October 2, 2024 • 54 mins
Key features of Cisco Secure Access: Cisco Secure Services Edge (Cisco SSE) is a comprehensive security platform that provides secure access to applications and data for users, regardless of their location or device. It combines network access control (NAC), identity-based access control (IBAC), and endpoint security to ensure that only authorized users can access your network and applications. Secure Web Gateway (SWG): Provides protection against web-based threats, such as malware, phishing, and ransomware. Cloud Access Security Broker (CASB): Protects your cloud applications and data from unauthorized access and data breaches. Zero Trust Network Access (ZTNA): Provides secure access to applications and data based on user identity and device posture, regardless of their location. Secure Internet Gateway (SIG): Provides protection against internet-based threats, such as DDoS attacks and advanced persistent threats. Integration with other Cisco solutions: Cisco SSE integrates seamlessly with other Cisco security solutions, such as Cisco Secure Firewall and Cisco Secure Endpoint.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Well, welcome everybody. Today is March 19th. Welcome to the latest episode of Security in 45. Today we're covering one of Cisco's newest technologies on the market, Cisco Secure Access.
(00:13):
We're joined by two esteemed Cisco engineers, both with excellent but different beards. I'm very excited about that. David Keller and Justin Murphy.
We'll send you the Venmo for the introduction later.
Don't forget. Yeah.
Yeah, Mike, this is great. So yeah, again, secure access game changing solution. We've seen a lot of customers, you know, it's part of a lot of our conversations.
(00:44):
Very flexible to be used in terms of use cases and things that we can do with secure access. So, you know, super excited to have David and Justin part of the episode today.
And again, we're going to tag into what we had last time, which was Cisco Talos. This one is also another product that we can that can talk Talos in, you know, can get the intelligence from Cisco Talos.
(01:16):
So it's going to be really, really good. So now, David and Justin, if you don't mind, let's get a quick introduction. I will start with you, David. And then we go with Justin.
Sounds good. So I'm David. I'm a Solutions Engineer here at Cisco. I've been with Cisco for roughly six, six years, depending on when you start counting based out of RTP. RTP in North Carolina has a lot of, you know, opportunities for outdoor things.
(01:45):
So in addition to tech and just really liking to learn and tinker with things in my lab environments, I really like doing things outdoors, you know, hiking, paddle boarding, all kinds of stuff.
And with that, I'll pass to Justin. Sure. Thanks, David. So I'm Justin Murphy. I'm a Tech Marketing Engineer for Cisco. I've been here for around eight years.
(02:09):
Before that, I was a customer engineer, we're sought for a large bank and things like that. I am based out of RTP as well. I also like to learn things, everything from the latest technologies to how to floss so I can teach my son and play around with him.
And then I also like to travel. I've been fortunate enough to be able to go around the world to like Australia and New Zealand and things like that and take part in sort of adventure sports there as well. So it's been a lot of fun.
(02:41):
And that I'll pass that. So you guys not only are supposedly smart, but you're also well rounded. I mean, flossing that's pretty awesome. And David, I can picture you out there on the lake with that paddle board. Excellent.
I'm just not flossing while I'm doing it. So, neither the dance move nor the hygiene. Flossing on the paddle board.
(03:06):
You'll see me on Instagram.
So, alright, so today we're talking about secure access but I think it'd be good for the audience to talk about some of the higher level kind of acronyms and the building blocks.
I'm going to try not to confuse myself as I even ask this question. But if you could kind of clarify these acronyms that we hear all the time, SSC s a se or sassy CASB and s a s where the SS are both capitalized and the, you know, the A's are usually the lower case
(03:45):
and the S a s. Maybe an example would be really helpful. And David, I'll kick this one over to you. Sure. Sure. So I'll kind of tell us is like an evolution almost. I know this is kind of up for debate and it really depends on where you're looking.
And I don't really know if the evolution itself matters quite so much as it is the principles behind it and the actual architecture looking to solve for.
(04:10):
I think we can all kind of remember a before time where all applications were on premise and behind centralized, you know security solutions whether that was a DLP solution or your firewall wafts what have you.
So there's shifts, you know, either from users going remote or just issues with power cooling, any kind of reasons where there might be a either optics or capex positive to move to a cloud hosted offering and that's where the first acronym comes in of
(04:42):
sass or software as a service and then it's based that's really just software that you're paying to access and utilize but you're not having to manage the underlying infrastructure, whether that's the platform itself the infrastructure itself or anything else, rather than having in your own data center on a server or, you know, hybrid cloud or in public cloud.
(05:03):
And as they shifted, right organizations in general shifted applications to the cloud and leveraging sass.
You lost some of the visibility you gained from your centralized security services. And that's where the second thing comes in of the content access security broker.
So the Cosby's were solutions and these are all terms, Krone by Garner were solutions geared toward providing that visibility and control for applications that you no longer had on premise, either, you know in line as a, you know, as a solution or out of band via
(05:39):
API or a different kind of method of plugging in.
There were of course some challenges and limitations that led to the next evolution which, and again this is up for debate but I'll say it was secure access services edge or sassy sassy took has been controls and added additional focus on the networking aspect.
(06:08):
And also additional security controls so now you've had things like secure Web Gateway or Web proxy. You had the casby controls, but you also had networking in terms of like SD when or wide area network architectures.
The challenge with that is now you've got a solution that is both the software defined network for for your when, as well as the security services. And that's where the final term that I'll go over is the security services edge or as a CEO architecture comes in, which is the disaggregated
(06:45):
or can be thought of as a disaggregated security services from sassy just separate. So now you can use it regardless of any other underlying network infrastructure and sassy of course is bringing similar Casper controls, similar Web proxy, you know, data loss prevention, all kinds of stuff that will, of course, talk about during this call.
(07:10):
Did that answer your question, Mike. Definitely did. Thank you. And I think you explained that pretty well. And I think it's good to understand because, you know, the product we're talking about today is using these components at some level.
Justin anything you'd want to add to that. Yeah, so sassy and SSC do look very similar but they they solve different needs there for different teams right.
(07:37):
So when you're looking at a sassy solution and everything sort of being together under one roof under one management system, you're you're looking at smaller teams smaller organizations where you're going to have a single solution for your network and your your security stack together and the teams are going to work hand in hand and may even be all the same people want working your network and your security group.
(08:01):
Whereas sassy would be larger organizations that you have a mixed environment, maybe you need to maybe you have a separation of networking and security practices and things like that. That's where you would bring in the sassy and that's where you would have the the very similar stack, but it would it would be a little more flexible to fit into any environment and integrate with your existing network infrastructure.
(08:28):
Last point I have on this topic is how long is your guys's Excel spreadsheet to like map all these acronyms to all their meanings.
Under a page.
I don't think Excel's big enough to handle that. I've got a separate database I've spun off to just install my records.
Yeah, I can get crazy with all the acronyms and everything so yeah I know.
(08:54):
All right guys so I do have a new question this one's for you Justin.
What are what are the, the primary components for secure access we heard you know some of those acronyms, but we want to know what are the components of, you know, a solution like secure access, you don't mind going over.
(09:17):
Sure. Yeah, so I'm gonna have to throw some more acronyms at you, but we'll make it through it I think.
So when we when we design secure access we really want to make it simple and we broke it down into really three parts. We, we really wanted to talk about users access to application.
So we broke it down into who, which are the users. The what which is applications whether it's private cloud public cloud data center wherever they are. And then the what, which is the security in between which is the actual meat of secure access.
(09:50):
So in order to get those three things together to get that traffic through secure access, we need a couple components right we need the CSC or the Cisco secure client, and that has modules to acquire traffic from the users, whether it's CTA VPN roaming all these
types of different data acquisition methods are all in one simple unified client to get that traffic to secure access to acquire security stack. And then on the other side to get to the applications we've got some standard protocols things like IP sec tunnels
(10:24):
like site VPN, as well as resource connectors which we can dive into a little bit later, which will give you that ability or that transport to get to those applications. And so, once we have that traffic into your access then that's where we can apply firewall
controls, IPS rules that holds security gateway or SIG stack that we have there with the proxy and all the different controls, as well as posture and and authentication, those types of things so.
(10:59):
So it's really just all in comes in way of getting users to application securely.
That's actually really good info. Yeah, really good that we see you know all the components everything that we can do with it and.
And it's just you know, a lot of impact for for users going hybrid going on site and things like that so that's awesome.
(11:25):
I guess at a high level then you're taking all these users that you mentioned like they may or may not have a client on them and then we've got these locations. And it sounds like connect all of all the other, all the humans and all the devices together.
And then while we're where we are all connected that's we're going to apply that security stack as well. Right. So the motto is to connect from anywhere to anywhere. Right. And we're highly distributed within the cloud so to make that a pleasant experience for the
(12:01):
users as well as to make those applications available. And when we do break those two things down we usually break them down into SBA which is secure private access for your applications that you're hosting and secure internet access and that's where you're going through that
additional security controls are going out to the internet. Interesting. So as opposed and I won't dive too deep into it right now but I heard you mentioned like umbrella SIG for example so we're using components of that to do the security in the cloud.
(12:31):
And then access is a collection of a very integrated security controls that we've already have so a lot like our secure client. It's technologies that we've been developing for years that that we've brought together and simplified with our unified policy and other
things that we can dive into to be able to protect those applications and get those users connected. Excellent. Excellent.
(13:01):
David, what about okay so I'm a user, and my company is now using secure access from a user experience, what are the pain points and some of the problems that secure access solves for me as the user.
Yeah, so, and this is just another way of looking at, you know, the components of secure access where secure access is geared toward, you know, three high level use cases.
(13:31):
The first is going to be security advocacy.
