Cisco SD-WAN Security on TechWiseTV Live
Well. Hey guys welcome to techwisetv. Today we are talking about new stuff we can now do with SD, Wham s Dewayne is hot in fact I was trying to make a checklist, to kind of simplify some. Of the choices that everyone's going through and this is really an oversimplification, but I think one of the big questions a lot of people are asking about SD. Lan is well what, is it do I need it why wouldn't we be doing it first of all yes I think it's where everything is going right now because it addresses our biggest pain points with traditional, Wham all this flexibility, and performance that we're trying to get when, everything is moving to the cloud it, very very difficult to do when 94%. Of customers are saying they are now playing in multiple, clouds so. For we say yes we need sto and then we go well whose SD we enter which st when do we need to big questions to answer in areas of networking security, and, then of course how they play together, networking. On that side of things Sdn, is not a replacement for MPLS. A lot of people get confused about this we're not just trading one for the other it's the addition, of broadband. Internet to give us more options these. Are intelligent routing choices, so, that SAS performance, cannot, be addressed simply by adding internet connectivity to the branch that is not going to solve any of these kind of problems it just shifts them in a different direction in fact if you want to understand a little bit more about what we're doing from, the VIP tella integration, into iOS XE, check it out at techwisetv.com. Now. From a security perspective everybody. Says they do security, that one is always obvious, you really have to kind of dig a little bit deeper and see how and where are you doing security, because first of all security cannot be distinct, from the flexibility, that you're going to expect from the network side yes, you have to have a foundation of trust right, off the bat encryption. Segmentation. Authentication. Security. Should be thought of really is an enabler because, we build all of that security into the headquarters side and we route everything through that historically, because we had to that was the only way we could make sure that it was all done in that Enterprise manner that we expect but, it can't be centralized, right now Sdn, means we are now distributing, it's that means security has to move back out not just to the branch but also to the people that are expecting these services, directly from those SAS applications, in fact, as you begin to add all this together all, that routing intelligence more and more and more plus more more more distributed, security, it, can sound like a skin a little bit complex, now.
If We go back to the checklist when it comes to which one I'm a bit biased of course I think it's Cisco, but. I hope, that you will pay attention to what we're talking about today because, there's now, more reasons, than ever to take a look at Cisco that same iOS, XE code that you may already be familiar with has, security, easily. Easily accessible, to every site can now be managed by that one v managed console, so deployment, management, of course you expect that but now security, in the same console, Corelli, Sankar is the cisco engineer who who led this team of engineers over the past year she's, going to show us how easy it can be to integrate security, at every site it's some checkboxes, but, I also think security can be a loose term and if you've not kept up with everything, that cisco is doing from a security perspective we. Invited expert Jason right back to us to give us an update on cisco, security from from the talos threat research integration, all the way through to advanced malware protection and a couple of new announcement that we just made as well but, first off let's get started by taking a closer look at a new networking, capability, with cloud on-ramp, then Robyn James joins me in the lounge right now all. Right hey welcome to techwisetv, you Robin hi, Rob nice to meet you this, is fun stuff to talk about I feel like so, many things changing, with SD wanne from. Your perspective, why do you think st wayne has become so, popular right now, well. As d1 empowers. The. Network admins and the secretary teams to, execute. The new kind of van architecture. This, becomes more important, with the. Kind of SAS applications, and the is applications, that enterprises, are adopting she agree it's really cloud that's driving and really, highlighting the fact that it's it's our, traditional, models of networking just are a little bit kludgy they're, hard to do for, that so so, now we have kind, of controller based models we're using software, to find when as it said but, your. Team represents. I guess a feature product, the capabilities. That are relatively unique as I understand it for Cisco that we call on-ramp. Can, you explain what that is so, yes. So the solution, I represent is specifically, called plot under and for SAS the. Key here is how do we do cloud, networking. For. Enterprise. SAS applications, like office. 