Cisco is kicking off its Cisco Live conference today by introducing three new technologies to embed security into its branch office routing products: StealthWatch, Umbrella Branch, and the Meraki security appliance.
The StealthWatch Learning Networks technology derives in part from Cisco’s $452.5 million acquisition of Lancope earlier this year.
Branch offices can integrate the StealthWatch software into their installed Cisco ISR 4000 Series branch routers. “It now becomes network-plus-security all in one,” says Prashanth Shenoy, senior director of enterprise networking and mobility at Cisco. “It can do machine learning and threat detection right at the edge. And the good part for the customer is they don’t need to buy a new hardware appliance.”
Umbrella Branch stems from Cisco’s $635 million acquisition of OpenDNS in 2016.
It secures guest WiFi access at branch offices without having to backhaul the traffic. “Guests don’t have a VPN or security on their mobile devices,” says Shenoy, “but the Umbrella Branch intercepts all web traffic and will block any kind of malware or phishing right at the edge.”
Like StealthWatch, Umbrella Branch is purchased as a software license and is activated on the Cisco ISR branch office router. It has the benefit of saving bandwidth and costs on expensive MPLS links, while still ensuring safe WiFi access to the Internet.
If this sounds a bit like software-defined wide area networking (SD-WAN), that’s because it is. “The ISR 4K is our platform for providing SD-WAN. This compliments and adds on to security for SD-WAN deployments,” Shenoy says.
Cisco is talking about Umbrella Branch in terms of WiFi because it’s one of the most common ways to provide Internet access. But the Umbrella Branch technology is also applicable to other Internet connections such as 3G and 4G cellular.
Finally, Cisco unveiled the Meraki MX security appliance as part of its Meraki product suite. This would be an alternative for businesses that don’t have the more robust ISR routing platform.
“Typically, Meraki is deployed by customers that have lean IT, such as remote sites,” says Shenoy.
The new security product is integrated with cloud-managed networking. It has a cloud-based subscription license.
Cisco has recently combined its networking and security engineering groups into one group under general manager David Goeckeler.
“We’ve been integrating security into our networking infrastructure. We can do blocking of threats from the edge network to the core network to the cloud network, with David [Goeckeler] overseeing the entire portfolio,” says Shenoy.
It also appears that Cisco will draw less distinction between enterprise networking and service provider networking. Shenoy says, “A lot of service providers are using enterprise networking gear. David is a true GM.”