No matter how pretty a dashboard is if it's not actually providing any kind of actual purpose and security. It's not worth anything, you know, it might as well be Facebook or something as like a GUI for you to manage, which is where, as I mentioned earlier
we were leveraging talents for that threat intelligence.
(13:53):
The second part is the admin experience, and I think we might be covering that in a later question so I'll leave that on the table for now.
And then the third of course is the actual user experience that you're, you know, wanting to know more about from a user experience perspective we're geared toward two primary directions.
One is reducing friction, especially when accessing private resources.
(14:19):
We're looking to secure access to both private and public, you know, anything on the internet you're still going to have visibility control through both the DNS and secure web gateway controls.
And along with that the security, you know features and components that they provide.
We're also looking to reduce the friction to private resources. And so that would be you know an application or a service or server that you're hosting on premise.
(14:44):
For those users there's really three ways that they can connect to those applications. The first is remote access VPN as a service and that's going to work the same way as it does today if you have, you know, Cisco heading you're using any connect.
Like Justin mentioned we're leveraging secure client. And all that is, is version five with a rebranding of any connect. So there's really no change for it is just a change of name.
(15:07):
And the brand change is just due to, you know, Cisco leveraging the secure client as the mode of deployment management for all the other security modules, which includes any connect as a VPN module, but there's also the umbrella module we're taking for from
umbrella we've got 1000 eyes module we have modules for ice endpoint, all kinds of stuff there's like 10 something modules already all under that one client.
(15:35):
So we don't have VPN as a service today. And I think that will go into the operational component that we talked about a little bit.
The second bit is related to the zero trust access that we're adding, both of which are geared toward reducing friction.
So, is client based. So that's using a module under secure client that will enable the user to authenticate, you know, for a period that you specify, and then the user can access that internal application or resource, how they would have been on prem, without having
(16:08):
to connect to a VPN headed.
And they're still getting, you know, posture controls and security applied to that. But for the end user.
So the first is if they were on network, right, they don't have to go, you know, and, you know, reconnect to the VPN or decide like, do I need to be a VPN for this or can I can just connect to it like you take all the guessing out.
And then the second is browser based. And so it doesn't rely on having a client. And that can be used for either, you know, your regular users or if you had, you know, contractors or, or someone you wanted to give access to for a specific web app, we can proxy that
(16:40):
to the network. And so you would just give them a URL that they would use to resolve that application. And it either is either of those situations, either client based or browser based, you're only allowing access to the applications, you're not allowing access to the
best of the network like you do with remote access VPN, preventing that lateral movement, but we'll talk about that more later.
(17:01):
The second bit would be related to the actual end user experience.
We've, you know, like Justin was alluded to Cisco has a lot of things that we require we built, you know, there's 30 something things in the security stack alone, and there's hundreds of things I think in our actual overall portfolio, and very unique to Cisco,
we've pulled the best from each thing.
(17:25):
And if there were microservices to build secure access as a SaaS offering. And so we've taken from Dallas and eyes and added a end user agent for end user, you know, experience visibility so we can see, you know, things about like the actual like network
connection or the connectivity to, you know, SaaS or to secure access. And with that visibility, you know, and this might also go into the operational side is there's a lot of overlap between these things that could be really argued, any of them could flop over.
(18:00):
But now the IT team can assist with visibility for users that aren't on premise.
So, you know, we've done a lot of things to the wireless controller to see what the, you know, the connectivity to AP looks like or, you know, have them run telnet and ping and do all these crazy things to try to get visibility now you're getting that from that agent.
So now you can make decisions and assist, regardless where the user is located.
(18:26):
So, those are the two primary things that would contribute to the user experience but really the idea is to make it so that the user doesn't have to think about how they're connecting. Right. So, all of these modules play together to where even the admin doesn't have to doesn't have to configure the VPN to ignore ZTA traffic and ZTA does get a higher level so that it is able to sort of match and and provide that transport for traffic.
(18:55):
If it's if it is enabled. So we really go for, hey, can we can we go the most secure way? Can we use ZTA? Can we if not, hey, is VPN connected? Let's go VPN. If not, hey, we're going to the internet. Maybe we're the wrong module.
Maybe we're going over VPN to go to that. So, so it really is to make it transparent for that user and it gives you some availability and benefits on the management side as well.
(19:24):
Where we're talking about, David mentioned VPN as a service.
Where, hey, I've got a stack of ASA's or FTD and I'm trying to manage my VPN.
That way, now I've got to replace that hardware to keep it up to date, I have to size it correctly. If we have a mass exodus of folks or need some need to provide additional
(19:50):
additional bandwidth for folks to connect in and get to these applications.
We've got either plan for that or we're going to have a bad day when the folks try to connect in at 8 o'clock in the morning and and all of our VPN head ends completely saturate and turn over.
So with VPN as a service and secure access, we can because we're in the cloud, we can elastically expand that out. You don't have to plan for that. We have that capability within your subscription to just, hey, we're going to expand out.
(20:18):
We're going to provide that connectivity for those users. There's no performance it and you can keep going.
Beyond that, we are playing further into the security stack. Like being able to provide proxy and malware analysis from internet traffic and things like that in IPS.
Where, hey, you can offload that decryption all again, a lot of sizing and management of boxes into the cloud, particularly for remote access, but even branch to branch communication and branch out to the internet.
(20:48):
Communication so that that can help with especially smaller branches where you may not want to invest in the infrastructure to have the same, the same security, but you want the same security control, right? You don't want to bring it back to your data center.
Send it to us. We can process that traffic. We can route it wherever it needs to go, the public or private apps and provide those security controls seamlessly.
(21:10):
And it's a single place of configuration. So you don't have to worry about, hey, did I go out to branch to this branch and make sure that the firewall had the same rules as this other branch? Even if I have centralized management, you don't have to worry about pushing that out and verifying those configurations because it's all in one place and distributed across our cloud presence.
I'd say we as engineers, it probably was a tendency to go deep in the weeds as you could tell from my previous monologue. And I apologize to anyone that's heard this analogy before because this has been said internally quite a lot.
(21:45):
But from an end user experience, I would consider it the same way as plumbing inside your house might work. Right? You need water to go out of your sink, shower, whatever. You just need access to the water.
You don't care what the pipe is. The same way for this. The end user just needs access to the application, whether that's on the Internet or internal, they don't care.
But you as the management need to be able to provide that securely. And so we've provided a handful of ways, three of which are practically transparent to the end user in order to access those resources.
(22:19):
And so they don't have to worry about how do I need to connect to something? They just connect to it.
Like that analogy a lot, actually. Yeah. So from the user perspective, it's completely invisible after I turn on that water or after I start trying to get to my application. I don't need to worry about that.
I'm just connecting and getting to work. But then, Justin, your point on the management admin side, we've got all these controls that we can put in place and we've got the full power of the security and the connectivity at our fingertips, which we don't have to concern the user with.
(22:53):
Very cool. Exactly.
And the other thing that I think was really cool was just, you know, understanding all the pain points that all the users feel right now when the company starts applying security and this is just a way to get away from that friction, from that bad user experience.
(23:14):
So that's awesome.
I think some of this like for the Justin, you mentioned like the SSL decryption as well. So all of this security being done in the cloud. That's really nice for my on prem firewall, not having to get bogged down with some of these CPU intensive, you know, classic don't turn on SSL decryption.
(23:36):
It could break things or slow down my firewall. So we're moving so much into the cloud by consolidating, like you said, a lot of different features from a lot of different products into this one solution.
Correct. And we're not only sort of offloading that into the cloud, but we're also distributing it to wherever your users are right so you don't have to worry about bringing everything back to a central location.
(23:57):
It's not like we're bringing it back to a central location. It's, it's across all of our data centers and the cloud. So, so we're able to provide that better experience closer to the user as well as offload that need for that high, high compute and handle those spikes.
And then just the day to day traffic as well without having to invest additional dollars to build those boxes bigger for them like one time a year when everybody's using it like retail Black Friday, you're trying to size for Black Friday versus every other day,
(24:31):
you're looking at three, four times 10 times the amount of traffic and compute that you need to like are you really going to buy that and spend that money all year long, just for one day, or what we saw with the pandemic just,
if you have something like this solution for the pandemic, I mean talk about the ultimate flexibility and scaling. Everybody goes home to work. This solution just scales with them company holidays things like that.
(24:54):
Absolutely, absolutely. When, when in 2020 I was still in sales and we got a lot of calls about folks who had firewalls and everything else that were that were needing to upgrade and add to the stack and having all of these problems and down because they were not able to handle the new traffic flows.
And it might be worth considering right this isn't just a, here's what going to do for your existing environment, right and augment that it's also like what you're wanting to do in the future, you know if you currently a branch sites that are tunneling all traffic back to, you know,
(25:27):
hub location, and that's your centralized security point you're wanting to instead, you know, move away from that and have direct internet access from branch locations. This is a way to add those security services with a centralized, you know policy stack, you know a unified
policy single, you know, cloud manager offering without having either enable security services on devices that weren't previously sized for that, or put a second device at that location that you didn't have to find a way to manage.
(25:58):
So, wait for that to come up. Yeah, because I know we talked about the unified policy of the solution and what one policy to kind of extend wherever you connect in from to maybe multiple locations.
Right, and it applies to all of the different data acquisition methods, the same right so if I'm just in on ZTA or I'm just an on VPN, then I can be identified and use the exact same rule maybe there's additional posture when I'm connecting the ZTA, but, but all of that's part of the
(26:28):
same policy so all of those components come in and I don't have to rewrite that on different boxes or have a different policy section even in the same dashboard it's all in, in one place for those users and David I like your.