365, or Dropbox. Box. How, how, do how, do Network admins provide. Good. User experience for their employees when they're using these applications essentially. Traditionally. You would take it from the branch to the data center subject, it to a security stack and then it would go to the internet but, now with, hybrid. Estevan you have the option of offloading, this from the branch. How. Do you do this in secular, fashion you want to do this for your trusted applications, not for recreational. Internet traffic let, me ask you suppose it's, specific, to certain applications. Certain cloud-based applications, and I feel like in general most people will. First, assume Sdn, means that I'm kind of doing my own internet access, at the, branch and therefore, I'm done, st1 allows me to simply go direct to the Internet you know and if hopefully if they weren't aware they could always go directly to the internet obviously you just couldn't do it in an enterprise fashion, but the idea here is that it's not just going to the internet you're saying that we're set up something different with specific, providers, in fact let's use office 365 I think it's an extremely popular one a lot of different applications there, that people depend on so, what are we doing differently instead of just handing off the branch there's something happening on their side as well yeah, so so. Let's say let's. Take a step back let's go to the network, admin right the network admin probably uses, office 365, and it's business relevant for them so, they get the flexibility, in saying ok let's say this is my corporate segment, I want to optimize office. 365, for my users, in the corporate segment I don't want to do it for the guest Wi-Fi segment, let. Let it be best offer in the guest Wi-Fi but, I want to make sure that in the core corporate segment that it gets a very good user experience now, what is a solution do the solution is about.
Ok, Now that you have introduced. Achatz at the branch do I just put it on the Internet circuit maybe that's not the best in some cases maybe, it's good, to take it to a regional, hub and then go to the Internet so what is the solution do is we partner, with Microsoft, and we, kind of measure what is the performance from the branch all the way to the office 365 data center among, the various parts available right and we are able to redirect the employ. Traffic, to the best path, so. Some of that is layer. 7 probing all the way to office 365 to, determine performance. For office 365, the. Other is dynamically. Reacting. To network brownouts, and. Choosing. The best spot at that point in time that's. A good point because it not only does a time of day change obviously traffic, conditions especially the Internet you don't like whether it's, changing constantly but, I think one thing you said there that I'm not sure everybody realizes is we all tend to think of a cloud-based, application. As being one place wherever, that may happen to be you. Know one big front door that everybody comes in but that's not the case is it no that's not the case office365. Specifically. The the the. Really handle scale is by distributing. Ideally they they. Want. You to come. To the nearest office 365, front door and it's not just one front door there are multiple friendos there it's it's it's. A massive scale so, in most often you're better off. Reaching. The nearest office 365, front door as opposed to going to a regional, hub in. Your. Data center and then offloading, there so, you are. Better off right riding, the Internet. To reach to the nearest office fixify, data center and there are mechanisms, dn, within the DNS within. Using. Anycast that will redirect you to the closest office my data center okay and so as, I understand it I'm not sure we still call it this but we actually calculate a score. To. Measure this type of thing and this is happening real-time so every time anyone at any one of our branch offices is beginning, to initiate that connection there, is a real-time he at this moment this is your best path from where you are and, that means we're changing, both. The egress, point how you route off the corporate network into the internet and then the door that you actually enter in on the Microsoft. Office or some of the other clouds that we also support so we've actually partnered with these organizations to, do something inside their network to where it almost becomes a temporary, endpoint. Within their network so it's like you're still it's extension encrypted extension, of your own network right. So. The. School thing that you mentioned right so when. We spoke to our customers, we realized that the biggest problem. For them was that they. Don't have. Visibility into, what, kind of user experience is the employees, of the remote branch thing for that SAS applications, so what we do in our solution is we like I said measure all the way to the SAS, application, what the, performance is on each of these parts and we. Give. That abstraction on a score of one to ten to, the network admin the network can say okay at branch one if I use is p1e. I can see a score of let's, say seven if I use is P two I can see a score of nine and it can also say that hey the solution is working and we are taking is P two for let's say said SAS, application, if you're setting that as part of your policy right I mean the admins not sitting there waiting Oh Bob wants access let, me give him the best one now but it's it says when. We want access between these score levels for, these set, of employees so you really dynamic routing the, choices are being made based, against, a centralized, defined policy, within V manager yeah I mean, traditionally. You, could, have possibly done. Direct. Internet access and you would have put static routes to take care of that but, most, often these SAS, vendors, are actually consolidating. Their IPs or changing their IPs or moving it from one cloud to an the cloud so those I piece keep changing so what, we provide is simplicity in the solution all you as a network admin needs to say is that let's, say office 365, is business, relevant yeah optimize office 365, for my core, segment the, solution takes care of everything we we learn the routes we, figure, out what are the domains that you are accessing we figure out what, is office 365 versus, recreational, Internet so the solution has smarts on the branch to, differentiate between, critical.
