Cisco next month will deliver a core piece of its security management framework that is aimed at helping customers more effectively create and manage protection policies.
Specifically, Cisco is adding the Mesh Policy Engine — which it first talked about the Cisco Live event last June — to its Security Cloud Control platform. Together the products will let customers define security intent once and enforce it consistently across the enterprise. Security Cloud Control is the primary means of controlling Cisco’s hybrid mesh firewall portfolio.
“The traditional approach for granting access places a lot of overhead on the network operator: first validate the request actually has all the right rules, then figure out which firewalls to update, then finally add the rules, while being unaware if existing rules already grant some of other access and do the deployment,” wrote Murali Rathinasamy, director of product management for Cisco Cloud Security, in a blog about the technology.
“Mesh Policy Engine is a new feature of Security Cloud Control which redefines how policies are created and managed. With Mesh Policy Engine, the network operator expresses the access intent (application A to application B on the specific ports and protocols) within the user interface or through the API. Mesh Policy Engine handles the determination of what device should get what policy, then deploys it,” wrote Rathinasamy.
“This approach enables security teams to log into Security Cloud Control to quickly understand what access applications have and have confidence that changing or revoking that access won’t impact other applications or have unintended consequences,” Rathinasamy stated. “Using an intent-based approach enables true network access policy lifecycle management—from new application deployment to eventual deprecation and revoking of network access.”
According to Rathinasamy, once an organization’s network topology is mapped to Security Cloud Control, complete with a unified view of firewalls, connections, and paths, they can use Mesh Policy Engine to:
- Deploy policies automatically: New or updated Layer 3/4 (L3/L4) policies can be created and applied to the appropriate firewalls within minutes. This is a stark contrast to traditional processes that can take weeks and often require back-and-forth with the application owner.
- Avoid rip-and-replace: The engine supports a hybrid mesh firewall architecture by effortlessly integrating new devices, including third-party firewalls, without requiring a complete overhaul of existing infrastructure enabling customers to use Cisco firewalls for your segmentation strategy without having to replace everything.
- Improve segmentation: By focusing on intent, the engine removes up to 80% of redundant rules and 35% of objects, simplifying policy management, improving adaptability, and enhancing network segmentation to prevent unauthorized access.
Ultimately, the goal is to replace fragmented security consoles with a centralized, intelligent system that integrates and coordinates security enforcement across multiple domains, Cisco stated.
Gartner’s take on hybrid mesh firewalls
In a recent report on the hybrid mesh firewall market, Gartner said that with the adoption of hybrid environments, its clients prefer the same firewall vendor with centralized management and visibility of firewall policies across environments to ease administration and reduce operational complexity. “Hybrid mesh firewalls support this use case through hardware, virtual and dedicated cloud firewall deployment types, along with cloud-based centralized visibility and management capability,” Gartner wrote.
“The hybrid mesh firewall, with its platform approach, offers an integration of firewall mesh with centralized management, support for multiple deployment forms and better integration of tools from multiple vendors,” Gartner stated.
“The market will continue to evolve to support traditional and emerging firewall use cases to offer microsegmentation, centralized visibility and control management across hybrid environments. As infrastructure environments become more complex and distributed, network security teams struggle to manage these environments effectively,” Gartner wrote.
Gartner calls Cisco a “visionary” in its hybrid mesh firewall Magic Quadrant report, saying Cisco offers hardware, virtual, FWaaS, cloud-native and containers deployment types through multiple product lines, namely Cisco Secure Firewall, Cisco Secure Access, Cisco Multicloud Defense, Cisco Secure Workload and Cisco Hypershield. It offers hybrid mesh firewall licensing through Cisco’s Cloud Protection Suite, allowing clients to consume different firewall deployment types along with the cloud manager.
“The vendor offers multiple flexible firewall deployment types to support hybrid environments compared to direct competitors. Cisco Hypershield offers advanced distributed deployment for cloud. Cisco is the only hybrid mesh firewall vendor with agent-based microsegmentation, which is offered through Cisco Secure Workload,” Gartner stated.
Cisco’s competition includes HPE, Palo Alto, Fortinet, Check Point and others, Gartner stated.