1
00:00:00,000 --> 00:00:07,800
Well, good afternoon, everyone, or if you're in the West Coast, good morning to you. Today is Wednesday, September 20th.

2
00:00:07,800 --> 00:00:14,360
And welcome to the kickoff of Cisco's newest security specific webinar security and 45.

3
00:00:14,360 --> 00:00:21,360
Now, this is going to be a monthly webinar series, and we're going to talk about the latest security challenges in our industry.

4
00:00:21,360 --> 00:00:24,320
And for us on the call, how to stay ahead of the game.

5
00:00:24,320 --> 00:00:29,800
No slides, just good conversation. That's what this show is going to be all about each month.

6
00:00:29,800 --> 00:00:35,640
And each session, we're going to have a special guests and they're going to be experts in particular topics.

7
00:00:35,640 --> 00:00:39,640
I am very excited about the 2 amazing guests that we have today.

8
00:00:39,640 --> 00:00:48,160
We invite you to enjoy the series. However, is best for you. You can watch in, or you can just listen in whatever you prefer. You can listen in from.

9
00:00:48,160 --> 00:00:57,200
You know, at lunch, Jim break room, whatever you want to do, you don't necessarily have to have a screen in front of you to enjoy the series.

10
00:00:57,200 --> 00:01:07,400
Who am I? My name is Mike, I'm 1 of your 2 hosts for the whole series and I'm joining from my home here outside of Raleigh, North Carolina. It is a beautiful sunny day here.

11
00:01:07,400 --> 00:01:10,960
I'm about 10 miles from Cisco's RTP campus.

12
00:01:10,960 --> 00:01:16,640
I've been in the security industry. I'm going to date myself here 20 years.

13
00:01:16,640 --> 00:01:19,720
The last 14 of those have been at Cisco.

14
00:01:19,720 --> 00:01:30,880
On various security related teams, and I've got to run into a lot of very fun people over the years, knowledgeable people. And I'm really excited to be here with you today.

15
00:01:30,880 --> 00:01:36,760
Let me turn it over next to my partner in crime. Ladies and gentlemen, your cohost.

16
00:01:36,760 --> 00:01:48,080
Or my cohost are Andre Sarmiento. Thank you Mike. Thank you for that intro. And yes, Andre Sarmiento here. Super excited about this new webinar series.

17
00:01:48,080 --> 00:01:56,280
It's going to be incredible. I wish I had this a few years ago when I was starting in the field.

18
00:01:56,280 --> 00:02:03,000
But just blessing of technology, we can do this and we can do it a lot of times.

19
00:02:03,000 --> 00:02:09,920
So I come from a background from being a partner, being a customer and now working at Cisco.

20
00:02:09,920 --> 00:02:19,040
Super excited to see everything that we get to see and, you know, as one of the ideas was we cannot wait to show you exactly what are the things that we have.

21
00:02:19,040 --> 00:02:23,120
In store for you guys and.

22
00:02:23,120 --> 00:02:30,000
Just with that, I'm going to pass it to Rob. Rob, introduce yourself if you don't mind.

23
00:02:30,000 --> 00:02:40,400
All right. Well, thank you very much. Hello. My name is Rob Kator. I'm a technical solution specialist here at Cisco covering security.

24
00:02:40,400 --> 00:02:47,760
I've been with Cisco for almost geez, 12 years now started out in the tech.

25
00:02:47,760 --> 00:02:55,080
And now here in sales pleasure meeting you and I hope you have enjoyed this webinar.

26
00:02:55,080 --> 00:03:03,520
All right, I think that's my cue. My name is Kiana Brown. I am currently a technical solution specialist in the US public sector.

27
00:03:03,520 --> 00:03:13,640
But much like much like Rob, we work in the same team. We deliver on these different security solutions and I've been at Cisco say.

28
00:03:13,640 --> 00:03:21,880
And that is not because I've been here very long. I would say probably about 7 or 8 years. I'm terrible with time, but something along those lines.

29
00:03:21,880 --> 00:03:29,320
And spent a lot of time working with some firepower adjacent solutions before I really got to take the time to really zone in and focus on it.

30
00:03:29,320 --> 00:03:35,160
So super excited to talk to you all today and to get this conversation started.

31
00:03:35,160 --> 00:03:40,760
I'm really excited for today's topic, which is firewalls firewalls.

32
00:03:40,760 --> 00:03:47,640
They're at the heart of security. They're fundamental to securing everything people, assets and companies.

33
00:03:47,640 --> 00:03:55,960
Now, because firewalls are at the center of security, I mean, this is going to be a long series monthly, but we really wanted to start with firewalls here.

34
00:03:55,960 --> 00:04:02,600
Rob and Kiana, your background with firewalls is quite extensive. I'm really looking forward to talking with you both today.

35
00:04:02,600 --> 00:04:07,240
Kiana, I know you said you're not good with time, but I know you're good with firewalls.

36
00:04:07,240 --> 00:04:12,920
You're always the firewall guy back in the tech days. So, so let's do it.

37
00:04:12,920 --> 00:04:19,320
The first question and Rob, I'd like to start with you on this one. Sure. You don't mind here.

38
00:04:19,320 --> 00:04:25,880
Why don't you give us all kind of an overview Cisco's history with firewalls. It's very long.

39
00:04:25,880 --> 00:04:31,880
Like, when I started, I mean, we don't have anything to say, but where did we start? Where are we now?

40
00:04:31,880 --> 00:04:40,280
All right. Well, thank you. Yeah. So it started back in the early 90s with the PICS firewall, right?

41
00:04:40,280 --> 00:04:45,400
The PICS firewall provided basic firewall capabilities.

42
00:04:45,400 --> 00:04:50,840
It actually was considered a pioneer in network firewalls.

43
00:04:50,840 --> 00:05:02,840
It was the first commercially available firewall that introduced protocol specific filtering, denying or allowing access based off of protocol.

44
00:05:02,840 --> 00:05:06,680
And it provided NAT capabilities to solve at the time.

45
00:05:06,680 --> 00:05:10,760
The IP address shortages that we had, right?

46
00:05:10,760 --> 00:05:20,280
And then in around 2005, Cisco introduced the ASA, which was a new and approved version of the PICS.

47
00:05:20,280 --> 00:05:34,600
It provided more advanced, well, at least at the time, considered advanced features such as intrusion prevention, VPN capabilities, advanced application inspection, and so on.

48
00:05:34,600 --> 00:05:39,800
Advanced application inspection and even QoS, right?

49
00:05:39,800 --> 00:05:43,960
And the ASA became the staple for Cisco firewalls.

50
00:05:43,960 --> 00:05:49,880
And then in about 2013, Cisco acquired Sourcefire.

51
00:05:49,880 --> 00:05:57,320
And our first integration with Sourcefire and the ASA was with the Firepower module.

52
00:05:57,320 --> 00:06:03,640
With that module, we were able to do more deep inspection of packets.

53
00:06:03,640 --> 00:06:06,840
Malware detection and even URL filtering.

54
00:06:06,840 --> 00:06:12,280
And it was a big step for us, but it did require two different managements, right?

55
00:06:12,280 --> 00:06:18,600
So we had the management for the ASA and then the management for the Firepower module.

56
00:06:18,600 --> 00:06:27,240
So in order to resolve that, Cisco developed Firewall Threat Defense or FTD.

57
00:06:27,240 --> 00:06:43,480
This was a unified image that combined the well-established firewall capabilities of the ASA with those advanced threat detection capabilities of Sourcefire.

58
00:06:43,480 --> 00:06:56,920
FTD is designed to provide a comprehensive security capabilities in a single solution, making it one of the, you know, making it a perfect solution for your business,

59
00:06:56,920 --> 00:07:01,000
whether it's a small company or largest enterprises.

60
00:07:03,240 --> 00:07:05,320
That's great. You know, it's interesting seeing the changes.

61
00:07:06,120 --> 00:07:12,840
And you mentioned ASA. So, see, when I started, there were still some fixes out there that we were still supporting.

62
00:07:13,720 --> 00:07:16,200
And it was what we call now the classic ASA.

63
00:07:16,200 --> 00:07:24,760
And I remember manually having to update those ACLs and a lot of that stuff that now is just automated, but pretty interesting.

64
00:07:24,760 --> 00:07:31,000
Nick, you know what else is a fun fact? I remember that ASA5505, that thing sat on my desk at TAC for so many years.

65
00:07:31,000 --> 00:07:34,200
We kept pushing out that end of life day because it just kept working.

66
00:07:34,200 --> 00:07:38,680
It was a beast. Yeah, a little box, but it did its job.

67
00:07:39,320 --> 00:07:42,360
But like you mentioned, you know, now we've got that FTD.

68
00:07:42,360 --> 00:07:47,480
Things are more updated, you know, zero-day threats are downloaded immediately.

69
00:07:47,480 --> 00:07:49,320
So very cool stuff.

70
00:07:49,320 --> 00:07:54,040
Yeah, no. And you know what, from the things that I remember, I remember the PICS.

71
00:07:54,040 --> 00:08:00,760
Actually, that was the first thing that I migrated to an ASA long time ago. It was crazy.

72
00:08:00,760 --> 00:08:07,880
Just a little bit of nostalgia here. Anybody remember what PICS stands for?

73
00:08:07,880 --> 00:08:12,680
Whoa. You want me to tell you?

74
00:08:12,680 --> 00:08:14,680
Let's do it. Let's do it, Rob.

75
00:08:14,680 --> 00:08:16,680
Private Internet Exchange.

76
00:08:16,680 --> 00:08:22,360
There you go. Exactly. Yeah, I didn't know what it meant at the time.

77
00:08:24,360 --> 00:08:25,640
All right, let's keep going.

78
00:08:27,160 --> 00:08:32,440
Keon, I think one of the things that our audience wants to know probably,

79
00:08:33,960 --> 00:08:39,400
just to understand the high level of the Cisco Secure firewall story,

80
00:08:40,600 --> 00:08:45,400
what are the primary differences between FTD and the ASAs?

81
00:08:45,400 --> 00:08:47,800
If you don't mind going over that for a bit.

82
00:08:48,760 --> 00:08:53,960
Okay, sure. So, I mean, Rob alluded to a few of them already, right?

83
00:08:53,960 --> 00:08:58,200
So, I mean, when we look at just the ASA core software, right?

84
00:08:58,200 --> 00:09:01,080
And this is not having a Firepower Services module.

85
00:09:01,080 --> 00:09:06,200
We're looking at the basic capabilities of a firewall to really take it to that next level,

86
00:09:06,200 --> 00:09:09,640
right? That's when we're going to start looking at software that we call FTD.

87
00:09:09,640 --> 00:09:12,360
Cisco is terrible at acronyms and using them for everything.

88
00:09:12,360 --> 00:09:14,200
So I'm going to try to explain all of them.

89
00:09:14,200 --> 00:09:18,040
The first one is going to be FTD, which is Firepower Threat Defense, right?

90
00:09:18,040 --> 00:09:22,840
So Firepower Threat Defense gives us the capability to use what we call those next-gen

91
00:09:22,840 --> 00:09:26,920
capabilities. So that intrusion detection and prevention is pretty standard for most

92
00:09:26,920 --> 00:09:31,880
modernized firewalls today. But you'll also have the capability to take a look at how we can do

93
00:09:31,880 --> 00:09:37,720
some layer 7 filtering with application visibility and control. We also have the capability to take

94
00:09:37,720 --> 00:09:42,360
a look inside of that traffic through quite a few features and be able to make a discernment of

95
00:09:42,360 --> 00:09:46,520
whether we want to permit or deny some of that traffic as well. And then on top of that, it

96
00:09:46,520 --> 00:09:51,880
doesn't stop, right? We also have the capability to do URL content filtering there too. And the

97
00:09:51,880 --> 00:09:56,440
way that we license it now is a little different than how we would license it on the ASA, right?

98
00:09:57,080 --> 00:10:01,080
Most of the licenses you'll see for Firepower Threat Defense are going to be typically through

99
00:10:01,080 --> 00:10:07,160
smart accounts. And we use them as something we call TMCs, right? So that threat, that malware,

100
00:10:07,160 --> 00:10:11,560
and content. And respectively, right, that threat is your intrusion detection, intrusion

101
00:10:11,560 --> 00:10:16,520
prevention capabilities. The malware portion, which is a really, really cool portion, allows

102
00:10:16,520 --> 00:10:21,400
us to take a look at the files within that traffic if we decrypt it, right, and be able to make a

103
00:10:21,400 --> 00:10:25,560
decision on whether those files, those attachments, or anything along those lines are clean and

104
00:10:25,560 --> 00:10:30,440
malicious. And then the next thing that we have, right, is C, which stands for content. It goes

105
00:10:30,440 --> 00:10:35,960
straight to content filtering there too. So, I mean, even just licensing aside, there are other

106
00:10:35,960 --> 00:10:40,920
things that we bring into play when we talk about Firepower Threat Defense, right? One of them is

107
00:10:40,920 --> 00:10:46,280
also going to be the capability to actually be able to pull threat intelligence information from

108
00:10:46,280 --> 00:10:50,360
Talos. And then along with pulling threat information from Talos, we also have

109
00:10:50,360 --> 00:10:55,000
Active Directory integrations. So we can also take a look at the identities that are associated to

110
00:10:55,000 --> 00:10:59,480
the events that we see in the console, right? So these are just a few things that are just starting

111
00:10:59,480 --> 00:11:04,760
very, very high level. But even if we take it a step further, right, we can take it one more step

112
00:11:04,760 --> 00:11:10,040
further and actually talk about what exactly the Firepower Threat Defense software sits on top of,

113
00:11:10,040 --> 00:11:14,360
right? In the past, right, there have been virtual and physical appliances moving towards

114
00:11:14,360 --> 00:11:18,200
Firepower Threat Defense and other technologies in the future. We are definitely looking and

115
00:11:18,200 --> 00:11:22,760
gearing more towards, you know, some cloud-based services. And of course, some of those cloud-based

116
00:11:22,760 --> 00:11:27,640
services, so we can do Firepower Threat Defense on top of AWS, for example, right? We can take it

117
00:11:27,640 --> 00:11:32,120
even a step further in terms of how we want to go, you know, with innovation. I think those are some

118
00:11:32,120 --> 00:11:38,120
of the main differences that I can think of off the top of my head. That's awesome. That's great

119
00:11:38,120 --> 00:11:45,320
information. I like the flexibility and the things that we can integrate with. I guess at some point

120
00:11:45,320 --> 00:11:51,400
we're going to discuss some of those things. But before that, I want to bring another piece of

121
00:11:51,400 --> 00:11:58,120
nostalgia for everybody here. The Cisco VPN 3000 concentrator. Anybody remember that one?

122
00:11:58,120 --> 00:12:04,840
I remember, yes. The 3K. That was another one that we got to play with. So.

123
00:12:04,840 --> 00:12:10,760
I love that even then we choose to abbreviate even the 3000. We're just like, no, 3K is fine too.