Business Application, versus the rest and all, of this is taken care by the solution as a network admin you just need to identify the application you don't have to worry about the routes the path it takes all of that is taken care by the solution it's amazing how many different things we can do now with st when that, would have scared the heck out of us if we had a program in that, from, a traditional routing, perspective. You know we're build that into a protocol that was gonna make decisions somewhere else anything, else we need to understand about this no, I think, you pretty much self. It's. A simple way to understand. What are your business relevant, applications, and I didn't identify, that this needs to be optimized, and the solution takes care of everything reserve that quality perfect, Robin thank you so much thank you well. Corelli I'm so excited that we finally got to this point welcome to techwisetv. Tell. Me tell me you make sure I get this right what have you been responsible, for you work on the router team you've been at Cisco a long time right yes, I've, been with Cisco, for almost 13, years now okay, the entire time spent, on security, I'm a technical marketing, engineer. Leading, sd1 security. Project, about, 65, engineers. Have. Been involved in this project, for the past one, year, security. Is top of mind for every, corporation. As a chit. We're. Bringing, in security, into, SD when and, that's really the the new part I mean we've done security, in the router and we've got us t-wayne in the routers now right but it's the notion of how we interact with it how we do security in the router it's, much different there's a need for security in a different way when it comes to SD Wham okay, but we're mainstreaming, it it really feels like I don't want get ahead of myself I'd say what we, were talking about use cases and a, lot of what you've done working. With the team say what are the top things. That are driving customers, security. Needs when it comes to SD when is that am I saying that correctly you, are okay, we've got a drawing up here kinda got a branch site, headquarters. Internet and kind, of a gauge I want you to play with regarding attack, surface, and, you want me through kind of how these scenarios work, yes. Predominantly. The use case where customers, want to implement security features, is to, comply, a branch, for PCI. Where. We could leverage stateful, firewall, and IPS.
They. Want to tunnel all of the traffic from the branch to the headquarters, okay here. Since they encrypt all of the traffic from the branch to the headquarters, there, is no clear traffic that leaves the branch directly. Going to the Internet the, attack surface here, is very minimal because. Really what you're saying is there's no exposure, to that. Because they're encrypting, it as they do it correct interesting, okay okay okay and then you're saying they always have to do that because it's a compliance, issue exactly, okay for compliance reasons they, need to subject, all of the packets through a stateful, firewall, and an IPS, solution, before, they put the packet out on the wire destined. To go to them so, they're still doing firewalling, and IPS, here right so that's a need okay so that's our first use case PCI, yes, okay the second use case is, the guest access use case some. Of our customers, say that they have. Customers. Walking into their branch offices, with their bring your own devices yeah now they need to provide Internet, connectivity. To, these guests, and provide, good enough content, filtering for them so like I'm at my doctor's office, they're, offering that as a service while, I'm waiting cuz the doctors always late just, saying and then, but, that can't mix with their traffic, but at the same time they still have to provide. Some level of protection for, what my internet access correct, there's no need to take, the guests, Internet traffic via, the VPN. Tunnel all the way to the headquarters, Lily, right because they don't belong in your network break out and send the guest traffic, directly to the Internet okay, now, for that use case we can leverage the stateful, firewall, in the URL filtering feature both, on box on, the, router at the branch I think that was interesting to note I did not realize that, there was a burden of security, for. Just like I'm in a coffee shop and, that. That, coffee shop needs. To be providing, some filtering, and some level of protection they don't just give me. My. Own subnet, out, no, these. Cut these days companies are liable, to provide, good enough content filtering for the guests who walk into the store interesting. Okay so, for this use case since, we're sending clear traffic from the branch directly, to the internet the, attack surface widens. A little compared. To the previous, use case that we talked about getting riskier another. Use cases that customers, always bring to us is the, direct cloud access use case here what. They say is I have employees traffic, I want to pick and choose applications. I want SAS, applications. For, example to get optimal, performance I want, that to be routed directly to the internet from the branch so. If you say this is SAS application. That, they want roughly, going from the branch to the Internet and yet, all other, internet traffic that is generated, by this branch, will, still be tunneled over to the head wow that's a combination security. Routing, decision this is our network application. Based routing decision. So we call that use case as the direct cloud access use case is that more risky, yes. You draw it there right, here now we're. We're. Exposing. The employees, Internet, traffic directly. To the Internet the clear traffic generated. By the employees. Go to the Internet directly, if their destination, is to, those specific application, in the cloud.
