PIW Cisco SASE and Secure Access Upate

Cisco SASE and
CSA Update
Partner Interactive Webinar
Patrick Charretour – Octavian Preda
EMEA NX Solution Engineer – SASE, Routing and SD-WAN
GTM lead
March 26th, 2024
Agenda
• Extended Security
• Why SASE, why Secure Access
• Secure Access Deep explained and Uses Cases
• Technology Partnership
• Demonstration
Partner Managed Exchange

2
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Extended Security

Customers Security Concerns
Complex Configuration Lack of Security Visibility
Expanding Attack Surface

Need for simplified operations Compliance
Migrate to SSE/SASE?
Real Time Logs
Secuirty Policy False Alarm
Anti-Replay Protection
Digital Transformation
Connectivity to Cloud?
Secure BYOD? Cloud Security – SWG, DNS, CASB, DLP…….

Security Efficacy?
Troubleshooting TLS/SSL Decryption Need for Identify Based Firewall
Network & Security Silos

Operational Challenges
Branch User Threats
Segmentation Requirements? Live Security Updates?

Extended Security coverage, beyond the network
Secure the Users &

Secure the Cloud
Devices
Threat
De
all
w
te
e
cti
Fir
on
Next Gen
and R pons
Catalyst
SD-WAN Secure the Network
es
Secure the Email
Security
e
al
T os nc
e
T hrea e
t I n te l l i g
Secure the Data Secure the Applications

Cisco Catalyst and Meraki SD-WAN are ready
5
Introducing Cisco SD-WAN Adaptive Security
SD-WAN Catalyst and Meraki Threat Intelligence | Zero Trust | Simplified Workflows | Security Insights | Granular Controls | Technology Alliances
On-box Next Generation Firewall Security Visibility & Monitoring Fabric Security
(NGFW)
Seamless Cloud Security (SSE)
3rd Party Integration Ecosystem Certification and Compliance
Integration
3 Monitoring & Visibility Network & Cloud Security 1 NGFW 4 Certification

Cisco on Cisco Embedded Security Stack No External Firewall Required Powered by Cisco Talos Industry Certifications
SecOps Persona | Security Reliable | Scalable | Flexible
Insights | Customized Dashboard PCI-DSS SOC2/SOC3
Application
Intrusion Advanced
URL
Live
Prevention Malware Signature Unified Logging 27001, 27017
firewall System (IPS) Filtering C5
Protection Updates 27018, 27701
Unified Client | EDR | Cloud Managed
Segmentation TLS DNS-layer Cisco ISE Dynamic Core
Sandboxing security
Decryption Integration Allocation FedRAMP
FIPS 140-2
** In progress
2 Cloud Security
Cisco on Cisco Integration (SSE) SSE Technology Alliance
Security Heatmap | Alarms | Security
Events | Real-Time Updates
Unified SASE | Automation | Comprehensive Security 3rd Party SSE Integration| Integrated SASE
5 Fabric Security
Cisco
SASE Encrypted Security Keys
Secure SD-WAN + SSE Encrypted Encrypted
Access
(CSA ☺)
Control Plane Data Plane
HW Based
Device Enhanced
Authentication Security
Pairwise Keys
(SUDI)
Tunnel
Tunnel
Tunnel
Tunnel
Tunnel
Tunnel
3rd Party SIEM/SOAR

Simplified Multi-Tunnel Automation Active/Standby Traffic Load Layer-7 Health Optimized SaaS Service Resiliency
Configuration Enhanced throughput using 4 tunnels Tunnels Balancing Check
(DC fallback option)
Microsoft Sentinel DDoS Protection
6
Why SASE
Enterprise Network
Transformation

Networks We Used To Build - Historic Traffic Flows
Led to the age of perimeter-based security and networking
Network Internet
Centralized
Security
Single, on-premise security stack
TRAFFIC Security stack