Hey, this is a good way to sort of think about how you're going to manage your traffic in your security in the future, because that's one reason that we're offering VPN as a service within our, our SEC because not all SEC's provide that capability.
(27:00):
And what it does is it gives it meets you where you are in your current security journey like hey I'm very heavily relying on VPN these all these applications I'm not sure if they're going to work over ZTA, or maybe the experience isn't as good over ZTA for whatever reason
maybe there's a server to client communication that has to happen or something like that. Well, hey, you can move over your VPN as a service distributed in the cloud take advantage of that infrastructure, and then move all of your applications
(27:29):
to ZTA as it makes sense maybe the, maybe start with the crown jewels and the highest touch type stuff so that you can force that reoff or provide that per app posture and get that additional visibility into it, and then, and not allow as much access to those
to those more secure networks. And, and so it provides you with a soft way to kind of move into the cloud, get into an SEC type solution.
(28:00):
Excellent. That's good and and we've been touching in a few in a few different topics a few different points of view, you know management user experience, but I want to I want to ask you David, if, if you want to just go a little bit more specific into what are the
components of secure access, you know just from all the things that we mentioned, let's, let's see if we can put all this together so our audience can can make sense of what are the components, you don't mind.
(28:33):
Yeah, for sure, for sure. And this will kind of tie into some what we've already talked about as well and I mean to be honest we could probably take an hour by itself just to talk about the actual components to it.
I mean it feel a lot more like a list than it will an overview.
But we of course have the core SEC components and secure access because it is a security services that solution so things like the web gateway.
(28:56):
The cosmic controls the data loss prevention which, in our case it's multimode both in band or real time with the web proxy as well as out of band using API for a few different sanction SaaS applications.
And then Azure Trust Network access which we talked about being client based and browser based.
And we also have the firewalls of service, which is our centralized firewall stack, including decryption for that for layer three layer four and layer seven controls, and in line with that we have ideas and IPS leveraging support three seems
(29:25):
what we use with Meraki MX and with firepower.
And it will be, you know, more similar to what you have with Meraki MX where you have, you know, pools of signatures created by Talos but you know, like you probably talked about in your last session with Talos.
I'm able to go back and watch it although it's on my next list.
(29:46):
They're doing a lot of stuff for threat intelligence because they're the ones evaluating all the different things that we're getting from our security stack in addition to, you know what they're doing as you know innocent response or threat research.
So, they are writing signatures that we can then leverage with that.
Because we're Cisco, because we're able to pull from the best of everything we're also, you know, able to offer DNA security pulling from what we had with umbrella we've rebuilt that insecure access to offer it as another enforcement point.
(30:17):
We have the advanced mount protection, using our, you know, amp cloud that we leverage with, you know file analysis with the web proxy because we're able to, you know fully decrypt traffic including to loss one.3.
And because we're able to fully decrypt that traffic we don't get greater visibility with, you know, granular app controls for, you know, applications that you might need to allow access to that you don't want everyone to have full access with, you know, file analysis of course, in line with the
(30:43):
web proxy. So we have the, you know, secure analytics for additional sandboxing for files of unknown disposition.
You know file type controls, other CASB controls.
The VPN is a service, the digital experience monitor we already talked about. And then finally, we have the remote browser isolation, also in line with the web proxy, which would be a containerized browsing session for the end user so that nothing within that browser is being
(31:12):
executed within the end user's actual endpoint, it's all being executed within the browser. And then that final product is being presented to the end user using a combination of draw operations and DOM mirror.
So we're not using pixel streaming which can cause some performance issues.
But there's, there's a lot of stuff, kind of what you would need to use or how you would leverage it would really depend on, you know what you're looking to do.
(31:35):
But it's definitely more than just kind of the core SSE components.
So that's a really cool summary of all the components.
It is all invisible to the user.
Yeah, all invisible to the user. That's amazing.
Well, and it's also part of one subscription as well right so you're not buying all these individual components and bringing them together and trying to integrate each piece yourself.
(31:59):
All of these are part of the secure access solution in one management plane in one dashboard so that you can see, so that you can configure them and have that visibility and control without having to say oh I need to go out and get this and this and this and integrate
and build a stack, it's there for you.
(32:20):
It's all one it's policy as well, and you can have it be based off of, you know, I don't want Justin to go to Facebook, and I want to offer a warn page for David if he tries to go to Facebook.
And it'll be able to do that based on user identity you can integrate with an IDP or upload identities to have policy applied for that.
(32:41):
And that's for both, you know, DLP web proxy depending on how we see the traffic we can apply all kinds of stuff.
But it's all through that one policy. And then of course, you know you, it's all in the same reporting as well and it's all one dashboard.
So you can see within reporting kind of what users are doing and where they're going and, you know, applications are leveraging for shadow IT and all kinds of fun stuff without having to go to, you know, different management places.
(33:07):
Sorry, Justin I got excited there. Were you gonna add more.
Yeah, that's good. I like it. All right, big nerd energy on this call, you know, it's, it's a little too much.
I know we just and you talked about consolidating a lot of this products into this one solution I'm thinking like Cisco umbrella for example which, which is only going to connect to cloud based resources but this solutions to your access.
(33:32):
And you mentioned I can talk to those private resources as well. Maybe just two minutes or less Justin. What is the, the actual mechanism by which we are connecting all these users some of them are remote maybe I'm at Starbucks and then some of them are behind these
firewalls these SD when locations.
How do we actually connect them in together.
(33:56):
So there's a few different connection methods we can use I noticed you gave me a time limit so I must be talking too much.
I just want to make sure we have time for that dad jokes at the end that's that's why people tune in. Absolutely. So, so yeah so we'll talk about the, the remote users first because we've touched on that quite a bit with the secure client would dig a little bit deeper into that so we're using
(34:21):
the same VPN technology that we've had obviously we moved it into the cloud we've got microservices and things like that running around it.
But we can, we can perform the same sort of posture and certificate based off and as they had mentioned, we can have an IDP like Azure or others and and a sample solution like do over something like that integrated in with this so that we can authenticate and we can provide
(34:48):
that VPN connectivity and what that does is that does obviously route all ports of protocols we can do a full tunnel, and that's going to get you into that flow to get into that six stack as well as to private applications.
Now, just below that we have our ZTA module and our ZTA module actually includes the dual health agent so this is another like sort of under the hood type thing that you don't really have to worry about, but it's inside that ZTA module, where hey we're going
(35:17):
to again check your identity we're going to check your posture and we're going to give you per app tunneling to those applications that are ZTA enabled.
So, and that that traffic as I mentioned earlier is something that where the ZTA module is looking for that at the application layer right below the application there the socket layer to be able to grab that traffic before the VPN can even see it so as long as the VPN is
(35:46):
aware that ZTA is doing this, there's no conflicts there so we can have those running side by side and get that app, that private app traffic, where it needs to go securely.
And then we have the roaming module that's sort of our tried and true roaming module that will send DNS traffic up to secure access provide those DNS controls so that hey we can stop threats before they even try to attempt to connect for your clients try to connect to those
(36:13):
malicious websites or undesired destinations where there's content category and other things. And then it can also pull that user identity from the device and apply policies through the proxy and provide all of those security controls that we do have in our proxy
because that is sort of where a lot of the magic happens with with decryption with file analysis with RBI and all of those other components that we've talked about that roaming client just by itself can get you all of those types of things in front of your user or for your users traffic.
(36:48):
And then if your user comes on premise, then we have things like IP sec tunnels where you can build with standard protocols with other third party components as well as our own routers and firewalls and things but we also have integrations with our catalyst SD-WAN
so that we can participate in in the routing power of SD-WAN and the filtering and traffic shaping and and wrap and steering of those components of hey we can get into secure access get that security stack in front of things you want to be in, or we can go branch to branch and get that traffic directly there.
(37:28):
And so those are sort of the main ways that we do this. The final one we've added actually recently is resource connector, and that's something that works hand in hand with our ZTA module to provide a path for users to get to applications right so if I have an application
configured for ZTA, and I have a resource connector deployed which is just a VM that can run in AWS and ESXi today, it will expand into other clouds as well soon.
(38:00):
Basically what it does is it means I don't have to build IP sec tunnels, I don't have to worry about routing, I just need to put this VM in my data center on a VLAN on a network that can access these applications.
And then I just define the application secure access, and everything else happens for you. The tunnel is built from the resource connector out to the cloud automatically.
(38:24):
And the cloud basically just says hey, this application lives behind this resource connector and sends it there and then once it's behind on your purpose you can have a laugh or a firewall between the resource connector and your application if you need additional security,
but we can we can provide that transport easily without modifying your firewall rules or anything on your edge or routing within your network as far as like building out IP sec tunnels to say hey I need these sites to connect through secure access, that resource connector will do that for you.
(39:00):
Now, that last one about the resource connector for these, I get a lot of calls about people looking to replace my VPN and go clientless. Would that work there? Can I have no client and still access that private access?
So yeah, so that's our clientless ZTA. I neglected that a little bit on this interview, but yeah, so the clientless ZTA does participate in that as well and that is another way that we connect users. So if you have unmanaged devices, whether it's BYOD or contractors or partners that are trying to connect to applications, you can either use those IP sec tunnels or you can use the resource connectors to get back to those applications and provide that posture using that user agent.
(39:41):
Using that user agent string for that traffic back to web applications. Absolutely.
Yeah, and it kind of depends on what the questions are regarding whether in terms of VPN like is it from between sites or from a head into secure access or if it's for users connecting for remote access VPN.
From a connectivity perspective, like if you're going to zoom out, users are connected to secure access using the umbrella module for Web and DNS, remote access VPN for all traffic if you want.