Yes. In the previous use case it was just the guests internet traffic you don't care yeah their performance, is good because you're direct as opposed to going through headquarters, to get there okay gotcha now the attack, surface is, even wider in this use case and, the very, last use case is the direct Internet access use case where, customers. Say well, I don't want to halt any Internet, traffic all, the way to the headquarters, give, it all makes no sense I don't want to spend, the CPU cycles and memory to encrypt, all of that traffic I just, want to break out direct internet access all, Internet, traffic from the branch goes, directly, to the internet from the branch which probably means you need the most security policy exactly, in this use case we could leverage our stateful, firewall, IPS, solution, and DNS. Web layer, security. Ok, now you're obviously getting into this the security. Features that we've integrated, into the routers I'm guessing here at this point so what if we could switch over to your, it's. The V manage interface this is this is and this, is you, know obviously we work on this stuff before we meet here this is what really blew me away okay so let's set it up so you got a demo Network yeah it's important understand first yes so. Let's say we have a headquarters, and we have two branch offices, in. All of the V manage controllers. It could be on the cloud or on Prem, let's. Consider the case, where. We have everything on practices, on parallel controllers. Are all on Prem the, branches. And. The headquarters are, talking to each other via the overlay. Management, protocol we, have three sites okay correct in, order to go to the Internet they're going to breakout directly from their, respective, location, and go directly to the Internet and off. They go if, they would like to talk to the. Other branches. Then, that traffic will be sent via the MPLS, Network and it will go, back to their, destinations. It's, pretty good this is a simple layout and, it starts looking a little bit complex because, you talk about routing rules and security, applications. It's rather dynamic it feels like as well here okay just think, about in this topology we have one headquarters in just, two branch think, about enterprise branches, that may have thousands. Of such branches yeah so, the single pane of glass that we're bringing in to deploy security features, is with, Telus V managed, ok. So this is the same V managed interface, that that's anyone, that's using our solution or even the managed solution previous. Would be seeing but it looks like maybe there's a little bit more information here yes this is the overall dashboard, ok V manage dashboard, what you see on the bottom are the new widgets. Security. Widgets one for firewall, one for IPs and another one for URL, filtering you're not kidding this is integrated, ok overall, dashboard, now configuration. Wise, if you go under settings, here, and choose, the, security option. You. Will see the, security features, there so let's go ahead and edit that. And. I'll walk you through so. This is the firewall piece let's go ahead and edit that and you. Will see that I have implemented. Four. Rules to, go from inside, to the outside and. I have on one rule I'm allowing just the HTTP, traffic and another one HTTPS and for, these to work I need name resolution which is DNS, and ICMP so. That these are the only protocols. Will be allowed for the inside, folks to go to the outside and no. Traffic, will be allowed to be initiated from the outside, coming back in oh nice. Ok so we're, setting up the firewall rules right, in this one interface, that could be applied to how many different sites this. Could be deployed at scale 4v, managed today is 2,000. Sites ok. That's awesome if all 2,000. Sites had the same model router one. Policy, pushed to all 2,000. Done ok, that's one make sure I kept that imagine, how long this will take if you were to provision, each and every router via, command line yeah, well that's me that's a great point because we've had firewall, capabilities within, the router for years. This. Is the same firewall, that we know how to operate this enterprise strength. IOS. Firewall, but it's all managed, for the first time through a visual, interface that. Exact, scale yes, ok, ok so we applied the zone we got inside to outside but not outside inside correct, that's the requirement. We just want to allow, the inside, hosts, to be able to go outside securely. And the, far wall to be able to inspect, that and allow, the response, traffic, to come back automatically. And that's the nature of a stateful firewall, if we, were setting this up for the very first time that's all we would have to go through that's it okay, because, it looks like you're moving on to IPS now yes the, next feature let's go ahead and edit that this is a fantastic, UI, the.
