The market consideration and adoption of software-defined WAN represents the largest WAN transformation in recent history. Organizations are turning to SD-WAN to improve connectivity, reduce costs, and simplify management at their branch locations. In fact, a recent research study from the Enterprise Strategy Group (ESG) found that 4 out of 5 organizations report using SD-WAN in some capacity already. Instead of backhauling all traffic through the corporate network, the research also indicated that 79 percent of organizations are shifting to direct internet access (DIA) for all or some remote and branch offices.* With DIA, enterprises can accelerate their digital transformation with faster access to cloud applications and workloads. While the benefits are clear, this also introduces new security challenges.
The shift to SD-WAN creates new security challenges
Security has to be top of mind as you transform your network with SD-WAN and move to DIA. Branch offices and roaming users are more vulnerable to attacks, and attackers quickly exploit weaknesses. Based on the ESG research, 68 percent of branch offices and roaming users were the source of compromise in recent attacks. And as organizations move to more DIA, this becomes an even greater risk. Scaling security at every location often means more appliances to ship and manage, more policies to separately maintain, which translates into more money and resources needed.
But it doesn’t have to be that way. SD-WAN makes your networking simple and that’s the way that your security should be, too. You need security that can effectively scale across all locations, provide simple management, and enable you to easily add security services as needed.
Extend protection from the network to branch offices to roaming users with powerful cloud security
At Cisco, we want to make sure you have choices with your preferred security solution. Last November, we announced that we built a set of security capabilities into our SD-WAN devices to provide a complete on-prem solution. Now, we are delivering additional feature functionality to Umbrella, our market leading security cloud platform, to deliver a complete secure internet gateway (SIG) so you can secure your SD-WAN from the cloud. When it comes to protecting your SD-WAN, Cisco provides the flexibility you need whether on-prem, in the cloud, or both. Regardless of your deployment choice, we have you covered.
Built on top of the fastest and most reliable infrastructure, Umbrella provides simple deployment and management. In a single cloud platform, it unifies multiple layers of security—including DNS, secure web gateway, firewall, and cloud access security (CASB). It also acts as your secure onramp to the internet by offering secure internet access and controlled SaaS usage across all locations and roaming users. And we continue to deeply integrate Umbrella with Cisco SD-WAN to deliver ease of use that is unmatched across the industry.
As a leader in both networking and security, only Cisco can deliver a truly secure experience. We’re committed to offering security that is integrated into our network solutions, with simple configuration and unified policies that can be easily enforced across your entire enterprise, in every location, and anywhere users travel. As demonstrated by our expanding capabilities, we continue to make huge investments in our R&D to rapidly make our cloud security even stronger.
As you make the transition to SD-WAN and DIA, you can trust Cisco to bring together the best in SD-WAN with the most effective, most reliable, and simplest cloud security to protect it. This is just the start of the journey!
If you’re ready to learn more, visit umbrella.cisco.com/sd-wan. And if you are attending Cisco Live U.S., stop by the Umbrella booth in the World of Solutions to get a demo.
*ESG Research Survey, Cisco Secure Internet Gateway Survey, January 2019
Come learn from the best in threat defense
Throughout the year, you hear us talking about our innovative security strategy – about how integration, automation, and simplification make your security posture better. We highlight the need for a new approach to security in a multi-domain world. An approach that securely connects any user, on any device, on any network, to any application.
Next week is your chance to join us for interactive sessions, professional networking, and hands-on demos to find out where your security stands. Whether you discover that you’re on the right track, or that you have a long way to go, our security events at Cisco Live San Diego will provide valuable insight to take your security to the next level. And you will have some fun in the process!
Below are the major security activities happening at Cisco Live from June 9 – 13 at the San Diego Convention Center.
Don’t miss these Cisco keynotes to hear about our overall strategy and how security fits into the bigger picture:
You Make Possible | Monday, June 10 | 10:30 a.m. – 12:00 p.m.
Join Cisco CEO Chuck Robbins and engineering leader David Goeckeler as they share Cisco’s vision for the future and unveil new innovations that will transform our industry, your business, and our world.
Innovation Without Boundaries | Tuesday, June 11 | 10:30 a.m. – 12:00 p.m.
CEO Chuck Robbins, networking and security leader David Goeckeler, collaboration leader Amy Chang, and chief customer experience officer Maria Martinez will discuss our commitment to your success through our game-changing technology and an entirely new customer experience.
Simple, Secure, Digital Workplace with Cisco Meraki | Tuesday, June 11 | 2:00 – 2:30 p.m.
Today’s users demand next-generation, digital experiences within applications that are securely accessible from anywhere. This session, led by Meraki SVP and GM Todd Nightingale, will demonstrate Meraki’s innovative, data-driven approach to engineering, optimizing customer networks, prioritizing application traffic, and security.
What Is the Future of the Firewall? | Wednesday, June 12 | 11:30 a.m. – 12:00 p.m.
