October 2, 2024 • 45 mins
Summary Cisco’s “Security in 45” webinar series launched, focusing on security challenges and innovations, starting with firewalls and featuring expert discussions. Highlights
🔒 New monthly webinar series on security challenges.
🌐 Focus on Cisco’s history and evolution of firewalls.
💡 Introduction of innovative features like Encrypted Visibility Engine (EVE).
📊 Flexible management options for Firepower Threat Defense (FTD).
🛠️ Seamless integration with Active Directory and third-party solutions.
🚀 Opportunities for hands-on experiences with trials and sandbox labs.
🗓️ Next session on Cisco XDR scheduled for October 27th. Key Insights
🔍 The Evolution of Firewalls: Cisco’s journey from PIX to ASA to FTD highlights significant advancements in security technology, emphasizing the need for ongoing innovation. This evolution shows how Cisco adapts to emerging threats while enhancing user experience.
🔧 Management Flexibility: FTD offers various management options, including cloud-based solutions, simplifying administration for users and allowing for scalability in different environments. This flexibility is crucial for organizations looking to optimize security management.
🔑 Integration Capabilities: The ability of FTD to integrate with Active Directory and other third-party solutions is a major advantage, allowing users to enforce security policies based on user identity rather than IP addresses, streamlining operations.
⚡ Innovative Features: EVE allows for analysis of encrypted traffic without decryption, balancing security needs with user privacy, which is increasingly important in a data-sensitive world. This positions Cisco as a leader in firewall technology.
📈 Learning Opportunities: The webinar series provides valuable insights and hands-on experiences, empowering participants to engage with Cisco’s security solutions effectively. This knowledge-sharing is vital for professionals in the field.
🌍 Community Engagement: Cisco’s approach to security emphasizes collaboration with partners and customers, promoting a holistic view of network security that encompasses various technologies. This community-centric model enhances overall security resilience.
🎯 Future Innovations: Ongoing developments, such as the introduction of Cisco XDR, indicate Cisco’s commitment to staying at the forefront of cybersecurity, ensuring that organizations can respond to threats effectively and efficiently.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Well, good afternoon, everyone, or if you're in the West Coast, good morning to you. Today is Wednesday, September 20th.
(00:07):
And welcome to the kickoff of Cisco's newest security specific webinar security and 45.
Now, this is going to be a monthly webinar series, and we're going to talk about the latest security challenges in our industry.
And for us on the call, how to stay ahead of the game.
No slides, just good conversation. That's what this show is going to be all about each month.
(00:29):
And each session, we're going to have a special guests and they're going to be experts in particular topics.
I am very excited about the 2 amazing guests that we have today.
We invite you to enjoy the series. However, is best for you. You can watch in, or you can just listen in whatever you prefer. You can listen in from.
You know, at lunch, Jim break room, whatever you want to do, you don't necessarily have to have a screen in front of you to enjoy the series.
(00:57):
Who am I? My name is Mike, I'm 1 of your 2 hosts for the whole series and I'm joining from my home here outside of Raleigh, North Carolina. It is a beautiful sunny day here.
I'm about 10 miles from Cisco's RTP campus.
I've been in the security industry. I'm going to date myself here 20 years.
The last 14 of those have been at Cisco.
(01:19):
On various security related teams, and I've got to run into a lot of very fun people over the years, knowledgeable people. And I'm really excited to be here with you today.
Let me turn it over next to my partner in crime. Ladies and gentlemen, your cohost.
Or my cohost are Andre Sarmiento. Thank you Mike. Thank you for that intro. And yes, Andre Sarmiento here. Super excited about this new webinar series.
(01:48):
It's going to be incredible. I wish I had this a few years ago when I was starting in the field.
But just blessing of technology, we can do this and we can do it a lot of times.
So I come from a background from being a partner, being a customer and now working at Cisco.
(02:09):
Super excited to see everything that we get to see and, you know, as one of the ideas was we cannot wait to show you exactly what are the things that we have.
In store for you guys and.
Just with that, I'm going to pass it to Rob. Rob, introduce yourself if you don't mind.
(02:30):
All right. Well, thank you very much. Hello. My name is Rob Kator. I'm a technical solution specialist here at Cisco covering security.
I've been with Cisco for almost geez, 12 years now started out in the tech.
And now here in sales pleasure meeting you and I hope you have enjoyed this webinar.
(02:55):
All right, I think that's my cue. My name is Kiana Brown. I am currently a technical solution specialist in the US public sector.
But much like much like Rob, we work in the same team. We deliver on these different security solutions and I've been at Cisco say.
And that is not because I've been here very long. I would say probably about 7 or 8 years. I'm terrible with time, but something along those lines.
(03:21):
And spent a lot of time working with some firepower adjacent solutions before I really got to take the time to really zone in and focus on it.
So super excited to talk to you all today and to get this conversation started.
I'm really excited for today's topic, which is firewalls firewalls.
They're at the heart of security. They're fundamental to securing everything people, assets and companies.
(03:47):
Now, because firewalls are at the center of security, I mean, this is going to be a long series monthly, but we really wanted to start with firewalls here.
Rob and Kiana, your background with firewalls is quite extensive. I'm really looking forward to talking with you both today.
Kiana, I know you said you're not good with time, but I know you're good with firewalls.
You're always the firewall guy back in the tech days. So, so let's do it.
(04:12):
The first question and Rob, I'd like to start with you on this one. Sure. You don't mind here.
Why don't you give us all kind of an overview Cisco's history with firewalls. It's very long.
Like, when I started, I mean, we don't have anything to say, but where did we start? Where are we now?
All right. Well, thank you. Yeah. So it started back in the early 90s with the PICS firewall, right?
(04:40):
The PICS firewall provided basic firewall capabilities.
It actually was considered a pioneer in network firewalls.
It was the first commercially available firewall that introduced protocol specific filtering, denying or allowing access based off of protocol.
(05:02):
And it provided NAT capabilities to solve at the time.
The IP address shortages that we had, right?
And then in around 2005, Cisco introduced the ASA, which was a new and approved version of the PICS.
It provided more advanced, well, at least at the time, considered advanced features such as intrusion prevention, VPN capabilities, advanced application inspection, and so on.
(05:34):
Advanced application inspection and even QoS, right?
And the ASA became the staple for Cisco firewalls.
And then in about 2013, Cisco acquired Sourcefire.
And our first integration with Sourcefire and the ASA was with the Firepower module.
(05:57):
With that module, we were able to do more deep inspection of packets.
Malware detection and even URL filtering.
And it was a big step for us, but it did require two different managements, right?
So we had the management for the ASA and then the management for the Firepower module.
(06:18):
So in order to resolve that, Cisco developed Firewall Threat Defense or FTD.
This was a unified image that combined the well-established firewall capabilities of the ASA with those advanced threat detection capabilities of Sourcefire.
(06:43):
FTD is designed to provide a comprehensive security capabilities in a single solution, making it one of the, you know, making it a perfect solution for your business,
whether it's a small company or largest enterprises.
That's great. You know, it's interesting seeing the changes.
(07:06):
And you mentioned ASA. So, see, when I started, there were still some fixes out there that we were still supporting.
And it was what we call now the classic ASA.
And I remember manually having to update those ACLs and a lot of that stuff that now is just automated, but pretty interesting.
Nick, you know what else is a fun fact? I remember that ASA5505, that thing sat on my desk at TAC for so many years.
(07:31):
We kept pushing out that end of life day because it just kept working.
It was a beast. Yeah, a little box, but it did its job.
But like you mentioned, you know, now we've got that FTD.
Things are more updated, you know, zero-day threats are downloaded immediately.
So very cool stuff.
Yeah, no. And you know what, from the things that I remember, I remember the PICS.
(07:54):
Actually, that was the first thing that I migrated to an ASA long time ago. It was crazy.
Just a little bit of nostalgia here. Anybody remember what PICS stands for?
Whoa. You want me to tell you?
Let's do it. Let's do it, Rob.
(08:14):
Private Internet Exchange.
There you go. Exactly. Yeah, I didn't know what it meant at the time.
All right, let's keep going.
Keon, I think one of the things that our audience wants to know probably,
just to understand the high level of the Cisco Secure firewall story,
(08:40):
what are the primary differences between FTD and the ASAs?
If you don't mind going over that for a bit.
Okay, sure. So, I mean, Rob alluded to a few of them already, right?
So, I mean, when we look at just the ASA core software, right?
And this is not having a Firepower Services module.
(09:01):
We're looking at the basic capabilities of a firewall to really take it to that next level,
right? That's when we're going to start looking at software that we call FTD.
Cisco is terrible at acronyms and using them for everything.
So I'm going to try to explain all of them.
The first one is going to be FTD, which is Firepower Threat Defense, right?