Only, Two options mandatory. That you need to provide us is what's, rule set that you want to implement and whether you want this IPS. In the inline mode or just detection, mode okay inline, meaning it's gonna drop packets as soon as a signature fires, detection. More you just see what's going on it's not going to drop the packet but only alert you okay so IDs, versus IPS obviously, with IPS we're going to drop traffic, and make a decision then we need to have a pretty high degree of confidence that it's making a good decision where's. The information coming from that, says you, know where's the signature database basically, this is our Talos, organization. That offers the highest level. Of efficacy, in the industry. Wow can't drop that nice. Nice and this is the snort signatures, that they're updating, correct snort engine is what we run natively, in the router as a virtual, service the most widely deployed IPS, on future. Updates, are centrally, managed, by V minutes V managed constantly. Goes out to our Talos, database pulls, down the signature, update and be, able to deploy that to hundreds. Of routers, that are provision. In to be managed another example, of the integration because we're talking about a controller based usually. In the cloud although I don't think the control has to be there but most people are deploying it in the cloud and it, is has an omniscient, view of the entire network including. Security updates very. Nice okay anything. Else that's not mandatory for the feature we, bury it under the advanced in this case if you have a need to whitelist, signatures, you're, welcome to create a whitelist, a signature file and you can provide a couple of signatures if, they produce false, positives, and add them to the whitelist and change the alert levels thing if I had a bunch could I upload a CSV or CSV. Five years. That. Completes, the IPS, piece of configuration, so, firewall, IPS, what's what's next what what. Moving onto URL filtering this too is an unbox, on-prem, solution, we run this as a virtual application within. The router let's, go ahead and see how simple that is to configure you're, on a roll the. Only two, things that we ask for, configuring. This feature is provide, the categories. Do. You want to block that or allow that and what, web reputation score do you want to allow it's, as easy as clicking on this down arrow and, searching, for your categories, you can just start typing this let's say violence, I've, already blocked, that category. How about auction. I want, to block auctions, so let me go ahead and put a checkbox right, there and it.
Will Get what. About politics, let's. See see if politics, is there, no. Maybe. A new one we need to work on sports. And there's some other categories, there are 82 different categories, that we can block are allowed based I see that's interesting cuz this is also something else that we could do on is, our routers or any cisco routers, manually. With, command. Interface see. I never CLI thank you 40, 50 CLI lines I made. It as much, as we can and these are the only two, items. That we request, the, customer, to input, because, the idea is to get up and running with this in. A minute, a pretty, good, level of policy security. All right other bars okay and anything that's not mandatory for this feature we put that under advanced. Hi do you have an option, to add a whitelist, you are all a blacklist. URL, a custom, block page in this case I'm saying what are you doing well, this is something it would pop up to a user and this, is why you're not getting to where you thought you were gonna go you, violated, company policy call, this number yes. That. Completes a URL piece now, we're moving on to DNS, web layer security, let's. Go ahead and edit that and see how, simple that is to configure just, to make sure before we go into this explain, to anybody that's not familiar when we are doing DNS, security how, do you explain what, level of security that's providing what's the necessity of this that. Is the DNS layer security. Offered. By, redirecting. The DNS, packets, and shipping. Them to the Umbrella cloud. Okay so this is a matter of saying that we, change the destination, IP address of, the, DNS request, packets, from, the clients, they, could be going anywhere to an ISP provider DNS or to, a Google DNS server, or to internal. Headquarters. Destined. DNS server we stripped the destination, IP address we. Put. The umbrella. Resolver, IP address on these DNS packets, no we send them to umbrella this is me because this is the idea is that you everything, every application that's gonna go out to the net especially he's, going to need an IP address so, it has to be resolved, correct and the idea is that well.
