Imagine a world where someone takes control of your self-driven car or hacks into your bank account through your smartphone. As the world readies for billions of connected devices, digital security companies are preparing for new, more sophisticated challenges. Over 50 billion connected devices are going to be used worldwide by 2020 and that poses enormous challenges to a world dependent on internet.
“The Internet of Things is going to drive a lot of new types of attacks. The scale, speed and scope of the challenge is rising exponentially because more devices mean more information and more opportunities for attackers,” says Christopher Young, senior vice-president, securities business group at Cisco Systems Inc. The biggest network equipment company in the world is seeing huge opportunity even as the ecosystem turns virtual.
Cisco is also turning its attention to the security of the networks that are about to connect billions of devices and cars across the world over the next few years. There is more money to be made from hacking today rather than from working as a technology professional. Data security is at among the topmost concerns for the government and corporates, who find themselves pitted against increasingly sophisticated and organised attackers. “The attack landscape has really changed. This is what I would call the industrialisation of hacking. Ten years ago hacking was a hobby, today it is a profession. It is faster and more dynamic than the underlying IT infrastructure,” says Young.
Cisco’s security business is worth $1.6 billion in annualised revenue including Sourcefire, a network security company acquired by Cisco last year. The security business grew by 20% in deal terms and 10% in revenue in the previous quarter. “Security is just one part of Cisco and if we were a standalone security company, we would be one of the top three companies globally. We paid $2.7 billion last year for Sourcefire. The India team has doubled in size in two years,” says Young, emphasising the importance the company is attaching to the security business. Long-term growth of the security business will remain in the 10-15% range, Young says.
A customer study that the company did on attacks showed that in most cases there was a connection to a non-malicious destination on the Internet, attributable to malware operating inside the network. While using malware, attackers try to get access to data records, credit card data and intellectual property information. They could be looking to disrupt systems inside an organisation. “Malware is very hard to detect and it is usually the tool attackers use to penetrate and then move around inside an organisation. The attacker may pose as a vendor and come in and leave with the most critical information from the organisation. We weave our entire strategy to focus on the attack continuum. We have brought in new technology and are focussed on helping customers thwart these threats,” says Young. “You need security before, during and after an attack. You need to contain the virus after an attack.” Cisco recently acquired a company called Threat Grid that identifies advanced attacks on organisations.
The cloud takeover of the Internet means that Cisco is currently virtualising all its products—including firewall, web gateway and email gateway—to provide security to customers right from the cloud. Security as a service is the fastest growing portfolio for Cisco, says Young. According to the company, it has four million users and more companies are opting for a hybrid model as they want to retain some control over the traffic and network. But when customers use mobile devices or when they travel, the cloud becomes the easier mode of delivering the same set of services, Young says.
“Much of the focus is on data protection as people use more and more mobile devices. Enterprises are now trying to protect the information on mobile devices. A lot of BYOD is organic and one cannot stop it. So you need to have right level of access and protection as everybody needs wireless access,” says Young.
Cisco has a 600-strong R&D team in India, its largest centre outside of the US. Almost all of Cisco’s security functions are done here and some of its products were fully developed in Bangalore. The Indian security business of the company is growing at upwards of 20% and is one of the fastest growing product lines in India, it says.