Cisco's modernization of one of their staples is as good as ever

Our organization uses Cisco Secure Firewall to protect our enterprise network. It has a ton of features that are very straightforward to use. It allows us to easily setup Access Lists determining what few services we let in. We also use Malware filtering, file inspection, and URL filtering to protect our public. Cisco Secure Firewall allows us to NAT our devices and servers that need an external connection, and even allows for different virtual interfaces to be setup as gateways for internal subnets.

We have had great results with our Cisco Secure Firewall. Like all businesses, we are constantly having to ask it to do more, and it always seems up to the task. We have inspection turned on, and it doesn’t seem to bog anything down. Basically, the only bottlenecks created by our Cisco Secure Firewall come from physical throughput capacity as opposed to performance issues.

We try to use some of the analytics, but I would say analytics and logs are probably the Cisco Secure Firewall’s greatest weakness. We had to stand up an Elastic stack primarily to get us insight into firewall activity because the built-in tools are too unreliable. We don’t use the VPN feature.

Security is part of all of our processes, not an add on. We make it part of our daily work to improve our posture whenever possible. Cybersecurity goes hand and hand with availability and providing services to our customers, so cybersecurity is intertwined with and a part of any investment we make, and quality, manageable firewalls are part of that.

Cisco is a proven name in the IT industry, particularly when it comes to switching and firewalls. We had successfully used Cisco’s ASA Firewall for years, so they had a definite lead when it came time to upgrade. Cisco’s NGFW offering in Firepower, with it’s ease of management and versatility made it a fairly easy decision.

Cisco’s proven track record in our organization and the ease of management were huge factors, but the versatility really won us over. The options for licensing inspection, security intelligence feeds, content filtering and possible VPN made it a pretty easy decision at the time. I’m sure other vendors have caught up, but it’s hard to beat what you know, especially when it works so well.

It will definitely be the proverbial two edged sword. AI should drastically assist and improve automation and defenses, helping the defenders…but threat agents also have AI to assist with end arounds and attempts to breach. Basically I think the game just got faster, and it’s up to the good guys to focus on tuning and turning out quality software to help with the defense.

We are not using this as of yet.

I believe resilience is one of the key factors in cyber security. It’s not about ‘whether’ you’ll have an incident, it’s about how you recover and how bad you let it be when it happens. Resilience is going to determine whether you have to shut your doors after an event or not.

Leaders can build more cyber resilience by utilizing multiple and multi-faceted layers. Following the standard cyber model and utilizing layers such as edge, end point protection, physical layers, etc are all definitely part of it. But layers of firewalls, network detection and inspection are also huge pieces, with training your people being the biggest investment you should make.