We're Not gonna give you this IP address back to go to it unless we think it passes, this, bucket of allowed places. To go part, of the umbrella cloud is keeping, a good list, exactly. Right, umbrella, car gets the DNS request and now it's its responsibility. To send the DNS, response, back to us but, before sending their response, they, know where this end client wanted to go to and, they, can apply the policies. On the umbrella cloud oh this, client, wants to go to CNN, at this time of the, day is this news and media category. Even allowed based. On that they send the response, and if it is not an allowed category, they. Send their own blocked, page IP address, in the DNS response, so. When the client is going to establish a connection to that IP address all, they're gonna see is administrative. Lepra hibbott it go, to this so, sorry for your look yeah no I like that that's a good look it's an allowed category, then they send the end web service IP address, in the DNS response, and the client can open up a connection to that done so how hard is this to configure, for 2,000, sites mm. Sighs it's already configured. You just go, into the umbrella credential. Umbrella portal, page here grab, the API token, and. Then copy and paste this API, token, onto. The, V manage in one central, location which. Is right. Under the settings here that you see see. The umbrella, if you look in the view you see this API, token this. API, token once, provisioned. One time on V managed it deploys, that to all, thousands. Of row or set it minutes and then you're done and then now we can go back to, the security, piece that we were looking at. Let's. Go ahead and edit that one again there. We go so umbrella, is registered, and optionally. We provide, a way, to bypass. Local. Domain lookups what, this is is if the. End client, is going, to a headquarters, destined, internal. Only web server then, there is no reason to redirect a sentence. For that okay, umbrella. Cannot, provide an IP to name mapping, for the internal, web server anyway, right so there is an option to provide a bypass, list okay, okay. Very nice so that's easy to do so you've gone through just to recap we've been firewall IPS. URL. Fake URL filtering, and DNS, security absolutely. Anything. Left that's, really everything I mean thinking about it just you know stepping, aside from what we're providing here when you think about branch. Security, as a security specialist. What's. Missing what, is it you, know we're back to the V managed interface because the idea is that security and networking are combined. Here is he can, you tell me is anyone else doing this competitively. I mean. Can we this is really the same uniqueness absolutely. There are competitors. There is competition in this field but, we're, the only one, who, can provide the skill that we can and. We're the only one who can offer all, of these features as, integrated. Solution, as part. Of Sdn, that's, very nice very nice so this is ready to go it's, built into iOS it's, easy to take advantage of, what. Are we doing here this, is the dashboard firewall. Widget. That were looking at and we can toggle this between inspected, packets, and drop packets this, gives you an overview of your entire enterprise all. 1,000. Doubters if you have the, trend of those all, 1,000. Rotors how, many packets the firewall has inspected over, a period of one hour two hour three hours and kind of see okay and I've seen all this information, that, can be sent to a log server for collection, time-stamped. And yes, be analyzed in other, applications of so desired yes it could be sent to an external sim server as this log server can configured, and events. Can be sent across. All of these features to the same server if you choose to so all of this is available just, final question is if someone, is, going to be taking advantage of this this. Is a good reason to get to sto an I would think and. Actually I think the writing's on the wall, everybody's moving toward SD LAN is kind of the way in which you do network routing now.
