Erosion of the traditional network perimeter and the transition to work-from-anywhere have conspired to bring an unprecedented threat level to endpoint devices, users, and applications, Cisco CEO Chuck Robbins told the online audience at the virtual RSA Conference 2021.
Such threats are exacerbated by the fact that over 3,500 vendors offer security products and services that many customers patchwork together, creating complexity that makes it hard for many to build an effective security position, Robbins said.
Against that back-drop, the technology giant announced a number of security moves to further integrate and upgrade its own overarching offerings with new features and services.
For example, the company added new device-inventory and endpoint-security features to its SecureX service that integrates myriad Cisco security components. The vendor describes it as an open, cloud-native system to detect and remediate threats across Cisco and third-party products from a single interface.
The dashboard shows operational metrics, triggers alerts to emerging threats, and accelerates threat investigations and incident management by aggregating and correlating global intelligence and local context in one view.
The new features include SecureX Device Insights that discovers and consolidates device inventory across the enterprise. The idea is that customers can get a clearer idea of what’s on the network, how its configured, identify holes in coverage, and help remediate problems.
In addition, SecureX now offers more than 30 pre-built security workflows, 40 turnkey integrations, and new orchestration capabilities that can automate and orchestrate security management across enterprise cloud, network, applications, and endpoints, according to Cisco.
Separately, Cisco Secure Endpoint has new search features that double the number of built-in queries that can run from within the product to speed up and simplify threat hunting. It includes over 200 advanced threat-hunting queries that expand detection coverage at the endpoint, Cisco stated.
These new features can help enterprises moved toward new security architectures including extended detection and response (XDR), secure access service edge (SASE), and zero trust, according to Al Huger vice president and general manager of Cisco’s Security Platform & Response organisation.
“The new endpoint technologies that Cisco brings to market solidify endpoint security. While also ensuring a faster, easier shift for customers to XDR, SASE, and zero trust,” Huger wrote in a blog. “We have made it possible for customers to streamline security in the cloud. Also to dynamically sync firewall policies based on workload environment, and boost endpoint protection to strengthen detection and response."
Other news unveiled at RSA Conference 2021 included integration between Meraki MX security and SD-WAN appliances and the vendor's Umbrella cloud-based security gateway. Meraki Wi-Fi gear can now inspect SD-WAN traffic using cloud-based SSL decryption at scale to protect sensitive data.
In addition, intelligent path selection together with Umbrella’s global cloud architecture chooses the fastest, most reliable, and secure path for applications regardless of where they are hosted, Cisco wrote in a blog about the enhancement. Cisco already integrates Umbrella in its Viptela SD-WAN offering.
Meanwhile, Umbrella’s cloud-based firewall now includes an intrusion prevention system (IPS) based on Snort 3 technology that uses signature-based detection to examine network traffic flows and prevent exploits of vulnerabilities.
Customers can create firewall policies that analyse outbound traffic flows and automatically catch and drop dangerous packets before they reach their target, Cisco stated. This is powered by the real-time Cisco Talos threat-intelligence feed to enhance Umbrella’s protection. IPS helps organisations meet compliance requirements and avoid a broad range of attacks found in encrypted and unencrypted internet traffic.
In addition, Cisco added cloud malware detection to the Umbrella service. Umbrella detects and removes malware from applications to prevent the spread of infections laterally across customers’ networks.
Specifically, it can scan cloud file-storage repositories for malware can quarantine or delete malicious files that it finds. This is alongside generating reports on usage, potentially compromised accounts, and potential threats within the network, Cisco stated.
Delving deeper, Cisco added a Kubernetes-targeted firewall to its Secure Firewall family. Available first to Amazon Web Services (AWS) customers, Secure Firewall Cloud Native uses Kubernetes for orchestration and load balancing. It can also scale up security features during times of fluctuating demand, Cisco outlined. The support also includes automated container health checks based on policies and can quickly replacing unhealthy or crashed containers with new ones.
Cisco also rolled out Secure Firewall Threat Defense 7.0 that features 30 per cent faster throughput over the majority of Cisco Secure Firewalls and includes support for Snort 3 IPS.
A few days prior to the conference, Cisco made another key move to bolster its enterprise-security plans by announcing its intent to buy threat-assessment company Kenna Security. Kenna’s technology, which will become part of the SecureX service, will blend the vendor's threat-management capabilities with Kenna’s risk-based vulnerability-management services.
That combination will generate prioritised lists of vulnerabilities; streamline collaboration between security and IT teams; and automate remediation to improve overall security posture, Gee Rittenhouse, senior vice president and general manager of Cisco’s Security Business Group, wrote in a blog.