Erosion of the traditional network perimeter and the transition to work-from-anywhere have conspired to bring an unprecedented threat level to endpoint devices, users, and applications, Cisco CEO Chuck Robbins told the online audience at the virtual RSA Conference 2021.
Such threats are exacerbated by the fact that over 3,500 vendors offer security products and services that many customers patchwork together, creating complexity that makes it hard for many to build an effective security position, Robbins said.
Against that backdrop, Cisco announced a number of security moves to further integrate and upgrade its own overarching offerings with new features and services.
For example, the company added new device-inventory and endpoint-security features to its SecureX service that integrates myriad Cisco security components. Cisco describes it as an open, cloud-native system to detect and remediate threats across Cisco and third-party products from a single interface. The dashboard shows operational metrics, triggers alerts to emerging threats, and accelerates threat investigations and incident management by aggregating and correlating global intelligence and local context in one view.
The new features include SecureX Device Insights that discovers and consolidates device inventory across the enterprise. The idea is that customers can get a clearer idea of what’s on the network, how its configured, identify holes in coverage, and help remediate problems.
In addition, SecureX now offers more than 30 pre-built security workflows, 40 turnkey integrations, and new orchestration capabilities that can automate and orchestrate security management across enterprise cloud, network, applications, and endpoints, according to Cisco.
Separately, Cisco Secure Endpoint has new search features that double the number of built-in queries that can run from within the product to speed up and simplify threat hunting. It includes over 200 advanced threat-hunting queries that expand detection coverage at the endpoint, Cisco stated.
These new features can help enterprises moved toward new security architectures incuding extended detection and response (XDR), secure access service edge (SASE), and zero trust, according to Al Huger vice president and general manager of Cisco’s Security Platform & Response organization. “The new endpoint technologies that Cisco brings to market solidify endpoint security. While also ensuring a faster, easier shift for customers to XDR, SASE, and Zero Trust,” Huger wrote in a blog.
“We have made it possible for customers to streamline security in the cloud. Also to dynamically sync firewall policies based on workload environment, and boost endpoint protection to strengthen detection and response,” Huger stated.
Other Cisco RSA news included:
- Integration between Cisco Meraki MX security and SD-WAN appliances and the company’s Umbrella cloud-based security gateway. Meraki Wi-Fi gear can now inspect SD-WAN traffic using cloud-based SSL decryption at scale to protect sensitive data. In addition, intelligent path selection together with Umbrella’s global cloud architecture chooses the fastest, most reliable, and secure path for applications regardless of where they are hosted, Cisco wrote in a blog about the enhancement. Cisco already integrates Umbrella in its Viptela SD-WAN offering.
- Umbrella’s cloud-based firewall now includes an intrusion prevention system (IPS) based on Snort 3 technology that uses signature-based detection to examine network traffic flows and prevent exploits of vulnerabilities. Customers can create firewall policies that analyze outbound traffic flows and automatically catch and drop dangerous packets before they reach their target, Cisco stated. This is powered by the real-time Cisco Talos threat-intelligence feed to enhance Umbrella’s protection. IPS helps organizations meet compliance requirements and avoid a broad range of attacks found in encrypted and unencrypted internet traffic.
- Cisco added cloud malware detection to the Umbrella service. Umbrella detects and removes malware from applications to prevent the spread of infections laterally across customers’ networks. It can scan cloud file-storage repositories for malware can quarantine or delete malicious files that it finds. It can generate reports on usage, potentially compromised accounts, and potential threats within the network, Cisco stated.
- Cisco added a Kubernetes-targeted firewall to its Secure Firewall family. Available first to AWS customers, Secure Firewall Cloud Native uses Kubernetes for orchestration and load balancing. It can also scale up security features during times of fluctuating demand, Cisco stated. The support also includes automated container health checks based on policies and can quickly replacing unhealthy or crashed containers with new ones.
- Cisco rolled out Secure Firewall Threat Defense 7.0 that features 30% faster throughput over the majority of Cisco Secure Firewalls and includes support for Snort 3 IPS.
A few days prior to RSA, Cisco made another key move to bolster its enterprise-security plans by announcing its intent to buy threat-assessment company Kenna Security. Kenna’s technology, which will become part of the SecureX service, will blend Cisco’s threat-management capabilities with Kenna’s risk-based vulnerability-management services.
That combination will generate prioritized lists of vulnerabilities; streamline collaboration between security and IT teams; and automate remediation to improve overall security posture, Gee Rittenhouse, senior vice president and general manager of Cisco’s Security Business Group, wrote in a blog.