Cisco adds a firewall, upgrades security

Security is the name of the game at Cisco’s Partner Summit gathering this week with the rollout of a new firewall and added data-loss prevention (DLP) and passwordless authentication features to its security wares. 

On the firewall front, Cisco announced the Secure Firewall 3105 it says is built specifically for hybrid workers and small branch offices. 

Available early next year, the 1U 3105 supports 10Gbps throughput, 7Gbps IPSec throughput and 3,000 VPN peers. The box is the new low-end for the Secure Firewall 3100 family, including the 3110, 3120, 3130 and the high-end 3140, which supports 45Gbps throughput.

The family supports either Cisco Adaptive Security Appliance (ASA) or Firewall Threat Defense (FTD) software and can be deployed in firewall and dedicated intrusion-prevention system (IPS) modes. 

The firewalls integrate with Cisco IPS, Cisco Cloud Web Security, Cisco Identity Services Engine (ISE), and Cisco TrustSec, Cisco stated.

Cisco is now offering Cisco Lifecycle Pay for Secure Firewall, a Cisco Capital fixed-term subscription plan to provide a financial incentive to upgrade firewalls. Customers can receive a 10% replacement incentive when returning firewall hardware and upgrading to Cisco’s latest qualifying firewall, the company said.

To help with DLP, Cisco has upgraded its Umbrella cloud-based security that stops current and emerging threats over all ports and protocols. It blocks access to malicious domains, URLs, IPs, and files before a connection is established or a file downloaded.

Cisco said it has added policies and reporting features to Umbrella across out-of-band DLP and real-time inline DLP to make it easier for security teams to track and manage DLP.

“This out-of-band DLP functionality will initially support Cisco WebEx, Google Drive, and Microsoft 365,” said Jason Gallo, vice president of Cisco’s Global Partner Organization. “And we have plans to add additional support for other applications soon thereafter.”

The policy and reporting capabilities are consistent across out-of-band and real-time inline DLP, which he said is unique to Cisco’s prodcuts.

Cisco has rolled out Duo Passwordless Authentication, with support for biometric authentication including Windows Hello, Mac touch I, and others.

“Passwordless authentication reduces the risk of phishing attacks and their ability to utilize stolen passwords or as we’ve seen more recently, MFA [multifactor authentication] fatigue,” said Dave Lewis, Global Advisory CISO at Cisco. “As cyberattacks continue to move closer to end-users, there is a huge opportunity to embrace low-friction authentication methods that ensure only trusted users and devices gain access to applications and corporate resources.”

Duo customers enabled biometrics on 81% percent of mobile devices, according Cisco’s 2022 Duo Trusted Access Report, which was also released at the conference.

Some other findings gleaned from 49 million devices, over 490,000 unique applications and roughly 1.1 billion monthly authentications across Duo’s customer base include:

  • The percentage of accounts allowing browser-based WebAuthn authentication increased 50%, and WebAuthn usage increased five-fold since April 2019.
  • An increasing number of authentications are attributed to cloud applications, with a 24% rise in the percentage of cloud applications in 2022.
  • Remote-access authentications peaked in 2020 but have declined since then to below pre-pandemic levels.
  • Fewer than 1% of organizations implement explicit deny or allow policies based on geographic location, but 91% of those that do block either Russia or China, and 63% block both.
  • There is a move toward requiring multi-factor authenticatoin for all access, not just access to resources with a material impact on the business as was the case a few years ago. MFA can both reduce risk to all resources and streamline security operations.

Next read this: