The proliferation of applications across hybrid and multicloud environments continues at a blistering pace. For the most part, there is no fixed perimeter, applications and environments are woven together across datacenters and public cloud providers. The attack surface has expanded. Organizations struggle with a lack of visibility, and vulnerabilities are a constant issue for application and security teams alike. In some cases, the vulnerability is known and flagged, but there is no patch available, and the organization simply cannot afford the application downtime. And unsurprisingly, bad actors are taking advantage of these challenges, with ransomware attacks surging in 2023 and an estimated $1.1 billion1 paid out by victims. Designed to protect the applications that business relies on, Cisco Secure Workload 3.9 provides greater flexibility for deploying microsegmentation, new capabilities to mitigate threats and vulnerabilities, and enhances the efficiency for blocking malicious domains and traffic.

Secure Workload protects application workloads in an infrastructure, location, and form factor agnostic manner. It provides deep visibility into every workload interaction and uses powerful AI/ML-driven automation to handle tasks that are beyond human scale, delivering accurate and consistent zero trust microsegmentation while continuously monitoring compliance across the application landscape.

Secure Workload 3.9 gives customers greater operational efficiency and flexibility for implementing microsegmentation with support for NVIDIA data processing units (DPU). The new version helps reduce risk posed by vulnerabilities and threats by integrating with Cisco Vulnerability Management, provides integrated threat feed intelligence, and offers container vulnerability scanning. It also delivers increased efficacy with domain-based policy enforcement.

More ways to enforce microsegmentation

Fueled by the need for more processing power for complex cloud architectures, artificial intelligence, IoT, and even security, DPUs are becoming an essential ingredient to help improve performance and efficiency in datacenters by offloading these functions from the CPU. With NVIDIA DPU support, agents can be installed on server DPUs, in front of the virtual machines running applications, reducing the number of agents required for enforcement.

Only Secure Workload offers an agent and agentless approach with native firewall integration and DPU support, giving customers the flexibility to leverage multiple approaches in the same architecture based on their needs and organizational structure.


Figure 1: Secure Workload agents running on NVIDIA DPU

Prioritize the risks that matter most

Last year, Secure Workload expanded its CVE scanning capabilities by delivering the strongest Kubernetes container security available. Secure Workload 3.9 raises the bar further by including CVE risk scoring as part of its foundation for visibility and policy creation. The integration between Secure Workload and Cisco Vulnerability Management provides customers with a powerful tool to prioritize their most critical vulnerabilities. Secure Workload leverages data science, machine learning, and patented predictive modeling engine from Vulnerability Management and factors that information into its understanding of the customer’s applications and dependencies. This capability also provides additional intelligence for the virtual patching feature that can be leveraged when using Secure Workload and Secure Firewall to protect against a known vulnerability present in the environment, without breaking the application.


Figure 2: CVE risk score in Secure Workload dashboard


Enhanced policy efficacy and integrated threat intelligence

In our continued effort to increase policy efficacy, Secure Workload 3.9 includes domain-based policy enforcement. Security teams can now enforce policies by simply specifying the domain name to block malicious traffic or allow communication with specific API endpoints. In addition, integrated threat intelligence provides visibility into malicious IP addresses as well as detailing which applications have interacted with the malicious IP – past and present. Policies can now be created using the threat feed intelligence to block malicious traffic.

In contrast to other offerings, Secure Workload 3.9 provides more ways to deploy and realize the benefits of zero trust microsegmentation. It offers unparalleled value and efficacy by incorporating critical information and tools that are essential for reducing risk and protecting application workloads across hybrid and multicloud environments. Secure Workload is a core offering within the Cisco Cloud Protection Suite. Looking forward, we will offer new integrations, expand coverage, and add new ways to better protect against vulnerabilities.

Learn more about Cisco Secure Workload

Sign up for a Secure Workload workshop

For demos on Secure Workload 3.9 join the Secure Workload YouTube channel

Dive deeper into microsegmentation: Secure.Cisco.com

Learn more about Cisco Cloud Protection Suite

1Forbes, February 9, 2024 Big Game Hackers Smash $1 Billion Ransomware Barrier

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels



Brijeshkumar Shah

Senior Product Manager

Cloud and Network Security