Cisco made enhancements to its security offerings that will expand and change the way customers buy its Secure Access Service Edge products as well as bolster network-access authentication.
Cisco’s SASE plan will focus on enhancing networking and security functions while building them into an integrated service that can help simplify access to enterprise cloud resources securely, said Gee Rittenhouse senior vice president and general manager of Cisco’s Security Business Group during this week’s Cisco Live! event.
The first step will be offering the SASE package as single, integrated bundle customers can buy as a subscription service that is straightforward to procure, easy to set up, and simple to use—all brought together a cloud dashboard, Rittenhouse said.
The offering includes Cisco’s Viptella and Meraki SD-WAN software packages, Duo and AnyConnect remote access, Umbrella security as well as Duo zero trust and other security components.
The integrated package will be a plus for enterprises, experts say. “Eighty percent of organizations want to reduce the number of security vendors and products to create a more integrated protection/incident-response and easier to manage security operations,” said Peter Firstbrook, a Gartner research vice president.
“Reducing the barriers to adoption and increasing the level of integration is going to be a major task for multi-product vendors,” Firstbrook said. “At the same time SASE is a hot topic as more network traffic moves off the LAN and into the cloud. The more of this problem that Cisco can address the more successful they will be.”
Within the bundle Cisco added features including the ability to support remote browser isolation, data loss prevention (DLP), cloud malware detection, and support for Cisco Meraki MX environments with Umbrella security.
“DLP and remote browser isolation are desirable but they are catch-up items,” Firstbrook said. “Symantec and Zscaler have had these for a while. Necessary, but doesn’t leap-frog the competition.”
Cisco also announced SASE Developer Center, a channel within its DevNet software-developer community, that provides resources to help create SASE implementations that incorporate SD-WAN, Meraki, Umbrella, Secure Access by Duo, AnyConnect, ThousandEyes, and other Cisco SASE components.
The center features automation use cases for integrating Cisco Secure Access by Duo with SecureX, Code Exchange examples for ASA VPN monitoring with ThousandEyes, Learning Labs, and access to the DevNet Sandbox to get started with Cisco’s SASE technologies, Cisco stated.
Cisco also added passwordless secure access to its Duo package. Cisco bought Duo Security in 2018 for $2.35 billion for its zero-trust security model that authorizes secure connections to applications based on the trustworthiness of users and devices.
Duo passwordless authentication lets users skip entering passwords and securely log into cloud applications via security keys or biometrics built into laptops and smartphones such as Apple FaceID and TouchID, and Windows Hello, Cisco stated.
The feature can improve usability as well as security by removing the complexity and error-prone nature of maintaining multiple passwords, wrote J. Wolfgang Goerlich, an advisory CISO for Duo Security in a blog. “Building upon the instrumentation provided by Duo’s zero-trust platform, we can increase trust in authentication by transparently verifying and validating every connection to every application,” he waote
“Passwordless is definitely a plus to lower friction for users and reduces the administration/help-desk costs,” Firstbrook said, “so it is gaining traction as an option in an increasing array of authentication choices.”
Cisco also enhanced SecureX, its cloud-based platform that includes network and application security such as Umbrella and Cisco Secure endpoint. It provides a single interface for detecting and remediating threats using Cisco tools but also tools from third parties including Google, ServiceNow and Splunk.
To that package Cisco has added enhancements that reduce the time it takes for SecOps to automate tasks that detect and remediate threats, Cisco said. These include automated workflows to deal with tactics such as those used in the SolarWinds supply-chain attack, as well as information gleaned from phishing and threat investigations carried out by Cisco Talos, the company’s threat-intelligence center.
“Emerging [extended detection and response systems] like SecureX need to be able to detect attack techniques that are only visible from the identity logs,” Firstbrook said. “Additionally it is useful to be able to isolate identity credentials during an investigation when account takeover is suspected.”