Cisco ties security capabilities into SD-WAN platform

The joy of being Cisco includes the ability to tie together various elements of its portfolio into new offerings across specific applications.

Such is the case with today's news that Cisco has bundled some of its security capabilities with its SD-WAN technologies in order to help organizations better embrace the cloud.

"It's what you would expect Cisco to do, which is to integrate the breadth of their portfolio and get people to use them as the single source," said Lee Doyle, principal analyst at Doyle Research, in an interview with FierceTelecom. "The more broadly that people use Cisco for their network, which increasingly includes the overlap of SD-WAN and security, the better it is for Cisco.

"Distributed computing in a multi-cloud world is challenging. The bottom line is combining the best of breed of Cisco's security with its SD-WAN offerings. It makes a nice integration and provides good value to Cisco customers."

Businesses and organizations are living in a multicloud world, be it public, private or hybrid clouds. Cisco's Ramesh Prabagaran, senior director of product management, said in an interview with FierceTelecom that networks have become more complex with new-cloud-based applications such as software-as-a-service (Saas) or infrastructure-as-a-service.

The end result is the new cloud edge that brings security, networking and access to the various clouds in a strategic way, but the cloud edge also causes greater exposure for businesses' networks.

"I have inconsistent application experiences because depending on where I place the cloud edge I may have to go halfway across the globe to access it or I may be accessing a SaaS application across the street from me," Prabagaran said. "This results in increasing complexities because I have to manage different parts of the network in many different ways. All of this points to fact to that the WAN device must be software defined. So every single WAN device needs to be software-defined and needs to be secure.

"There has been this whole movement towards on prem security or internet security which is closer to the user. We also have many companies that are focused on cloud security, which is closer to the application. We see the answer is not one or the other. The answer is you have to place the right security at the right place in the network and simplify it. That's really what we're announcing here."

There are three main elements to Cisco's announcement today. The first is that a full stack of Cisco security capabilities are now embedded into Cisco's SD-WAN portfolio, which includes both its Meraki and Viptela SD-WAN flavors. Application-aware enterprise firewall, intrusion prevention and URL filtering are integrated into the Cisco SD-WAN devices. By embedding a full stack of security into the SD-WAN devices, businesses can better protect their infrastructures.

Cisco's SD-WAN services also include its Talos security engine that receives notifications from devices and other sources of suspect behaviors that Talos can then block before they proliferate across a network

"All I have to do is upgrade my device to the new version of the software and I automatically get all of these new security capabilities," Prabagaran said. "I also need to be able augment SAAS so I can get cloud-based security. So back to the notion of the right security in the right place, I need to be able to consume my Saas applications and my internet-bound applications and have a layer of cloud security right in front of that."

On that note, Cisco has integrated its cloud security Umbrella, which is based on Cisco's purchase of OpenDNS three years ago, with its SD-WAN portfolio. The cloud-based security block malicious destination before a connection is established.

By blending security into both on prem devices and cloud capabilities, Cisco is able to not only provide better security, but also cut down on the time it takes to deploy security measures across each device in a network by managing them through a single pane of glass.

"Very simply if I take today's model without these enhancements, I have to go through many, many actions," Prabagaran said. "Many actions done individually on a device-by-device basis to manage distributed security essentially translates into weeks if not months of work.

"With the single pane of glass that we provide—along with the security that we provide on prem and also simplified in the form of cloud consumption—I can operationalize this fairly quickly. Some of our customers have rolled out hundreds of sites in a single maintenance window in a single day."

RELATED: Cisco pours Viptela SD-WAN capabilities into its router platforms

Cisco also announced that it has optimized the use of Microsoft's Office 365 by providing users with the fastest path with the highest availability in real-time. Cisco's SD-WAN monitors the available paths across data centers, gateways and collocation facilities to find the best path and it can switch to a different path if the current one suffers from degradation. The end result is that Cisco can provide performance level improvements that are up to 40% faster.

Cisco is also serving up its own programmable APIs that allow service providers and developers to create their own value added services. Cisco's DevNet developer program is also introducing new SD-WAN learning labs and sandboxes that allow developers and network programmers to work with the company's SD-WAN programmability.

On the hardware front, Cisco announced its ISR 1111X-8P and ISR 4461 devices, both of which are available now. Prabagaran said the ISR 4461 router was for large remote offices or branches while the ISR 111X-8P router was designed for the small enterprise branch offices, such as five users, that need Wi-Fi and LTE support in a single form factor.