A New Way of Firewalling with Cisco Secure Firewall Cloud Native
May 17, 2021
Cisco empowers the endpoint and unleashes XDR capabilities from the SecureX Platform
May 17, 2021

Rapidly executing on SASE vision with new cloud security enhancements

It’s an exciting time in the world of networking and security. An unprecedented disruption is emerging in the way that we securely connect to resources and applications as well as the way that we consume these services. With users connecting from everywhere and applications and services rendered from various locations (well beyond the datacenter) it has become increasingly complex to assure proper connectivity for all people wherever they are, to any application, at any time. For the same reasons, it has also become significantly more complicated for companies to protect their users, applications, and other assets.

This disruption was accelerated over the past year, and there are some positive business outcomes that will likely persist. There are many examples – here’s one: Sally works for a tech company in a support function (call center). In the past she would need to report to the office every day because of the company policy for her group. Now, she can work from home. Moreover, now Sally is not limited to working in the area where she lives!  This is great for her, and it’s great for her employer. We’ve been able to change the world for the better by providing equal access to opportunity. Think about all that it takes to allow Sally to securely connect from home to all the tools she had at the office. She needs high quality voice and video calls over IP seamlessly provided to wherever she’s working from today and high performance access to apps within and beyond the organization. How do you even design for this? Which architecture should you choose for worldwide delivery of performant connectivity and top-notch security?

This is what SASE (Secure Access Service Edge) is all about, and here at Cisco, we’ve spent the last few years perfecting the architecture and approach to help our customers address their new and evolving needs. I’m very excited today to share two examples of Cisco leveraging industry leading technolgies and making them accessible through the Cisco cloud edge – Cisco Umbrella, as part of our SASE offering.

Extending the Meraki SD-WAN fabric into the Cisco cloud edge (Umbrella)

Networking, and specifically SD-WAN, is an inseparable part of SASE. Cisco (and some other vendors) have made it easier for customers to connect their SD-WAN appliances to the cloud by simply redirecting traffic. Ultimately organizations want the full value of the SD-WAN fabric (software defined routing, multiple tunnels, performance-based traffic direction and more) and the scalable protection of a multi-function cloud security service. That is exactly what we are announcing with the automated integration between Meraki MX and Umbrella that is going into early availability to select customers. It extends the SD-WAN fabric into the Umbrella cloud, allowing for seamless connectivity, higher reliability, better security, and better performance!

SASE

This integration is big news for Meraki MX and Umbrella customers (that’s hundreds of thousands of organizations) plus anyone else that wants the benefits of networking and security delivered in an SASE format from one vendor. I won’t go into all the details here (see this Umbrella blog for more) but we have radically simplified the deployment and management process. One customer that saw the new Meraki integration said, “I’m going to have a lot more time on my hands this summer if I make the three click MX SD-WAN connection to Umbrella and then auto-scale to 375 locations in one afternoon.” He said, “Looks like I’ll be playing a lot more soccer in the back yard with my son.”

New cloud security

It’s up to you what you do with the extra time but getting better performance and security with less effort across your distributed environment could be a big win for both your organization and for you individually.  Getting optimized routing while reducing risk and response time provides real value for any diverse organization that is trying to enable cloud transition with a good user experience and tight security.

Rapid delivery of additional cloud-delivered, security services

One of the key objectives with any SASE strategy is to get a broad scope of security functions delivered seamlessly from the cloud, with one dashboard to simplify management.  In the last few months, we announced a steady flow of security features including data loss protection (DLP), remote browser isolation (RBI), cloud malware detection, simplified rules-based policy creation, and more.

Today, we’re proud to announce early availability for select customers to a state-of-the-art, Snort 3 Intrusion Protection System (IPS). This functionality is powered by the massive, real-time Talos threat intelligence feed (>40,000 active threat detection elements) to extend the depth of the Umbrella cloud-delivered firewall. IPS helps organizations of any size meet compliance requirements and avoid a broad range of attacks found in encrypted and unencrypted internet traffic. Having the world’s largest private threat research organization (with visibility into over 600 billion internet activities per day) identify thousands of new threats in real-time and automatically protect your distributed users is yet another example of radically simplified security. The fact that Umbrella combines these firewall capabilities with a secure web gateway, CASB functionality, DNS security, remote browser isolation, and the Cisco SecureX XDR platform (all delivered in a scalable cloud format) is what makes the Cisco approach so powerful and efficient. Additionally, new Snort 3 IPS with Threat Defense 7.0 is now available with Cisco Secure Firewall Management Center.

The bigger picture

The pandemic forced major changes for organizations, employees, and IT. Last year when it first hit there were immediate adjustments required and then a steady dose of gap filling and course corrections. Now both business leaders and IT groups are trying to map out a thoughtful and sustainable “new normal.” The SASE concept is more appropriate than ever in a cloud-first, work from anywhere environment.

There is a need to re-define what makes up secure high-performance connectivity from anywhere to anywhere in the new work environment.  This means incorporating trends that were already in-flight (adoption of cloud-based services, zero trust access, intelligent SD-WAN traffic management) with the realities of the post-pandemic world. Knowing where someone will be connecting from and what device they will be using is no longer a given. Flexibility across connection methods, internet controls and security policies is critical in this new scenario.

We are committed to the cloud and convergence journey that is fueling the SASE concept and we are dedicated to the goal of radically simplifying the way you connect, control, and secure your environment. If that sounds good to you, come on the journey with us and see how the leader in networking and security is delivering a whole new level of value.