In a blog post last December, I said that the business and IT leaders with whom I meet always ask: How can I secure my highly distributed workforce, who gets more varied and decentralized all the time? How do I provide tight security without burdening them or impeding business?  That hasn’t changed. This still drives conversations early and often.

Yet this is never in isolation. Their focus on improving end users’ experience sits right beside their need to make life easier for their IT and security teams. And of course, these leaders are intensely working to lower risk to the organization. Simply said, these leaders are saying that they want security that’s better for users, easier for IT, and safer for everyone. Yet, that simple statement hasn’t historically been easy to achieve.

In June 2023, we introduced Cisco Secure Access, a security service edge (SSE) solution that squarely answers these needs. And since June, we’ve continued to aggressively add functionality to deepen and extend the ways that you can improve end user experience, simplify security management for IT, and tighten security for everyone. Today, I’m thrilled to share capabilities that we announced at Cisco Live in Amsterdam just a few weeks ago.

AI for Security: Increase security and lower complexity 

We’re excited to announce the AI Assistant for Security in Secure Access. This is a generative AI capability that will simplify access policy creation by automatically converting conversational English prompts into security policies. It can take a multi-part prompt and create a sophisticated single policy. It can automatically break a complex prompt into multiple elements and create a set of recommended polices to cover an entire scenario. By default, the AI Assistant creates rules in a disabled state to ensure the administrator can tweak, test, and move rules to production only when they are ready to do so.

Security administrators no longer need to understand the policy engine, formatting, and nomenclature for each security tool and manually create a large volume of policies. Using the AI Assistant in Secure Access, via the single console, security administrators can save significant time across policy creation and management tasks. Additionally, multi-person administrator groups can create a more consistent and effective policy set. And, all this pushes the needle on improved operational efficiency and reduced complexity.

Security for AI: Mitigate risks of using generative AI applications

My comments above highlight how Secure Access is using AI to enrich the security capability it provides. In addition, we announced our ability to help organizations safely use generative AI applications within their organizations to increase employee productivity without adding security risk.

Secure Access AI Data Loss Prevention (DLP) functionality secures the use of Generative AI applications via discovery, block/allow, granular control, and inline data loss prevention.

Functionality includes:

  • Discover and control use of 70 generative AI apps, including Bing AI, Google Bard, and ChatGPT — who’s trying to use it, how frequently, and where.
  • Block or allow multiple generative AI applications.
  • Enable the safe use of ChatGPT:
    • Granularly control which functions to allow — or not — and by whom.
    • Use DLP to ensure sensitive data is not leaked to the AI platform.
    • Use DLP to block the download of unsafe content from ChatGPT and notify the user.

Policy management for both inline and out-of-band DLP is done via Secure Access’s single, unified dashboard, so while it’s tightening security, it’s also keeping things simple for the IT/security staff.

Experience insights increases user productivity and IT efficiency

Experience Insights is a set of digital experience monitoring (DEM) capabilities that enables IT/security teams to improve user productivity by quickly revealing connectivity issues and providing the relevant details for faster resolution. It is embedded into Cisco Secure Access and powered by ThousandEyes functionality — at no extra cost — to enable rapid root cause identification and resolution.

Experience Insights monitors the health of work-managed endpoints, their underlay and overlay connectivity, and the application performance of top SaaS applications, such as collaboration and productivity platforms.

Example Insights:

  • Endpoint performance: CPU, memory, Wi-Fi
  • Network performance: Endpoint to Secure Access to target destination, including local network, user last mile, Internet, and application network
  • Application performance for top SaaS apps, such as Microsoft Office, Salesforce, Gmail, and Notion
  • Collaboration performance scores per user for Cisco Webex, Zoom, and Microsoft Teams
  • View user-specific events based on conditions, such as policy block

Because it is a component of Cisco Secure Access, administrators have a single correlated view to manage the connectivity, security, and digital experiences of their workforce — regardless of where users or issues are located — to reduce mean-time-to-response (MTTR). This improves user satisfaction and makes administrators, help desk staff, and end users more productive.

Experience Insights can be easily expanded to full ThousandEyes licenses with an extended set of monitoring capabilities and data sharing.

Identity Intelligence sharpens security

In the last year, we’ve seen an upsurge in identity threats that hit many enterprises hard. In light of that, Cisco security is making identity central to its security strategy. We are pioneering new identity intelligence that is all about understanding and managing not only the who and what of access, but also the when, where, and how of interactions.

Today, there is blind trust between authentication and access — a blank space where you can’t easily see and respond to identity behaviors. By closing that space, we’ll be able to move from asking, “CAN the user get access to resource X?” to the more important question, “SHOULD the user get access based on current identity intelligence?”

In mid-2024, Secure Access will be using this deep Identity Intelligence to make smarter zero trust access decisions, empowering security teams to defend against identity-based attacks. For example, Secure Access will be able to use data from existing identity and access management tools to enable administrators to clean up unused and vulnerable identities that leave a door cracked open for account takeover threats.

Identity Intelligence in Secure Access will expose subtle shifts in identity posture by aggregating extended attributes and user behavior factors from a wide range of Cisco and third-party sources. This will give a clear picture of every identity and continuously track changes that empower administrators to create and enforce sophisticated Secure Access policies.

This rich identity intelligence will allow your security team to block or challenge unusual identity behaviors based on risk. This could then initiate an incremental reduction in access rights or full session termination, quickly containing the impacts of a compromised identity.

Infuse ISE’s identity-based context into Secure Access

The integration of Identity Services Engine (ISE) into Secure Access’s VPNaaS capability is the first instantiation of ISE integration across Secure Access that will provide granular, identity-based, posture information to deepen visibility into what users are doing, when, and how.

It will enable the administrator to use detailed, identity-based information to make proactive governance decisions (via policy). For example, you can know — on a per user basis — the device type used, its location, its state/posture, is it managed or unmanaged, what’s the time of day, and more. In the future, by using AI analytics, Secure Access will be able to detect anomalies in device posture and identity and then apply the correct policy.

The upshot? You will be able to more precisely enforce the right policy, for the right user or device, at the right time.

This is just the beginning. Cisco is driving toward common identity across products and capabilities, applied wherever users work, however they connect (wired or wireless), and whatever resources they access.

Why Cisco?

Scale matters in security, and Cisco has a proven track record with cloud-delivered security solutions. We have over 70 thousand cloud security customers, manage 220 million remote endpoints, and secure over 600 billion web requests per day. We know how to do security at scale. To learn more, register to see a live demo of Cisco Secure Access.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels



Jeff Scheaffer

Vice President Product Management, Security Service Edge (SSE)

Security Business Group