Expanding the Boundaries of Cybersecurity with Cisco SecureX

CISCO

Most people today are aware of the risks that come along with lax cybersecurity measures. But 15 years ago, that wasn’t the case.


I founded Barrier Networks in 2006 because I saw a need for credible, managed cybersecurity services. There were many generic IT providers at the time, but few were in the cybersecurity space.


Barrier Networks started off only providing consultancy, but several years ago, we started to invest the time and energy required to transform the company into a full-fledged managed service provider. Our focus was to fill that gap in the market and grow the company into a complete cybersecurity provider that could be relied upon as a trusted partner for our clients. 

Changing Perspectives on Cybersecurity

Not only were there few high-end cybersecurity service providers at the time, but most businesses were lax about securing their IT assets. They—and the clients they served—often viewed cybersecurity purely in terms of technology. If a company was running a firewall or antivirus software, they felt protected. Few gave a second thought to safeguarding data or protecting a company from the financial and reputational repercussions of a cyberattack. 

Cybersecurity is no longer about technology itself; companies have to understand their infrastructure and risk profile.


Fortunately, approaches to cybersecurity have matured. Companies now prioritise visibility into their infrastructure and seek to understand both their security posture and risk profile as a critical step to preventing cyberattacks. When I speak to chief executives and boards of directors today, we don't talk about technology. Instead, we discuss the security risks they've already encountered and those they expect to emerge in the near future. We also delve into compliance with the NIST cybersecurity standard and other national, international, and industry-specific frameworks that govern their organisations' IT activities and policies. 


Today, more people focus on outcomes instead of hardware and software. This allows us to have much more holistic conversations about risk. Our role at Barrier Networks is to help our customers gain visibility of their risk profile and to offer mature services that are led by threat intelligence.

Cybersecurity as a Platform

I'm a big believer in cybersecurity platforms. It makes sense to find and deploy the best-in-class security solutions to address specific weaknesses in your infrastructure. 


Sometimes, you have to deal with different vendors. But if you're looking for seamless integration across multiple cybersecurity components, there are significant benefits to be gained by aligning with one strategic vendor. Today, I'm proud to say that Barrier Networks is a long-time Cisco Select partner, specialising in Cisco Advanced Security as well as being part of Cisco's managed services partner programme. 


We have a managed SOC (Security Operations Centre), which we use to provide managed cybersecurity services to our customers. We also provide our clients with cybersecurity solutions, which they then manage internally. 


Barrier Networks had offered Cisco Secure Endpoints and other products in Cisco’s security portfolio to our customers for quite a while, but we found that we spent too much time writing scripts to automate and orchestrate our SOC playbooks and processes. This made it hard to keep up with changes to the various product APIs. Whenever Cisco or another vendor updated a product or changed the API, we had to rewrite our scripts. We wasted hours recoding integration points, which defeats the whole point of automation. 


That all changed when Cisco announced Cisco SecureX at the February 2020 RSA Conference, ahead of consolidating its cybersecurity product portfolio under the Cisco Secure banner. Cisco SecureX is a cloud-native platform that simplifies the security experience with built-in integrations across Cisco's entire product suite and third-party applications. It seamlessly combines SOAR (Security Orchestration, Automation, and Response), SIEM (Security Information Event Management), and XDR (Extended Detection and Response) functionalities in a single package. That allows us to centrally leverage the Cisco Secure portfolio of cybersecurity and data intelligence solutions. 


At the time, we didn’t have a lot of details about SecureX, and normally we prefer to use tried and tested solutions. Still, we were pretty excited about the announcement. We knew that the features directly addressed issues around orchestration and automation and that resonated with our clients. In addition, working closely with Talos—one of the largest commercial threat intelligence teams in the world—meant that SecureX would take an intelligence-led approach. And even though the solution was new, it was developed by Cisco, which gave us a high level of comfort and confidence in moving ahead. 


I contacted our Cisco rep and asked to join the beta programme, and my team got to work right away. The documentation was still evolving, but early access to SecureX allowed us to dig deep and get involved at the ground level. We worked alongside Cisco as their knowledge evolved as well. We had some great chats in those early days, brainstorming and sharing ideas about what we can do within the platform and learning from Cisco's expertise. 


We distributed the fundamental components of the Cisco security portfolio—Cisco Secure Firewall, Cisco Secure Email, Cisco Secure Endpoint, Umbrella, and Cisco Secure Web Appliance—to our team members and started an internal development project. We then held meetings over a couple of months to share what we learned about integrating each of these products with Cisco SecureX. 


In a short while, we had a thorough understanding of Cisco's new integration hub and what we could do with it internally. Next, we had to find ways to apply Cisco SecureX to our customers’ issues. 

Eliminating Event Fatigue

As far as our customers are concerned, the biggest problem is that there’s too much noise. There are too many security alerts, or events, which can lead to event fatigue. Often, it takes too long to resolve the events and close the tickets. Our SOC analysts had to follow a series of steps to manually investigate, and then resolve or dismiss the alerts. Not only does that take time and effort, but it also introduces the possibility of mistakes and human errors.

Manually tending to alerts can lead to event fatigue and introduce the possibility of human errors.


Cisco SecureX offers automation tools that relieve IT professionals of the burden of manually responding to each of these incidents. It eliminates the repetitive and boring tasks needed to arrive at an appropriate course of action and only escalates those alerts that require human intervention. These quick wins allowed us to build a library of Cisco SecureX automations that freed our SOC analysts to focus on the bigger picture. Not only is this more efficient, but it keeps them happier as well. 


We’ve noticed a dramatic reduction in our ‘time to resolution’ in scenarios where we've leveraged SecureX automation and orchestration. Our SecureX workflow automatically provides our SOC analysts with the information they need to respond to an incident, without having to spend time manually progressing through tasks such as querying multiple threat intelligence databases to support an investigation. Where possible, we have automated repetitive tasks out of our playbooks altogether so that our analysts' time is focused on responding to the incident. Doing so has reduced our SOC incident closure time by about 40%.


Cisco launched SecureX to the public in July 2020. We have since offered the platform to our customers as part of our SOC managed service offering and as the building block of turnkey solutions that our customers manage independently. When we hand over the solution to a customer, it's much more efficient. The customers’ internal IT department doesn't get bogged down with day-to-day overhead or repetitive tasks that can be automated, which gives them time back to address other concerns. The customer receives a strong, cybersecure solution that is also easier to manage.


SecureX provides our customers with increased visibility into their IT infrastructure and offers a streamlined approach that substantially reduces the strain on their security resources and personnel. Our SecureX adoption has also led to discussions with customers about ways they can enhance their automation through adding more SecureX-capable components. The SecureX architecture has been designed with integration in mind, which means we can quickly and efficiently implement new controls for the customer in a way that adds additional value because they are being integrated directly into our SecureX playbooks. It’s really helped highlight the benefits of the Cisco security portfolio. Our customers have been very impressed with it because they immediately benefit from increased operational efficiency.

A Paradigm Shift in Cybersecurity

SecureX represents a new era of cybersecurity. The platform optimises and increases the efficiency of your existing security, making it much more frictionless. It integrates all of Cisco's network, endpoint, and application security products, along with Talos threat intelligence in a cloud-native platform.

Every step you take to improve security is a step in the right direction.


Part of our process is having the freedom to make mistakes, which then allows us to change direction and set new goals as necessary. We’re making good progress, and every step we take to improve security is a step in the right direction. 


Because it represents a new way of securing IT assets, my team has taken an iterative approach to SecureX. We work in sprints towards specific goals and revise our objectives at the end of every round. In this manner, we continue to build and develop new SecureX functionalities.