So Firepower Threat Defense gives us the capability to use what we call those next-gen
(09:22):
capabilities. So that intrusion detection and prevention is pretty standard for most
modernized firewalls today. But you'll also have the capability to take a look at how we can do
some layer 7 filtering with application visibility and control. We also have the capability to take
a look inside of that traffic through quite a few features and be able to make a discernment of
whether we want to permit or deny some of that traffic as well. And then on top of that, it
(09:46):
doesn't stop, right? We also have the capability to do URL content filtering there too. And the
way that we license it now is a little different than how we would license it on the ASA, right?
Most of the licenses you'll see for Firepower Threat Defense are going to be typically through
smart accounts. And we use them as something we call TMCs, right? So that threat, that malware,
(10:07):
and content. And respectively, right, that threat is your intrusion detection, intrusion
prevention capabilities. The malware portion, which is a really, really cool portion, allows
us to take a look at the files within that traffic if we decrypt it, right, and be able to make a
decision on whether those files, those attachments, or anything along those lines are clean and
malicious. And then the next thing that we have, right, is C, which stands for content. It goes
(10:30):
straight to content filtering there too. So, I mean, even just licensing aside, there are other
things that we bring into play when we talk about Firepower Threat Defense, right? One of them is
also going to be the capability to actually be able to pull threat intelligence information from
Talos. And then along with pulling threat information from Talos, we also have
Active Directory integrations. So we can also take a look at the identities that are associated to
(10:55):
the events that we see in the console, right? So these are just a few things that are just starting
very, very high level. But even if we take it a step further, right, we can take it one more step
further and actually talk about what exactly the Firepower Threat Defense software sits on top of,
right? In the past, right, there have been virtual and physical appliances moving towards
Firepower Threat Defense and other technologies in the future. We are definitely looking and
(11:18):
gearing more towards, you know, some cloud-based services. And of course, some of those cloud-based
services, so we can do Firepower Threat Defense on top of AWS, for example, right? We can take it
even a step further in terms of how we want to go, you know, with innovation. I think those are some
of the main differences that I can think of off the top of my head. That's awesome. That's great
information. I like the flexibility and the things that we can integrate with. I guess at some point
(11:45):
we're going to discuss some of those things. But before that, I want to bring another piece of
nostalgia for everybody here. The Cisco VPN 3000 concentrator. Anybody remember that one?
I remember, yes. The 3K. That was another one that we got to play with. So.
I love that even then we choose to abbreviate even the 3000. We're just like, no, 3K is fine too.
(12:10):
Like we just love shorting things, don't we? Thinking back on it. We know we love our acronyms
here at Cisco, right, Niana? Oh, for sure. No, but I think that question is great because that's a
big one I get from a lot of customers is like, I have an ASA. Where do I go from here? You know,
(12:31):
and there is an education piece about like, well, what is the FTD and, you know,
why do I want to move there? And some of those things you mentioned are so key. A lot of that,
even just simple stuff, what we call simple now, but just the ability to integrate with
Active Directory. And I don't need to like memorize all my IP addresses and all my IP schemes. I can
(12:52):
make a rule based on an Active Directory username or group. So. Excellent. How do somebody talk about
like the management of this new great FTD platform? You know, like Rob, when I would go to you with
all my firewall tackles back in the day, it was always on ASDM. How do I manage? You know, I've
(13:13):
got some firepower firewalls running this FTD software and open floor. Just how are the management
options there? Well, the good news is no more Java, right? So ASDM gone, right? To be honest,
I mean, that's one of the great things about firepower because there are several different options
(13:35):
to manage your devices depending on your needs and preferences, right?
Each option provides ways to configure and control your devices, but they do differ a little bit,
right? So first we have the Firewall Device Manager or FDM if you want to use your acronyms.
(13:55):
This is a local web based interface for managing individual FTD devices. It's an easier solution
typically seen in smaller environments that prefer a more device specific management approach, right?
Firewall Device Manager offers a simplified interface for configuring security policies,
(14:21):
network objects and basic monitoring, right? But it does lack some of those advanced features that
you would see in other solutions such as the Firewall Management Center or FMC, right? So FMC
is a comprehensive centralized management solution that provides not only advanced visibility and
(14:46):
reporting capabilities, but you can manage a single device to hundreds of devices all from a
single interface, right? It provides advanced policy management, customized intrusion prevention
rules. You can actually even create your own intrusion prevention rules, malware detection
(15:09):
and application controls. FMC also provides advanced threat intelligence and analytics to help you
identify and respond to security threats. Now for those that are moving towards the cloud,
(15:29):
we have Cisco Defense Orchestrator or CDO, right? CDO is a cloud based management service
platform that is designed for simplified security policies, not only for FTD devices, but you can
manage the security policies for ASAs, iOS and even Meraki MX devices. But recently we've added
(15:58):
the cloud delivered FMC into CDO. So now we have those same functions and features that you would
get with an on-premise FMC, but hosted in the cloud. So you can connect to CDO without having
a VPN into your network. You can even connect to it from your phone if you wanted to. And then of
(16:20):
course, there's always the REST APIs, right? So APIs are a kind of a
programming interface that allows you to manage and get information from your devices.
So a lot of options there for managing FTD. I personally like the cloud management one. I mean,
(16:43):
if my firewall has internet access, then that's all I need. Let Cisco host it in the cloud. I just
have a username and password and as long as my firewalls can reach the cloud, I'm good to go.
Yeah. And then you don't have to worry about the hardware or, you know, in my situation, I don't
have the server to spin up a virtual FMC and I don't have to maintain it. I don't have to update
(17:08):
it or anything. Cisco takes care of it. We definitely see that in the industry too,
not just firewalls, but in general, everything moving to like SaaS based offerings.
Hey, just give me an account. Just, you know, let me have an accountant management.
I don't want to be the guy that is always bringing the nostalgia back, but I do remember from
(17:29):
the past, the management was a little tricky. It was a little difficult, but I think we have to
think that, you know, there's been a lot of enhancements, flexibility, just, you know, having
multiple options to have a way to manage your firewalls. That's really good. It's actually
(17:50):
really good to see. All right. So I guess we do have a few more questions and this one is
one that is really, really, really important to me, important from seeing multiple vendors,
(18:11):
seeing multiple solutions and just, let's talk about a little bit of how FTD will fit into
our customer's ecosystem. Like let's talk integrations. What are the things that
you guys see in the field and find out about? What are the things that you guys see in the field?
(18:32):
And if you don't mind, anybody can answer this one and just go for it.
Yeah. I mean, I love to talk, so I'll hop in here. It's been a few minutes. It's been awful.
So in terms of, you know, some integrations that I typically see, right, or at least I think can
prove to be the most useful from a scalability perspective, right? One of them I actually referred
(18:53):
to earlier was the Active Directory integration, but the way that that happens, right, we used to
have an overall user agent that was deployed, but now we've actually leaned on the identity services
engine to give us that information, to query that from that Active Directory source or other
identity sources as well, right? It doesn't just have to be Active Directory. That's one primary
(19:13):
integration that I usually see. We used to have a lot of jokes around talking about, you know, how
it's a story of fire and ice, but I don't think that stuck too well, but that was definitely one
of the primary integrations that I had personally seen. There are some other ones that are happening
too. I think one that is not necessarily open or I should say everyone's aware about is the umbrella
(19:36):
and the firepower integration as well, right? If you're not familiar with umbrella, umbrella is
essentially going to be helping us from a DNS level, right, to be able to block or to permit
access to different types of domains based on the threat intelligence information we get, right?
So most of the solutions that we have are going to be powered by our Talos threat intelligence
source. And another integration that comes to mind now that I'm thinking about it is also
(19:59):
extra threat intelligence feeds, right? Right now, as far as spinning up firepower in this kind of
native state, I should say, natural born state, right? You'll get the threat intelligence sources
from Talos threat intelligence, but there are other external threat feeds that you could pull
from as well, right? So it's not just limiting you to one team, right, if that's something you
don't want to do, you can pull from multiple different sources that can once again help you
(20:22):
to make more educated, more defined decisions, right? Another one I'm trying to think of off
the top of my head, if you're not aware, actually, this is a good one, is also going to be Cisco XDR.
Now it's called Cisco XDR, but XDR stands for Extended Detection and Response, right? But they're
calling it Cisco XDR. So what you can do with Cisco XDR is you can also pull an telemetry from
(20:45):
firepower into what we call that kind of single pane of glass solution, allow us to make those
ultimate decisions based on the incidents that we see across different platforms, right? So those
are some of the primary ones that we've seen, but it's not just limited to Cisco solutions, right?
