Cisco Debuts New Integrated Security For Branches, Mobile Users

CISCO LIVE — Cisco on Monday announced new additions to its threat-centric security architecture aimed at protecting mobile users and remote sites.

The products build on the open APIs and Security Everywhere initiative launched at last year’s Live, during which CEO Chuck Robbins called security Cisco’s “critical differentiator.” The company has since kept up a steady stream of new security announcements and acquisitions. While OpenDNS is perhaps best known, Lancope added network behavior analytics, threat visibility and security intelligence, and the CloudLock deal, just announced, will bring Cisco partners a cloud-access security broker that will help analyze end user behavior and spot sensitive data residing in cloud services.

Today’s batch of new offerings are aimed at moving protection closer to branch offices and mobile users.

Umbrella Branch, available only in 4000-series ISR devices, gives businesses more control over traffic going into and out of remote sites. It uses the OpenDNS technology, now called “Umbrella,” to check a constantly updated engine, recognize that an address is suspicious and block transmission at the DNS level. That can, for example, stop call-backs to command-and-control servers to disrupt ransomware and help with content filtering by blocking DNS queries to objectionable sites. And, Ron Temske, VP of security solutions at Cisco partner Logicalis, says OpenDNS can be up and running in a matter of hours.

“There is no silver bullet, but it’s a heck of a toolset to have, particularly given the ease with which it’s deployed,” said Temske.{ad}

The Stealthwatch Learning Networks License enables Cisco ISR routers to act as security sensors and enforcers for branch offices. The product will learn over time what’s normal for a remote site and report on anomalies. A partner could manage dozens or hundreds of ISR routers across a branch network through a new, simple UI. “It uses the concept of network as a sensor,” said Ben Munroe, security product marketing manager, Cisco Security Business Group. “That gives partners a compelling reason to call on customers, to offer a really solid reason for a network refresh.”

For endpoints, Umbrella Roaming may now enabled as a module in Cisco’s AnyConnect VPN. It offers agent-less cloud-based protection for mobile users by blocking connections to malicious sites. Defense Orchestrator is a cloud-based security infrastructure management tool that Temske called out as valuable addition for partners. It enables an MSP or customer IT team to apply policies to Cisco security products, including ASA and Firepower firewalls, from a central console.

“You may have a policy set up for the branch level, for firewall rules, for browsing rules,” says Munroe. “All those rules can be set up in a template and deployed through a series of very simple clicks. And that’s true of one branch, or a hundred branches, or a thousand.” He cited M&A as a driver, but partners could also …

{vpipagebreak}

… develop policies and extend them across multiple customers.

Also new is the addition of Advanced Malware Protection and Threat Grid to the Meraki MX security appliances, continuing Cisco’s strategy of extending AMP throughout its product line. The MX cloud-managed UTM boxes are suitable for branch offices.

Cisco is also opening new security service opportunities. For example, the new Security Services for Digital Transformation is aimed at assessing a company’s readiness to adopt digital technologies.

Munroe insists that positioning security as enabling digital transformation will help partners take advantage of a “multi-trillion dollar opportunity.”

Mind the Gap

Cisco is not alone in seeking to knit together point products, as we’ve discussed. But its dominance in enterprise networks gives it an edge in detecting and blocking suspicious activity, and its promise to provide open APIs to pull in data from specialized security products presents services opportunities for partners.

Monroe says a typical large enterprise today uses as many as 70 separate security products and that the resulting fragmentation and management complexity may open an “effectiveness gap” in security coverage.{ad}

“Enterprises are not only struggling to cope with the explosion in users and devices that are connecting to their networks, but with managing the myriad security controls deployed to try and keep their network resources safe,” says security author and consultant Michael Cobb. “I regularly see networks that have plenty of security controls and tools deployed but that don’t necessarily join up, or create a continuous defensive wall. If Cisco’s new services offer a simpler yet more effective approach to keeping a network and its users secure, then channel partners will be able to help their customers put in place a security solution that they will be a lot easier to maintain and manage.”

This may be true, though the very open API gospel it’s preaching means at least some of those products will be sources of security information. And each one likely represents some revenue for a partner. Still, simplification is worthy goal.

“If we can flat-line complexity, that’s obviously ideal,” says Munroe. “So it becomes straightforward to turn on a new license, or enable a new feature in an existing dashboard.”

Cisco’s architectural security approach has three tenets, which Munroe says extend from product engineers through executive leadership and partner messaging: Simplify the security experience, open the ability to integrate with other …

{vpipagebreak}

… security and network devices, and automate to help overstretched teams.

“These three combined are what we need to deliver effective security that covers everywhere a user might move,” he says. “Because we’ve got, A, infrastructure at those places, and B, security points of presence at those places, it means we can do more. We can share context.” An example is stopping malware introduced by a user connecting a compromised PC at a branch office before it travels onto the corporate network. {ad}

“If you’ve got 70 vendors protecting your environment, who do you blame when things go wrong?” he says. “Who’s held accountable?”

The Channel Business Case

“We view the advantage of working with Cisco in the security space in two areas,” said John Growdon, senior director, channels business development for security, in a briefing. First is cross-architectural opportunities — the ability to use security integration among various Cisco portfolios to sell customers on a router upgrade or new IoT project.

Second, a broad set of products offers a larger services opportunity. “The security space in particular is very fertile,” says Growdon. “We have very happy partners right now, and they’re increasingly investing with us to develop their security practices.”

While he has yet to get hands-on time with the new gear, Logicalis’ Temske says he’s pleased with Cisco’s integration strategy and recent acquisitions.

“The problem they always had there is that the products were great, but they were sold and mostly operated independently,” says Temske. “They all had the Cisco badge, but it didn’t look like an integrated solution. It just looked like a bunch of really good products from the same company, not as fully integrated as we’d like to see. This direction they’re taking is certainly the right one in my opinion.”

Temske sees branch offices getting more vulnerable as companies move away from provisioning private lines back to headquarters and instead connect these sites direct to the Internet, maybe with a VPN, maybe not. While he’s not sure how many of Logicalis’ customers have updated to the 4000-series ISR, he sees the bundling of security capabilities into networking gear as an opportunity.

“That will impact our profitability because we’ll be doing what we want to do, which is have holistic conversations around our customers’ security, not ‘let’s talk about your firewall, let’s talk about your IDS,” he says. “Those discussions are fine, but that’s not really where we want the conversation to be.”

Follow editor in chief @LornaGarey on Twitter.