- Trump taps Sriram Krishnan for AI advisor role amid strategic shift in tech policy
- 5 network automation startups to watch
- 4 Security Controls Keeping Up with the Evolution of IT Environments
- ICO Warns of Festive Mobile Phone Privacy Snafu
- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
New from Cisco: Workplace-safety service, branch office firewall
Cisco has taken the wraps off a new firewall and a technology package it says help enterprises better control hybrid workers’ access to corporate resources and to enable a safer, more secure return to the office.
On the firewall front, Cisco has rolled out a new security appliance: the 1RU, 17 Gbps throughput Secure Firewall 3100. It is the low end of the 3100 series and meant to lower the barrier to entry, better support small branches and boost VPN performance, Cisco stated. The Cisco Secure Series already included the 3120, 3130, and 3140 devices which support 23Gbps-45Gbps throughputs.
“The big deal about the new Secure Firewall 3100 Series architecture is the emphasis on processing encrypted traffic,” wrote Andrew Ossipov, a Distinguished Engineer with Cisco Security Business Group in a blog about the new firewall.
“The traditional industry approach has been to deploy a look-aside crypto accelerator which works in tandem with the x86 CPU to process IPsec and Transport Layer Security (TLS) traffic for both VPN and transit inspection purposes. This approach results in a tremendous performance degradation, chiefly due to that look-aside nature that requires multiple traversals of the shared system bus for each encrypted or decrypted packet,” Ossipov stated.
The 3100 includes a new custom-built Field Programmable Gate Array (FPGA) between the internal switch fabric and the x86 CPU. It implements a flow-offload engine for fast single-flow throughput and high-performance-computing grade latency and also provides in-path crypto acceleration across both IPsec and datagram TLS (DTLS) VPN connections, Ossipov stated.
“Once programmed by Cisco’s threat protection software, this intermediate component can decrypt and encrypt such flows in hardware without having to rely on the main system bus or consuming precious x86 CPU cycles,” Ossipov stated.
The 3100’s capabilities come from Cisco’s Secure Firewall Threat Defense 7.0 software released last year that supports security features including packet inspection from Snort 3 and threat-intelligence updates from Cisco Talos. It also includes inference-based application identification and malware classification with Encrypted Visibility Engine (EVE), which Cisco developed in-house, Ossipov stated.
The 3100 can be managed alongside other Cisco security devices through the Secure Firewall Management Center which supports unified management of firewalls, application control, intrusion prevention, URL filtering, and malware defense, Cisco stated.
Smart Workspaces
Targeting workers who are going back into offices at least some of the time is Smart Workspaces, a service offered as part of Cisco’s cloud-based DNA Spaces, which is comprised of Cisco’s Connected Mobile Experience (CMX) wireless suite and enterprise geolocation technology.
CMX is a software engine that uses location and other intelligence gleaned from Cisco Meraki wireless infrastructure to help deliver services to mobile devices. DNA Spaces also gathers data from wired Cisco Catalyst switches.
In the post-COVID world, organizations will need tools like Smart Workplace to make hybrid workers comfortable, said Lucas Hanson, a senior product manager for Cisco DNA Spaces.
DNA Spaces can show not just which spaces—like department stores, waiting rooms, cafeterias—are being used and when, but also where people come from to get there, how long they stay, what data resources they use, and where they go after they leave.
The software also includes an IoT gateway service that lets customers manage a variety of IoT devices, form factors, and communications protocols. DNA Spaces includes analytics support that details who and what is in physical locations along with the ability to act on those insights in real-time, Cisco said.
The Smart Workspaces package includes a 3-D mapping capability and Webex support that can be used to let users locate a variety of in-office functions such as finding an empty meeting room or locating offices in large buildings. The mapping function can post graphics-rich images to Webex boards and systems.
“Basically the service lets customers see everything from room occupancy to air quality if they have those sensors,” Hanson said.
“Organization have employees that can look at the map and say there are too many people in that room to feel comfortable with so they can stay home or avoid those offices,” Hanson said. “Of course the flipside is true as well in the case where users want to be involved with a lot of people to engage with.”
Cisco Smart Workspaces will be available in May.
Copyright © 2022 IDG Communications, Inc.