SAN DIEGO, California—Cisco Live—Security is top of mind for enterprises as they move wide-area networking (WAN) from the edge to the cloud, but the industry needs to rethink how it does security in the cloud, according to Cisco's David Goeckeler.
During a Tuesday keynote address, Goeckeler, executive vice president of networking and security, said that his company has added security measures in the cloud for software-defined WAN (SD-WAN).
"You have the cloud and you start adopting SD-WAN," Goeckeler said. "When you start that adoption you start thinking 'Wait a minute all of my security technology is sitting at the edge of my network. That needs to be in the cloud as well.' We have to rethink how we deliver security in this cloud-first world."
Last year, Cisco integrated an enterprise-class firewall into its on-premise SD-WAN appliances. At this year's Cisco Live, Gee Rittenhouse, senior vice president of Cisco’s security business, announced that his company has broadened its SD-WAN security approach into Umbrella, which is Cisco's secure internet gateway.
"We know that when you're considering your SD-WAN topography that security is top of mind. It's ours as well," said Rittenhouse, who was sharing the keynote stage with Goeckeler. "But we also know that you're choosing SD-WAN because you want to make the network more simple. The last think we want to do is force you to bolt on various security technologies that end of the day just complicate your network operations.
"Today we're very, very excited that we're extending this approach to Umbrella, the market leader in the cloud security space. So, whether you choose to secure SD-WAN in appliances or in the cloud, we've got you covered."
How it works
With the latest addition, Cisco is able to create one common policy for DNS for a firewall at a secure web gateway by using a dashboard. Brian Roddy, vice president and general manager of cloud security at Cisco, demonstrated how the intrusion system, which is powered by Cisco's Talos security, works.
Using Cisco's Viptela dashboard, a user can automatically send all of the DNS security policies to the cloud with a few clicks and then monitor them there.
Cisco is able to create tunnels from the branch office to the cloud, and then provision the devices in that branch office with a few clicks. Once the system sees all of the traffic, it can look at cloud firewall polices across Layer 4 and Layer 7 to see what that traffic is doing. Cisco is in the process of adding its Sourcefire threat protection, which will be available in the coming month.
"Which means you'll be able to get application visibility and control as well as intrusion protection backed by Talos," Rittenhouse said.
Several months ago, Cisco added advanced malware protection from its security portfolio its SD-WAN solutions. Cisco sees a 90% drop in malware when it deploys its DNS security.