- Why Elon Musk's $97 billion bid for OpenAI could disrupt Sam Altman's plans
- IP Fabric expands network visibility, automation with platform update
- Spotlight on Success: EMEA Customers Recognized at Cisco Live Amsterdam 2025
- This Dell Inspiron is one of the most versatile, well-rounded laptops I've tested
- I tried Asus' dual-screen laptop, and it revitalized my workflow in the best way
Fusing Security Into the Network Fabric: From Hybrid Mesh Firewalls to Universal ZTNA
If you’ve heard it once, you’ve probably heard it a million times: “today’s enterprise environments are becoming more and more complex.” I know it’s something I’ve been known to say a time or two (or a million).
Here’s the thing: it’s true. There are several factors at play, but two of the biggest are the increasingly fine-grained composition and distribution of applications along with an increasingly distributed and mobile workforce. Then, while the rise of AI has provided ample opportunity to improve our abilities to protect users, devices, applications, and workloads, it’s also become a weapon for automating attacks against known vulnerabilities. As a counterpoint to these more sophisticated attacks, you also have basic attacks – social engineering to steal credentials – with still too-high success rates.
All of this to say: we need to evolve. It starts with ending the era of blind trust and fully leaning into zero trust principles everywhere, with identity at the core. Second, if applications, users, workloads, and devices are becoming increasingly distributed, then security also needs to become increasingly distributed.
This is where two emerging areas of innovation come into play: Hybrid Mesh Firewall and Universal ZTNA. While Hybrid Mesh Firewall brings together all protections on the application-side, Universal ZTNA brings together all protections on the identity-side, securely connecting users to applications. At the core of both is one simple truth: the network is the only logical place to implement effective security controls because of its nature as connective tissue. Security that once sat in a box in the DMZ, can be pushed closer to the users and to the apps for embedded zero trust. We can get closer to users everywhere with security controls in hundreds of global points of presence (PoPs), and closer to applications by fusing security into the fabric of the network and the cloud.
Hybrid Mesh Firewall: From Firewalls to “Firewalling”
So, let’s start by clearly defining what each of these are – starting with Hybrid Mesh Firewall. A traditional definition of a Hybrid Mesh Firewall is a multi-deployment of virtual, physical, cloud native and container native firewalls with a unified management plane. This is necessary, but not sufficient. In today’s world of complex applications and advanced attackers, it needs to go further – protect every server, every app, every VM, every container, every IoT device by inspecting every flow that is in the network to reduce attack surface, prevent compromise and stop lateral movement. Protect traditional and modern workloads; legacy and AI applications. This is where our unique approach to Hybrid Mesh Firewall shines.
At Cisco, this concept of a Hybrid Mesh Firewall is something we have been building towards for years – taking the concept of a traditional, physical firewall and expanding it to a more dynamic, flexible model of “firewalling” by taking it closer to the workloads wherever they run with innovations like Hypershield, Secure Workload, and Multicloud Defense. This gives you a fabric of enforcement points optimized for different use cases, all managed centrally so your enforcement points evolve, not your policies.
Today, I’m excited to announce a few new major milestones in this journey of the Hybrid Mesh Firewall.
Innovations in Hybrid Mesh Firewall
First, we are innovating in how we deploy security, fusing it into the network itself with Hypershield on the Cisco 9300 Series Smart Switches while bringing the power of Secure Firewall to the cloud with new auto-deploy, auto-scale, and self-healing that end the need to compromise security for manageability.
Then, we are building on our existing capabilities:
- Secure Firewall delivers leading price performance and advanced threat protection, utilizing technologies like Encrypted Visibility Engine (EVE) and SnortML.
- Secure Workload, a leader in traditional microsegmentation, offers broad platform support and scalability.
- Isovalent Enterprise Platform delivers extended network visibility down to the process level for modern workloads and containers.
- Hypershield, a breakthrough AI-native solution built on top of Isovalent technology, provides autonomous segmentation and distributed exploit protection.
- AI Defense, our new “security for AI” solution that addresses the safety and security risks introduced by the development, deployment, and usage of AI apps.
Together, these innovations offer the layered security necessary to keep applications secure, including L7 threat protection, AI Defense guardrails, segmentation, and exploit protection.
While the individual capabilities are fantastic, the true superpower of this hybrid mesh lies in its ability to meet you where you are and evolve with your needs over time, ensuring continuous protection. This starts with the management plane. Our Security Cloud Control allows you to define policy once and change enforcement points over time, expanding to cover all components of the hybrid mesh. This week, we’ve announced expanded support for Secure Workload, Secure Access, and AI Defense, alongside third-party firewalls, which truly brings the mesh to life.
We have also announced a Unified AI Assistant for Security Cloud Control, which streamlines policy management, optimization, and testing across the hybrid mesh and beyond, simplifying the complexity of modern security environments. Further, our new Cloud Protection suite license further simplifies and future-proofs your security investments, offering the flexibility to swap components as needs evolve.
Truly Universal Zero Trust Network Access
What does it mean to achieve Universal Zero Trust Network Access? It means securing every user – employees, contractors, partners-and every device, whether managed or unmanaged. It means protecting every application, modern or traditional, and covering every location, from oil rigs to airplanes, offices to homes.
For example, when a user or thing (think about IoT devices) attempts to access a resource, Universal ZTNA ensures that their (its) request is scrutinized through multiple layers of verification. This means authenticating user and device identities, assessing their security posture, and continuously monitoring and correlating activity – across the identity ecosystem – to detect threats that may require a change in access policy.
After all, identity is at the heart of zero trust. Any Universal ZTNA solution in name must be able to use identity context to drive a dynamic access policy – and that includes the identities of things as well as users.
Combining SD-WAN, VPN, Security Service Edge (SSE), and Identity Services Engine (ISE), we offer a single client with many functions, managing the complex plumbing to connect users seamlessly to any application. This now includes AI apps, with our AI Defense providing the right controls to securely empower adoption. In addition to global cloud PoPs, we’re now offering the same zero trust policy enforcement on the firewall, enhancing user experiences and compliance for highly sensitive applications.
One of our latest innovations – Hybrid Private Access – enables us to enforce per-app policies at Cisco Secure Access PoP’s and at the network edge (firewall), so our customers can implement zero trust controls more consistently and easily with automatic route and enforcement transitions based on user location.
By tightening our integration with Google Chrome Enterprise, we’re making it easier for our customers to support both managed and unmanaged devices. This means no need for a client to be installed, leveraging the same browser interface that users love to deliver full zero trust capabilities, and making it perfect for BYOD use cases, not to mention enhanced data leakage protection.
Finally, with Secure Access Policy Assurance, you can quickly assess and resolve any issues causing access disruption-critical in an environment where 75% of outages are due to misconfiguration.
Conclusion
In today’s digital landscape, the combination of Universal Zero Trust Network Access and Hybrid Mesh Firewalls offers a powerful defense strategy. By securing both the user access points and the intricate backend operations of applications, organizations can protect their digital assets with confidence. At Cisco, we’re excited to lead the way.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn
Share:
