Cisco Security Cloud Platform Now Includes SSE, Multi-Cloud Feature, Firewall Updates

‘When you have 70 players on average that are part of the security stack, that’s 70 different policy engines and 70 different cracks in the system. The efficacy of companies is going down when they buy point solutions and so what our customers are telling us is [they] need an integrated platform,’ Cisco’s Jeetu Patel tells CRN.

Cisco Systems is making good on its promise to unite its security portfolio into a single platform by unveiling a new security service edge offering, multi-cloud security feature and a firewall series aimed at applications and multi-cloud environments at Cisco Live 2023.

The latest offerings are proving that Cisco is making meaningful progress toward its single Security Cloud platform strategy, first introduced last June, Jeetu Patel (pictured), Cisco’s executive vice president and general manager of security and collaboration, told CRN.

“When you have 70 players on average that are part of the security stack, that’s 70 different policy engines and 70 different cracks in the system. The efficacy of companies is going down when they buy point solutions and so what our customers are telling us is [they] need an integrated platform. That platform should have a unified policy engine, be able to have an open set of APIs [and] be able to integrate telemetry from third-party sources. All of those things we had laid out last year as a vision we’re now delivering,” he said.

[Related: Cisco Security Leader Tom Gillis: Point Products Aren’t ‘Getting The Job Done’ ]

Cisco Secure Access, the SSE offering joining the Security Cloud platform that’s also integrated with ThousandEyes, provides zero trust and zero friction by securing access across any location, device or application. The offering is about frustrating the hacker, not burdening the user with different ways to connect, such as via VPN or Zero Trust Network Access, Patel said.

“It’s the most boring demo you’ve ever seen because all you do is connect and get to work. There’s nothing to show because it gets it all done seamlessly behind the scenes,” Patel said. “All the plumbing—the way you’re actually going to connect—is done behind the scenes.”

Cisco Secure Access will be limitedly available starting in July with general availability in October.

Cisco owns the network and that’s a powerful position in security, said Chris Konrad, area vice president of global cyber for St. Louis-based Cisco Gold partner World Wide Technology.

“If you think about the power of that and all the various telemetry sources that Cisco can bring—with 200 million AnyConnect installations—you’re talking telemetry from there and from ThousandEyes and AppDynamics. That’s a really powerful story that nobody in the industry is going to be able to touch,” Konrad said.

WWT can leverage Cisco’s platform approach to security to start having conversations with its largest customers about Cisco security. “And then with the new firewall announcements that have come out, I think they’ll be super competitive in that space moving forward and then we can have those conversations with those customers at renewal time about swapping over to Cisco.”

Cisco Multicloud Defense is a new feature that comes on the heels of the company’s acquisition of cloud network security startup Valtix. Multicloud Defense extends the concept of a traditional firewall out to an application-centric, multi-cloud world, Patel said.

“We wanted to take this whole notion of zero trust but moved to applications in the cloud,” he said. “It allows you to have a set of defenses for any cloud environment [and] granularity of access.”

Cisco Multicloud Defense can consolidate cloud networking and security functions in one place and allow businesses to be cloud-agnostic, meaning that IT teams can now manage their security policies across the largest cloud players, including Amazon Web Services, Google Cloud, Microsoft Azure, Oracle Cloud as well as private data centers, from a single SaaS platform.

Cisco Gold partner Long View Systems appreciates the shift that Cisco is making in favor of interoperability, especially for customers that may have requirements for specific technologies in their environments.

“They’re now recognizing the importance of third-party integration,” said Lane Irvine, network business solutions director for Vancouver, British Columbia-based Long View.

In addition to the major cloud players, Cisco Security now offers integration with CrowdStrike and Microsoft Sentinel.

“Now [Cisco] is saying, ‘Hey, let’s put the best Cisco technology possible in your environment for what you need, but we’re also going to tie into the third-party products.’ Those third-party products allow customers to continue to use what they’ve got where it makes sense for that,” Irvine said. “I think that’s a huge step in the right direction.”

Cisco Multicloud Defense is now available.

Cisco at the event also unveiled the Secure Firewall 4200 Series, its new high-performance series with hybrid workers in mind. The new line offers cryptographic acceleration, clustering and modularity. It runs on the new 7.4 operating system and uses artificial intelligence and machine learning for encrypted threat blocking without decryption, which the company is calling an evolution of Zero Trust Network Access.

