At Cisco Live 2023, Cisco announced Cisco Secure Access; a cloud-delivered Security Service Edge (SSE) product that provides comprehensive security capabilities converged in one solution, providing Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Firewall-as-a-Service (FWaaS), DNS security and filtering, and Remote Access VPN capability in a unified management experience with centralized policy creation and aggregated reporting capabilities.
Traditionally, these security functions were supported by multiple point solutions; with products and their respective functions stitched together to address evolving IT requirements and secure the network. While this approach can and has worked, it significantly increases the complexity, and results in an environment that is difficult to monitor and manage effectively due to multiple administrative interfaces, less than optimal integrations, and gaps in security due to multiple point product solutions and vendors. This often results in high complexity, less security efficacy, high operational costs, and a poor end-user experience.
To address this problem, Cisco Secure Access was designed and built with three main guiding principles:
- Better for users – Deliver a universal experience that seamlessly and securely connects any user to any app over any port or protocol.
- Easier for IT – Simplify deployment and operations with a single console, unified client, and centralized policy management.
- Safer for everyone – Mitigate risk with advanced security to maintain business continuity and avoid the repercussions of a security breach.
Comprehensive integration is key to effective security
A typical enterprise has roughly 76 security related tools in their arsenal to address various security needs, and a multi-vendor patchwork approach to solving threats places the burden of security tools integration on the end-customer, exacerbating the problem of operational complexity and resulting in increased costs. Previous generation SSE products also had many issues such as a lack of support for certain types of applications, complex product packaging, and requiring costly add-on features to get desired functionality. With SD-WAN now evolving towards SASE (or SD-WAN with SSE), the transition from multi-vendor solutions towards single-vendor solutions is also accelerating due to the need to simplify the environment and enable better security efficacy and efficiency. In fact, according to a recent Gartner survey, 75% of organizations are now seeking to consolidate security solutions and reduce the number of vendors in order to improve their risk posture.
Cisco Secure Access is the logical next-generation SSE platform of choice
Cisco Secure Access differentiates from the competition; it provides the most flexible ZTNA offering on the market, combining VPN-as-a-Service (VPNaaS) with client-based and clientless ZTNA, which makes it capable of supporting ANY application over ANY port or protocol, including Internet based, SaaS, and private applications. In short, “users simply login and get to work” in the most efficient and secure way available.
Unlike traditional ZTNA that is built with a reverse proxy architecture, Cisco takes a unique approach through a more modern Zero Trust access relay architecture. This reduces the attack surface and enables an enhanced level of enterprise privacy by giving organizations more control over their data and inspection points. It enables them to easily create policies that enforce whether specific traffic is routed through cloud security or directly to their edge security device.
Secure Access supports the key network use cases and provides unified security functions while with a unified management dashboard with a new and intuitive admin interface designed with simplicity, efficiency, and efficacy in mind. Secure Access is a SSE product that provides comprehensive, best-of-breed security capabilities such as:
- Secure Web Gateway (SWG) – providing proxy web traffic, URL filtering, content filtering, and advanced application controls.
- Cloud Access Security Broker (CASB) – provides cloud app discovery, risk scoring, blocking, cloud malware detection, and tenant controls.
- Data Loss Prevention (DLP) – provides the ability to define and quarantine files that violate DLP rules, preventing leakage of sensitive information for supported applications.
- Firewall-as-a-Service (FWaaS) – provides Layer 3/L4/L7 firewall functionality with IPS using Snort 3 technology.
- DNS-layer security – prevents or limits visits to nefarious web sites, or by blocking access to designated website categories.
- Remote Access – provide VPN and/or client based ZTNA for managed endpoints, or clientless ZTNA access for unmanaged endpoints with optional device posture verification (e.g., geolocation, browser type, and/or Operating System type/versions).
- Remote Browser Isolation (RBI) – protects users and organizations from browser-based threats.
- Secure Malware Analytics and Sandboxing capabilities – advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.
- Digital Experience Monitoring – integration with ThousandEyes, enabling unparalleled visibility and ability to translate insights into actions to help resolve issues quickly and assure digital experiences across any network.
Cisco Secure Access integrates with Cisco Catalyst SD-WAN products and provides comprehensive visibility, policy controls, and reporting capabilities; one dashboard to see traffic, set policies, and analyze risk. Built on the Cisco Security Cloud, Secure Access combines all core capabilities to create a frictionless, end-user experience. It is supported by research, expertise, and intelligence from Cisco Talos; the world’s largest commercial security and threat intelligence entity, where teams of data scientists and security researchers are able to take advantage of Artificial Intelligence (AI)/Machine Learning (ML) technologies along with extensive security intelligence to enable improved security efficacy with faster detection, stronger threat correlation, deeper visibility and insights, and reduced exposure.
Massive partner opportunity as customers are transitioning towards Managed Services and business outcome based offerings
If you are a Cisco partner and offer network services to your end customers, now is the time to consider adding or supplementing security services on top of your network services offering for the following reasons:
- According to a Gartner report, the Secure Access Secure Edge (SASE) and SSE market is massive with a ~36% CAGR and a world-wide opportunity approaching ~$10 BILLION by 2025!
- Approximately 65% of enterprise customers are looking to adopt SSE in the next two years in order to safeguard their infrastructure/environments and improve their risk posture.
- According to a 2023 Cisco Cybersecurity Readiness Index, approximately 85% of customers felt that they were not adequately prepared to handle cybersecurity threats due to distributed/complex environments making securing network connectivity difficult.
The next chapter in managed security services is here
For Cisco Partners—particularly Managed Security Service Providers (MSSPs)—there is a huge opportunity to help customers achieve a frictionless end-user experience, simplify their IT operations, and lower their security risk. Customers are now shifting towards leveraging MSSPs who can provide Network and Security as-a-Service support to address their evolving business requirements.
- More than half (55%) of companies globally fall into the Beginner (8%) or Formative (47%) stages – meaning they are performing below average on cybersecurity readiness.
- Approximately 82% of respondents said they expect a cybersecurity incident to disrupt their business in the next 12 to 24 months.
- Approximately 86% of respondents said their organizations plan to increase their cybersecurity budget by at least 10% over the next 12 months.
To that end, customers are seeking the guidance of MSSPs and are looking for business outcomes such as:
- Comprehensive 24x7x365 monitoring and accountability. MSSPs that can provide around the clock monitoring of the infrastructure and be responsible for proactively monitoring the environment, managing, and respond accordingly.
- MSSPs further differentiate by offering tangible and additional benefits to customers, such as faster time to identify and resolve problems, increased operational efficacy, application of industry best practices, all while improving overall end user experience and delivering the desired business outcomes with agreed to service levels. This results in lower operating costs, better efficiencies of scale, reduced business risk, which ultimately translates to freeing up precious time/resources so that customers can focus on their core business functions and not managing their IT.
- Providing expertise and an even more premium experience by combining SASE/SSE with XDR, resulting in further enhanced security efficacy, faster and more accurate threat detection and response, and stronger security posture.
Cisco Partner-Enabled Managed Services offering and benefits
If you are a Cisco partner and would like to find out how to monetize this opportunity, please register for the upcoming session of the Managed Services Voice of the Engineer. In this session, our team from the Americas Partner Organization (APO) will provide an overview of Cisco Secure Access and how it can be offered as part of a Partner-Enabled Managed Services offering and explore the benefits that can be attained for both Cisco partners and your customers. If you are interested in becoming a Cisco Partner, you can learn more by visiting Cisco’s Partner Program and Cisco Partner-Enabled Managed Services.
Learn more about everything that Cisco Secure Access has to offer
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with #CiscoPartners on social!