We still have integrations with other third parties that we do either via APIs, for example,
or other types of ways that we may bring those together. So it's a very scalable ecosystem,
(21:09):
I think, that firepower can reach. And that's what it should be, right? At its base, a firewall is
kind of that, you know, that I would say almost like the bare minimum layer, right? So we need
to make sure it's as scalable as possible. I like the idea that we can integrate with
third party as well, third party and, you know, native Cisco integrations. I think it's important,
(21:34):
and a lot of people don't understand the breadth of Cisco in a topology, Cisco security specifically,
like where the endpoint, the network, you know, the data center, any of the cloud providers,
your private cloud you may have. But when we start talking about integration, specifically with
firewall, we're kind of like connecting into all of those areas. And that really helps with things
(21:57):
like threat hunting as well. Having my firewall, you know, maybe I detected this threat through
an email that came in, but I'm able to use the capabilities that the firewall is giving me to
provide insight into that threat that was, you know, originally detected in an email.
Yeah, like the whole point of that is just, oh, sorry, Rob brought up his hands. Did I interrupt
(22:18):
you? No, please go ahead. All I was going to say is, right, that just brings back the basis of just
shortening and minimizing the overall mean time to respond, right? Time is of the essence in any
type of ecosystem when it comes to security. So that's all I wanted to say there. But Rob,
please, by all means. I just wanted to add about the integrations, you know, it's not just Cisco,
(22:42):
right? Because Cisco collaborates with, you know, other technology partners to ensure that the FTD
can integrate effectively with other security solutions that are out there in the market.
You know, our goal is to make a holistic approach to network security. Yeah.
That's actually really good. Yeah. I mean, I think that we can probably talk all day about the
(23:08):
integrations. There are so many great things that we can see. We get to see customers just, you know,
exporting all logs, using all logs to support it to SIEMs, to XDR systems. It's not only Cisco XDR,
of course, you know, that is an availability for multiple customers and just the ease of integration
(23:29):
with multiple systems just makes a lot of sense. So that's great. And I think we could have a whole
call, like you said, Andre, on just integrations among Cisco products, not just firewall. Maybe
we'll do that. And Kiana, thank you for the plug about Cisco XDR, which is going to be our next
(23:50):
call. So excellent work there. All right. A couple months ago, we had internal training about
internal training about what we call the firewall road skill. And we talked a lot about
firepower and the latest and greatest in terms of technical advancements and innovations.
(24:11):
Some of those are things that only Cisco has. And I thought it was pretty amazing.
Let's talk about some of those innovations and why are Cisco firewalls,
you know, the leader in our industry when it comes to security.
Oh, okay. So I think one of the ones that I, it's my personal favorite, just because I think it's
(24:32):
such a cool topic. And I don't think it's discussed enough is something called EVE, which once again,
acronyms, right? EVE stands for the encrypted visibility engine. So essentially it allows us
to be able to identify applications and the processes of those applications without decrypting
encrypted traffic, right? Which sounds like it sounds a little bit like a misnomer, right? But
(24:56):
essentially the way that we do that is we're taking a look at the client hello packets and
the fingerprinting of those particular applications. And then we're actually taking that back to our
app ID database, which has 7,000 applications so far, right? And we're able to identify those.
And then we can give you that information in multiple different areas, right? The most
popular area in terms of depending on your management style is going to be some type of
(25:20):
event viewer. So for FMC, it's a unified event viewer, for example, you can actually take a look
at the applications that are in some of that traffic without actually having to do the
decryption. The reason why this feature is so important, right? Is because I think anyone
that's been on this call that's had any type of conversations with firewall vendors have always
talked about the capability of SSL decryption specifically. And so with the overall topic of
(25:45):
SSL decryption, usually there's always that kind of caveat that says, hey, depending on the amount
of traffic that you're looking to decrypt, there may be some type of performance on the firewall,
right? We don't have to worry about that with the encrypted visibility engine if we're just taking
a look at the applications and the processes are inside of it, right? And then that also saves a
lot of money too, right? And I mean, I love saving money, right? I love Target. And so I think that
(26:09):
when we get to those big cups, oh yeah, exactly. This is what I'm talking about, right? Saving money
so I can buy my, you know, just feed my addiction, my collection. And so, you know, it saves a lot of
money there too, right? Because when we're talking about any potential performance hits in the past
and enabling SSL decryption, usually you have to kind of over utilize a firewall or meaning you
(26:30):
have to kind of over spec it, right? At this point, you can actually work with what exactly it is the
requirements you're looking for without having to think about these, you know, kind of like,
you know, doomsday caveats such as, right? Taking a look at the applications within that traffic.
So that's one of the first ones that I think is just a really cool feature. And the reason I think
it's super cool as an engine is because all you have to do is click a radio button to enable it
(26:54):
in your access control policy, right? So, I mean, that's one thing that I think is really
cool to use there. Now, keep in mind that with the encrypted visibility engine that is on
Firepower version 7.2, keep me out on this everyone, I think it's 7.2 and above. But there is
another feature that was available a little bit earlier than that, like in the 6.x days. And this
was something called TLS Server Identity Discovery, which doesn't have an acronym, so it doesn't really
(27:20):
roll off the tongue really, right? But that allowed us to be able to essentially unencrypt the
certificate information, the server certificate information by doing kind of like a sidecar,
you know, session. So for example, if we had a connection coming in on TLS 1.3,
you could do a sidecar conversation that opens a TLS 1.2 conversation to take a look at that
(27:40):
information. Once again, this is also something that we could do in terms of, you know, utilizing
some of those innovative features. And that was only like the top two, right, that I think about
off the top of my head. There, even in our firewall roadshow, I think we had about what,
four different use cases covering a myriad of other information too.
You know, Rob, before I know you probably want to jump in as well, but
(28:04):
the ability to analyze encrypted traffic without decrypting, I mean, I agree when I first heard
that, it was kind of mind blowing because, you know, most of my tech career was on the BPN team,
and that's all we did was encryption and privacy and the integrity of traffic. And with this
technology now, we are able to have our policies still apply without actually compromising the
(28:30):
privacy of the data. Because like you said, we're just looking at fingerprints of the encrypted
headers basically. And it's just pretty amazing. Cisco being the only vendor in the world that can
currently do that. It's incredible to me that, you know, 80% of the world's traffic, over 80%
is encrypted. So we spend so much time fine tuning our policies. Like we want our users to be able
(28:55):
to go here safely, but not to these other more dangerous sites. And the user can just skip all
of that just by encrypting that traffic. And we can't enforce that policy anymore. So I really
like the concept of being able to keep everyone's data private, but still being able to enforce our
policies. Like you said, Kiana, looking at a data sheet saying, this is the firewall you want,
(29:16):
but if you want to really enforce those policies, you know what? You can still do that at line rate
speed by toggling a button. Pretty amazing. Time to be alive truly.
So many, yeah, so many, so many features, so many things to do with the innovations that we started
seeing a few years ago and get to see today. And I don't know if you guys heard there's a new
(29:46):
improvement that is a chat bot. I don't know if you guys heard about this one. It's coming. It's
pretty fresh out of the, out of the, the oven, but it's pretty cool. Actually one of the things that
I want to do at the end of it, or maybe in a further webinar is just talk about that because
(30:07):
it's interesting. It allows you to talk to the firewall, right? Just say, Hey,
do I have any policies that are not being used? So pretty cool. And it responds right away,
just like chat, dbt type of thing. Yeah. And Kiana mentioned, you know, applications and
we now have SD-WAN light or light capabilities, right? So now with firepower, we can direct
(30:33):
traffic based off of the application. So if we have multiple, uh, internet links, right, we can send
WebEx traffic over the primary link or some other application off the backup link and we can monitor
the link's health, right? So depending on the round trip time or packet loss, we can pick and
(30:54):
choose which interfaces we want to send that traffic. So a lot of capabilities are being added
into firepower, which is really exciting to see. And Rob, that ability for the SD-WAN light use
cases, that's automated, I'm assuming, right? Yep. We can go in there and manually do anything,
based on something like getter or latency delay. Right, right. So we'll constantly monitor the
(31:15):
interface itself. If something changes, we can reroute the traffic a different path.
That's awesome. That's very cool. The other thing I would just think top of mind is,
you know, we just talked about a lot of software-based features, but then the
hardware as well. Cisco's always coming out with, you know, leading hardware technology as well,
(31:39):
like the new 4200 series. I know the 1150 has been out a while, but some pretty cost-effective
solutions for the wide breadth of customer base that Cisco has. Yeah, yeah. And thank you for that.
Actually, I want to mention something about the 3105, just, you know, with the issues that we had
with logistics and, you know, making this hardware platform, this one, it will start just
(32:07):
with that in mind. So with the shortage on supplies and this platform, 3105, and I think the new
4200 is going to be around more effective supply chain. So we're going to see some improvements
on that area. Now, I'd like to move to the next one. And yeah, this one, I think it touches a
(32:30):
little bit on that nostalgia. I think I mentioned this three times today on the webinar series,
but if anyone can just talk about a little bit of growing pains that we've had with firepower
in its early years, anything that you can mention that, you know, we cannot really, I'm pretty sure
(32:50):
we cannot relate with some of them, but I'd like to hear from the experts on the call, if you don't mind.
