#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’re talking about Branch Security with Cisco Subject Matter Experts Kural Arangasamy and Hai Bo Ma.

Get the PodcastCiscoChampionBadge
Listen to this episode
Download this episode (right-click on the episode’s download button)
View this episode in iTunes

Cisco SME
Kural Arangasamy, (@kuralvanan) Technical Engineer
Hai Bo Ma, Engineering product Manager

Cisco Champion Guest Hosts
Jake Gillen (@jakegillen & @ITSEC_jakeg), Senior Security
Eric Perkins (@perk_zilla), Principal Solutions Architect
Josh Warcop (@Warcop 60), Senior Consultant

Breana Jordan (@breanajordan12)


  • Primary topic is securing the branch since the solutions are being tested by IWAN team.
  • Discussing mainly branch security in general
  • Discussion topics:
    • Threat landscape and the need for a security solution in a branch environment
    • Use cases some of our customers are interested in
    • Solutions offered on our router platforms, specifically on the ISR platform
  • Security at top of mind
  • Now what we commonly see are attackers gaining access to the network and remain undetected for a long period of time.
  • Different type of threats and so we have different types of protection
  • Not one size fits all for a security solution
  • Common use case and solutions
    • Guest direct access to the internet
    • Secure cloud and partner access
    • Full direct internet access
    • Device posture based internet access
  • Best for customer to chose between one of the models
  • Q: Bandwidth is not expensive anymore, what’s the performance hit if you turn on all the features vs. back-hauling everything to headquarters?
  • Benefit and effort trade-off
  • Common use case and solutions with router platforms shows the different protections for all 4 use cases
  • The design guide for use cases:
  • CWS connector on ISR establishes an encrypted tunnel to CWS tower which has a CSR on the other end
  • Q: Is there any extra h/w or s/w required to do the device inspection?
  • Q: How do you trust wifi, how do you trust an access point? You can spoof a lot of this data
  • Q: Wondering about any real world examples…what are some examples of business that have transitioned to an IWAN? What are some positive things they experienced?
  • Q: Sizing guidelines? Is there a link to the sizing guidelines mentioned earlier?
  • Q: Container service within the ISR – are the ISRs now running linux?

Cisco Champions Program Overview
Cisco Champions are an elite group of technical experts who are passionate about IT and enjoy sharing their knowledge, expertise, and thoughts across the social web and with Cisco. The program has been running for over two years and has earned two industry awards as an industry best practice.

Resources and Links
About the Program
Contact the Cisco Champions Management Team


Lindsay Hamilton

Social Media Blog Program Manager

Global Social Media Marketing