Cisco Security Report: Customers Vulnerable, Chance Of Profits

Computer security

Lorna GareyCisco’s 2016 Annual Security Report combines responses from 2,400 enterprise security pros across 12 countries with perspectives from experts in the company’s security research group. Given the visibility Cisco enjoys into what’s flowing across customer and carrier networks, the report is a good read. The news is also good for channel partners, says John Growdon, Cisco’s senior director, channels business development for security. 

For example, only 45 percent of respondents worldwide are confident in their security postures, yet 92 percent say that regulators and investors (and top-level execs) will expect them to manage cybersecurity risk exposure. Even if you accept that the 45 percent are justified in their confidence – a real leap given the sophistication of cybercriminals – that leaves plenty of customers that know they need help.

Over the past few years, Cisco has invested heavily in security, both internally and through acquisitions.

“As the nature of attacks become more sophisticated, customers are having to deploy more sophisticated means to protect their assets,” says Growdon. “These creative threats must be addressed with an end-to-end approach.” {ad}

The message is that partners should let Cisco handle integration. A best-of-breed approach is too much work, and the resulting infrastructure is complex and difficult to manage. Growden adds that more profits are a side benefit of a unified security solution.

“We are witnessing a growth of startups to address specific threats, but this makes it very challenging for partners to represent and manage multiple vendors,” he says. “Partners’ product proficiency can’t scale to offer multiple point security products, and economically, this model won’t drive profitability.”

That depends on the partner. Managed security and professional integration services can be lucrative, and there are plenty of really innovative security startups with strong channel programs. Still, taking advantage depends on being able to find, and afford to hire, the technical expertise to vet and integrate a portfolio of security point products versus having employees gain certifications in Cisco’s unified suite. And, those portfolios are getting fatter every year as the industry and regulators pile on new must-haves, like DDoS protection and DNS security.

That’s a particular problem for SMBs, and they’re looking for help — the number of smaller shops employing security outsourcing is up to 23 percent in 2015 from 14 percent the previous year.

Growden says Cisco’s product line still offers consultative opportunities and that partners shouldn’t wait too long to decide on an approach.

“Customers are demanding protection of their network and data center infrastructure end to end,” he says. “Security provides a significant opportunity for channel partners to expand their existing data center and network infrastructure practices … partners investing in security personnel expertise, and building their security competencies, can differentiate themselves …


… from their competition. And partners can enhance their profitability by offering consulting and professional services around security, including designs, security posture assessments and advanced threat analytics.”

Old Software, New Problems

Another finding from the survey is that between 2014 and 2015, the number of respondents saying that their organizations’ security infrastructures are up-to-date dropped by 10 percent. That’s no surprise. Just this month Microsoft ended patch releases for older versions of Internet Explorer; XP support is long gone. The survey shows that 92 percent of Internet devices are running known vulnerabilities. Malicious browser extensions affect more than 85 percent of organizations. Thirty-one percent of all devices analyzed are no longer supported or maintained by the vendor.

Attackers know this and are targeting servers and endpoints running outdated OSes, software and browsers.

“As the industry moves to next-generation data centers, this will be a driver for refreshing customers’ infrastructure and opening up a new conversation for partners to have with their customers as they re-architect integrated security to stay in tune with the threat landscape,” says Growden.

The complete 2016 Cisco Annual Security Research report provides more insight and recommendations.

Follow executive editor @LornaGarey on Twitter.

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 50736