Internal 80%
Internet 20%
MPLS VPN
Branch offices HQ Roaming/mobile

Gartner
“The legacy “data center as the center of th
universe” network and network security
What Has Changed?

architecture is obsolete and has become an
inhibitor to the needs of digital business”.
Problems:
• Costs
Internet Private Cloud IaaS SaaS
• Performance MS Azure, Google Webex, MS Teams
Cloud, AWS
• # Tools/vendors
• Integrations
• Maintenance
Data Center Backhaul

Bottle neck
• Increased App Latency
• Unpredictable User Experience
TRAFFIC
MPLS VPN
Internal 20%
Branch offices HQ Roaming/mobile
Internet 80%
The Future Model
Decentralized model
Internet Private Cloud IaaS SaaS
Supports applications MS Azure, Google Webex, MS Teams
Cloud, AWS
hosted in the cloud
Cloud Edge
Offers to users the same
off-network experience
SD-WAN Extended
Secure TLS
DIA/DCA Perimeter
Networks no longer
connect branches to data
centre – they securely
connect users to apps
Wide Area Networks are

crucial for such new Model Branch offices HQ Roaming/mobile

Secure Access Service Edge (SASE)
Network as a service Security as a service
Connect It Secure It
Converging Needs
SASE
Content WAN Optimization Cloud Access Security Zero Trust Network

Delivery/Caching and Routing Broker (CASB) Access (ZTNA)
Quality of Service SaaS Acceleration Firewall as a Service Secure Web

(FWaaS) Gateway
(SWG)
SD-WAN SSE

What is really SASE Internet traffic
Private traffic
Connect, Secure Access, Access Data , Visibility and Intelligence Secure tunnel
Breakout (unmonitored internet and trusted SaaS)
Public applications
Secure Access
Client-Based
Access
Private applications
Managed Unified DashboardUnified Security
endpoint Internet
•Identity based controls •Flexible ingress/egress /SaaS
•Posture based controls connectivity Private

Public applications
applications
Client-Less Access •Single SLA • Consistent inspection for all traffic
Unmanaged •Single Policy •Granular context-based control

Public/Private
•Magnetic Design System Resource cloud
Public applications connector or
Backhaul VPN
SD-WAN
Public Cloud and Edge DC
On premise,
users, devices DC/POP/
Private applications SD-WAN Branch
& things
Visibility, Easy to manage, Intelligence

Secure Access Service Edge (SASE)
The Cisco Vision
Network as a service Security as a service
Connect It Secure It
Converging Needs
SASE
Core SSE
Content WAN Optimization

Delivery/Caching and Routing
more in a single subscription

Quality of Service SaaS Acceleration
Meraki And Catalyst SD-WAN Secure Access
Easy to manage, Visibility & Intelligence

Various SASE motions co-exits today
Market Definitions
Single Vendor
Unified offer
Single Vendor
Integrated
Platform
Dual Vendor
Integrated
Unified Offer
Converges networking and security
into a single Offer and an
Multi Vendor unified dashboard
Disaggregated
Integrated Approach
Bringing better value from vendor
consolidation and integrations between
network and security tools
Bespoke
Deep Point Solutions

Force a multi-vendor deployment
that creates integration gaps and
inconsistent experiences
Multi-products / vendor Single solution

Cisco Meraki SASE offer
Unified Solution with Cisco Umbrella
Cisco+ Secure Connect
• Single pane of glass for SD-WAN and

Security
• Unified, intent-based policy across the

platform
• Converged with Meraki Secure SD-WAN

(Catalyst SD-WAN under development)
• Platform level health

Cisco Catalyst SASE Offer
Integrated Solution with Cisco Secure Access
Phase 1 : Branch Users

• Secure Direct Internet Access from Branches
• Automation between Catalyst SD-WAN & Secure
Access
• Resilient connectivity to SSE/CSA
• Higher Bandwidth Connectivity
• Availability : 17.13/20.13 release, December 2023
Phase 2 : Hybrid/Remote Users

• Secure Private Application Access
• Seamless Private access connectivity
• Enterprise context sharing
• Availability : Mid CY24

Cisco Secure Access
and/or Secure Service
Edge?

Introducing Cisco Secure Access
Modernize your defense with converged cloud security grounded in zero trust
Remote users Web

Cisco Secure
Access
Most complete security service
Managed and edge (SSE) solution accelerates Public SaaS
unmanaged devices apps
your SASE journey
IoT devices Private apps
Connect Users Connect to Data / Applications

Cisco Secure Access (CSA)
Go beyond core Security Service Edge (SSE)
Add-on solutions
Core XDR Duo MFA/ CSPM

SSO
SSE
Secure Web Cloud Access Security Zero Trust Network Firewall as a Service
Gateway (SWG) Broker (CASB) and DLP Access (ZTNA) (FWaaS) and IPS
Deliver the Core and more in a single subscription
DNS Multimode Advanced Sandbox Talos Threat VPN as a Digital Remote

Security DLP Malware Intelligence Service Experience Browser
protection Monitoring* Isolation
*Global general availability coming soon
Cisco Meraki and Catalyst SD-WAN

19
Product Family
Protecting your investment throughout the CSA/SSE journey
Secure Access
Full SSE Edition
Umbrella • Everything in SIG, plus
• ZTNA (client-based & clientless)
SIG with App Connectors
• DNS plus: • FWaaS • ZTA Relay (MASQUE & QUIC)
Umbrella • Core Cloud • CASB • Unified Client/Frictionless User

Security Services • DLP Experience
• SWG • Sandboxing • Hybrid POP approach
DNS

Cisco Secure Access Internet traffic
Private traffic
High Level Architecture Secure tunnel
Public applications
Secure Access
Client-Based
Access
Managed Unified DashboardUnified Security
endpoint Internet
•Identity based controls •Flexible ingress/egress /SaaS
•Posture based controls connectivity Private

Public applications
applications
Client-Less Access •Single SLA • Consistent inspection for all traffic
Unmanaged •Single Policy •Granular context-based control

Public/Private
•Magnetic Design System Resource cloud
Public applications connector or
Backhaul VPN
SD-WAN
Public Cloud and Edge DC
On premise,
users, devices DC/POP/
Private applications SD-WAN Branch
& things
Visibility, Easy Intelligence

Why Cisco Secure Access
The multi-vendor approach is problematic
Internet
apps
SaaS
CASB apps
SWG RBI
Core private
Multiple Console apps
Longtail/non-
standard apps
ZTNA Sandbox
DLP
Multiple products increase cost and inefficiencies
65%
of enterprises plan on
• Licenses/hardware • Reporting consolidating vendors
• Policy management • Elevated staffing levels for better risk posture
• Client management

Cisco Secure Access
Foundation versus Advanced SSE
Add-on solutions
Core XDR Duo MFA/ CSPM

SSO
SSE
Secure Web Cloud Access Security Zero Trust Network Firewall as a Service
Gateway (SWG) Broker (CASB) and DLP Access (ZTNA) (FWaaS) and IPS
Deliver the Core and more in a single subscription
DNS Multimode Advanced Sandbox Talos Threat VPN as a Digital Remote

Security DLP Malware Intelligence Service Experience Browser
protection Monitoring* Isolation

23
Cisco Secure Access
Make it easier to operate
Higher • Single agent, console, identity and

posture, policy management
efficiency • Digital Experience Monitoring (DEM)*
• Single SLA
Lower • Consolidated licensing

• Less hardware
costs • Ecosystem
One place to see traffic, set policies, and analyze risk.