It's. A sad time we've been doing other forms of routing for a long time but, the technology is moving fast we need access to the cloud we need to do it securely. We've, got a way to do this it's part and parcel of the network itself this. Is a good thing yeah. How do people pay, for this yeah no DNA, essential. Security, is, top, of mind for, every, enterprise, as it, should be we. Consider, security, very. Very important, so our package. By, default, will, contain, all of the security features that we talked about everything we just talked about is as. You get into s tu an but then with the data you get if you pay for what, is the next level of an advantage DNA, advantage, will, include. Advanced. St-1 topologies. And the, cloud app discovery, option, the cloud app discovery, is the integration, of Cisco, umbrella, what cloud lock the caste, solutions, to. Provide, 30,000. Plus application. Detection. Visibility. Into those applications. That's nice well congratulations, to you and your team you've been several, years on this at least heavy in the last year I know we've, been working on this project since last October, Wow ok not the October, we were just in but ok Wow, ok Thank You Corelli I appreciate you taking your time alright, well. Welcome techwisetv. Jason you mean welcome back welcome back exactly, well I was gonna I, was gonna lead into that you haven't been it has been a while you're busy making your own shows I'll run threat wise and it's, good stuff man thanks, but I needed some of that security over here and make sure we have the right story for this particular, set of announcements well you taught me everything I know so I'm happy to help yeah, but I haven't kept up with any of it okay. We'll go with engines fast we'll do, that we're, buying companies, we're, integrating, technologies, we're developing, stuff on our own that's, what we do don't forget I'm the host in this particular edition. Of the show I was back to you. So with regards to security, and sd1, and how these things you know security networking really have to come together and it feels like a much, more integral, way certainly. It's stuff we've always said, but it feels like there's a lot of reality to what's happening now but you. Know where's cisco and security. Now playing how successful, have we been we've done a great job of buying. Great, companies, and best debris technologies, and lately, the last couple of years the real focus, has been on, integrating. Them making them communicate, together sharing. Information back and forth about threats and contacts, and awareness and events and policy and all of these things and so, here we've done another great job of integrating technology and, that's really what the whole news. And the launch is about it's about integrating. Security, into the networking appliance, at the code level right okay and having, single, management so integrating, the management, that's a big part well in because some of the security elements we've had firewall on the router side we've had IDs and IPS and you know those technologies, forever. Have always been a lot about you know the the level how much trust you have in the system to make decisions, but, the data on the backend that feeds and makes these things more intelligent, I feel like has changed, completely within, Cisco because.
There's A wealth of really smart, data, scientists. And research engineers, all around, the world that are doing things and I wonder if you kind of catch this up on you, know Talos threat intelligence but, it's even more than that I wonder if you could kind of walk us through how are we getting smarter, about watching the security activity. You know I talk a lot about how, we share information back, and forth amongst, the different technologies, and amongst the different solutions but. Nowhere. Do we do a better job of that than with. Threat intelligence, so, that's tell us at work that is tieless in the background. Facilitating. The exchange from, one product that saw something unique and new to, saying make sure that all the other security, products are able to block it in their own way and that's what talus is doing so it's facilitating, the exchange of, threat intelligence and, it's, making all this happen now from, the cloud yeah, right, so you're not having to stop the network and do updates, or refresh. Or change the rules we're, able to add threat, intelligence and, push that down from, our cloud-based delivery, mechanisms, and that's, a huge, advantage to people. Who do not necessarily always, going to have administrators. On the branch office it's not that fun Roenick thing in that you know we are enabling, better. Performance, and access to cloud applications. But. We are also of course like everybody else we are also leveraging, cloud in a way to make things work better and. More efficiently, here's. A cloud yeah yeah yeah no we really are but number, one you get more visibility into, which cloud applications. You're having, on your network right, you have this whole shadow IT thing where you don't even know where, people are going to so, now not only can you see it but, you can block it or set policy, around it so you can get you know considerable. Access, you know based, on the policy, again. That follows, the user when. They leave the branch office - okay, all right so we always talk about on or off the network we need their security policy to follow that years so. When they leave the branch office to go to a coffee shop now that security policy follows them nice okay so you mentioned Talos threat intelligence and then we're. Learning a bit more that as some, of the updates coming almost. At the point when the show gets released it's coming awfully fast we're. Looking at amp integration, into, this as well I know, you know a lot about if you've been talking about it for a long time but for anybody that is not aware of what amp means can you define that and kind of say what's the value what is that bringing differently than we have now sure it's advanced malware protection so, it's looking for bad files okay a lot of the bad stuff that happens, in network security is the. Actual, file itself is written to be malicious, and so we are able to identify that either on the endpoints, or at. The network or in the cloud right through, all of our various technologies, and we're looking at it in different ways and we're finding it in different places but once you find it one place we. Share that files characteristics. With all the other pieces of the puzzle of the security. Products. And solutions so that you can block it everywhere, else and so that's the advantage and that's what that's. Huge now the, other thing we've mentioned the threat grid and.
