In January 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a directive (with an update in February) mandating that all U.S. Federal agencies take Ivanti systems offline for remediation. Over 1,700 Ivanti systems have been compromised; affected Ivanti VPN products are Ivanti Connect Secure (formerly Pulse Secure) and Ivanti Policy Secure gateways. The vulnerabilities include CVE-2023-46805, CVE-2024-21887, CVE-2024-21888 and CVE-2024-21893.

Cisco is helping customers move from Ivanti to Cisco Secure Access in order to mitigate risk and provide a new, zero-trust centric way forward.

When considering switching from Ivanti VPN to Cisco Secure Access, you’ll receive:

  • A 90-day free trial: Take advantage of a no-obligation test drive of Cisco Secure Access.
  • A free Identity Security Assessment: Get a complete assessment of your identity security posture, threat activity, and insights for improving your identity posture.
  • And when you’re ready to move forward, you will qualify for one year free, with a 3-year (or longer) contract: Onboarding is included, enabling rapid deployment and value realization.

Cisco Secure Access is more than a VPN alternative. It’s a fully functional, cloud-delivered Security Service Edge (SSE) solution, grounded in zero trust, that gives users an exceptional user experience and protected access from any device to anywhere. Secure Access offers:

Secure, remote access to all private apps

Zero Trust Network Access (ZTNA) uses least privilege principles, contextual insights, and client or clientless-based methods to deny access by default and allow access to apps when granted. This limit lateral movement by threat actors, locking down application access comprehensively.

VPN-as-a-Service for complete coverage and lower administrative costs

With a single client for ZTNA and VPNaaS, users seamlessly access all their apps, not just some. Some legacy apps, and services like RDP and SSH, aren’t secured by alternative SSE solutions. With VPNaaS, you lift your VPN to the cloud, enabling more control and simplified management. Plus, we’ve introduced the industry’s first Zero Trust Access relay, which utilizes a MASQUE proxy to gracefully handle both traditional protocols, plus newer QUIC / HTTP3 traffic. This increases performance and enables granular least-privilege control – across all applications.

Defense for users and resources from malware

Secure web gateway inspects web traffic, including encrypted, for protection. Files are scanned, known malicious content is blocked, and unknown files are sandboxed and analyzed. Controls can block specific activities and destinations that violate policy.

Insights that expose shadow IT and protect sensitive data

A Cloud Access Security Broker (CASB) discovers and controls SaaS cloud apps in use, including generative AI, and reports reputation, compliance, and risk scores. DLP protects against data exfiltration, and cloud malware detection removes infected files.

Traffic monitoring and inspection

Firewall as a service with IPS examines non-web traffic at layers 3–7 and drops unsafe packets. The DLP module identifies and blocks ChatGPT content. DEM tracks the performance of endpoints, networks, and core SaaS apps for faster issue detection.

A track record of innovation and success

With over 100 million global users protected with remote access security capability, Cisco is the global leader in ensuring safe and efficient hybrid work, and it’s the smart choice for an Ivanti VPN replacement.

Visit cisco.com/go/ivanti to find out more about making the switch to Cisco Secure Access to resolve the threat of zero-day vulnerabilities associated with Ivanti VPN products and deliver an extended set of SSE functionality now.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels



Bill Mabon

Senior Manager, Security Products

Cisco Security