The Cisco Secure Firewall 4200 Series appliance will be generally available in September supporting 7.4 software. The software will be generally available for the rest of the Secure Firewall appliance product line in December, according to Cisco.

Further supporting the Cisco Security Cloud push, the company at RSA 2023 in April revealed its Extended Detection and Response (XDR) strategy that converges Cisco’s expertise and visibility across the network and endpoints into one risk-based offering. It uses Cisco’s own telemetry and integrates with leading third-party vendors to share telemetry and increase interoperability. Cisco XDR is now in beta with general availability coming in July 2023.

Gina Narcisi is a senior editor covering the networking and telecom markets for CRN.com. Prior to joining CRN, she covered the networking, unified communications and cloud space for TechTarget. She can be reached at gnarcisi@thechannelcompany.com.

22Miles Integrates with Webex by Cisco

Cisco jumps into SSE arena, boosts application security

Cisco this week took the wraps off a security service edge (SSE) offering that aims to help enterprises securely connect growing edge resources, including cloud, private and SAAS applications.

Along with the SSE package, the vendor made two additional application security-related announcements at its Cisco Live! customer event. It unveiled Cisco Multicloud Defense, which is a new service designed to protect cloud service workloads, and it upgraded Panoptica, its cloud-native security application development software.

The SSE package, called Cisco Secure Access, features zero-trust network access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), firewall as a service (FWaaS), DNS security, remote browser isolation (RBI) and other security capabilities. It’s designed to secure any application via any port or protocol, with optimized performance and continuous verification and granting of trust—all from a single, cloud-managed dashboard, wrote Jeff Scheaffer, vice president of product management for Cisco’s SSE team, in a blog about the SSE offering. 

Gartner describes SSE services as including access control, threat protection, data security, security monitoring, and acceptable-use control enforced by network-based and API-based integration. SSE is primarily delivered as a cloud-based service, and it may include on-premises or agent-based components, the analyst firm says.

Cisco’s SSE platform includes client-based and clientless browser–based access, granular user, and application-based access policy, SAML authentication, intrusion prevention, built-in identity provider, and contextual access control. It authenticates users through a secure, encrypted tunnel, allowing users to see only applications and services they have permission to access, according to Cisco.

“Cisco Secure Access features a new ZTNA Relay architecture that solves the challenges of last generation ZTNA vendors. Last generation ZTNA vendors do not support all application architectures, like multi-channel applications, peer-to-peer applications, or server-initiated communication,” Scheaffer wrote. “Last generation ZTNA vendors often struggle with the sheer volume of 1000’s of enterprise and long-tail legacy applications.”

The Cisco Secure Access ZTNA Relay architecture is based on MASQUE and QUIC protocols and supports all applications, ports, and protocols. “…by combining ZTNA with a fallback VPN-as-a-Service (VPNaaS) in a single secure client with identity and posture checks, Cisco Secure Access transparently delivers the most secure connection possible for all applications,” Scheaffer stated. 

The service also integrates intelligence from Cisco’s Talos security research group to automatically keep the system up to date on the latest threats. Talos processes 600 billion DNS requests per day, 5 billion reputation requests, and 2 million malware samples per day. SSE continuously runs AI, statistical, and machine-learning models against the massive Talos database to provide insight into cyber threats and improve incident response rates, Scheaffer stated.

SSE will also be integrated with Cisco’s ThousandEyes network intelligence software to help organizations pinpoint and resolve network performance issues quickly.

The SSE package is important particularly as users move applications to the cloud and adopt more edge networking architectures, said Neil Anderson, area vice president of cloud & infrastructure solutions at World Wide Technology (WWT), a Cisco partner and technology services provider.

“Cisco has been a little bit slow to be competitive in the SSE market, but we're excited about this new service because it starts with a cloud-first approach and advances API security and workload security in a way customers will find useful,” Anderson said.

The SSE market includes players such as Palo Alto, Zscaler, Netskope and others.

Gartner says by 2025, 70% of organizations that implement agent-based ZTNA will choose either a secure access service edge (SASE) or security service edge (SSE) provider for ZTNA, rather than a stand-alone offering, and by 2026, 45% of organizations will prioritize advanced data security features for inspection of data at rest and in motion as a selection criterion for SSE.

Cisco Secure Access will be in limited availability starting in July and will be generally available in October 2023.

On the cloud security front, Cisco added a new service called Multicloud Defense that will help customer security operations teams manage workload security across AWS, Google Cloud, Azure, and Oracle Cloud Infrastructure services.

“Cisco Multicloud Defense brings together distributed Layer-7 protection, web application firewall (WAF), and data loss prevention (DLP) capabilities managed through a single, dynamic policy,” wrote Rick Miles, vice president of product management with Cisco’s cloud and network security group, in a blog.

“It acts as the interpreter across clouds and uses gateways, which are distributed across customer VPCs, as enforcement points for security policies. This enables Multicloud Defense to stop threats that target applications, block command & control, prevent data exfiltration, and mitigate lateral movement,” Miles stated. 

The technology in Multicloud Defense comes primarily from Cisco’s recent acquisition of cloud network security vendor Valtix.

Cisco also enhanced its Panoptica cloud-native application security software. Panoptica lets developers and engineers provide cloud-native security from application development to runtime. It offers a single interface for container, serverless, API, service mesh, and Kubernetes security, it scales across multiple clusters with an agentless architecture, and it integrates with CI/CD tools and language frameworks across multiple clouds.

The idea is to allow developers to embed security-centric or security-conscious decisions earlier in the software development lifecycle, Cisco stated.

The importance of application security protection is growing with IDC predicting that the application protection and availability market will grow from $2.5 billion in 2021 to $5.7 billion by 2026.

“Applications provide a unique vantage point in the security architecture. Applications enable functionality, and the manner in which users interact with this functionality is a good indicator of abuse and misuse, and ultimately malicious intent. This insight is unique and difficult to glean from other sources of security telemetry such as network firewalls,” IDC wrote in a recent report entitiled “Worldwide Application Protection and Availability Forecast, 2022–2026: Security Powers the Digital Experience.”

“Threat actors have also recognized the importance of web applications to businesses and have devised numerous methods of attacking the applications or underlying infrastructure as part of extortion, harassment, fraud and abuse, or data theft campaigns,” IDC stated.

To Panoptica, Cisco added Cloud Security Posture Management (CSPM) support, which promises to bring continuous cloud security compliance and monitoring at scale, giving customers visibility into their entire inventory of cloud assets, including Kubernetes clusters. In addition, a new attack path engine that uses graph-based technology to deliver advanced attack path analysis will help security teams quickly identify and remediate potential risks across cloud infrastructures, Cisco stated. 

Panoptica will also be integrated into Cisco’s Full Stack Observability portfolio to provide real-time visibility to prioritize business risks.

Cisco’s Full-Stack Observability initiative features a broad range of Cisco technologies as well as an ecosystem of partners and open-source tools. Cisco’s security portfolio will provide telemetry that can be included in new applications to control security across multiple domains.

The new Panoptica features will be available in the fall of this year.

Cisco also rolled out a new high-end firewall, the Secure Firewall 4200 Series, that it says is twice as fast as previous high-end Cisco firewalls. The 4200 Series firewall runs a new operating system, release 7.4, that uses AI and ML to identify threats in encrypted traffic without decryption.

“This resolves the complexities of decryption for inspection, as well as performance and privacy concerns,” wrote Rick Miles, Cisco vice president of product management for cloud and network security, in a blog about the new firewall. “Further, 7.4 leverages the foundation of the security stack to add secure access capabilities with zero trust application access. This evolution of the ZTNA model goes beyond the ‘authorize then ignore’ mentality by adding inspection of user traffic and application behavior for more secure access.  Additional access from branch offices to applications without expensive leased lines comes with simplified branch routing, allowing the firewall to centrally recognize, monitor, and route application traffic for improved performance and secure access.”

Cisco Secure Firewall 4200 Series appliance will be generally available in September supporting the 7.4 version of operating system. The 7.4 OS will be generally available for the rest of the Secure Firewall appliance family in December 2023.

Copyright © 2023 IDG Communications, Inc.