Cisco Systems Inc. today unveiled a new security service edge offering that it says will help enterprises to securely connect their growing portfolios of edge resources, such as cloud, private and software-as-a-service applications.

The new SSE offering comes alongside two additional security updates announced at the Cisco Live! event today, including Cisco Multicloud Defense for protecting cloud service workloads, plus upgrades to Panoptica, a cloud-native security development platform.

Cisco’s SSE offering is called Cisco Secure Access (pictured), and it features zero-trust network access or ZTNA, secure web gateway, cloud access security broker, firewall-as-a-service, DNS security, remote browser isolation and more security capabilities. In a blog post, Jeff Scheaffer, vice president of product management for Cisco’s SSE team, explained that it’s designed to secure any application through any port or protocol, while ensuring optimized performance and continuous verification and granting of trust from a single, cloud-based portal.

SSE services are defined by Gartner Inc. as a comprehensive security service that bundles access control, threat protection, data security, monitoring and acceptable-use control, enforced by network-based and application programming interface-based integration.

Cisco said the Secure Access service will be in limited availability from July, before becoming generally available in October. The platform offers client-based and clientless browser-based access, granular user and application-based access policy control, with Security Assertion Markup Language or SAML authentication, intrusion prevention, built-in identity controls and contextual access controls. Users are authenticated through a secure, encrypted tunnel, meaning they can see only the applications and services they have permission to access, the company said.

“Cisco Secure Access features a new ZTNA Relay architecture that solves the challenges of last-generation ZTNA vendors,” Scheaffer said. “Last generation ZTNA vendors do not support all application architectures, like multi-channel applications, peer-to-peer applications, or server-initiated communication. Last generation ZTNA vendors often struggle with the sheer volume of 1000’s of enterprise and long-tail legacy applications.”

Other capabilities include integrated intelligence from Cisco’s Talos security research organization, ensuring it remains up to date with the latest threats. In addition, Cisco Secure Access continuously runs artificial intelligence and machine learning models against the enormous Talos threat database to provide insights into threats and improve incident response, Scheaffer said. Finally, it’s also integrated with Cisco’s ThousandEyes network intelligence software, so users can identify and resolve any network performance issues that occur.

Cisco is playing to its strengths with Cisco Secure Access, said analyst Holger Mueller of Constellation Research Inc. “It is combining its considerable expertise in both networking and security,” he explained. “It adds to the convenience too, because the edge doesn’t operate independently from enterprises’ centralized infrastructure. Cisco has integrated everything in a highly desirable single plane of glass.”

Enterprise Strategy Group analyst John Grady said enterprises have lots of reasons to want to deploy an SSE, with improved security outcomes being at the top of the list. “Achieving this requires an emphasis on users to create a frictionless experience and simplifying security team processes to improve efficiency and ensure consistency,” he said. “Security teams making plans for SSE should prioritize integrated solutions that focus on simplicity, scale and user experience.”

Protecting cloud workloads and applications

A second new service announced by Cisco today is Multicloud Defense (below) and it’s available now. It is designed to help customer security operations teams get a better handle on Amazon Web Services, Google Cloud, Microsoft Azure and Oracle Cloud workloads.

“Cisco Multicloud Defense brings together distributed Layer-7 protection, web application firewall (WAF), and data loss prevention (DLP) capabilities managed through a single, dynamic policy,” Rick Miles, vice president of product management with Cisco’s cloud and network security group, wrote in a blog post.

Miles explained that Multicloud Defense is based on technology Cisco acquired after buying the network security startup Valtix Inc. in February. It acts as a kind of interpreter across multiple cloud platforms, using gateways distributed across customer environments as enforcement points for security policies, he said. In this way, he said, it can stop threats that target specific applications, block command and control attacks, prevent data exfiltration and mitigate lateral movement attacks.

Cisco also rolled out some major updates to Panoptica, which is its primary cloud-native application security software offering. Panoptica allows developers and engineers to embed cloud-native security controls from application development to runtime, using a single interface for container, serverless, API, service mesh and Kubernetes security. It can scale across multiple clusters with an agentless architecture, integrate with developer tools and programming language frameworks across any cloud platform.

Today, Panoptica gains support for Cloud Security Posture Management, enabling continuous cloud security compliance and monitoring at scale. With this, Cisco said, customers gain more visibility into their entire cloud asset inventory, including Kubernetes clusters. There’s also a new attack path engine that uses graph technology to provide advanced attack path analysis, helping security teams to identify and remediate possible risks more quickly.

In addition, Panoptica will be integrated into Cisco’s full-stack observability tools to provide even greater visibility into business risks. The new features will go live later this year, Cisco said.

Finally, Cisco said it’s rolling out a new, high-end firewall appliance. Known as the Secure Firewall 4200 Series, it’s twice as fast as previous systems. It also runs a new operating system that uses AI and machine learning to identify threats within encrypted traffic, without needing to decrypt that traffic first.

In a blog post, Miles said this resolves the complexities involved in decrypting traffic for inspection, which is not only complicated but also affects performance and impacts privacy. The Cisco Secure Firewall 4200 Series appliance will become generally available in September. The new operating system will be available to Cisco’s wider Secure Firewall appliance family in December.

Images: Cisco Systems