Yeah, absolutely. You know, the Sourcefire acquisition brought significant expertise and
technologies to Cisco, right? And integrating Sourcefire's advanced threat detection and
(33:11):
technologies into our existing security products required complex re-engineering.
Complex re-engineering, right? We were talking about taking two very different software architectures
as well as like cultures and technologies and adding them, you know, each one had different
(33:35):
roadmaps. And so deciding which features to implement first was challenging, right?
So in order to resolve that, you know, Cisco not only spent a lot of money, but time and resources
to address these issues. And we continue to invest in all of our security products,
(33:58):
you know, refining and enhancing the integration of Sourcefire's technologies to
expand our cybersecurity portfolio. And honestly, now we're starting to see those results, right?
So not only with the number of features that Keanu mentioned, you know, the policy-based routing,
(34:19):
clustering, multi-instance, we have that crypto accelerator chip now to alleviate a lot of the
processing of encrypted traffic. But to me, more importantly, we're not just talking about
the security, but to me, more importantly, stability, right? So when Firepower was first
(34:41):
introduced, it could take quite a long time to deploy changes. And if your deployments ever did
fail, it was very difficult, not only for our customers, but for ATT&CK to understand exactly
why a deployment failed. And so, you know, troubleshooting is critical to Cisco as well.
(35:09):
And so we've made it so much easier to not only understand why a deployment may have failed,
for example, but reducing the time and effort to correct the problem.
That's awesome. That's like some to hear. That's beautiful.
Yeah. And, you know, I remember I lived those days right there with you, Rob and ATT&CK. And,
(35:31):
you know, that was challenging when Firepower first came out. It obviously on the 7.x code,
it's been like you mentioned, stability is huge for me too, you know, coming from ATT&CK. And
it's been stable for many, many years. But, Andreas, I'd like that you brought up that question.
I think it's important to consider the journey. And, you know, I tell my kids this as well. Like,
(35:54):
if you're going to get to a successful position where you really want to be, you know, you're
going to have challenges and you may stumble along those along the way. But to get to something
really great like we have in FTD today, you know, it doesn't happen overnight. But I'm really
personally proud of our firewalls and especially talking about some of the innovations that they
(36:17):
have now, pretty remarkable stuff. Yeah, yeah, I agree. Actually, remember that what Rob just
mentioned about the deployments, it used to take a long time. I think I had five cases with probably
one of you two. I don't remember. We remember you, Andreas. Oh, not that guy again.
(36:46):
You know, one thing, and this is probably a good opportunity to bring this up is
that, you know, the reason it's stable to now is software based generally, you know, with some
unification of hardware as well. But if you are running that older six code, that early six code,
do reach out to us on the call or your more directly your Cisco account team. We help
(37:14):
customers get onto stable code. And if you're listening on this call and you're like, hey,
I'm one of those customers that's running that old six dot X version of FMC, need to consider
getting to that seven dot X code for stability. All the innovations that we've talked about today,
including Eve, as well as deployment times, you know, there's a packet processing, everything
(37:39):
has improved just with a simple software upgrade. So just stuff to keep in mind there.
Absolutely, absolutely. All right. Next to maybe just 30 seconds. How does the customer
start using Firepower? I'm on this call. I like what I hear. How do I get started?
(38:02):
The first thing I'd say is, you know, reach out to your account team, right? Because I mean,
there's a few different ways you could go about it, right? One of the most common ways, right,
especially from moving from ASA to Firepower Threat Defense, you could use a Firepower Migration
tool to actually be able to facilitate with that, right? But there are also capabilities in place.
If you wanted to move from a non Cisco firewall to a Cisco firewall, we actually have programs
(38:28):
that would assist you in that migration there too, right? And then another thing to keep in mind is,
you know, of course there are opportunities for us to perform demos and whatnot for you all,
but you really won't get the best idea of how it works in your environment until you do it, right?
So we also have capabilities to do 90 day Firepower virtual trials, right? On top of,
(38:48):
you know, VMware, for example, and you'll be able to actually, you know, try it before you buy,
right? And that's if you decided to buy. If not, right, you can use those comparisons and give us
that feedback and we'll do what we can with that information. So, okay, that was probably more than
30 seconds, but I think I hit on at least the high points of what you could do. One more thing,
you could also, if you don't want to deploy Firepower Threat Defense in your own environment,
(39:12):
you don't want to use those virtual resources, right? You can also come to us and we can build
a sandbox lab for you to try these things out, right? And you can actually test out those
features, break and fix as much as you want, or you can just break stuff and leave it for us to
fix too, right? It's kind of the fun of the trial. So I think those are a few things that off the top
of my head that we can do there. I hope I didn't miss anything. Did I, Rob?
(39:34):
No, yeah. The only other thing I was going to add was if you just want to play around with
an environment that's already set up, kind of like you alluded to, Kiana, it's a nice easy way to do
that. Here's your username and password. Have fun. Let us know what you think. Well, we are coming
up on time here. We're going to jump to quick to the lightning round. We'll just get a couple
(39:55):
of these questions in here before we close this out. Let's have some fun with this. All right,
Kiana, I'm going to go straight to you. Real quick answers if we can here. What is the most underrated
feature in Firepower in your opinion? Oh, I already said it, Eve. I think Eve by far.
Yeah. Encrypted analysis capabilities. Okay, I like that. Impact flags. What was that? Impact
(40:24):
flags. Yes, yes. Good one. Wow, great call. All right, follow-up question for you, Kiana. If Cisco
licensing, which we all know and love, was a food item, what gift would it be and would it come with
extra complexity sauce? Oh, for sure. That would be the garnish for sure. That's like the icing on
(40:47):
top. I've been watching a lot of cooking shows lately. I'd say like it's like a risotto because
like when I first started making risotto, I thought it was easy and then there's so many sub layers
to it, right? At first I was like, oh, it's TMC licensing. Very simple, very straightforward and
it's so much more to it than that. So I'd say a risotto with a little complexity garnish.
(41:10):
That was good. That was good. Now, Rob, I have a couple questions for you. First one,
what is your preferred management method for Firepower? Cloud-deloaded FMC. For me,
it's just easy. It works. It's simple to set up. And you don't have to maintain a VM. Absolutely.
(41:32):
I agree with that one. All right, the next one. This one seems a little serious and important.
Do Cisco firewalls ever engage in debates with routers about who is more critical to the network?
Have you heard that? Do they engage in debates with routers? No. I mean, everyone knows that
(41:56):
the firewall is more important. No, but the nice thing is we can deploy the snort engine in a
virtual container on some of our routers. So now you have the best of both worlds.
Oh, wow. Yeah. Very nice. All right. Good. Well, we could keep these Cisco-themed dab jokes going
(42:18):
all day. But, Andres, why don't we wrap this one up with a quick summary? I'll start it off just to
add my personal takeaways. Rob, we started off with you kind of going through that evolution.
We went way back in the day. I still can't remember what it's called anymore, what the acronym stands
for, but PICS. We went into the ASA, we had the transformation into Firepower, and today we're
(42:40):
at the stable FTD software. I thought it was important, Andres, that you brought up the journey
to get there, some of the pain points that Cisco went through to get to where we are now.
And Kiana, you talked about some of those features of FTD. We talked about the T, the M, the C,
the threat, the malware, the content filtering that are all built in that we don't have to update.
(43:02):
We get those feeds from Talos in real time for threat information. One of my favorites was that
Active Directory integration, as well as a Veo location, and I could keep going. Andres, what
about you, some of the key takeaways? Yeah, actually, one of the things that really resonated
with me, and I hope it resonates with our audience, is the flexible deployment options for FMC,
(43:28):
all FMC, just multiple ways of managing your Firepower. I guess we didn't touch too much on
the migration from ASA, but that is another great thing that we think it's going to be,
it's going to help a lot of our customers. The integrations makes a lot of sense. This is a
key differentiator between what we do, what other companies are doing, and this is huge. And I guess
(43:56):
the ability that we have internally to help our customers do those migrations, I guess there's
a few things that we can do, engage a team, it's called the Firestarted team, and basically we can
help with those migrations. Last thing, which I think is super cool, is the ability to get started
(44:17):
running and playing with Firepower. You can do it, download the image, if you don't want to,
download the image and you have access to a cloud environment, let's say Azure, AWS, you can just
spin up an FMC, an FTD, and then start playing with it with full capabilities for 90 days, I
believe. So those are the highlights from this session today from my end, and just super happy
(44:44):
to be here, and let's do this again next month. Great, yeah. A lot of the things that we've done
today, we've done a lot of things, but we're going to keep it up to date. Great, yeah. On that note,
Andres, thanks for being an amazing co-host and a huge thanks to Rob and Kiana for making today's
session possible. I really appreciate all you do in the security industry. I know there's a lot of
(45:10):
stuff outside of this call that you certainly help out with. Our next call is going to be on Cisco XDR,
keep it at noon so people can just listen in even over their lunch break, whatever's best for them.
