Modern organizations’ security posture is anything but straightforward. Organizations have a full plate when it comes to monitoring the “permitless” attack surface that weaves through APIs and open source, workload after workload, plus multi-cloud and software-as-a-service (SaaS) environments, according to Cisco’s Senior Vice President of Emerging Technologies and Incubation Vijoy Pandey.
So, how does a business keep everything in view while keeping security in mind? Pandey’s team put their heads together to try to solve the complexities of application development and the challenges that organizations face when protecting its cloud. What did they come up with? A new solution to bridge modern application security demands: Panoptica.
Panoptica, announced at last week’s Cisco Live, allegedly has “code to cloud security coverage” which protects critical applications, data and workloads, said Pandey. It's currently being developed by engineering teams at Outshift by Cisco, the incubation engine for emerging technologies.
Which way is forward?
“First and foremost we want to look at this holistically. Nobody does the ‘how’, ‘what’, ‘where’ and ties it up across all three buckets,” said Pandey in an interview with Silverlinings, when asked how this compares with other solutions on the market. “There are a lot of point solutions out there… they’re more on the application security side of ‘how’ you build your app. There are solutions coming from ‘what’ you build, but they’re also trying to get to the ‘where’ and ‘how’.”
Named after panopitcon, which refers to a method of surveillance, Cisco's Panoptica will allegedly take some of the weight off teams adopting DevSecOps.
The announcement was coupled with four capabilities that the Panoptica team developed so far: code and build security, cloud security posture management (CSPM), cloud workload protection (CWPP) and application and API security.
These Panoptica tools go hand in hand with the solution’s new Attack Path Analysis engine, which Pandey hopes will help “developer and security teams to prioritize and remediate application risks with precision across these four pillars of security."
The Outshift team also hopes to marry Cisco’s go-to-market strategy with its current “top-down” strategy geared toward SecOps. Pandey says combining these will align more so with developers, and “that is not something that is holistically available from any large player.”
Pandey noted cloud code solutions exist in the market from companies including Palo Alto. “There’s going to be some [competition], happening over time, but right now, nobody has all these things covered and integrated into an attack platform.”