(40:12):
The client based ZTA module that can do private application access, you know, any port protocol as long as it's, you know, client to server.
And then browser based access, which is of course the web proxy.
The connection from your private application to secure access would be their tunnel, which is an option for backhaul or that resource connector, which can act as kind of a proxy for secure access and the end user trying to connect.
(40:38):
And on the network itself and it's going to be what's going to reach out to the private application and then of course to secure access building a tunnel by itself.
So yeah, you could, you know, replace VPN either for the backhaul connectivity or the end user connectivity, but it would ultimately come down to, you know, your existing architecture what applications you need to allow access for, you know, there are going to be
(40:59):
situations where remote access VPN is still necessary for better or worse.
It is might be for a smaller user pool or for fewer applications, as you make that migration and that's part of why we've included, you know VPN as a service, because I mean any anyone that offers ZTA is going to still require
you to have a VPN, because it's either going to be something peer to peer or, you know, serve a client, it's going to require it.
(41:24):
And so we just included as part of the offering because I get uniquely positioned as Cisco.
And it's cool that we're talking earlier how seamless or invisible to the user you could just have them try the VPN, if needed, if not just go down to the next connection method, kind of automatically.
Very cool. Yeah, yeah, with the ZTA they just be connected to it as if they were on prem, and that the module self will capture the traffic and identify to say this is a private application.
(41:54):
And with any of these options, there's a posture check, you know, so it can fit as part of a zero trust access architecture which I know is going to be a question you're going to ask in a second, but this feels too perfect of a segue.
It'll be able to do a posture check for you. And if you pass the posture check, you know you're able to authenticate, it's going to put you through you know the firewall rules, it's going to look at like should you be a lot of access at all with your identity.
(42:20):
And then it'll connect for you. And it'll use the resource connector that the tunnel depending on how you have connected to give you that access and you as an end user.
So it's authenticating, and you're authenticating at the, you know, on the timing that's configured by the administrator so it can be, you know, every hour I think weekly, and there's like different time frames that you can, you can set, I don't quite remember off the top
(42:44):
my head. I'm a nerd but I'm not super nerd so forgive me.
And so like you don't have to like even try VPN first, you know I personally I would try just to connect to it. Same way as I might today, and see like can I access it, and I'm like can't that's when I would be looking at VPN, and you might find entire swaths of users don't need to use VPN after making the migration.
(43:06):
Very cool.
Yeah.
So you just stole my question David.
Absolutely did I'm sorry.
It's all good it's all good but, but no just you know, just to give the audience the, the idea of, you know, zero trust, where we're looking to make sure that we understand who the user is what type of device they're using.
(43:31):
And then, you know that that part that you just mentioned about the client versus client list assessment of the actual device. So yeah, that was good. That was good.
Yeah, so I mean, as far as the zero trust architecture goes right.
It's ultimately geared, no matter what it is for the same thing, giving users access to only the things they need access to, and making sure they like should have access, because it's not just like does David had permissions is is David on a corporate device is David's
(44:02):
corporate device up to date, has he disabled his firewall.
Is risk increased to the point where I no longer want to give David access to something. And the answer might be yes. And so you shouldn't give access to me, regardless of if I'm able to authenticate.
And so depending on the connection method will kind of inform the posture control, but you can of course bring in your own, you know, IDP for authentication so if you're like, you know, leveraging duo for, you know, SAML to this application you're also able to do their
(44:31):
conditional enforcement for device help for secure access itself. You know with the browser based access we're able to use the user agent info to get for information about the endpoint.
Justin mentioned the device health application we brought over for the zero trust access module.
And that is going to be checked per session that a user tries to access the application in both situations.
(44:57):
Like I mentioned like way earlier.
You're only giving access to the application itself.
And you're not giving access to the rest of the network like you would with remote access VPN. Right. And you're able to have that intent based policy based on the user identity.
And so I could say like, everyone in marketing can access this thing, but then I could have a specifier like up adjusting can't.
(45:20):
And so you can get really specific with it. And Cisco is, you know, again, going in a direction to help simplify the deployment and management for this with them.
Some things are working on that I'm not at liberty to talk about.
But it's all geared to make it so you can secure your network provide access to users reduce friction without having to be a CCIE, you know, like I'm all for search I've got more than a couple myself and I'm sure everyone else who does as well.
(45:45):
But you shouldn't have to have a full stack of search to be able to do these things to have these outcomes, you know, so that's really what I feel like we're going to with the zero trust side.
Nice. I like that. Yeah, and that all falls back onto that intent based networking like I can see who I can see what I'm just kind of mapping who I want to give access to.
(46:06):
All right, so I don't have any like theme music planned or anything for the next section that would hype everybody up but it is time for the dad jokes.
I gave you guys, Andre said I said bring a dad joke that has something to do with springtime so I'm really excited to hear what you guys will come up with who Andre's you want to go first.
(46:31):
All right, yes, I'm probably still one of the ones we have right here.
The one that I like.
So, what did the seed say to the flower.
I have an idea, seed to the flower.
I can't wait to grow up like you or something.
(46:52):
No, it's okay bloomer.
Probably something that one of my kids will say to me.
No, I think that okay boomer like people get seriously upset if you say that to someone that's hilarious.
I'll kick up the next one here. Did you guys hear about the gardener who could not wait for spring.
(47:18):
He was so excited he what his plants.
Yeah, okay.
Alright Justin you want to go next. Sure. So that garden is excited he may not be able to plant any flowers. Do you know why.
Because he hasn't bought any.
(47:43):
I had to think about that for a second I was like, bought, bought any. Yes.
Oh god you've asked for springtime puns but I feel like I'm taking the fall if you catch me.
So my pond that wasn't it is why spring a good time to get into good habits.
It's a perfect time to turn a new leaf, which is what I want to do about these puns.
(48:10):
Thank you guys. Excellent. Now I got some good dad jokes to you know tell when I'm coaching my kids soccer and basketball games.
His son out of loss.
Yeah, I can't wait to see that.
David and Justin real quick would you just want any closing thoughts or comments.
(48:32):
Yeah, sure. I'll go first.
So we've talked a lot about secure access and and and how it can fit into an environment, but it obviously isn't going to be the only security solution and something that's part of your security stack and defense and depth.
Strategy. And so there are other components that you'll need to add with us for email, etc, things like that. So there are things that we can help with and we can talk about for customer journeys and things like that to help you on your way.
(49:00):
As far as plugging I am on LinkedIn I don't have a whole lot going on online but I definitely recommend David's YouTube channel which I think you'll talk about in a minute so I'll pass it over to him but you are going to probably have millions of likes from your video flossing so
that's right I got to get that panel board I was looking at some inflatable ones are discounted right now so I got there.
(49:24):
I've got two inflatable boards I recommend them, but you have a truck so you might be able to use a regular board.
Is interesting.
I might have a user one to sell you if you'd like I don't have a truck so I have no way to transport it anymore.
Okay.
I'll give you a plan. We sort this out. This is the security 45 marketplace. Yeah, yeah, yeah, yeah. Let me know if you want to buy a panel board.
(49:53):
Yeah, I'm on YouTube now, I've only got two videos I make no promise when I'll post new ones.
But look me up at a security hyphen decrypted.
I just try to make videos related to see you know simplifying security making it more, I guess, easier to understand to follow. I really simplify things I'm going to have a series on secure access I've already kind of started with an overview.
(50:15):
So if you want to hear just me talk about it for 14 or so minutes for free to check that out.
Otherwise I'm not really on social media either there's just too many other things to do but I'm on LinkedIn so hit me up.
(50:37):
I don't know why not mess around with the what customers are telling me but it's always good to hear what people with, you know, boots on the ground are doing as well.
So takeaways yeah I'm glad we covered those acronyms which are, you know, extremely confusing to a lot of different people SSC sassy software as a service CASB, we talked about those primary components of secure access I like thinking of it as a connectivity
(51:12):
and a security solution where we're connect everyone out to that common cloud and right there is where we're going to apply that security policy as well we talked about that unified policy, how all of this is frictionless from the user.
A lot of complexity that Cisco will worry about behind the scenes but from a user perspective I connect in to get to work. I think that's really important.
(51:34):
Then from that management and administrative side of things. I will be able to consolidate a lot of these separate pieces of the puzzle I have maybe separate products maybe something like umbrella, and I'm able to absorb all that into this one common dashboard,
again, which is doing my doing the bringing that connectivity and security together.
Andres. Yeah, thank you for that Mike. My takeaways are going to be one of them. The understanding that we have now on the secure access components, what are the things that we can do.
(52:09):
All those acronyms, you know the DNS security, the advanced malware protection, the browser isolation, all those things that are super fundamental for an SSC solution. They're going to be, they're going to be here on the section.
Right. The other thing is where are users devices applications, where are we connecting from, and where are we connecting to. Those are the most important questions right.
(52:39):
We have access to local applications, things that are inside of the data center, things that are cloud, and we can have control of that so that's really good to keep in mind.
And then the last piece, which I think it's very interesting. It's going to be that, that piece on zero trust on the zero trust architecture, where we're talking about the posture assessment.
(53:06):
We're talking about what is the implication for users connecting either via a client or client less. And then we see that that that piece on the framework for zero trust so that was those are really my takeaways for this one.
Well I'm personally armed with new dad jokes and I'm feeling pretty good today. Thank you so much, David and Justin David Keller and Justin Murphy for being guests on the show and all the good you do in the security world.
(53:40):
Next call is going to be April 17, we're going to be discussing what's new in Cisco's firepower latest version.
Firewalls that are new. I've loved today's session on secure access please stay secure, and we will see you on the next show everybody. Thank you all.
(54:05):
Bye bye. Yeah.
Well, welcome everybody. Today is March 19th. Welcome to the latest episode of Security in 45. Today we're covering one of Cisco's newest technologies on the market, Cisco Secure Access.
(00:13):
We're joined by two esteemed Cisco engineers, both with excellent but different beards. I'm very excited about that. David Keller and Justin Murphy.
We'll send you the Venmo for the introduction later.
Don't forget. Yeah.
Yeah, Mike, this is great. So yeah, again, secure access game changing solution. We've seen a lot of customers, you know, it's part of a lot of our conversations.
(00:44):
Very flexible to be used in terms of use cases and things that we can do with secure access. So, you know, super excited to have David and Justin part of the episode today.
And again, we're going to tag into what we had last time, which was Cisco Talos. This one is also another product that we can that can talk Talos in, you know, can get the intelligence from Cisco Talos.
(01:16):
So it's going to be really, really good. So now, David and Justin, if you don't mind, let's get a quick introduction. I will start with you, David. And then we go with Justin.
Sounds good. So I'm David. I'm a Solutions Engineer here at Cisco. I've been with Cisco for roughly six, six years, depending on when you start counting based out of RTP. RTP in North Carolina has a lot of, you know, opportunities for outdoor things.
(01:45):
So in addition to tech and just really liking to learn and tinker with things in my lab environments, I really like doing things outdoors, you know, hiking, paddle boarding, all kinds of stuff.
And with that, I'll pass to Justin. Sure. Thanks, David. So I'm Justin Murphy. I'm a Tech Marketing Engineer for Cisco. I've been here for around eight years.
(02:09):
Before that, I was a customer engineer, we're sought for a large bank and things like that. I am based out of RTP as well. I also like to learn things, everything from the latest technologies to how to floss so I can teach my son and play around with him.
And then I also like to travel. I've been fortunate enough to be able to go around the world to like Australia and New Zealand and things like that and take part in sort of adventure sports there as well. So it's been a lot of fun.
(02:41):
And that I'll pass that. So you guys not only are supposedly smart, but you're also well rounded. I mean, flossing that's pretty awesome. And David, I can picture you out there on the lake with that paddle board. Excellent.
I'm just not flossing while I'm doing it. So, neither the dance move nor the hygiene. Flossing on the paddle board.
(03:06):
You'll see me on Instagram.
So, alright, so today we're talking about secure access but I think it'd be good for the audience to talk about some of the higher level kind of acronyms and the building blocks.
I'm going to try not to confuse myself as I even ask this question. But if you could kind of clarify these acronyms that we hear all the time, SSC s a se or sassy CASB and s a s where the SS are both capitalized and the, you know, the A's are usually the lower case
(03:45):
and the S a s. Maybe an example would be really helpful. And David, I'll kick this one over to you. Sure. Sure. So I'll kind of tell us is like an evolution almost. I know this is kind of up for debate and it really depends on where you're looking.
And I don't really know if the evolution itself matters quite so much as it is the principles behind it and the actual architecture looking to solve for.
(04:10):
I think we can all kind of remember a before time where all applications were on premise and behind centralized, you know security solutions whether that was a DLP solution or your firewall wafts what have you.
So there's shifts, you know, either from users going remote or just issues with power cooling, any kind of reasons where there might be a either optics or capex positive to move to a cloud hosted offering and that's where the first acronym comes in of
(04:42):
sass or software as a service and then it's based that's really just software that you're paying to access and utilize but you're not having to manage the underlying infrastructure, whether that's the platform itself the infrastructure itself or anything else, rather than having in your own data center on a server or, you know, hybrid cloud or in public cloud.
(05:03):
And as they shifted, right organizations in general shifted applications to the cloud and leveraging sass.
You lost some of the visibility you gained from your centralized security services. And that's where the second thing comes in of the content access security broker.
So the Cosby's were solutions and these are all terms, Krone by Garner were solutions geared toward providing that visibility and control for applications that you no longer had on premise, either, you know in line as a, you know, as a solution or out of band via
(05:39):
API or a different kind of method of plugging in.
There were of course some challenges and limitations that led to the next evolution which, and again this is up for debate but I'll say it was secure access services edge or sassy sassy took has been controls and added additional focus on the networking aspect.
(06:08):
And also additional security controls so now you've had things like secure Web Gateway or Web proxy. You had the casby controls, but you also had networking in terms of like SD when or wide area network architectures.
The challenge with that is now you've got a solution that is both the software defined network for for your when, as well as the security services. And that's where the final term that I'll go over is the security services edge or as a CEO architecture comes in, which is the disaggregated
(06:45):
or can be thought of as a disaggregated security services from sassy just separate. So now you can use it regardless of any other underlying network infrastructure and sassy of course is bringing similar Casper controls, similar Web proxy, you know, data loss prevention, all kinds of stuff that will, of course, talk about during this call.
(07:10):
Did that answer your question, Mike. Definitely did. Thank you. And I think you explained that pretty well. And I think it's good to understand because, you know, the product we're talking about today is using these components at some level.
Justin anything you'd want to add to that. Yeah, so sassy and SSC do look very similar but they they solve different needs there for different teams right.
(07:37):
So when you're looking at a sassy solution and everything sort of being together under one roof under one management system, you're you're looking at smaller teams smaller organizations where you're going to have a single solution for your network and your your security stack together and the teams are going to work hand in hand and may even be all the same people want working your network and your security group.
(08:01):
Whereas sassy would be larger organizations that you have a mixed environment, maybe you need to maybe you have a separation of networking and security practices and things like that. That's where you would bring in the sassy and that's where you would have the the very similar stack, but it would it would be a little more flexible to fit into any environment and integrate with your existing network infrastructure.
(08:28):
Last point I have on this topic is how long is your guys's Excel spreadsheet to like map all these acronyms to all their meanings.
Under a page.
I don't think Excel's big enough to handle that. I've got a separate database I've spun off to just install my records.
Yeah, I can get crazy with all the acronyms and everything so yeah I know.
(08:54):
All right guys so I do have a new question this one's for you Justin.
What are what are the, the primary components for secure access we heard you know some of those acronyms, but we want to know what are the components of, you know, a solution like secure access, you don't mind going over.
(09:17):
Sure. Yeah, so I'm gonna have to throw some more acronyms at you, but we'll make it through it I think.
So when we when we design secure access we really want to make it simple and we broke it down into really three parts. We, we really wanted to talk about users access to application.
So we broke it down into who, which are the users. The what which is applications whether it's private cloud public cloud data center wherever they are. And then the what, which is the security in between which is the actual meat of secure access.
(09:50):
So in order to get those three things together to get that traffic through secure access, we need a couple components right we need the CSC or the Cisco secure client, and that has modules to acquire traffic from the users, whether it's CTA VPN roaming all these
types of different data acquisition methods are all in one simple unified client to get that traffic to secure access to acquire security stack. And then on the other side to get to the applications we've got some standard protocols things like IP sec tunnels
(10:24):
like site VPN, as well as resource connectors which we can dive into a little bit later, which will give you that ability or that transport to get to those applications. And so, once we have that traffic into your access then that's where we can apply firewall
controls, IPS rules that holds security gateway or SIG stack that we have there with the proxy and all the different controls, as well as posture and and authentication, those types of things so.
(10:59):
So it's really just all in comes in way of getting users to application securely.
That's actually really good info. Yeah, really good that we see you know all the components everything that we can do with it and.
And it's just you know, a lot of impact for for users going hybrid going on site and things like that so that's awesome.
(11:25):
I guess at a high level then you're taking all these users that you mentioned like they may or may not have a client on them and then we've got these locations. And it sounds like connect all of all the other, all the humans and all the devices together.
And then while we're where we are all connected that's we're going to apply that security stack as well. Right. So the motto is to connect from anywhere to anywhere. Right. And we're highly distributed within the cloud so to make that a pleasant experience for the
(12:01):
users as well as to make those applications available. And when we do break those two things down we usually break them down into SBA which is secure private access for your applications that you're hosting and secure internet access and that's where you're going through that
additional security controls are going out to the internet. Interesting. So as opposed and I won't dive too deep into it right now but I heard you mentioned like umbrella SIG for example so we're using components of that to do the security in the cloud.
(12:31):
And then access is a collection of a very integrated security controls that we've already have so a lot like our secure client. It's technologies that we've been developing for years that that we've brought together and simplified with our unified policy and other
things that we can dive into to be able to protect those applications and get those users connected. Excellent. Excellent.
(13:01):
David, what about okay so I'm a user, and my company is now using secure access from a user experience, what are the pain points and some of the problems that secure access solves for me as the user.
Yeah, so, and this is just another way of looking at, you know, the components of secure access where secure access is geared toward, you know, three high level use cases.
(13:31):
The first is going to be security advocacy.
No matter how pretty a dashboard is if it's not actually providing any kind of actual purpose and security. It's not worth anything, you know, it might as well be Facebook or something as like a GUI for you to manage, which is where, as I mentioned earlier
we were leveraging talents for that threat intelligence.
(13:53):
The second part is the admin experience, and I think we might be covering that in a later question so I'll leave that on the table for now.
And then the third of course is the actual user experience that you're, you know, wanting to know more about from a user experience perspective we're geared toward two primary directions.
One is reducing friction, especially when accessing private resources.
(14:19):
We're looking to secure access to both private and public, you know, anything on the internet you're still going to have visibility control through both the DNS and secure web gateway controls.
And along with that the security, you know features and components that they provide.
We're also looking to reduce the friction to private resources. And so that would be you know an application or a service or server that you're hosting on premise.
(14:44):
For those users there's really three ways that they can connect to those applications. The first is remote access VPN as a service and that's going to work the same way as it does today if you have, you know, Cisco heading you're using any connect.
Like Justin mentioned we're leveraging secure client. And all that is, is version five with a rebranding of any connect. So there's really no change for it is just a change of name.
(15:07):
And the brand change is just due to, you know, Cisco leveraging the secure client as the mode of deployment management for all the other security modules, which includes any connect as a VPN module, but there's also the umbrella module we're taking for from
umbrella we've got 1000 eyes module we have modules for ice endpoint, all kinds of stuff there's like 10 something modules already all under that one client.
(15:35):
So we don't have VPN as a service today. And I think that will go into the operational component that we talked about a little bit.
The second bit is related to the zero trust access that we're adding, both of which are geared toward reducing friction.
So, is client based. So that's using a module under secure client that will enable the user to authenticate, you know, for a period that you specify, and then the user can access that internal application or resource, how they would have been on prem, without having
(16:08):
to connect to a VPN headed.
And they're still getting, you know, posture controls and security applied to that. But for the end user.
So the first is if they were on network, right, they don't have to go, you know, and, you know, reconnect to the VPN or decide like, do I need to be a VPN for this or can I can just connect to it like you take all the guessing out.
And then the second is browser based. And so it doesn't rely on having a client. And that can be used for either, you know, your regular users or if you had, you know, contractors or, or someone you wanted to give access to for a specific web app, we can proxy that
(16:40):
to the network. And so you would just give them a URL that they would use to resolve that application. And it either is either of those situations, either client based or browser based, you're only allowing access to the applications, you're not allowing access to the
best of the network like you do with remote access VPN, preventing that lateral movement, but we'll talk about that more later.
(17:01):
The second bit would be related to the actual end user experience.
We've, you know, like Justin was alluded to Cisco has a lot of things that we require we built, you know, there's 30 something things in the security stack alone, and there's hundreds of things I think in our actual overall portfolio, and very unique to Cisco,
we've pulled the best from each thing.
(17:25):
And if there were microservices to build secure access as a SaaS offering. And so we've taken from Dallas and eyes and added a end user agent for end user, you know, experience visibility so we can see, you know, things about like the actual like network
connection or the connectivity to, you know, SaaS or to secure access. And with that visibility, you know, and this might also go into the operational side is there's a lot of overlap between these things that could be really argued, any of them could flop over.
(18:00):
But now the IT team can assist with visibility for users that aren't on premise.
So, you know, we've done a lot of things to the wireless controller to see what the, you know, the connectivity to AP looks like or, you know, have them run telnet and ping and do all these crazy things to try to get visibility now you're getting that from that agent.
So now you can make decisions and assist, regardless where the user is located.
(18:26):
So, those are the two primary things that would contribute to the user experience but really the idea is to make it so that the user doesn't have to think about how they're connecting. Right. So, all of these modules play together to where even the admin doesn't have to doesn't have to configure the VPN to ignore ZTA traffic and ZTA does get a higher level so that it is able to sort of match and and provide that transport for traffic.
(18:55):
If it's if it is enabled. So we really go for, hey, can we can we go the most secure way? Can we use ZTA? Can we if not, hey, is VPN connected? Let's go VPN. If not, hey, we're going to the internet. Maybe we're the wrong module.
Maybe we're going over VPN to go to that. So, so it really is to make it transparent for that user and it gives you some availability and benefits on the management side as well.
(19:24):
Where we're talking about, David mentioned VPN as a service.
Where, hey, I've got a stack of ASA's or FTD and I'm trying to manage my VPN.
That way, now I've got to replace that hardware to keep it up to date, I have to size it correctly. If we have a mass exodus of folks or need some need to provide additional
(19:50):
additional bandwidth for folks to connect in and get to these applications.
We've got either plan for that or we're going to have a bad day when the folks try to connect in at 8 o'clock in the morning and and all of our VPN head ends completely saturate and turn over.
So with VPN as a service and secure access, we can because we're in the cloud, we can elastically expand that out. You don't have to plan for that. We have that capability within your subscription to just, hey, we're going to expand out.
(20:18):
We're going to provide that connectivity for those users. There's no performance it and you can keep going.
Beyond that, we are playing further into the security stack. Like being able to provide proxy and malware analysis from internet traffic and things like that in IPS.
Where, hey, you can offload that decryption all again, a lot of sizing and management of boxes into the cloud, particularly for remote access, but even branch to branch communication and branch out to the internet.
(20:48):
Communication so that that can help with especially smaller branches where you may not want to invest in the infrastructure to have the same, the same security, but you want the same security control, right? You don't want to bring it back to your data center.
Send it to us. We can process that traffic. We can route it wherever it needs to go, the public or private apps and provide those security controls seamlessly.
(21:10):
And it's a single place of configuration. So you don't have to worry about, hey, did I go out to branch to this branch and make sure that the firewall had the same rules as this other branch? Even if I have centralized management, you don't have to worry about pushing that out and verifying those configurations because it's all in one place and distributed across our cloud presence.
I'd say we as engineers, it probably was a tendency to go deep in the weeds as you could tell from my previous monologue. And I apologize to anyone that's heard this analogy before because this has been said internally quite a lot.
(21:45):
But from an end user experience, I would consider it the same way as plumbing inside your house might work. Right? You need water to go out of your sink, shower, whatever. You just need access to the water.
You don't care what the pipe is. The same way for this. The end user just needs access to the application, whether that's on the Internet or internal, they don't care.
But you as the management need to be able to provide that securely. And so we've provided a handful of ways, three of which are practically transparent to the end user in order to access those resources.
(22:19):
And so they don't have to worry about how do I need to connect to something? They just connect to it.
Like that analogy a lot, actually. Yeah. So from the user perspective, it's completely invisible after I turn on that water or after I start trying to get to my application. I don't need to worry about that.
I'm just connecting and getting to work. But then, Justin, your point on the management admin side, we've got all these controls that we can put in place and we've got the full power of the security and the connectivity at our fingertips, which we don't have to concern the user with.
(22:53):
Very cool. Exactly.
And the other thing that I think was really cool was just, you know, understanding all the pain points that all the users feel right now when the company starts applying security and this is just a way to get away from that friction, from that bad user experience.
(23:14):
So that's awesome.
I think some of this like for the Justin, you mentioned like the SSL decryption as well. So all of this security being done in the cloud. That's really nice for my on prem firewall, not having to get bogged down with some of these CPU intensive, you know, classic don't turn on SSL decryption.
(23:36):
It could break things or slow down my firewall. So we're moving so much into the cloud by consolidating, like you said, a lot of different features from a lot of different products into this one solution.
Correct. And we're not only sort of offloading that into the cloud, but we're also distributing it to wherever your users are right so you don't have to worry about bringing everything back to a central location.
(23:57):
It's not like we're bringing it back to a central location. It's, it's across all of our data centers and the cloud. So, so we're able to provide that better experience closer to the user as well as offload that need for that high, high compute and handle those spikes.
And then just the day to day traffic as well without having to invest additional dollars to build those boxes bigger for them like one time a year when everybody's using it like retail Black Friday, you're trying to size for Black Friday versus every other day,
(24:31):
you're looking at three, four times 10 times the amount of traffic and compute that you need to like are you really going to buy that and spend that money all year long, just for one day, or what we saw with the pandemic just,
if you have something like this solution for the pandemic, I mean talk about the ultimate flexibility and scaling. Everybody goes home to work. This solution just scales with them company holidays things like that.
(24:54):
Absolutely, absolutely. When, when in 2020 I was still in sales and we got a lot of calls about folks who had firewalls and everything else that were that were needing to upgrade and add to the stack and having all of these problems and down because they were not able to handle the new traffic flows.
And it might be worth considering right this isn't just a, here's what going to do for your existing environment, right and augment that it's also like what you're wanting to do in the future, you know if you currently a branch sites that are tunneling all traffic back to, you know,
(25:27):
hub location, and that's your centralized security point you're wanting to instead, you know, move away from that and have direct internet access from branch locations. This is a way to add those security services with a centralized, you know policy stack, you know a unified
policy single, you know, cloud manager offering without having either enable security services on devices that weren't previously sized for that, or put a second device at that location that you didn't have to find a way to manage.
(25:58):
So, wait for that to come up. Yeah, because I know we talked about the unified policy of the solution and what one policy to kind of extend wherever you connect in from to maybe multiple locations.
Right, and it applies to all of the different data acquisition methods, the same right so if I'm just in on ZTA or I'm just an on VPN, then I can be identified and use the exact same rule maybe there's additional posture when I'm connecting the ZTA, but, but all of that's part of the
(26:28):
same policy so all of those components come in and I don't have to rewrite that on different boxes or have a different policy section even in the same dashboard it's all in, in one place for those users and David I like your.
Hey, this is a good way to sort of think about how you're going to manage your traffic in your security in the future, because that's one reason that we're offering VPN as a service within our, our SEC because not all SEC's provide that capability.
(27:00):
And what it does is it gives it meets you where you are in your current security journey like hey I'm very heavily relying on VPN these all these applications I'm not sure if they're going to work over ZTA, or maybe the experience isn't as good over ZTA for whatever reason
maybe there's a server to client communication that has to happen or something like that. Well, hey, you can move over your VPN as a service distributed in the cloud take advantage of that infrastructure, and then move all of your applications
(27:29):
to ZTA as it makes sense maybe the, maybe start with the crown jewels and the highest touch type stuff so that you can force that reoff or provide that per app posture and get that additional visibility into it, and then, and not allow as much access to those
to those more secure networks. And, and so it provides you with a soft way to kind of move into the cloud, get into an SEC type solution.
(28:00):
Excellent. That's good and and we've been touching in a few in a few different topics a few different points of view, you know management user experience, but I want to I want to ask you David, if, if you want to just go a little bit more specific into what are the
components of secure access, you know just from all the things that we mentioned, let's, let's see if we can put all this together so our audience can can make sense of what are the components, you don't mind.
(28:33):
Yeah, for sure, for sure. And this will kind of tie into some what we've already talked about as well and I mean to be honest we could probably take an hour by itself just to talk about the actual components to it.
I mean it feel a lot more like a list than it will an overview.
But we of course have the core SEC components and secure access because it is a security services that solution so things like the web gateway.
(28:56):
The cosmic controls the data loss prevention which, in our case it's multimode both in band or real time with the web proxy as well as out of band using API for a few different sanction SaaS applications.
And then Azure Trust Network access which we talked about being client based and browser based.
And we also have the firewalls of service, which is our centralized firewall stack, including decryption for that for layer three layer four and layer seven controls, and in line with that we have ideas and IPS leveraging support three seems
(29:25):
what we use with Meraki MX and with firepower.
And it will be, you know, more similar to what you have with Meraki MX where you have, you know, pools of signatures created by Talos but you know, like you probably talked about in your last session with Talos.
I'm able to go back and watch it although it's on my next list.
(29:46):
They're doing a lot of stuff for threat intelligence because they're the ones evaluating all the different things that we're getting from our security stack in addition to, you know what they're doing as you know innocent response or threat research.
So, they are writing signatures that we can then leverage with that.
Because we're Cisco, because we're able to pull from the best of everything we're also, you know, able to offer DNA security pulling from what we had with umbrella we've rebuilt that insecure access to offer it as another enforcement point.
(30:17):
We have the advanced mount protection, using our, you know, amp cloud that we leverage with, you know file analysis with the web proxy because we're able to, you know fully decrypt traffic including to loss one.3.
And because we're able to fully decrypt that traffic we don't get greater visibility with, you know, granular app controls for, you know, applications that you might need to allow access to that you don't want everyone to have full access with, you know, file analysis of course, in line with the
(30:43):
web proxy. So we have the, you know, secure analytics for additional sandboxing for files of unknown disposition.
You know file type controls, other CASB controls.
The VPN is a service, the digital experience monitor we already talked about. And then finally, we have the remote browser isolation, also in line with the web proxy, which would be a containerized browsing session for the end user so that nothing within that browser is being
(31:12):
executed within the end user's actual endpoint, it's all being executed within the browser. And then that final product is being presented to the end user using a combination of draw operations and DOM mirror.
So we're not using pixel streaming which can cause some performance issues.
But there's, there's a lot of stuff, kind of what you would need to use or how you would leverage it would really depend on, you know what you're looking to do.
(31:35):
But it's definitely more than just kind of the core SSE components.
So that's a really cool summary of all the components.
It is all invisible to the user.
Yeah, all invisible to the user. That's amazing.
Well, and it's also part of one subscription as well right so you're not buying all these individual components and bringing them together and trying to integrate each piece yourself.
(31:59):
All of these are part of the secure access solution in one management plane in one dashboard so that you can see, so that you can configure them and have that visibility and control without having to say oh I need to go out and get this and this and this and integrate
and build a stack, it's there for you.
(32:20):
It's all one it's policy as well, and you can have it be based off of, you know, I don't want Justin to go to Facebook, and I want to offer a warn page for David if he tries to go to Facebook.
And it'll be able to do that based on user identity you can integrate with an IDP or upload identities to have policy applied for that.
(32:41):
And that's for both, you know, DLP web proxy depending on how we see the traffic we can apply all kinds of stuff.
But it's all through that one policy. And then of course, you know you, it's all in the same reporting as well and it's all one dashboard.
So you can see within reporting kind of what users are doing and where they're going and, you know, applications are leveraging for shadow IT and all kinds of fun stuff without having to go to, you know, different management places.
(33:07):
Sorry, Justin I got excited there. Were you gonna add more.
Yeah, that's good. I like it. All right, big nerd energy on this call, you know, it's, it's a little too much.
I know we just and you talked about consolidating a lot of this products into this one solution I'm thinking like Cisco umbrella for example which, which is only going to connect to cloud based resources but this solutions to your access.
(33:32):
And you mentioned I can talk to those private resources as well. Maybe just two minutes or less Justin. What is the, the actual mechanism by which we are connecting all these users some of them are remote maybe I'm at Starbucks and then some of them are behind these
firewalls these SD when locations.
How do we actually connect them in together.
(33:56):
So there's a few different connection methods we can use I noticed you gave me a time limit so I must be talking too much.
I just want to make sure we have time for that dad jokes at the end that's that's why people tune in. Absolutely. So, so yeah so we'll talk about the, the remote users first because we've touched on that quite a bit with the secure client would dig a little bit deeper into that so we're using
(34:21):
the same VPN technology that we've had obviously we moved it into the cloud we've got microservices and things like that running around it.
But we can, we can perform the same sort of posture and certificate based off and as they had mentioned, we can have an IDP like Azure or others and and a sample solution like do over something like that integrated in with this so that we can authenticate and we can provide
(34:48):
that VPN connectivity and what that does is that does obviously route all ports of protocols we can do a full tunnel, and that's going to get you into that flow to get into that six stack as well as to private applications.
Now, just below that we have our ZTA module and our ZTA module actually includes the dual health agent so this is another like sort of under the hood type thing that you don't really have to worry about, but it's inside that ZTA module, where hey we're going
(35:17):
to again check your identity we're going to check your posture and we're going to give you per app tunneling to those applications that are ZTA enabled.
So, and that that traffic as I mentioned earlier is something that where the ZTA module is looking for that at the application layer right below the application there the socket layer to be able to grab that traffic before the VPN can even see it so as long as the VPN is
(35:46):
aware that ZTA is doing this, there's no conflicts there so we can have those running side by side and get that app, that private app traffic, where it needs to go securely.
And then we have the roaming module that's sort of our tried and true roaming module that will send DNS traffic up to secure access provide those DNS controls so that hey we can stop threats before they even try to attempt to connect for your clients try to connect to those
(36:13):
malicious websites or undesired destinations where there's content category and other things. And then it can also pull that user identity from the device and apply policies through the proxy and provide all of those security controls that we do have in our proxy
because that is sort of where a lot of the magic happens with with decryption with file analysis with RBI and all of those other components that we've talked about that roaming client just by itself can get you all of those types of things in front of your user or for your users traffic.
(36:48):
And then if your user comes on premise, then we have things like IP sec tunnels where you can build with standard protocols with other third party components as well as our own routers and firewalls and things but we also have integrations with our catalyst SD-WAN
so that we can participate in in the routing power of SD-WAN and the filtering and traffic shaping and and wrap and steering of those components of hey we can get into secure access get that security stack in front of things you want to be in, or we can go branch to branch and get that traffic directly there.
(37:28):
And so those are sort of the main ways that we do this. The final one we've added actually recently is resource connector, and that's something that works hand in hand with our ZTA module to provide a path for users to get to applications right so if I have an application
configured for ZTA, and I have a resource connector deployed which is just a VM that can run in AWS and ESXi today, it will expand into other clouds as well soon.
(38:00):
Basically what it does is it means I don't have to build IP sec tunnels, I don't have to worry about routing, I just need to put this VM in my data center on a VLAN on a network that can access these applications.
And then I just define the application secure access, and everything else happens for you. The tunnel is built from the resource connector out to the cloud automatically.
(38:24):
And the cloud basically just says hey, this application lives behind this resource connector and sends it there and then once it's behind on your purpose you can have a laugh or a firewall between the resource connector and your application if you need additional security,
but we can we can provide that transport easily without modifying your firewall rules or anything on your edge or routing within your network as far as like building out IP sec tunnels to say hey I need these sites to connect through secure access, that resource connector will do that for you.
(39:00):
Now, that last one about the resource connector for these, I get a lot of calls about people looking to replace my VPN and go clientless. Would that work there? Can I have no client and still access that private access?
So yeah, so that's our clientless ZTA. I neglected that a little bit on this interview, but yeah, so the clientless ZTA does participate in that as well and that is another way that we connect users. So if you have unmanaged devices, whether it's BYOD or contractors or partners that are trying to connect to applications, you can either use those IP sec tunnels or you can use the resource connectors to get back to those applications and provide that posture using that user agent.
(39:41):
Using that user agent string for that traffic back to web applications. Absolutely.
Yeah, and it kind of depends on what the questions are regarding whether in terms of VPN like is it from between sites or from a head into secure access or if it's for users connecting for remote access VPN.
From a connectivity perspective, like if you're going to zoom out, users are connected to secure access using the umbrella module for Web and DNS, remote access VPN for all traffic if you want.
(40:12):
The client based ZTA module that can do private application access, you know, any port protocol as long as it's, you know, client to server.
And then browser based access, which is of course the web proxy.
The connection from your private application to secure access would be their tunnel, which is an option for backhaul or that resource connector, which can act as kind of a proxy for secure access and the end user trying to connect.
(40:38):
And on the network itself and it's going to be what's going to reach out to the private application and then of course to secure access building a tunnel by itself.
So yeah, you could, you know, replace VPN either for the backhaul connectivity or the end user connectivity, but it would ultimately come down to, you know, your existing architecture what applications you need to allow access for, you know, there are going to be
(40:59):
situations where remote access VPN is still necessary for better or worse.