You definitely don't want to miss this one. We're going to talk about what XDR is, what it does,
and how it can make you look like a complete security hero. I really hope you guys have enjoyed
(45:34):
this kickoff session to the series as much as I have. We'll see you on the next one. If you get
a survey, we'd love to hear your feedback. Have a terrific day, everyone, and we'll see you soon.
Thank you. Thanks, everyone. Have a good day. You too.
Well, good afternoon, everyone, or if you're in the West Coast, good morning to you. Today is Wednesday, September 20th.
(00:07):
And welcome to the kickoff of Cisco's newest security specific webinar security and 45.
Now, this is going to be a monthly webinar series, and we're going to talk about the latest security challenges in our industry.
And for us on the call, how to stay ahead of the game.
No slides, just good conversation. That's what this show is going to be all about each month.
(00:29):
And each session, we're going to have a special guests and they're going to be experts in particular topics.
I am very excited about the 2 amazing guests that we have today.
We invite you to enjoy the series. However, is best for you. You can watch in, or you can just listen in whatever you prefer. You can listen in from.
You know, at lunch, Jim break room, whatever you want to do, you don't necessarily have to have a screen in front of you to enjoy the series.
(00:57):
Who am I? My name is Mike, I'm 1 of your 2 hosts for the whole series and I'm joining from my home here outside of Raleigh, North Carolina. It is a beautiful sunny day here.
I'm about 10 miles from Cisco's RTP campus.
I've been in the security industry. I'm going to date myself here 20 years.
The last 14 of those have been at Cisco.
(01:19):
On various security related teams, and I've got to run into a lot of very fun people over the years, knowledgeable people. And I'm really excited to be here with you today.
Let me turn it over next to my partner in crime. Ladies and gentlemen, your cohost.
Or my cohost are Andre Sarmiento. Thank you Mike. Thank you for that intro. And yes, Andre Sarmiento here. Super excited about this new webinar series.
(01:48):
It's going to be incredible. I wish I had this a few years ago when I was starting in the field.
But just blessing of technology, we can do this and we can do it a lot of times.
So I come from a background from being a partner, being a customer and now working at Cisco.
(02:09):
Super excited to see everything that we get to see and, you know, as one of the ideas was we cannot wait to show you exactly what are the things that we have.
In store for you guys and.
Just with that, I'm going to pass it to Rob. Rob, introduce yourself if you don't mind.
(02:30):
All right. Well, thank you very much. Hello. My name is Rob Kator. I'm a technical solution specialist here at Cisco covering security.
I've been with Cisco for almost geez, 12 years now started out in the tech.
And now here in sales pleasure meeting you and I hope you have enjoyed this webinar.
(02:55):
All right, I think that's my cue. My name is Kiana Brown. I am currently a technical solution specialist in the US public sector.
But much like much like Rob, we work in the same team. We deliver on these different security solutions and I've been at Cisco say.
And that is not because I've been here very long. I would say probably about 7 or 8 years. I'm terrible with time, but something along those lines.
(03:21):
And spent a lot of time working with some firepower adjacent solutions before I really got to take the time to really zone in and focus on it.
So super excited to talk to you all today and to get this conversation started.
I'm really excited for today's topic, which is firewalls firewalls.
They're at the heart of security. They're fundamental to securing everything people, assets and companies.
(03:47):
Now, because firewalls are at the center of security, I mean, this is going to be a long series monthly, but we really wanted to start with firewalls here.
Rob and Kiana, your background with firewalls is quite extensive. I'm really looking forward to talking with you both today.
Kiana, I know you said you're not good with time, but I know you're good with firewalls.
You're always the firewall guy back in the tech days. So, so let's do it.
(04:12):
The first question and Rob, I'd like to start with you on this one. Sure. You don't mind here.
Why don't you give us all kind of an overview Cisco's history with firewalls. It's very long.
Like, when I started, I mean, we don't have anything to say, but where did we start? Where are we now?
All right. Well, thank you. Yeah. So it started back in the early 90s with the PICS firewall, right?
(04:40):
The PICS firewall provided basic firewall capabilities.
It actually was considered a pioneer in network firewalls.
It was the first commercially available firewall that introduced protocol specific filtering, denying or allowing access based off of protocol.
(05:02):
And it provided NAT capabilities to solve at the time.
The IP address shortages that we had, right?
And then in around 2005, Cisco introduced the ASA, which was a new and approved version of the PICS.
It provided more advanced, well, at least at the time, considered advanced features such as intrusion prevention, VPN capabilities, advanced application inspection, and so on.
(05:34):
Advanced application inspection and even QoS, right?
And the ASA became the staple for Cisco firewalls.
And then in about 2013, Cisco acquired Sourcefire.
And our first integration with Sourcefire and the ASA was with the Firepower module.
(05:57):
With that module, we were able to do more deep inspection of packets.
Malware detection and even URL filtering.
And it was a big step for us, but it did require two different managements, right?
So we had the management for the ASA and then the management for the Firepower module.
(06:18):
So in order to resolve that, Cisco developed Firewall Threat Defense or FTD.
This was a unified image that combined the well-established firewall capabilities of the ASA with those advanced threat detection capabilities of Sourcefire.
(06:43):
FTD is designed to provide a comprehensive security capabilities in a single solution, making it one of the, you know, making it a perfect solution for your business,
whether it's a small company or largest enterprises.
That's great. You know, it's interesting seeing the changes.
(07:06):
And you mentioned ASA. So, see, when I started, there were still some fixes out there that we were still supporting.
And it was what we call now the classic ASA.
And I remember manually having to update those ACLs and a lot of that stuff that now is just automated, but pretty interesting.
Nick, you know what else is a fun fact? I remember that ASA5505, that thing sat on my desk at TAC for so many years.
(07:31):
We kept pushing out that end of life day because it just kept working.
It was a beast. Yeah, a little box, but it did its job.
But like you mentioned, you know, now we've got that FTD.
Things are more updated, you know, zero-day threats are downloaded immediately.
So very cool stuff.
Yeah, no. And you know what, from the things that I remember, I remember the PICS.
(07:54):
Actually, that was the first thing that I migrated to an ASA long time ago. It was crazy.
Just a little bit of nostalgia here. Anybody remember what PICS stands for?
Whoa. You want me to tell you?
Let's do it. Let's do it, Rob.
(08:14):
Private Internet Exchange.
There you go. Exactly. Yeah, I didn't know what it meant at the time.
All right, let's keep going.
Keon, I think one of the things that our audience wants to know probably,
just to understand the high level of the Cisco Secure firewall story,
(08:40):
what are the primary differences between FTD and the ASAs?
If you don't mind going over that for a bit.
Okay, sure. So, I mean, Rob alluded to a few of them already, right?
So, I mean, when we look at just the ASA core software, right?
And this is not having a Firepower Services module.
(09:01):
We're looking at the basic capabilities of a firewall to really take it to that next level,
right? That's when we're going to start looking at software that we call FTD.
Cisco is terrible at acronyms and using them for everything.
So I'm going to try to explain all of them.
The first one is going to be FTD, which is Firepower Threat Defense, right?
So Firepower Threat Defense gives us the capability to use what we call those next-gen
(09:22):
capabilities. So that intrusion detection and prevention is pretty standard for most
modernized firewalls today. But you'll also have the capability to take a look at how we can do
some layer 7 filtering with application visibility and control. We also have the capability to take
a look inside of that traffic through quite a few features and be able to make a discernment of
whether we want to permit or deny some of that traffic as well. And then on top of that, it
(09:46):
doesn't stop, right? We also have the capability to do URL content filtering there too. And the
way that we license it now is a little different than how we would license it on the ASA, right?
Most of the licenses you'll see for Firepower Threat Defense are going to be typically through
smart accounts. And we use them as something we call TMCs, right? So that threat, that malware,
(10:07):
and content. And respectively, right, that threat is your intrusion detection, intrusion
prevention capabilities. The malware portion, which is a really, really cool portion, allows
us to take a look at the files within that traffic if we decrypt it, right, and be able to make a
decision on whether those files, those attachments, or anything along those lines are clean and
malicious. And then the next thing that we have, right, is C, which stands for content. It goes
(10:30):
straight to content filtering there too. So, I mean, even just licensing aside, there are other
things that we bring into play when we talk about Firepower Threat Defense, right? One of them is
also going to be the capability to actually be able to pull threat intelligence information from
Talos. And then along with pulling threat information from Talos, we also have
Active Directory integrations. So we can also take a look at the identities that are associated to
(10:55):
the events that we see in the console, right? So these are just a few things that are just starting
very, very high level. But even if we take it a step further, right, we can take it one more step
further and actually talk about what exactly the Firepower Threat Defense software sits on top of,
right? In the past, right, there have been virtual and physical appliances moving towards
Firepower Threat Defense and other technologies in the future. We are definitely looking and
(11:18):
gearing more towards, you know, some cloud-based services. And of course, some of those cloud-based
services, so we can do Firepower Threat Defense on top of AWS, for example, right? We can take it
even a step further in terms of how we want to go, you know, with innovation. I think those are some
of the main differences that I can think of off the top of my head. That's awesome. That's great
information. I like the flexibility and the things that we can integrate with. I guess at some point
(11:45):
we're going to discuss some of those things. But before that, I want to bring another piece of
nostalgia for everybody here. The Cisco VPN 3000 concentrator. Anybody remember that one?