In the world we live in today, is the perimeter dead? Or do we actually need firewalls in more places than ever before? If so, how do we manage them all? Come see our SVP of security product management, Jeff Reed, to learn about the future of the firewall and see demos of Cisco Defense Orchestrator and Cisco Threat Response.
And make sure you stay for our closing keynote with Julia Louis-Dreyfus!
A Conversation with Julia Louis-Dreyfus | Thursday, June 13 | 3:00 – 4:00 p.m.
Much like the tech industry, the entertainment industry is rapidly changing. Join the star of the HBO hit series, Veep, as she humorously delivers insights and inspiration on how to remain relevant despite the chaos.
Click here for more details on these and other keynotes throughout the week.
Insightful Security Sessions
Today’s dynamic threat landscape demands a security strategy that focuses on the threat itself more than simply prevention. Cisco security solutions provide threat-centric protection that spans the entire attack continuum – before, during, and after an attack. And we cover you wherever threats get in – from edge to endpoint and beyond.
Cisco Security will present over 160 sessions at Cisco Live. Check out the Cisco Live security page to plan your schedule for the week. Our security sessions, labs, and technical seminars will help you take a holistic approach to security and stop more threats faster.
If you’re interested in these sessions, be sure to book them now. They fill up fast!
We know that 160+ sessions is a lot. See the end of this post for 10 recommended crowd pleasers!
World of Solutions
Don’t forget about the show floor as a treasure trove of valuable information and experiences. The World of Solutions is the energetic core of Cisco Live, where you’ll have the chance to learn about the latest innovations from Cisco and our partners, and connect in one amazing space.
Spend some time in the Cisco Showcase and Security Village to get up close and personal with Cisco and partner technologies. Attend expo sessions, see live demos across our security portfolio, network with your peers, and kick back a little. Also be sure to stop by the Duo Security area to learn about Cisco Zero Trust, charge up your devices, and zone out on some games.
Are you struggling with more remote users, more cloud apps than you can count, and network decentralization? Come see our Cisco Umbrella team at The Park to find out how they provide a first line of defense for securing users anywhere they access the Internet.
Meet the Expert/Engineer
Consistently rated as one of the highest value programs at Cisco Live, these meetings give you the opportunity to set the agenda for a 1:1 conversation with a Cisco expert. Visit the “Meet the Engineer” desk on site to schedule a personalized discussion focused on your unique questions and challenges.
Capture the Flag
Think you have what it takes to root out threats and protect the network? Check out Capture the Flag in the Sails Pavilion on the 2nd floor.
Cisco Live Celebration
If you need a break from all your learning, be sure to attend the infamous Cisco Live Celebration on Wednesday, featuring the Foo Fighters and Weezer!
While you’re at the show, keep an eye on our news page and social media for the major product announcements we’re making during the week. See something you like? You’ll be in the perfect place to ask questions and learn more. You’ll also find chances on our Cisco Security Facebook and Twitter pages to win great prizes like a Samsung 55″ 4K Smart TV and a Sonos Beam Soundbar.
Can’t make it to San Diego? You can still get your front row seat to Cisco Live by tuning into the live broadcast.
10 Recommended Security Sessions
Make sure you review the full agenda of security sessions to choose what’s right for you. But if you don’t know where to start, here are some suggestions:
Talos Insights: The State of Cyber Security | Monday, June 10 | 1:00 – 2:30 p.m.
Cisco’s Talos team specializes in early-warning intelligence and threat analysis for maintaining a secure network. In this talk, we will perform deep analysis of recent threats and see how Talos leverages large datasets to deliver product improvements and mitigation strategies.
Converge or Die: Security Products and Services | Tuesday, June 11 | 9:30 – 10:30 a.m.
Products and services are converging. Attend this session and walk away with the knowledge you need to approach today’s dynamic threat landscape with confidence.
Cisco SD-WAN Security from the WAN to Cloud Edge | Wednesday, June 12 | 8:00 – 9:00 a.m.
WAN transformation increases your exposure to a range of internal and external threats that were previously handled by your data center security. We’ll learn more about these threats and why a combination of on-premises and cloud security is a must-have for your IT team.
Endpoint Security, Your Last Line of Defense | Wednesday, June 12 | 1:00 – 3:00 p.m.
With the proliferation of advanced malware, and the endpoint being the target of the vast majority of attacks, security on the endpoint is more important now than ever. This session will dive into the arsenal of Cisco endpoint security products.
Behind the Perimeter: Fighting Advanced Attackers | Wednesday, June 12 | 4:00 – 5:30 p.m.
Unlike defending against automated and predictable infections that we see every day, dealing with advanced adversaries can be a painful experience. Our goal is to derive a series of principles that make such attacks expensive to mount, maintain, and cover.
Demystifying Zero Trust – What does it really mean? How do you achieve it with Cisco and Duo Security? | Thursday, June 13 | 8:00 – 10:00 a.m.
In this intermediate-level session, we will provide clarity into how to go from “zero” to “hero” when it comes to deploying Zero Trust in your environment.
Protecting Your Office 365 Environment: Leverage the Firepower API, Cisco Cloud Email Security, and more | Thursday, June 13 | 8:00 – 10:00 a.m.
Office 365 has become a popular choice to consume Microsoft’s email, voice, and file sharing applications. Due to changes in the consumption of applications, we need to think differently about how to secure our networks, endpoints, and users.
Workload Security and Visibility | Thursday, June 13 | 9:30 – 10:30 a.m.
Modern applications no longer just reside within a company’s physical data center, but are also deployed across a multi-cloud environment. As a result, customers must now rethink their approach to data center security and workload protection as the available attack surface and opportunity for data theft has expanded.
Risky Business: Help Reduce Risk by Gaining Visibility and Control of Cloud App Usage | Thursday, June 13 | 1:00 – 2:30 p.m.
In this session, we’ll address the security risks involved with cloud app usage and how you can gain full visibility and control of cloud applications in your environment using Cisco Umbrella.
The Future of Security Analytics | Thursday, June 13 | 1:00 – 2:30 p.m.
What does it mean to deliver superior security analytics? Join Cisco Distinguished Engineer TK Keanini to explore security analytics in its entirety: reviewing new forms of telemetry, analytical techniques, and the mistakes and shortcomings of the past so that we don’t make them again in the future.
See you next week at #CLUS!
Subscribe to our Cisco Live blog series to stay updated on everything happening at Cisco Live 2019.
Security must be deep-rooted into every software-defined WAN (SD-WAN) solution rather than bolted on as an afterthought, much like the process of planting reinforcement steel in concrete.
Concrete has been used in construction for more than a thousand years. It has excellent compressive strength which allows it to endure heavy weights but little to no strength in tension forces, which are concrete’s tolerance against pressing and stretching. Most of the current SD-WAN solutions in the market, like concrete, have some notable attributes. They can provide WAN optimization, Zero-touch deployment, centralized management, basic segmentations, and perhaps limited security functionalities like stateful firewalling and VPN. But are they also able to protect your branch network against all internal and external threats in Direct Internet Access (DIA)?
Thousands of new complex cybersecurity threats emerge every day. Similar to concrete tension forces, these threats will eventually crack and break your SD-WAN branch network. These malicious forces are more potent when connecting your branch directly to the cloud using a common internet highway bridge.
SD-WAN Security: Built-in or Bolted-on?
In almost every area of life, compared with a “built-in” option, it’s hard to imagine someone would choose a “bolted-on” as their first resort. Security is not so different. Yet many enterprises are using external security appliances to secure their directly connected SD-WAN branches to the cloud. This bolted-on security norm comes as no surprise. In the current market, there are simply not enough SD-WAN solutions with a substantial level of integrated security.
The process of bolting on legacy security tools often creates unnecessary complexity and overhead because these standalone products were never truly designed for an SD-WAN deployment. These bolted-on tools do not share the WAN tenets and have a difficult time adapting to today’s agile and scalable SD-WAN solutions.
Having distinct security and networking domains at each branch not only increases the total cost of ownership but also complicates deployment, monitoring, and manageability. A simple policy update, for example, necessitates jockeying back and forth between two different monitoring dashboards. Managing integrated security and networking controls from a single console saves time and money and makes for an overall more efficient and effective system, just as using reinforced steel bars speeds up construction.
Cisco SD-WAN security reinforcing your WAN Network
Unlike other SD-WAN vendors’ solutions in which customers have to compromise on security, application experience or advanced routing, Cisco offers an integrated industry-leading SD-WAN with best-in-class security solution. This “no compromise” solution connects any device and any user to any cloud and delivers consistent threat protection from branch locations to the cloud edge.
With Cisco SD-WAN, multiple layers of enterprise-level security capabilities – such as application-aware firewall, intrusion prevention, URL filtering, file reputation, and simplified cloud security – can be deployed and managed through single interface dashboard, at scale.
Gaining additional protection with Cisco Umbrella, a secure internet gateway, is as simple as checking a box within the Cisco SD-WAN unified management console. Umbrella protects users across your Cisco SD-WAN from threats such as malware, ransomware, and C2 callbacks with no added latency
These integrated security capabilities are powered by Cisco Talos security engine, one of the largest threat-intelligence organizations in the world, to block sources with suspicious behaviors before they proliferate across the network.
To meet today’s highly flexible and scalable demands of an SD-WAN solution, a built-in security approach needs to be part of any SD-WAN architectural design to better detect and prevent evolving threats, while simplifying management and improving performance.
It’s time to reinforce your old network construction with Cisco SD-WAN security.
Aren’t you tired of spending time patching your cracked network?
To learn more about Cisco SD-WAN security, please visit cisco.com/go/sdwan-security.
The post Malicious Forces Cracking your SD-WAN Concrete? Reinforce your Network with Cisco SD-WAN Security appeared first on Cisco Blog.