Cisco Secure Access
Magnetic Design Process
Modular, simple, effective

What does Magnetic mean for Cisco Secure Access?
“ Th o ho t s n th p o t, th a m n’s nt nt s k pt at
the forefront, while the complexity of the underlying
engines is hidden to ensure a simplified, user-friendly
experience.
”
http://magnetic.cisco.com
25
SDWAN Manager Magnetic Adoption Example

MX Magnetic Adoption Example

Cisco Secure Access
Make it easier to operate
Monitor the health and performance of users,

applications, and network connectivity.
Optimize user productivity by automatically mining

details on the user’s end-to-end experience, enabling
the IT/security staff to rapidly resolve the issue.
DEM* monitoring examples:

• Endpoint performance – CPU, memory, Wifi
• Network performance –endpoint to Secure Access
• Top 20 SaaS applications performance
• User specific events
Dashboard visual is for illustrative purposes only
Partner Managed Exchange *Global general availability coming soon

Cisco Secure Access
Talos powers Secure Access to Provide Intelligence
Analyze
Rapid speed of correlation
and detection
Collect Defend
Enormous scale and
Global distribution
reach for inputs
and protection
We see more and automate more, so you can block more and respond faster to threats.
new vulnerabilities
2.1M+
malware samples 200+ discovered yearly
processed daily
• Backed by robust expert team of full-
400 B
time researchers and data scientists security events
web requests observed daily
625B resolved daily • Machine learning and automation
intelligence

29
How to connect Users to CSA
Internet traffic
Private traffic
Connect on premise branch and campus users and devices

Secure tunnel
Breakout (unmonitored internet and trusted SaaS) Branch Devices
• Meraki and Catalyst SD-

Internet WAN
/SaaS • Catalyst SD-WAN IPSEC
Private Tunnels
Secure Access applications • Meraki Auto-VPN
connectivity
Public applications • UP to 4 Tunnels for
Public/Private
SD-WAN IPSEC cloud scalability and Redundancy
• Load Balancing
Public Cloud and Edge
On premise,
DC
• Region Affinity
users, devices • Cloud on Ramp
& things SD-WAN IPSEC
Private applications DC/POP/

Branch

How to connect Users
Connect Remote Users – Today Challenges
Internet
Direct apps
SaaS
apps
? ZTNA
Core private
apps
VPN Longtail/non-
standard apps
• Many connection decisions

Employees Employees leaving job
49% 26%
• Various processes
• Multiple steps frustrated because of tech
• Repetitive authentication tasks with tech experience
Connect Remote Users – Make it simple
1 Connect to a network 2 Get to work

Internet
apps
SaaS
Managed
endpoint apps
Cisco Secure Access Core private
apps
Unmanaged Longtail/non-
standard apps

© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Note: Supports both client and clientless ZTNA connectivity
How to connect Users to CSA Internet Traffic
Connect Remote Users – Flexible Connections

Private Traffic
Secure Tunnel
AnyConnect VPN
→ Authentication & Posture @ Connect time
→ DTLS Tunnel
→ Carry Internet & Private Traffic (All ports & protocols)
→ SAML, (+) Cert, & (+) Multi-Cert Authentication
Cisco Secure Client VPN
ZTNA Module
→ Authentication & Posture per session
→ QUIC tunnel (MASQUE proxy)
ZTNA
→ Carry Private Traffic (All ports & protocols)
→ SAML Auth + Auto re-new
www Web Roaming Module

Managed Endpoint
→ Security at the DNS layer when VPN is off
→ Cloud-delivered security service for Cisco’s NGFW
→ Device Enrollment (profile)
→ Carry Internet Web Traffic (80/443)
→ More Details
Clientless ZTNA
Browser → Accessible from any browser that supports SAML/Cookies
→ Request based posture (geolocation, browser version, OS)
→ Web Apps Only
→ More Details
Unmanaged Endpoint

33
Cisco New Secure Client
• Transparent user experience

• Proxied resource access with coarse-
grained or fine-grained access control
• Service managed client certificates with
TPM/hardware enclave key storage
• Support for both TCP and UDP applications

