrate its user base of Umbrella, its cloud-based enterprise network security service, to Secure Access, he says.

“Both of these offerings have a large user base that could be displaced by competing offerings,” MacDonald says. “In addition, Cisco needs to better integrate its own offerings so that the more Cisco offerings a customer uses, the better the protection they get. Cisco can’t just be a portfolio of fragmented security offerings. It needs a Cisco-wide security platform story that delivers better security outcomes.”

Another challenge is getting Cisco sales to understand the value of security software and software-based security capabilities and focus less on selling security devices, MacDonald says. “Devices are absolutely important, but they’re just one of the factors that will shape how policy is enforced in the future,” he says.

“A lot of Cisco’s success in security comes from selling security to networking professionals, where companies like Palo Alto, Fortinet, and Zscaler have access to security professionals,” Kerravala says. “As Cisco continues to expand its security cloud, it needs to direct more of its go-to-market efforts to that audience.”

Many organizations are placing great importance on cybersecurity, and Cisco wants to lead the effort to increase the resilience of IT infrastructure to threats, including further expanding its market reach.

“Going forward, we intend to continue to innovate our portfolio through organic product development,” Patel says. “That said, if we see opportunities to accelerate our innovation inorganically, we will feel comfortable making acquisitions that fit our strategy and direction.”