Cisco jumps into SSE arena, boosts application security

Cisco this week took the wraps off a security service edge (SSE) offering that aims to help enterprises securely connect growing edge resources, including cloud, private and SAAS applications.

Along with the SSE package, the vendor made two additional application security-related announcements at its Cisco Live! customer event. It unveiled Cisco Multicloud Defense, which is a new service designed to protect cloud service workloads, and it upgraded Panoptica, its cloud-native security application development software.

The SSE package, called Cisco Secure Access, features zero-trust network access (ZTNA), secure web gateway (SWG), cloud access security broker (CASB), firewall as a service (FWaaS), DNS security, remote browser isolation (RBI) and other security capabilities. It’s designed to secure any application via any port or protocol, with optimized performance and continuous verification and granting of trust—all from a single, cloud-managed dashboard, wrote Jeff Scheaffer, vice president of product management for Cisco’s SSE team, in a blog about the SSE offering. 

Gartner describes SSE services as including access control, threat protection, data security, security monitoring, and acceptable-use control enforced by network-based and API-based integration. SSE is primarily delivered as a cloud-based service, and it may include on-premises or agent-based components, the analyst firm says.

Cisco’s SSE platform includes client-based and clientless browser–based access, granular user, and application-based access policy, SAML authentication, intrusion prevention, built-in identity provider, and contextual access control. It authenticates users through a secure, encrypted tunnel, allowing users to see only applications and services they have permission to access, according to Cisco.

“Cisco Secure Access features a new ZTNA Relay architecture that solves the challenges of last generation ZTNA vendors. Last generation ZTNA vendors do not support all application architectures, like multi-channel applications, peer-to-peer applications, or server-initiated communication,” Scheaffer wrote. “Last generation ZTNA vendors often struggle with the sheer volume of 1000’s of enterprise and long-tail legacy applications.”

The Cisco Secure Access ZTNA Relay architecture is based on MASQUE and QUIC protocols and supports all applications, ports, and protocols. “…by combining ZTNA with a fallback VPN-as-a-Service (VPNaaS) in a single secure client with identity and posture checks, Cisco Secure Access transparently delivers the most secure connection possible for all applications,” Scheaffer stated. 

The service also integrates intelligence from Cisco’s Talos security research group to automatically keep the system up to date on the latest threats. Talos processes 600 billion DNS requests per day, 5 billion reputation requests, and 2 million malware samples per day. SSE continuously runs AI, statistical, and machine-learning models against the massive Talos database to provide insight into cyber threats and improve incident response rates, Scheaffer stated.

SSE will also be integrated with Cisco’s ThousandEyes network intelligence software to help organizations pinpoint and resolve network performance issues quickly.

The SSE package is important particularly as users move applications to the cloud and adopt more edge networking architectures, said Neil Anderson, area vice president of cloud & infrastructure solutions at World Wide Technologies (WWT), a Cisco partner and technology services provider.

“Cisco has been a little bit slow to be competitive in the SSE market, but we’re excited about this new service because it starts with a cloud-first approach and advances API security and workload security in a way customers will find useful,” Anderson said.

The SSE market includes players such as Palo Alto, Zscaler, Netskope and others.

Gartner says by 2025, 70% of organizations that implement agent-based ZTNA will choose either a secure access service edge (SASE) or security service edge (SSE) provider for ZTNA, rather than a stand-alone offering, and by 2026, 45% of organizations will prioritize advanced data security features for inspection of data at rest and in motion as a selection criterion for SSE.

Cisco Secure Access will be in limited availability starting in July and will be generally available in October 2023.

Cisco debuts Multicloud Defense service and upgrades Panoptica software

On the cloud security front, Cisco added a new service called Multicloud Defense that will help customer security operations teams manage workload security across AWS, Google Cloud, Azure, and Oracle Cloud Infrastructure services.

“Cisco Multicloud Defense brings together distributed Layer-7 protection, web application firewall (WAF), and data loss prevention (DLP) capabilities managed through a single, dynamic policy,” wrote Rick Miles, vice president of product management with Cisco’s cloud and network security group, in a blog.

“It acts as the interpreter across clouds and uses gateways, which are distributed across customer VPCs, as enforcement points for security policies. This enables Multicloud Defense to stop threats that target applications, block command & control, prevent data exfiltration, and mitigate lateral movement,” Miles stated. 

The technology in Multicloud Defense comes primarily from Cisco’s recent acquisition of cloud network security vendor Valtix.

Cisco also enhanced its Panoptica cloud-native application security software. Panoptica lets developers and engineers provide cloud-native security from application development to runtime. It offers a single interface for container, serverless, API, service mesh, and Kubernetes security, it scales across multiple clusters with an agentless architecture, and it integrates with CI/CD tools and language frameworks across multiple clouds.

The idea is to allow developers to embed security-centric or security-conscious decisions earlier in the software development lifecycle, Cisco stated.

The importance of application security protection is growing with IDC predicting that the application protection and availability market will grow from $2.5 billion in 2021 to $5.7 billion by 2026.

“Applications provide a unique vantage point in the security architecture. Applications enable functionality, and the manner in which users interact with this functionality is a good indicator of abuse and misuse, and ultimately malicious intent. This insight is unique and difficult to glean from other sources of security telemetry such as network firewalls,” IDC wrote in a recent report entitiled “Worldwide Application Protection and Availability Forecast, 2022–2026: Security Powers the Digital Experience.”

“Threat actors have also recognized the importance of web applications to businesses and have devised numerous methods of attacking the applications or underlying infrastructure as part of extortion, harassment, fraud and abuse, or data theft campaigns,” IDC stated.

To Panoptica, Cisco added Cloud Security Posture Management (CSPM) support, which promises to bring continuous cloud security compliance and monitoring at scale, giving customers visibility into their entire inventory of cloud assets, including Kubernetes clusters. In addition, a new attack path engine that uses graph-based technology to deliver advanced attack path analysis will help security teams quickly identify and remediate potential risks across cloud infrastructures, Cisco stated. 

Panoptica will also be integrated into Cisco’s Full Stack Observability portfolio to provide real-time visibility to prioritize business risks.

Cisco’s Full-Stack Observability initiative features a broad range of Cisco technologies as well as an ecosystem of partners and open-source tools. Cisco’s security portfolio will provide telemetry that can be included in new applications to control security across multiple domains.

The new Panoptica features will be available in the fall of this year.

New 4200 Series firewall doubles speed

Cisco also rolled out a new high-end firewall, the Secure Firewall 4200 Series, that it says is twice as fast as previous high-end Cisco firewalls. The 4200 Series firewall runs a new operating system, release 7.4, that uses AI and ML to identify threats in encrypted traffic without decryption.

“This resolves the complexities of decryption for inspection, as well as performance and privacy concerns,” wrote Rick Miles, Cisco vice president of product management for cloud and network security, in a blog about the new firewall. “Further, 7.4 leverages the foundation of the security stack to add secure access capabilities with zero trust application access. This evolution of the ZTNA model goes beyond the ‘authorize then ignore’ mentality by adding inspection of user traffic and application behavior for more secure access.  Additional access from branch offices to applications without expensive leased lines comes with simplified branch routing, allowing the firewall to centrally recognize, monitor, and route application traffic for improved performance and secure access.”

Cisco Secure Firewall 4200 Series appliance will be generally available in September supporting the 7.4 version of operating system. The 7.4 OS will be generally available for the rest of the Secure Firewall appliance family in December 2023.

READ MORE HERE