Application Security

New from Cisco: Workplace Security Service, Branch Firewall

New from Cisco: Workplace Security Service, Branch Firewall
Written by ga_dahmani
New from Cisco: Workplace Security Service, Branch Firewall

Cisco has unveiled a new firewall and technology suite that it says helps businesses better control hybrid worker access to corporate resources and enables a more secure return to the office.

On the firewall front, Cisco has launched a new security appliance: the 1RU 17 Gbps Throughput Secure Firewall 3100. It is the low end of the 3100 series and is designed to lower the barrier to entry, better support small branch offices, and increase VPN performance. Cisco said. The Cisco Secure Series already included the 3120, 3130, and 3140 devices that support 23Gbps-45Gbps throughput.

“What’s important about the new Secure Firewall 3100 Series architecture is the emphasis on processing encrypted traffic,” Andrew Ossipov, distinguished engineer, Cisco Security Business Group, wrote in a blog post. Blog about the new firewall.

“The traditional industry approach has been to implement an external cryptographic accelerator that works in conjunction with the x86 CPU to process IPsec and Transport Layer Security (TLS) traffic for both VPN and transit inspection purposes. This approach results in tremendous performance degradation, primarily due to the look-ahead nature that requires multiple trips of the shared system bus for each encrypted or decrypted packet,” Ossipov said.

The 3100 includes a new custom Field Programmable Gate Array (FPGA) between the internal switch fabric and the x86 CPU. It implements a stream offload engine for fast single-stream performance and high-performance computing-grade latency and also provides in-path cryptographic acceleration over IPsec VPN connections and TLS (DTLS) datagrams, Ossipov said.

“Once programmed by Cisco threat protection software, this middleware can decrypt and encrypt such streams in hardware without relying on the host bus or consuming precious x86 CPU cycles,” Ossipov said.

The 3100’s capabilities come from Cisco’s Secure Firewall Threat Defense 7.0 software released last year that supports security features including Snort 3 packet inspection and Cisco Talos threat intelligence updates. It also includes inference-based application identification and malware classification with the Encrypted Visibility Engine (EVE), which Cisco developed internally, Ossipov said.

The 3100 can be managed alongside other Cisco security appliances through the secure Firewall Management Center that supports unified firewall management, application control, intrusion prevention, URL filtering, and malware defense, Cisco said.

Smart workspaces

Smart Workspaces, a service offered as part of Cisco’s cloud-based DNA Spaces, is comprised of Cisco’s Connected Mobile Experience (CMX) wireless suite and enterprise geolocation technology.

CMX is a software engine that uses location and other intelligence obtained from the Cisco Meraki wireless infrastructure to help deliver services to mobile devices. DNA Spaces also collects data from wired Cisco Catalyst switches.

In the post-COVID world, organizations will need tools like Smart Workplace to make hybrid workers comfortable, said Lucas Hanson, senior product manager for Cisco DNA Spaces.

DNA spaces can show not only which spaces, such as department stores, waiting rooms, coffee shops, are used and when, but also where people come from to get there, how long they stay, what data resources they use, and where they go. then. they left.

The software also includes an IoT gateway service that allows customers to manage a variety of IoT devices, form factors, and communication protocols. DNA Spaces includes analytics support detailing who and what is in physical locations along with the ability to act on those insights in real time, Cisco said.

The Smart Workspaces package includes a 3D mapping capability and Webex support that can be used to allow users to locate a variety of functions in the office, such as finding an empty meeting room or locating offices in large buildings. The mapping feature can post graphic-rich images to Webex dashboards and systems.

“Basically, the service allows customers to see everything from room occupancy to air quality if they have those sensors,” Hanson said.

“The organization has employees who can look at the map and say there are too many people in that room to be comfortable staying home or avoiding those offices,” Hanson said. “Of course, the flip side is also true in the case where users want to engage with many people to interact with.”

Cisco Smart Workspaces will be available in May.

Join the Network World communities at Facebook and LinkedIn to comment on the issues that are most important.

Copyright © 2022 IDG Communications, Inc.

About the author


Leave a Comment