• Cisco and third-party VPN client interop
• Next-generation protocol (MASQUE + QUIC)
34
Differentiate with QUIC and MASQUE?
• QUIC :
•A fast, secure web transport protocol over UDP
•Provides its own layer of security, packet loss
detection, data recovery, and congestion control.
•HTTP/3 is based on QUIC
• MASQUE
•A proxy that routes multiple apps over one QUIC
connection.
•Efficient without little overhead.
Google has found that 75% of requests are faster over QUIC
30% fewer interrupts over QUIC for YouTube users
35
‘Just works’ ZTNA for Apple devices
Cloud Data center Branch office

Private apps Private apps Private apps
• Joint dev partnership, launch partner
coming in iOS 17, macOS 14
Cisco Secure Access
• Native experience on iOS and macOS
Masque Proxy
• “Always on” per application and per
domain MASQUE proxying
• All Applications, Ports, and Protocols

Apple Devices

36
How to connect from Secure Access to Internet Traffic
data/applications Private Traffic

Secure Tunnel
Cisco Secure Access

Client based
Access
Managed
Endpoint Internet/SaaS
DNS SWG DLP CASB NAT
Clientless
Access
Auth
Unmanaged Public
resource
MFA Device L3/4/7 Private Cloud
Support Posture Services Router Firewall connector or
and Health w/ IPS Backhaul VPN
SD-WAN
Optional
Secure Access PoPs

On Premise,
DC/Colo/
Users, Devices
Branch
& Things
Users
Partner Managed Exchange How Apps
37
End to End Workflow Client based Access
Secure Tunnel
Cisco Secure Access
QUIC
Secure ZTA
Proxy Auth
client
1 2
1. Connect and Map destination to resource 3 4
2. Authenticate, Secure and Query resource MFA Device

L3/4
gateway to see which connector group is Support Posture
& Health
FW RCGw
w/ IPS
serving traffic for the resource (latency based Optional
selection)
3. ZT Proxy forwards connection to app

gateway which in turn load balances traffic to
the selected connector in the group Secure Access PoPs
DC/Colo/ Public/Private
4. resource connector forwards traffic to the Branch Cloud
resource

38
SASE Use Cases

Use Case 1 – Remote Worker Access

Use Case 1 – Secure Private Access with CSA
via VPN Private Traffic
Secure Tunnel
Cisco Secure Access
Auth
VPN Private Applications Public/Private Cloud
IPSec backhaul or
App connector
MFA Device Posture Services L3/4/7
Support and Health Router Firewall
Optional
POPs in Public Cloud

Private apps/nets
Co-location nets
• SAML 2.0 + cert-based authentication • Start before logon

Benefits
• Posture verification (optional) • IPS
• Trusted Network Detection • Granular context-based control

Use Case 1 – Secure Private Access with CSA
No VPN, No Client Clientless Access
Secure Tunnel
Cisco Secure Access
ZTNA
Proxy
Browser Clientless Access Public/Private Cloud

IPSec backhaul or
App connector
Auth MFA Device Posture L3/4/7
Services
Optional

Private apps/nets
Co-location nets
• Clientless • Least privileged user access

Capabilities
• App-specific access • Reduced threat surface
• Undiscoverable IP address

Use Case 1 – Secure Private Access (Client-based ZTNA)
ZTNA supported Apps with App Connector
Public/Private Cloud
Cisco Secure Access app1.demo.com
App1.demo.com
QUIC
ZTNA
Proxy
All ports and protocols app2.demo.com
App Connector Tunnel
ZTNA QUIC
Redirect
December
App2.demo.com Availability
Services
QUIC Support and Health Router Firewall
App3.demo.com Optional
DC/Colo/
Branch
app3.demo.com
• Improved end-user experience • Performance benefits QUIC & MASQUE • No routing/network modification on client
Benefits
• Improved Security step up auth • Per App tunnels • App specific access
• Always on access • Cloud bypass for sensitive apps (future)

