A cloud firewall vendor recently argued that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is “sounding the alarm around VPN security.” That scary-sounding statement is incorrect. It may get clicks, but it doesn’t benefit security practitioners protecting data and remote workers.
The U.S. Government is not sounding an alarm about VPNs. Rather, it is acknowledging the importance of security best practices in work-from-home operations. CISA’s recent VPN guidance recommends good security hygiene. Like security patching. And multi-factor authentication, to establish user identity before VPN access is granted. While those recommendations bear repeating, they are not new.
Even prior to the Covid-19 pandemic, global VPN use was rising. Cisco AnyConnect VPN is the world’s most widely used enterprise remote access VPN. AnyConnect supports smartphones, laptops, kiosks, and more. It is proven in both small offices and enterprises with over 100,000 users.
For years, Cisco has provided organizations with innovative solutions for secure connectivity. Only Cisco couples:
Additionally, many Cisco AnyConnect customers use its split-tunneling features. By policy, traffic can be split on-or-off VPN by application, or Cisco’s patented, DNS-based, Dynamic Split Tunneling (DST). DST can exclude low-risk browser traffic (like videoconferencing) from the VPN tunnel, maximizing VPN efficiency and network performance while lowering costs. Another AnyConnect differentiator is that it can natively assess endpoint posture (e.g., validating endpoint security software is up-to-date) before granting VPN access.
Additionally, Cisco has invested heavily in software-defined networking, SD-WAN, and security tools enabling zero-trust frameworks. Cisco is a bridge for organizations evolving their security posture to a zero-trust model. In fact, last year we were named a leader in the Forrester Wave Report for zero-trust.
Seeing a pattern? Cisco security has a depth of capabilities to meet diverse needs. Nowhere is that more evident in Cisco’s security portfolio than firewalling. Years ago, firewall only meant appliance. Today what’s most important is firewalling — intelligent control points everywhere — cloud-delivered Secure Access Service Edge (SASE), physical, virtual, and even workload-centric.
Cisco calls this flexible and comprehensive firewalling vision the future of firewall. Our approach protects multiple environments: traditional, micro-segmented, cloud, and de-perimiterized networks — as well as SaaS-delivered applications and micro services. Firewalling where you need it, unified with consistent policies, visibility, and threat correlation between endpoint and network security tools.
Firewalling is also foundational to Cisco’s recently-announced open platform approach to security. Our platform tools, like Cisco SecureX, integrate with our security products. They are not extra costs. SecureX reduces security complexity and shrinks administration time. For instance, based on load, SecureX can automate virtual firewall provisioning to grow remote access VPN capacity on demand. Additionally, our open platform unifies Cisco security tools and extends integration with third-party capabilities. The result is rapid identification, fencing, and remediation of incidents.
Returning to U.S. Government cyber news, the Trusted Internet Connections (TIC) 3.0 initiative’s Interim Telework Guidance grants government agencies greater flexibility for using SASE, Cloud Access Security Broker (CASB), and SD-WAN technologies. The acceptance of these new capabilities recognizes the rapid growth of roaming users, remote locations, and SaaS applications. It also acknowledges that backhauling all traffic via VPN to a head office is not always relevant, or practical.
It’s fun to read controversial statements about security. But it’s better to thoughtfully manage risk on your terms. For resources regarding security and connectivity using Cisco’s platform approach, please see these references:
Verify and secure your users:
Our firewalling and VPN solutions:
Platform tools included with all our security solutions: