Most network companies will have a CTO, but a CTO specifically for security? Bob Gleichauf, Cisco's Security CTO, acknowledges that his title may be unusual, but says it reflects what he calls the tribal nature of the networking giant.

It also reflects the immense pressures that IT managers face today from problems such as well-meaning but poorly thought-out regulation, and defensive techniques that worked when networks were smaller and slower, but have now been outflanked by new threats and technologies.

"Regulation has distorted how companies work," Gleichauf says. "Companies are moving forward to be compliant with the regulations as interpreted, but that could take them away from the route of making the company secure.

"For example, the company might decide to encrypt everything, but several banks have had worms spread faster as a result because they lost visibility."

Then there is the fact that data moves around now, both on networks and devices, he adds: "Encrypting data at rest is an attempt to deal with regulation that an auditor comes in to assess, but that data could still end up on a device unencrypted."

Cisco's response to this was to define security as its first 'advanced technology' - these are new areas for the company, which it plans to focus on and grow to $1 billion businesses within three years. Then, as it became apparent that security was not going to be a stand-alone market, it appointed a CTO to spread the word.

"My position is unique, because security is pervasive," says Gleichauf. "I have the pleasure of being able to stick my nose in anything at Cisco, both on the production side and working with the CSO and CIO. The primary focus is setting policy.

"Cisco has very much found its way in security. It was the first advanced technology to reach $1bn and is on its way to $2bn - it takes advantage of different applications that were scattered across [the company].

Others might question Cisco's ability to integrate its many security technologies, but Gleichauf argues that the company's size and scope gives it opportunities as well as challenges, in particular the opportunity to make the network more pro-active with its self-defending network (SDN) strategy..

Anomaly dampers
That means adding dampers such as NAC, the Cisco Security Agent (CSA) and the Security-MARS (monitoring, analysis and response system) tool that it acquired with Protego, he says - for example, MARS can rate-limit, deny or quarantine if an anomaly is detected.

"There's a growing investment in anomaly techniques at Cisco - we didn't release our IPS work because we couldn't get the false positive rates down, but a client PC has a simpler set of variables, so it can be a more reliable IPS," Gleichauf adds.

"Many vendors are crowing about packet inspection and application-level firewalls, but as more traffic is encrypted the value of that is debatable. You can proxy, but that breaks some rules. But you can also have an IPS at the edge and CSA on the PC and have them share information - CSA is like a client IPS. The other thing is to look at Netflow stats, such as burstiness."

This brings up the issues of openness and interoperability. Gleichauf says MARS is an example of this - as a security event management tool, it can take events from other products too.

"It gets into areas of identity and trust," he adds. "We are looking at models for reputation, for example MARS can take data from a variety of sources and combine it.

"Identity is not a technical issue, it's a policy problem. Progress is slow because we don't have a body of rules to go by. Companies have only just got their arms around how to manage firewalls and now we're coming to them with NAC! They need to know the right policy."

He acknowledges that Cisco has not been good at working with others in the past, though he justifies it by saying that people were investing in point security products and not seeing return on investment, "so vendors such as Cisco had to adopt the solutions approach.

"An open and heterogeneous approach is one of the SDN hallmarks," he claims. "That's part of the maturing process, and it was a cultural shift for the people in Cisco."