It is might be for a smaller user pool or for fewer applications, as you make that migration and that's part of why we've included, you know VPN as a service, because I mean any anyone that offers ZTA is going to still require
you to have a VPN, because it's either going to be something peer to peer or, you know, serve a client, it's going to require it.
(41:24):
And so we just included as part of the offering because I get uniquely positioned as Cisco.
And it's cool that we're talking earlier how seamless or invisible to the user you could just have them try the VPN, if needed, if not just go down to the next connection method, kind of automatically.
Very cool. Yeah, yeah, with the ZTA they just be connected to it as if they were on prem, and that the module self will capture the traffic and identify to say this is a private application.
(41:54):
And with any of these options, there's a posture check, you know, so it can fit as part of a zero trust access architecture which I know is going to be a question you're going to ask in a second, but this feels too perfect of a segue.
It'll be able to do a posture check for you. And if you pass the posture check, you know you're able to authenticate, it's going to put you through you know the firewall rules, it's going to look at like should you be a lot of access at all with your identity.
(42:20):
And then it'll connect for you. And it'll use the resource connector that the tunnel depending on how you have connected to give you that access and you as an end user.
So it's authenticating, and you're authenticating at the, you know, on the timing that's configured by the administrator so it can be, you know, every hour I think weekly, and there's like different time frames that you can, you can set, I don't quite remember off the top
(42:44):
my head. I'm a nerd but I'm not super nerd so forgive me.
And so like you don't have to like even try VPN first, you know I personally I would try just to connect to it. Same way as I might today, and see like can I access it, and I'm like can't that's when I would be looking at VPN, and you might find entire swaths of users don't need to use VPN after making the migration.
(43:06):
Very cool.
Yeah.
So you just stole my question David.
Absolutely did I'm sorry.
It's all good it's all good but, but no just you know, just to give the audience the, the idea of, you know, zero trust, where we're looking to make sure that we understand who the user is what type of device they're using.
(43:31):
And then, you know that that part that you just mentioned about the client versus client list assessment of the actual device. So yeah, that was good. That was good.
Yeah, so I mean, as far as the zero trust architecture goes right.
It's ultimately geared, no matter what it is for the same thing, giving users access to only the things they need access to, and making sure they like should have access, because it's not just like does David had permissions is is David on a corporate device is David's
(44:02):
corporate device up to date, has he disabled his firewall.
Is risk increased to the point where I no longer want to give David access to something. And the answer might be yes. And so you shouldn't give access to me, regardless of if I'm able to authenticate.
And so depending on the connection method will kind of inform the posture control, but you can of course bring in your own, you know, IDP for authentication so if you're like, you know, leveraging duo for, you know, SAML to this application you're also able to do their
(44:31):
conditional enforcement for device help for secure access itself. You know with the browser based access we're able to use the user agent info to get for information about the endpoint.
Justin mentioned the device health application we brought over for the zero trust access module.
And that is going to be checked per session that a user tries to access the application in both situations.
(44:57):
Like I mentioned like way earlier.
You're only giving access to the application itself.
And you're not giving access to the rest of the network like you would with remote access VPN. Right. And you're able to have that intent based policy based on the user identity.
And so I could say like, everyone in marketing can access this thing, but then I could have a specifier like up adjusting can't.
(45:20):
And so you can get really specific with it. And Cisco is, you know, again, going in a direction to help simplify the deployment and management for this with them.
Some things are working on that I'm not at liberty to talk about.
But it's all geared to make it so you can secure your network provide access to users reduce friction without having to be a CCIE, you know, like I'm all for search I've got more than a couple myself and I'm sure everyone else who does as well.
(45:45):
But you shouldn't have to have a full stack of search to be able to do these things to have these outcomes, you know, so that's really what I feel like we're going to with the zero trust side.
Nice. I like that. Yeah, and that all falls back onto that intent based networking like I can see who I can see what I'm just kind of mapping who I want to give access to.
(46:06):
All right, so I don't have any like theme music planned or anything for the next section that would hype everybody up but it is time for the dad jokes.
I gave you guys, Andre said I said bring a dad joke that has something to do with springtime so I'm really excited to hear what you guys will come up with who Andre's you want to go first.
(46:31):
All right, yes, I'm probably still one of the ones we have right here.
The one that I like.
So, what did the seed say to the flower.
I have an idea, seed to the flower.
I can't wait to grow up like you or something.
(46:52):
No, it's okay bloomer.
Probably something that one of my kids will say to me.
No, I think that okay boomer like people get seriously upset if you say that to someone that's hilarious.
I'll kick up the next one here. Did you guys hear about the gardener who could not wait for spring.
(47:18):
He was so excited he what his plants.
Yeah, okay.
Alright Justin you want to go next. Sure. So that garden is excited he may not be able to plant any flowers. Do you know why.
Because he hasn't bought any.
(47:43):
I had to think about that for a second I was like, bought, bought any. Yes.
Oh god you've asked for springtime puns but I feel like I'm taking the fall if you catch me.
So my pond that wasn't it is why spring a good time to get into good habits.
It's a perfect time to turn a new leaf, which is what I want to do about these puns.
(48:10):
Thank you guys. Excellent. Now I got some good dad jokes to you know tell when I'm coaching my kids soccer and basketball games.
His son out of loss.
Yeah, I can't wait to see that.
David and Justin real quick would you just want any closing thoughts or comments.
(48:32):
Yeah, sure. I'll go first.
So we've talked a lot about secure access and and and how it can fit into an environment, but it obviously isn't going to be the only security solution and something that's part of your security stack and defense and depth.
Strategy. And so there are other components that you'll need to add with us for email, etc, things like that. So there are things that we can help with and we can talk about for customer journeys and things like that to help you on your way.
(49:00):
As far as plugging I am on LinkedIn I don't have a whole lot going on online but I definitely recommend David's YouTube channel which I think you'll talk about in a minute so I'll pass it over to him but you are going to probably have millions of likes from your video flossing so
that's right I got to get that panel board I was looking at some inflatable ones are discounted right now so I got there.
(49:24):
I've got two inflatable boards I recommend them, but you have a truck so you might be able to use a regular board.
Is interesting.
I might have a user one to sell you if you'd like I don't have a truck so I have no way to transport it anymore.
Okay.
I'll give you a plan. We sort this out. This is the security 45 marketplace. Yeah, yeah, yeah, yeah. Let me know if you want to buy a panel board.
(49:53):
Yeah, I'm on YouTube now, I've only got two videos I make no promise when I'll post new ones.
But look me up at a security hyphen decrypted.
I just try to make videos related to see you know simplifying security making it more, I guess, easier to understand to follow. I really simplify things I'm going to have a series on secure access I've already kind of started with an overview.
(50:15):
So if you want to hear just me talk about it for 14 or so minutes for free to check that out.
Otherwise I'm not really on social media either there's just too many other things to do but I'm on LinkedIn so hit me up.
(50:37):
I don't know why not mess around with the what customers are telling me but it's always good to hear what people with, you know, boots on the ground are doing as well.
So takeaways yeah I'm glad we covered those acronyms which are, you know, extremely confusing to a lot of different people SSC sassy software as a service CASB, we talked about those primary components of secure access I like thinking of it as a connectivity
(51:12):
and a security solution where we're connect everyone out to that common cloud and right there is where we're going to apply that security policy as well we talked about that unified policy, how all of this is frictionless from the user.
A lot of complexity that Cisco will worry about behind the scenes but from a user perspective I connect in to get to work. I think that's really important.
(51:34):
Then from that management and administrative side of things. I will be able to consolidate a lot of these separate pieces of the puzzle I have maybe separate products maybe something like umbrella, and I'm able to absorb all that into this one common dashboard,
again, which is doing my doing the bringing that connectivity and security together.
Andres. Yeah, thank you for that Mike. My takeaways are going to be one of them. The understanding that we have now on the secure access components, what are the things that we can do.
(52:09):
All those acronyms, you know the DNS security, the advanced malware protection, the browser isolation, all those things that are super fundamental for an SSC solution. They're going to be, they're going to be here on the section.
Right. The other thing is where are users devices applications, where are we connecting from, and where are we connecting to. Those are the most important questions right.
(52:39):
We have access to local applications, things that are inside of the data center, things that are cloud, and we can have control of that so that's really good to keep in mind.
And then the last piece, which I think it's very interesting. It's going to be that, that piece on zero trust on the zero trust architecture, where we're talking about the posture assessment.
(53:06):
We're talking about what is the implication for users connecting either via a client or client less. And then we see that that that piece on the framework for zero trust so that was those are really my takeaways for this one.
Well I'm personally armed with new dad jokes and I'm feeling pretty good today. Thank you so much, David and Justin David Keller and Justin Murphy for being guests on the show and all the good you do in the security world.
(53:40):
Next call is going to be April 17, we're going to be discussing what's new in Cisco's firepower latest version.
Firewalls that are new. I've loved today's session on secure access please stay secure, and we will see you on the next show everybody. Thank you all.
(54:05):
Bye bye. Yeah.
Popular Podcasts
Are You A Charlotte?
In 1997, actress Kristin Davis’ life was forever changed when she took on the role of Charlotte York in Sex and the City. As we watched Carrie, Samantha, Miranda and Charlotte navigate relationships in NYC, the show helped push once unacceptable conversation topics out of the shadows and altered the narrative around women and sex. We all saw ourselves in them as they searched for fulfillment in life, sex and friendships. Now, Kristin Davis wants to connect with you, the fans, and share untold stories and all the behind the scenes. Together, with Kristin and special guests, what will begin with Sex and the City will evolve into talks about themes that are still so relevant today. "Are you a Charlotte?" is much more than just rewatching this beloved show, it brings the past and the present together as we talk with heart, humor and of course some optimism.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com