Use Case 1 – Secure Private Access (Client-based ZTNA)
ZTNA supported Apps via IPSec backhaul
Public/Private Cloud
Cisco Secure Access
App1.demo.com
QUIC
ZTNA app1.demo.com
Proxy
All ports and protocols IPSec
ZTNA QUIC
App2.demo.com
Services
Optional
POPs in Public Cloud app2.demo.com
DC/Colo/
Branch

Use Case 2- Secure Edge, Branch, Internet

Internet Traffic
Use Case 2 – Secure Internet Access with CSA

Non-Web Traffic
Secure Tunnel
Cisco Secure Access
Internet/SaaS
DNS SWG DLP CASB
Auth
VPN Public Applications
Backhaul VPN

Optional

Backhaul VPN
• SAML 2.0 + cert-based authentication

Capabilities
• Posture verification (optional)
• IPS
• Single in-line inspection
Internet Traffic
Use Case 2 – Secure Branch with CSA Non-Web Traffic

Secure Tunnel
Security Policy
NG Firewall with
Malware protection,
SecOps URL Filtering, SWIG,
Admin CASB, DLP, RBI
Office 365
Sensitive Cisco Secure Access
Data Google
Dana (IT) WebEx
Internet/SaaS Youtube
DNS SWG DLP CASB
Auth
SD-WAN Branch IPSEC
Genie (Sales) Site with/without Backhaul VPN
Embedded Sec
Optional

Backhaul VPN
Redirect
Capabilities Cisco Source Destination
Traffic
Secure SD-WAN Edge IPSec/GRE Auto-

Access routing policy
Dana (IT) All DIA Traffic
Tunnel SIG Provider Internet/SaaS Applications
Genie (Sales) All DIA Traffic
Any Cloud Security Provider
Add On Differentiation
• Extended Visibility for SASE with Cisco SD-WAN & ThousandEyes

SASE Visibility
Actionable insights that IT and Ops teams use to resolve
incidents quickly with better outcomes for the end user
App performance Path visualization Internet and BGP route Remote worker
WAN health monitoring experience
Isolate app issues Pinpoint issues down Internet is your new Ensure Internet routing Business apps must
from network issues to a service provider, WAN. Monitor its issues don't affect be available when
location and interface performance your users employees work
and services from home
Correlated insights to take action
Visibility from every user, to any application, over any network.

Extended visibility – Remote Worker Use Case
OBSERVABILITY
Is it the
transit ISP?
CISCO SASE
Is it the ISP? CLOUD SECURITY
Internet
Umbrella
DNS Secure web Cloud access
Is it the Public / private apps security gateway security broker
(CASB)
WiFi? Secure TLS
DNS / HTTP / HTTPS SSO

Public cloud /
Duo Duo SaaS
Adaptive Device posture Behavior Clientless Is it the SaaS
MFA and health analytics remote access
AnyConnect app?
Network gateway
Web apps / SSH
Optional
Remote access Private apps / nets
Is it the home
All ports / protocols Gateway Co-location nets
network?
Is it Is it the VPN
SECaaS? Gateway? Is it the
Application?
ThousandEyes

Extended visibility – Secure Edge Use Case
OBSERVABILITY
CISCO SASE
Is it the
CLOUD SECURITY transit ISP?
Is it the ISP? Umbrella

DNS security Secure web L7 Cloud access
gateway firewall security broker
(CASB) Internet
Umbrella tunnel
Duo Duo
Adaptive MFA Device posture Behavior Continuous
and health analytics verification
SD-WAN router Is it the

SD-WAN SSO
SaaS
SECaaS?
Network edge Is it the SaaS
Analytics / Middle-mile Telemetry Application
app?
automation efficiency SLA
SD-WAN mesh
Is it the SD-WAN fabric
enterprise
LAN? Private/
SaaS Integrated multi-
Is it SD-WAN optimization cloud access Is it SD-WAN public cloud
underlay? overlay?
Is it the
ThousandEyes Application?

Technologies Partnerships

Catalyst SD-WAN / Splunk Integration - Capabilities
SoC Dashboard
• Logs • Indexing
• Events Splunk • Data
Cisco Catalyst SD- • Alert Data Processing Splunk
• Holistic view of all security events Lake
WAN fabric • Visualization Dashboard
• Real time updates
• Top Threats & Policy Hits
• Drill down to flow level
Threat Management
• Visualize user to threat mapping

• List all IPS and Malware events
• > 1 year Data Retention
Flow Analysis
App URL:
https://splunkbase.splunk.
com/app/6657 App
• Global map view Add-on:
• Top applications accessed https://splunkbase.splunk.
com/app/6656
• Top network talkers HSL Add-on:
https://splunkbase.splunk.
Partner Managed Exchange com/app/6872
Microsoft Sentinel – SD-WAN Security Analytics
Asset Protection
1 Integration Differentiators
• Threat Hunting to trace security events

• Analyze threats based on MITRE ATT&CK framework
• Security reports (based on ML) with actionable insights
2 User Centric Visibility
• Identity Visualization (Usernames/SGTs)

• Easily correlate users/devices to security data Security Intelligence
• User threat maps
3 Granular Threat Details
• SD-WAN Security log visualization

• Detailed flow level visibility
• Security data retention

Demonstration


PIW Cisco SASE and Secure Access Upate

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PIW Cisco SASE and Secure Access Upate

Uploaded by

Copyright:

Available Formats

Cisco SASE and

• Why SASE, why Secure Access

• Secure Access Deep explained and Uses Cases

Partner Managed Exchange

Partner Managed Exchange

Expanding Attack Surface

Secure BYOD? Cloud Security – SWG, DNS, CASB, DLP…….

Network & Security Silos

Partner Managed Exchange

Secure the Users &

Partner Managed Exchange

3 Monitoring & Visibility Network & Cloud Security 1 NGFW 4 Certification

3rd Party SIEM/SOAR

Partner Managed Exchange

TRAFFIC Security stack

Branch offices HQ Roaming/mobile

What Has Changed?

Data Center Backhaul

Wide Area Networks are

Partner Managed Exchange

Network as a service Security as a service

Content WAN Optimization Cloud Access Security Zero Trust Network

Quality of Service SaaS Acceleration Firewall as a Service Secure Web

Partner Managed Exchange

Breakout (unmonitored internet and trusted SaaS)

•Posture based controls connectivity Private

Unmanaged •Single Policy •Granular context-based control

Visibility, Easy to manage, Intelligence

Content WAN Optimization

more in a single subscription

Meraki And Catalyst SD-WAN Secure Access

Easy to manage, Visibility & Intelligence

Deep Point Solutions

Multi-products / vendor Single solution

• Single pane of glass for SD-WAN and

• Unified, intent-based policy across the

• Converged with Meraki Secure SD-WAN

• Platform level health

Partner Managed Exchange

Phase 1 : Branch Users

Phase 2 : Hybrid/Remote Users

Partner Managed Exchange

Partner Managed Exchange

Remote users Web

IoT devices Private apps

Connect Users Connect to Data / Applications

Partner Managed Exchange

Core XDR Duo MFA/ CSPM

Deliver the Core and more in a single subscription

DNS Multimode Advanced Sandbox Talos Threat VPN as a Digital Remote

Cisco Meraki and Catalyst SD-WAN

Umbrella • Core Cloud • CASB • Unified Client/Frictionless User

Partner Managed Exchange

High Level Architecture Secure tunnel

Breakout (unmonitored internet and trusted SaaS)

•Posture based controls connectivity Private

Unmanaged •Single Policy •Granular context-based control

Visibility, Easy Intelligence

Multiple products increase cost and inefficiencies

Partner Managed Exchange

Core XDR Duo MFA/ CSPM

Deliver the Core and more in a single subscription

DNS Multimode Advanced Sandbox Talos Threat VPN as a Digital Remote

Partner Managed Exchange