With the rise in encrypted traffic, is the importance of the perimeter firewall and IPS diminishing?
I often get asked that with the rapid rise of encrypted traffic, is the importance of the Next Gen Firewall (NGFW) and perimeter security diminishing? The short answer is obviously “No,” the NGFW is still an important part of your security strategy, however, there are several things to consider when making your next NGFW and perimeter security decision.
Our threat researchers reported in Cisco’s Annual Security Report that over 50% of the global traffic is encrypted, making it easier for attackers to conceal their malicious activity and more difficult for IT to protect their organization. In addition, TLS 1.3 will quickly gain popularity since it will make the internet a safer place for everyone. As a result, users with legacy NGFW will end up with blind spots and less visibility into the traffic entering their network.
We need to address this new challenge by evolving our defense strategy to include better integration and policy automation across the entire organization, which includes the network, endpoint, and cloud: a strong global threat intelligence that leverages machine learning to detect threats across email, web applications, clouds, network traffic and more. In short, the more you see, the more you will be able to block. Every day, Cisco Talos analyzes nearly two million unique malware samples, tens of billions of DNS requests, and telemetry from over 600 billion emails, making it the largest non-governmental threat intelligence network globally. Together with an elite group of over 250 threat researchers, Cisco Talos turns threat intelligence into actionable information that powers Cisco NGFW (Firepower Threat Defense) and all Cisco security solutions regardless of where they are in your environment.
There’s more; with Cisco’s expertise in the network infrastructure market, we introduced Encrypted Traffic Analytics (ETA) , a Cisco innovation that can detect malicious activity hidden inside encrypted traffic by applying advanced analytics while maintaining the integrity of the encrypted payload. No decryption needed. This is a unique feature that is only available through Cisco’s Digital Network Architecture (DNA).
To stay ahead of the adversaries, the Next Gen Firewall and perimeter defenses must be part of a larger integrated architecture where actionable threat information can automatically be shared across the Network, Endpoint, and Cloud. With a Cisco’s security architecture, threats only need to be detected once and then immediately blocked across the entire security ecosystem, globally.
Excellent write-up, great post Jack.