I remember, yes. The 3K. That was another one that we got to play with. So.
I love that even then we choose to abbreviate even the 3000. We're just like, no, 3K is fine too.
(12:10):
Like we just love shorting things, don't we? Thinking back on it. We know we love our acronyms
here at Cisco, right, Niana? Oh, for sure. No, but I think that question is great because that's a
big one I get from a lot of customers is like, I have an ASA. Where do I go from here? You know,
(12:31):
and there is an education piece about like, well, what is the FTD and, you know,
why do I want to move there? And some of those things you mentioned are so key. A lot of that,
even just simple stuff, what we call simple now, but just the ability to integrate with
Active Directory. And I don't need to like memorize all my IP addresses and all my IP schemes. I can
(12:52):
make a rule based on an Active Directory username or group. So. Excellent. How do somebody talk about
like the management of this new great FTD platform? You know, like Rob, when I would go to you with
all my firewall tackles back in the day, it was always on ASDM. How do I manage? You know, I've
(13:13):
got some firepower firewalls running this FTD software and open floor. Just how are the management
options there? Well, the good news is no more Java, right? So ASDM gone, right? To be honest,
I mean, that's one of the great things about firepower because there are several different options
(13:35):
to manage your devices depending on your needs and preferences, right?
Each option provides ways to configure and control your devices, but they do differ a little bit,
right? So first we have the Firewall Device Manager or FDM if you want to use your acronyms.
(13:55):
This is a local web based interface for managing individual FTD devices. It's an easier solution
typically seen in smaller environments that prefer a more device specific management approach, right?
Firewall Device Manager offers a simplified interface for configuring security policies,
(14:21):
network objects and basic monitoring, right? But it does lack some of those advanced features that
you would see in other solutions such as the Firewall Management Center or FMC, right? So FMC
is a comprehensive centralized management solution that provides not only advanced visibility and
(14:46):
reporting capabilities, but you can manage a single device to hundreds of devices all from a
single interface, right? It provides advanced policy management, customized intrusion prevention
rules. You can actually even create your own intrusion prevention rules, malware detection
(15:09):
and application controls. FMC also provides advanced threat intelligence and analytics to help you
identify and respond to security threats. Now for those that are moving towards the cloud,
(15:29):
we have Cisco Defense Orchestrator or CDO, right? CDO is a cloud based management service
platform that is designed for simplified security policies, not only for FTD devices, but you can
manage the security policies for ASAs, iOS and even Meraki MX devices. But recently we've added
(15:58):
the cloud delivered FMC into CDO. So now we have those same functions and features that you would
get with an on-premise FMC, but hosted in the cloud. So you can connect to CDO without having
a VPN into your network. You can even connect to it from your phone if you wanted to. And then of
(16:20):
course, there's always the REST APIs, right? So APIs are a kind of a
programming interface that allows you to manage and get information from your devices.
So a lot of options there for managing FTD. I personally like the cloud management one. I mean,
(16:43):
if my firewall has internet access, then that's all I need. Let Cisco host it in the cloud. I just
have a username and password and as long as my firewalls can reach the cloud, I'm good to go.
Yeah. And then you don't have to worry about the hardware or, you know, in my situation, I don't
have the server to spin up a virtual FMC and I don't have to maintain it. I don't have to update
(17:08):
it or anything. Cisco takes care of it. We definitely see that in the industry too,
not just firewalls, but in general, everything moving to like SaaS based offerings.
Hey, just give me an account. Just, you know, let me have an accountant management.
I don't want to be the guy that is always bringing the nostalgia back, but I do remember from
(17:29):
the past, the management was a little tricky. It was a little difficult, but I think we have to
think that, you know, there's been a lot of enhancements, flexibility, just, you know, having
multiple options to have a way to manage your firewalls. That's really good. It's actually
(17:50):
really good to see. All right. So I guess we do have a few more questions and this one is
one that is really, really, really important to me, important from seeing multiple vendors,
(18:11):
seeing multiple solutions and just, let's talk about a little bit of how FTD will fit into
our customer's ecosystem. Like let's talk integrations. What are the things that
you guys see in the field and find out about? What are the things that you guys see in the field?
(18:32):
And if you don't mind, anybody can answer this one and just go for it.
Yeah. I mean, I love to talk, so I'll hop in here. It's been a few minutes. It's been awful.
So in terms of, you know, some integrations that I typically see, right, or at least I think can
prove to be the most useful from a scalability perspective, right? One of them I actually referred
(18:53):
to earlier was the Active Directory integration, but the way that that happens, right, we used to
have an overall user agent that was deployed, but now we've actually leaned on the identity services
engine to give us that information, to query that from that Active Directory source or other
identity sources as well, right? It doesn't just have to be Active Directory. That's one primary
(19:13):
integration that I usually see. We used to have a lot of jokes around talking about, you know, how
it's a story of fire and ice, but I don't think that stuck too well, but that was definitely one
of the primary integrations that I had personally seen. There are some other ones that are happening
too. I think one that is not necessarily open or I should say everyone's aware about is the umbrella
(19:36):
and the firepower integration as well, right? If you're not familiar with umbrella, umbrella is
essentially going to be helping us from a DNS level, right, to be able to block or to permit
access to different types of domains based on the threat intelligence information we get, right?
So most of the solutions that we have are going to be powered by our Talos threat intelligence
source. And another integration that comes to mind now that I'm thinking about it is also
(19:59):
extra threat intelligence feeds, right? Right now, as far as spinning up firepower in this kind of
native state, I should say, natural born state, right? You'll get the threat intelligence sources
from Talos threat intelligence, but there are other external threat feeds that you could pull
from as well, right? So it's not just limiting you to one team, right, if that's something you
don't want to do, you can pull from multiple different sources that can once again help you
(20:22):
to make more educated, more defined decisions, right? Another one I'm trying to think of off
the top of my head, if you're not aware, actually, this is a good one, is also going to be Cisco XDR.
Now it's called Cisco XDR, but XDR stands for Extended Detection and Response, right? But they're
calling it Cisco XDR. So what you can do with Cisco XDR is you can also pull an telemetry from
(20:45):
firepower into what we call that kind of single pane of glass solution, allow us to make those
ultimate decisions based on the incidents that we see across different platforms, right? So those
are some of the primary ones that we've seen, but it's not just limited to Cisco solutions, right?
We still have integrations with other third parties that we do either via APIs, for example,
or other types of ways that we may bring those together. So it's a very scalable ecosystem,
(21:09):
I think, that firepower can reach. And that's what it should be, right? At its base, a firewall is
kind of that, you know, that I would say almost like the bare minimum layer, right? So we need
to make sure it's as scalable as possible. I like the idea that we can integrate with
third party as well, third party and, you know, native Cisco integrations. I think it's important,
(21:34):
and a lot of people don't understand the breadth of Cisco in a topology, Cisco security specifically,
like where the endpoint, the network, you know, the data center, any of the cloud providers,
your private cloud you may have. But when we start talking about integration, specifically with
firewall, we're kind of like connecting into all of those areas. And that really helps with things
(21:57):
like threat hunting as well. Having my firewall, you know, maybe I detected this threat through
an email that came in, but I'm able to use the capabilities that the firewall is giving me to
provide insight into that threat that was, you know, originally detected in an email.
Yeah, like the whole point of that is just, oh, sorry, Rob brought up his hands. Did I interrupt
(22:18):
you? No, please go ahead. All I was going to say is, right, that just brings back the basis of just
shortening and minimizing the overall mean time to respond, right? Time is of the essence in any
type of ecosystem when it comes to security. So that's all I wanted to say there. But Rob,
please, by all means. I just wanted to add about the integrations, you know, it's not just Cisco,
(22:42):
right? Because Cisco collaborates with, you know, other technology partners to ensure that the FTD
can integrate effectively with other security solutions that are out there in the market.
You know, our goal is to make a holistic approach to network security. Yeah.
That's actually really good. Yeah. I mean, I think that we can probably talk all day about the
(23:08):
integrations. There are so many great things that we can see. We get to see customers just, you know,
exporting all logs, using all logs to support it to SIEMs, to XDR systems. It's not only Cisco XDR,
of course, you know, that is an availability for multiple customers and just the ease of integration
(23:29):
with multiple systems just makes a lot of sense. So that's great. And I think we could have a whole
call, like you said, Andre, on just integrations among Cisco products, not just firewall. Maybe
we'll do that. And Kiana, thank you for the plug about Cisco XDR, which is going to be our next
(23:50):
call. So excellent work there. All right. A couple months ago, we had internal training about
internal training about what we call the firewall road skill. And we talked a lot about
firepower and the latest and greatest in terms of technical advancements and innovations.
(24:11):
Some of those are things that only Cisco has. And I thought it was pretty amazing.
Let's talk about some of those innovations and why are Cisco firewalls,
you know, the leader in our industry when it comes to security.
Oh, okay. So I think one of the ones that I, it's my personal favorite, just because I think it's
(24:32):
such a cool topic. And I don't think it's discussed enough is something called EVE, which once again,
acronyms, right? EVE stands for the encrypted visibility engine. So essentially it allows us
to be able to identify applications and the processes of those applications without decrypting
encrypted traffic, right? Which sounds like it sounds a little bit like a misnomer, right? But
(24:56):
essentially the way that we do that is we're taking a look at the client hello packets and
the fingerprinting of those particular applications. And then we're actually taking that back to our
app ID database, which has 7,000 applications so far, right? And we're able to identify those.
And then we can give you that information in multiple different areas, right? The most
popular area in terms of depending on your management style is going to be some type of
(25:20):
event viewer. So for FMC, it's a unified event viewer, for example, you can actually take a look
at the applications that are in some of that traffic without actually having to do the
decryption. The reason why this feature is so important, right? Is because I think anyone
that's been on this call that's had any type of conversations with firewall vendors have always
talked about the capability of SSL decryption specifically. And so with the overall topic of
(25:45):
SSL decryption, usually there's always that kind of caveat that says, hey, depending on the amount
of traffic that you're looking to decrypt, there may be some type of performance on the firewall,
right? We don't have to worry about that with the encrypted visibility engine if we're just taking
a look at the applications and the processes are inside of it, right? And then that also saves a
lot of money too, right? And I mean, I love saving money, right? I love Target. And so I think that
(26:09):
when we get to those big cups, oh yeah, exactly. This is what I'm talking about, right? Saving money
so I can buy my, you know, just feed my addiction, my collection. And so, you know, it saves a lot of
money there too, right? Because when we're talking about any potential performance hits in the past
and enabling SSL decryption, usually you have to kind of over utilize a firewall or meaning you
(26:30):
have to kind of over spec it, right? At this point, you can actually work with what exactly it is the
requirements you're looking for without having to think about these, you know, kind of like,
you know, doomsday caveats such as, right? Taking a look at the applications within that traffic.
So that's one of the first ones that I think is just a really cool feature. And the reason I think
it's super cool as an engine is because all you have to do is click a radio button to enable it
(26:54):
in your access control policy, right? So, I mean, that's one thing that I think is really
cool to use there. Now, keep in mind that with the encrypted visibility engine that is on
Firepower version 7.2, keep me out on this everyone, I think it's 7.2 and above. But there is
another feature that was available a little bit earlier than that, like in the 6.x days. And this
was something called TLS Server Identity Discovery, which doesn't have an acronym, so it doesn't really
(27:20):
roll off the tongue really, right? But that allowed us to be able to essentially unencrypt the
certificate information, the server certificate information by doing kind of like a sidecar,
you know, session. So for example, if we had a connection coming in on TLS 1.3,
you could do a sidecar conversation that opens a TLS 1.2 conversation to take a look at that
(27:40):
information. Once again, this is also something that we could do in terms of, you know, utilizing
some of those innovative features. And that was only like the top two, right, that I think about
off the top of my head. There, even in our firewall roadshow, I think we had about what,
four different use cases covering a myriad of other information too.
You know, Rob, before I know you probably want to jump in as well, but
(28:04):
the ability to analyze encrypted traffic without decrypting, I mean, I agree when I first heard
that, it was kind of mind blowing because, you know, most of my tech career was on the BPN team,
and that's all we did was encryption and privacy and the integrity of traffic. And with this
technology now, we are able to have our policies still apply without actually compromising the
(28:30):
privacy of the data. Because like you said, we're just looking at fingerprints of the encrypted
headers basically. And it's just pretty amazing. Cisco being the only vendor in the world that can
currently do that. It's incredible to me that, you know, 80% of the world's traffic, over 80%
is encrypted. So we spend so much time fine tuning our policies. Like we want our users to be able
(28:55):
to go here safely, but not to these other more dangerous sites. And the user can just skip all
of that just by encrypting that traffic. And we can't enforce that policy anymore. So I really
like the concept of being able to keep everyone's data private, but still being able to enforce our
policies. Like you said, Kiana, looking at a data sheet saying, this is the firewall you want,
(29:16):
but if you want to really enforce those policies, you know what? You can still do that at line rate
speed by toggling a button. Pretty amazing. Time to be alive truly.
So many, yeah, so many, so many features, so many things to do with the innovations that we started
seeing a few years ago and get to see today. And I don't know if you guys heard there's a new
(29:46):
improvement that is a chat bot. I don't know if you guys heard about this one. It's coming. It's
pretty fresh out of the, out of the, the oven, but it's pretty cool. Actually one of the things that
I want to do at the end of it, or maybe in a further webinar is just talk about that because
(30:07):
it's interesting. It allows you to talk to the firewall, right? Just say, Hey,
do I have any policies that are not being used? So pretty cool. And it responds right away,
just like chat, dbt type of thing. Yeah. And Kiana mentioned, you know, applications and
we now have SD-WAN light or light capabilities, right? So now with firepower, we can direct
(30:33):
traffic based off of the application. So if we have multiple, uh, internet links, right, we can send
WebEx traffic over the primary link or some other application off the backup link and we can monitor
the link's health, right? So depending on the round trip time or packet loss, we can pick and
(30:54):
choose which interfaces we want to send that traffic. So a lot of capabilities are being added
into firepower, which is really exciting to see. And Rob, that ability for the SD-WAN light use
cases, that's automated, I'm assuming, right? Yep. We can go in there and manually do anything,
based on something like getter or latency delay. Right, right. So we'll constantly monitor the
(31:15):
interface itself. If something changes, we can reroute the traffic a different path.
That's awesome. That's very cool. The other thing I would just think top of mind is,
you know, we just talked about a lot of software-based features, but then the
hardware as well. Cisco's always coming out with, you know, leading hardware technology as well,
(31:39):
like the new 4200 series. I know the 1150 has been out a while, but some pretty cost-effective
solutions for the wide breadth of customer base that Cisco has. Yeah, yeah. And thank you for that.
Actually, I want to mention something about the 3105, just, you know, with the issues that we had
with logistics and, you know, making this hardware platform, this one, it will start just
(32:07):
with that in mind. So with the shortage on supplies and this platform, 3105, and I think the new
4200 is going to be around more effective supply chain. So we're going to see some improvements
on that area. Now, I'd like to move to the next one. And yeah, this one, I think it touches a
(32:30):
little bit on that nostalgia. I think I mentioned this three times today on the webinar series,
but if anyone can just talk about a little bit of growing pains that we've had with firepower
in its early years, anything that you can mention that, you know, we cannot really, I'm pretty sure
(32:50):
we cannot relate with some of them, but I'd like to hear from the experts on the call, if you don't mind.
Yeah, absolutely. You know, the Sourcefire acquisition brought significant expertise and
technologies to Cisco, right? And integrating Sourcefire's advanced threat detection and
(33:11):
technologies into our existing security products required complex re-engineering.
Complex re-engineering, right? We were talking about taking two very different software architectures
as well as like cultures and technologies and adding them, you know, each one had different
(33:35):
roadmaps. And so deciding which features to implement first was challenging, right?
So in order to resolve that, you know, Cisco not only spent a lot of money, but time and resources
to address these issues. And we continue to invest in all of our security products,
(33:58):
you know, refining and enhancing the integration of Sourcefire's technologies to
expand our cybersecurity portfolio. And honestly, now we're starting to see those results, right?
So not only with the number of features that Keanu mentioned, you know, the policy-based routing,
(34:19):
clustering, multi-instance, we have that crypto accelerator chip now to alleviate a lot of the
processing of encrypted traffic. But to me, more importantly, we're not just talking about
the security, but to me, more importantly, stability, right? So when Firepower was first
(34:41):
introduced, it could take quite a long time to deploy changes. And if your deployments ever did
fail, it was very difficult, not only for our customers, but for ATT&CK to understand exactly
why a deployment failed. And so, you know, troubleshooting is critical to Cisco as well.