The The value that's coming with that level of integration and what if you could expand on threat grid just absolutely, so threat grid is is a little, bit of kind, of the guy behind the guy okay so. Yeah up there that's that's identifying, files and, ensuring, that we block them or track them and so we know where they are but, threat grid is the actual. Engine. That, is detonating. These files and watching their behaviors, and making the decision, about, whether or not they are good they're back sometimes, you have to let something execute, and ideally you need watch it in a safe manner learn, what's happening, and then share that intelligence, back in it feeds back into the whole system yeah yeah we have that what we call retrospective. Detection, so that even after a file may have gone through as, we, learned more about the behaviors, we can go back and say I didn't know that was bad then but now I know it's bad and I know where it's at and so here's what we do to stop it and then we react all, right so here's one I did not have time to get up to date on it all just kind of happened at the moment we were talking about this but. Cisco made an acquisition of duo yes, what is duo, in that company bringing to our security, Arsenal, a couple, of different things we we talked a lot about blocking. The known bad stuff right. And that's kind of a threat oriented, approach now, we're moving towards, allowing. The known good stuff so they'll trust at aspect, of it so in, essence. The answer your question more directly it facilitates. Secure, access unified. Secure access so we make sure that the right user on the right device is going to the right application, okay. So that's huge but it also changes, the way we, start. To talk about our security solutions, because it's not just blocking bad stuff it's making sure that we allow the right users to the right locations, and it's two sides of the same security coin really right. So, but in the end we've got them both working together now as the, solution comes onboard and it provides multi-factor, authentication it, authenticates, the device and make sure the device is running the right policy and code and applications. Are up to date things. Like that then, it allows users, to access. Those applications, so very important, and highly relevant use, case for SD ware so. Let me ask you before we transition out of this and kind of wrap this show up is there is there anything important from a security perspective you think should be shared make sure we don't miss here absolutely. So one of the other things that we are bringing to the table is because we're abstracting. The control, from, the actual, branch. Office, to the cloud with the management, and capabilities plain data plain they're kind of separated right right yeah making, it so much easier for administrators, to work. Through all of this but, we're also able to continue, to advance and allow new features, to come out through the cloud okay, I just move those down to, the users all the sudden you'll log in and they'll be new features and functionality is from a security perspective you, could take take take Yousef, yeah, by its very nature it's hard to get proactive about security, because you have to imagine stuff that hasn't happened yet and sometimes we're just taxed, to be able to do that but obviously there's so many things that people could be doing more of I, think ultimately you, know as we as we move to kind of distributing, security, out much more because.
That's Where it needs to be secured, the, ability, which, we have to integrate it with the networks that the network can keep doing what it's doing feels really really important, here would, you say that, you know you get, backup if someone says well Cisco. What's, their security background sure they know networking I think. You you, can't really do security without knowing networking well right, but our whole mantra, for the last several years since we just, reengaged, in the security, practice. An area back. In the day when Sourcefire got acquired was we, need to bring security into, the network yeah, right we need to make that part and parcel, instead, of this separate, network and then add security on top right, and so there's a lot of different places and products where, we are starting to move security, functionality, into, the, core, infrastructure. Components, and this is another, great example of how we're do like is one of the best examples, there's a lot of fun Jason thank you so much for joining us I appreciate your time thanks guys I hope you've enjoyed this show obviously, networking and security do you have to play harmoniously, together, Sdn, is where everything, is moving but, it has to be done right I hope you have, an appreciation for the intelligence. That's gone into building, this latest iteration of, Cisco's sd1 be, sure and check out the URL on your screen to get an idea of what it could be doing for you test, it out try it out hold us up against anybody I'm really proud of what we've been able to accomplish here thank you so much for watching techwisetv. We'll see you on the next one.