RSA 2021: Cisco strengthens its security solutions

According to Chuck Robbins, CEO of Cisco, “The erosion of the traditional network perimeter and the shift to remote work is exposing endpoint devices, users and applications to an unprecedented level of threat.” This is what he told attendees of the last RSA Conference 2021 held online from May 17 to 21. “In addition, these threats are exacerbated by the fact that more than 3,500 vendors offer security products and services that many customers put together in a motley fashion, making it much more difficult to put in place an effective security posture for them. most of them, ”said the CEO.

In connection with this context, the equipment manufacturer announced a number of security measures to integrate and improve its own global offers with new functions and new services. For example, the OEM has added device inventory and access point security features to its SecureX service, which incorporates a myriad of Cisco security components. The company presents SecureX as an open, cloud-native system capable of detecting and remedying threats to Cisco and third-party products from a single interface. The dashboard displays metrics for operational indicators, triggers alerts on emerging threats, and accelerates threat investigations and incident management by aggregating and correlating global information and local context into a single view.

More security on the network

SecureX Device Insights is one of those new features. It discovers and consolidates the inventory of devices in the company, the objective being to allow customers to have a clearer idea of ​​what is on the network, how it is configured, to identify gaps in coverage and help troubleshoot issues. Additionally, according to Cisco, SecureX now offers more than 30 pre-built security workflows, 40 turnkey integrations and new orchestration capabilities that automate and orchestrate security management across the cloud, enterprise network, applications and endpoints. In addition, Cisco Secure Endpoint has new search capabilities with twice the number of built-in queries that can be executed from the product to speed up and simplify the search for threats. “Cisco Secure Endpoint includes over 200 advanced threat hunting queries that extend detection coverage to the endpoint level,” Cisco said.

“These features can enable organizations to evolve into new security architectures, including Extended Discovery and Response (XDR), Secure Access Service Edge (SASE) and Zero Trust,” said Al Huger, vice president and Managing Director Security Platform & Response at Cisco. “New endpoint technologies brought to market by Cisco are enhancing endpoint security. They also facilitate and accelerate the transition to XDR, SASE and Zero Trust architectures for customers, ”he wrote in a blog. “We made it possible for customers to streamline security in the cloud. We have also enabled customers to dynamically synchronize firewall policies based on the workload environment and boost endpoint protection to enhance detection and response, ”Mr. Huger.

Cisco also made the following announcements during the RSA Conference:

– Integration between Cisco Meraki MX security and SD-WAN appliances and the OEM’s Umbrella security gateway. Meraki WiFi devices can now inspect SD-WAN traffic using cloud-based SSL decryption at scale to protect sensitive data. In addition, intelligent path selection, combined with Umbrella’s overall cloud architecture, chooses the fastest, most reliable and secure path for applications, wherever they are hosted. , as Cisco wrote in a blog dedicated to this improvement. Note that Cisco is already integrating Umbrella in its SD-WAN Viptela offer.

– Umbrella’s cloud-based firewall now includes an Intrusion Prevention System (IPS) based on Snort 3 technology. This uses signature detection to examine network traffic flows and prevent exploitation of network traffic. vulnerabilities. “Customers can create firewall policies that analyze outgoing traffic flow and automatically catch and drop dangerous packets before they reach their target,” Cisco said. This system is powered by Cisco Talos’ real-time threat information feed to strengthen Umbrella’s protection. The Intrusion Prevention System (IPS) enables organizations to meet compliance requirements and prevent a large number of attacks spotted in both encrypted and unencrypted Internet traffic.

– The firm has added cloud-based malware detection capability to the Umbrella service. Umbrella detects and removes malware from applications to prevent the spread of infections on customer networks. Umbrella can scan file repositories stored in the cloud for possible malware and quarantine or delete malicious files it finds. “Umbrella can generate reports on usage, potentially compromised accounts and possible threats within the network,” Cisco said.

– The vendor has added a firewall targeting Kubernetes to its Secure Firewall family. Available first to AWS customers, Secure Firewall Cloud Native uses Kubernetes for orchestration and load balancing. “It can also scale security functions during times of fluctuating demand,” Cisco said. Support also includes automated policy-based container health checks and can quickly replace unhealthy or planted containers with new containers.

– Finally, Cisco released Secure Firewall Threat Defense 7.0. This release offers 30% faster throughput than most Cisco Secure Firewalls and supports Snort 3 IPS.

Kenna in the bosom of Cisco

Days before the RSA conference, the OEM took another important step to bolster its corporate security plans: the buyout of Kenna Security’s risk-based vulnerability management technology. Kenna’s platform, which Cisco plans to integrate with its SecureX service, will combine Cisco’s threat management capabilities with Kenna’s risk-based vulnerability management services. “This combination will generate prioritized lists of vulnerabilities, streamline collaboration between security and IT teams, and automate corrective actions to improve overall security posture,” Gee Rittenhouse, senior vice president and general manager of Cisco Security Business Group, wrote in a blog post.