(35:09):
And so we've made it so much easier to not only understand why a deployment may have failed,
for example, but reducing the time and effort to correct the problem.
That's awesome. That's like some to hear. That's beautiful.
Yeah. And, you know, I remember I lived those days right there with you, Rob and ATT&CK. And,
(35:31):
you know, that was challenging when Firepower first came out. It obviously on the 7.x code,
it's been like you mentioned, stability is huge for me too, you know, coming from ATT&CK. And
it's been stable for many, many years. But, Andreas, I'd like that you brought up that question.
I think it's important to consider the journey. And, you know, I tell my kids this as well. Like,
(35:54):
if you're going to get to a successful position where you really want to be, you know, you're
going to have challenges and you may stumble along those along the way. But to get to something
really great like we have in FTD today, you know, it doesn't happen overnight. But I'm really
personally proud of our firewalls and especially talking about some of the innovations that they
(36:17):
have now, pretty remarkable stuff. Yeah, yeah, I agree. Actually, remember that what Rob just
mentioned about the deployments, it used to take a long time. I think I had five cases with probably
one of you two. I don't remember. We remember you, Andreas. Oh, not that guy again.
(36:46):
You know, one thing, and this is probably a good opportunity to bring this up is
that, you know, the reason it's stable to now is software based generally, you know, with some
unification of hardware as well. But if you are running that older six code, that early six code,
do reach out to us on the call or your more directly your Cisco account team. We help
(37:14):
customers get onto stable code. And if you're listening on this call and you're like, hey,
I'm one of those customers that's running that old six dot X version of FMC, need to consider
getting to that seven dot X code for stability. All the innovations that we've talked about today,
including Eve, as well as deployment times, you know, there's a packet processing, everything
(37:39):
has improved just with a simple software upgrade. So just stuff to keep in mind there.
Absolutely, absolutely. All right. Next to maybe just 30 seconds. How does the customer
start using Firepower? I'm on this call. I like what I hear. How do I get started?
(38:02):
The first thing I'd say is, you know, reach out to your account team, right? Because I mean,
there's a few different ways you could go about it, right? One of the most common ways, right,
especially from moving from ASA to Firepower Threat Defense, you could use a Firepower Migration
tool to actually be able to facilitate with that, right? But there are also capabilities in place.
If you wanted to move from a non Cisco firewall to a Cisco firewall, we actually have programs
(38:28):
that would assist you in that migration there too, right? And then another thing to keep in mind is,
you know, of course there are opportunities for us to perform demos and whatnot for you all,
but you really won't get the best idea of how it works in your environment until you do it, right?
So we also have capabilities to do 90 day Firepower virtual trials, right? On top of,
(38:48):
you know, VMware, for example, and you'll be able to actually, you know, try it before you buy,
right? And that's if you decided to buy. If not, right, you can use those comparisons and give us
that feedback and we'll do what we can with that information. So, okay, that was probably more than
30 seconds, but I think I hit on at least the high points of what you could do. One more thing,
you could also, if you don't want to deploy Firepower Threat Defense in your own environment,
(39:12):
you don't want to use those virtual resources, right? You can also come to us and we can build
a sandbox lab for you to try these things out, right? And you can actually test out those
features, break and fix as much as you want, or you can just break stuff and leave it for us to
fix too, right? It's kind of the fun of the trial. So I think those are a few things that off the top
of my head that we can do there. I hope I didn't miss anything. Did I, Rob?
(39:34):
No, yeah. The only other thing I was going to add was if you just want to play around with
an environment that's already set up, kind of like you alluded to, Kiana, it's a nice easy way to do
that. Here's your username and password. Have fun. Let us know what you think. Well, we are coming
up on time here. We're going to jump to quick to the lightning round. We'll just get a couple
(39:55):
of these questions in here before we close this out. Let's have some fun with this. All right,
Kiana, I'm going to go straight to you. Real quick answers if we can here. What is the most underrated
feature in Firepower in your opinion? Oh, I already said it, Eve. I think Eve by far.
Yeah. Encrypted analysis capabilities. Okay, I like that. Impact flags. What was that? Impact
(40:24):
flags. Yes, yes. Good one. Wow, great call. All right, follow-up question for you, Kiana. If Cisco
licensing, which we all know and love, was a food item, what gift would it be and would it come with
extra complexity sauce? Oh, for sure. That would be the garnish for sure. That's like the icing on
(40:47):
top. I've been watching a lot of cooking shows lately. I'd say like it's like a risotto because
like when I first started making risotto, I thought it was easy and then there's so many sub layers
to it, right? At first I was like, oh, it's TMC licensing. Very simple, very straightforward and
it's so much more to it than that. So I'd say a risotto with a little complexity garnish.
(41:10):
That was good. That was good. Now, Rob, I have a couple questions for you. First one,
what is your preferred management method for Firepower? Cloud-deloaded FMC. For me,
it's just easy. It works. It's simple to set up. And you don't have to maintain a VM. Absolutely.
(41:32):
I agree with that one. All right, the next one. This one seems a little serious and important.
Do Cisco firewalls ever engage in debates with routers about who is more critical to the network?
Have you heard that? Do they engage in debates with routers? No. I mean, everyone knows that
(41:56):
the firewall is more important. No, but the nice thing is we can deploy the snort engine in a
virtual container on some of our routers. So now you have the best of both worlds.
Oh, wow. Yeah. Very nice. All right. Good. Well, we could keep these Cisco-themed dab jokes going
(42:18):
all day. But, Andres, why don't we wrap this one up with a quick summary? I'll start it off just to
add my personal takeaways. Rob, we started off with you kind of going through that evolution.
We went way back in the day. I still can't remember what it's called anymore, what the acronym stands
for, but PICS. We went into the ASA, we had the transformation into Firepower, and today we're
(42:40):
at the stable FTD software. I thought it was important, Andres, that you brought up the journey
to get there, some of the pain points that Cisco went through to get to where we are now.
And Kiana, you talked about some of those features of FTD. We talked about the T, the M, the C,
the threat, the malware, the content filtering that are all built in that we don't have to update.
(43:02):
We get those feeds from Talos in real time for threat information. One of my favorites was that
Active Directory integration, as well as a Veo location, and I could keep going. Andres, what
about you, some of the key takeaways? Yeah, actually, one of the things that really resonated
with me, and I hope it resonates with our audience, is the flexible deployment options for FMC,
(43:28):
all FMC, just multiple ways of managing your Firepower. I guess we didn't touch too much on
the migration from ASA, but that is another great thing that we think it's going to be,
it's going to help a lot of our customers. The integrations makes a lot of sense. This is a
key differentiator between what we do, what other companies are doing, and this is huge. And I guess
(43:56):
the ability that we have internally to help our customers do those migrations, I guess there's
a few things that we can do, engage a team, it's called the Firestarted team, and basically we can
help with those migrations. Last thing, which I think is super cool, is the ability to get started
(44:17):
running and playing with Firepower. You can do it, download the image, if you don't want to,
download the image and you have access to a cloud environment, let's say Azure, AWS, you can just
spin up an FMC, an FTD, and then start playing with it with full capabilities for 90 days, I
believe. So those are the highlights from this session today from my end, and just super happy
(44:44):
to be here, and let's do this again next month. Great, yeah. A lot of the things that we've done
today, we've done a lot of things, but we're going to keep it up to date. Great, yeah. On that note,
Andres, thanks for being an amazing co-host and a huge thanks to Rob and Kiana for making today's
session possible. I really appreciate all you do in the security industry. I know there's a lot of
(45:10):
stuff outside of this call that you certainly help out with. Our next call is going to be on Cisco XDR,
keep it at noon so people can just listen in even over their lunch break, whatever's best for them.
You definitely don't want to miss this one. We're going to talk about what XDR is, what it does,
and how it can make you look like a complete security hero. I really hope you guys have enjoyed
(45:34):
this kickoff session to the series as much as I have. We'll see you on the next one. If you get
a survey, we'd love to hear your feedback. Have a terrific day, everyone, and we'll see you soon.
Thank you. Thanks, everyone. Have a good day. You too.
Popular Podcasts
Are You A Charlotte?
In 1997, actress Kristin Davis’ life was forever changed when she took on the role of Charlotte York in Sex and the City. As we watched Carrie, Samantha, Miranda and Charlotte navigate relationships in NYC, the show helped push once unacceptable conversation topics out of the shadows and altered the narrative around women and sex. We all saw ourselves in them as they searched for fulfillment in life, sex and friendships. Now, Kristin Davis wants to connect with you, the fans, and share untold stories and all the behind the scenes. Together, with Kristin and special guests, what will begin with Sex and the City will evolve into talks about themes that are still so relevant today. "Are you a Charlotte?" is much more than just rewatching this beloved show, it brings the past and the present together as we talk with heart, humor and of course some optimism.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com