It’s time to rethink “next-generation”

Over a decade ago, the phrase “next-generation” was used in the network security space to describe the introduction of application-layer control with firewalls. It was a pivotal moment for the space, setting a new standard for how we protected the data center perimeter.

A lot has happened in the last decade though – most notably, the rapid adoption of cloud (and multicloud) architectures and the way we define the “perimeter.” Today, 82% of IT leaders have adopted hybrid cloud architectures, and 58% of organizations use between two and three public Infrastructure as a Service (IaaS) clouds1. On top of that, 95% of web traffic is encrypted— limiting visibility. Applications are everywhere, access privileges are unstructured increasing the attack surface, and businesses expect near-perfect availability and resilience. To make things more complicated, enterprises have tried to solve these challenges with disparate solutions, leading to vendor sprawl among security stacks and operational inefficiency.

So, what does this all mean? What we once considered “next-generation” network security no longer cuts it.  We need a new way of thinking about security (“next-next generation” anyone?), one that breaks down silos and eliminates disparate tools. It’s time to bring on-premises and multicloud network security together for a single, unified approach.

Today, we are excited to share with you a series of innovations designed to unify network security, bringing best-in-class data center security, multicloud security, and management together – covering you from ground to cloud.

From ground…

When we say “ground,” we’re talking about securing the data center with firewalls. At its core, a firewall is a shield that protects your network from malicious traffic. There are three challenges though: (1) almost all of today’s traffic is encrypted, making it harder than ever to identify malicious from non-malicious traffic without compromising performance and (2) the “shield” typically only acts at the moment of authentication for application access, meaning there’s no continuous verification, and (3) leased lines are expensive but managing branch traffic routes across the internet requires additional tools.

This is where the Cisco Secure Firewall shines – delivering leading performance, new connectivity options, and enhanced visibility to every aspect of your organization.  Today, we are releasing the Cisco Secure Firewall 4200 Series, the most powerful data center firewall from Cisco to date that leverages inline cryptographic acceleration to maintain performance in an encrypted world. With the Secure Firewall 4200 Series, customers will receive our latest 7.4 software release, that further eases the challenges of encryption and centralizes secure access.

Our new encrypted visibility engine 2.0 leverages AI/ML to identify threats and applications in encrypted traffic without decryption.  This resolves the complexities of decryption for inspection, as well as performance and privacy concerns.  Further, 7.4 leverages the foundation of the security stack to add secure access capabilities with zero trust application access.  This evolution of the ZTNA model goes beyond the ‘authorize then ignore’ mentality by adding inspection of user traffic and application behavior for more secure access.  Additional access from branch offices to applications without expensive leased lines comes with simplified branch routing, allowing the firewall to centrally recognize, monitor, and route application traffic for improved performance and secure access.

As we bring new security features, performance, and application access to the datacenter firewall, we can expand our purview to encompass the complexities of securing data and applications across multiple cloud platforms.  This brings the need for a comprehensive and adaptable security strategy that safeguards both on-premises infrastructure and cloud-based assets.

…To cloud

When it comes to securing cloud networks, complexity is enemy number one. Most companies use a combination of a private cloud along with public clouds across Amazon Web Services, Microsoft Azure, Google Cloud Platform, and Oracle Cloud Infrastructure. Here’s where it gets complicated: every public cloud has their own security controls and “language,” and those controls work in isolation.

Cisco Multicloud Defense simplifies complexity by unifying security controls across all cloud environments. Building on technology from the acquisition of Valtix, customers can now experience one, unified control plane for their public and private cloud environments. This means you can write a policy once and deploy it everywhere.

Cisco Multicloud Defense brings together distributed Layer-7 protection, web application firewall (WAF), and data loss prevention (DLP) capabilities managed through a single, dynamic policy. It acts as the interpreter across clouds and uses gateways, which are distributed across customer VPCs, as enforcement points for security policies. This enables Multicloud Defense to stop threats that target applications, block command & control, prevent data exfiltration, and mitigate lateral movement. At the end of the day, everything that you love about the cloud – the agility, flexibility, and scale – is now applied to how we secure those clouds. On top of that, having a single control plane that does the automation and orchestration for you means less training, less specialized resources, and faster time-to-value.

One platform, all together

As I mentioned, the “next-generation” era is the past. The future of security starts with convergence to unify and simplify the hybrid and multicloud experience.  A year ago, we announced our Cisco Security Cloud vision: a cloud-delivered, AI-driven security platform that protects across hybrid and multicloud infrastructures, with phenomenal user experiences. The announcements today represent our work delivering on that vision – converging the fabrics of best-in-class data center and multicloud security to protect customers from ground to cloud.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels



Rick Miles

Vice President Product Management, Cloud and Network Security

Security Business Group