124
00:12:10,760 --> 00:12:17,000
Like we just love shorting things, don't we? Thinking back on it. We know we love our acronyms

125
00:12:17,000 --> 00:12:25,960
here at Cisco, right, Niana? Oh, for sure. No, but I think that question is great because that's a

126
00:12:25,960 --> 00:12:31,960
big one I get from a lot of customers is like, I have an ASA. Where do I go from here? You know,

127
00:12:31,960 --> 00:12:37,400
and there is an education piece about like, well, what is the FTD and, you know,

128
00:12:38,600 --> 00:12:43,560
why do I want to move there? And some of those things you mentioned are so key. A lot of that,

129
00:12:43,560 --> 00:12:47,320
even just simple stuff, what we call simple now, but just the ability to integrate with

130
00:12:47,320 --> 00:12:52,120
Active Directory. And I don't need to like memorize all my IP addresses and all my IP schemes. I can

131
00:12:52,120 --> 00:13:00,600
make a rule based on an Active Directory username or group. So. Excellent. How do somebody talk about

132
00:13:00,600 --> 00:13:06,920
like the management of this new great FTD platform? You know, like Rob, when I would go to you with

133
00:13:06,920 --> 00:13:13,160
all my firewall tackles back in the day, it was always on ASDM. How do I manage? You know, I've

134
00:13:13,160 --> 00:13:20,040
got some firepower firewalls running this FTD software and open floor. Just how are the management

135
00:13:20,040 --> 00:13:28,280
options there? Well, the good news is no more Java, right? So ASDM gone, right? To be honest,

136
00:13:28,280 --> 00:13:33,960
I mean, that's one of the great things about firepower because there are several different options

137
00:13:35,480 --> 00:13:39,960
to manage your devices depending on your needs and preferences, right?

138
00:13:40,920 --> 00:13:48,520
Each option provides ways to configure and control your devices, but they do differ a little bit,

139
00:13:48,520 --> 00:13:55,640
right? So first we have the Firewall Device Manager or FDM if you want to use your acronyms.

140
00:13:55,640 --> 00:14:05,320
This is a local web based interface for managing individual FTD devices. It's an easier solution

141
00:14:05,320 --> 00:14:12,920
typically seen in smaller environments that prefer a more device specific management approach, right?

142
00:14:14,600 --> 00:14:21,000
Firewall Device Manager offers a simplified interface for configuring security policies,

143
00:14:21,000 --> 00:14:28,360
network objects and basic monitoring, right? But it does lack some of those advanced features that

144
00:14:28,360 --> 00:14:36,280
you would see in other solutions such as the Firewall Management Center or FMC, right? So FMC

145
00:14:36,280 --> 00:14:46,200
is a comprehensive centralized management solution that provides not only advanced visibility and

146
00:14:46,200 --> 00:14:54,200
reporting capabilities, but you can manage a single device to hundreds of devices all from a

147
00:14:55,320 --> 00:15:03,320
single interface, right? It provides advanced policy management, customized intrusion prevention

148
00:15:03,320 --> 00:15:09,160
rules. You can actually even create your own intrusion prevention rules, malware detection

149
00:15:09,160 --> 00:15:19,800
and application controls. FMC also provides advanced threat intelligence and analytics to help you

150
00:15:21,000 --> 00:15:29,240
identify and respond to security threats. Now for those that are moving towards the cloud,

151
00:15:29,240 --> 00:15:37,480
we have Cisco Defense Orchestrator or CDO, right? CDO is a cloud based management service

152
00:15:37,480 --> 00:15:49,000
platform that is designed for simplified security policies, not only for FTD devices, but you can

153
00:15:49,000 --> 00:15:58,920
manage the security policies for ASAs, iOS and even Meraki MX devices. But recently we've added

154
00:15:58,920 --> 00:16:07,960
the cloud delivered FMC into CDO. So now we have those same functions and features that you would

155
00:16:07,960 --> 00:16:14,920
get with an on-premise FMC, but hosted in the cloud. So you can connect to CDO without having

156
00:16:14,920 --> 00:16:20,760
a VPN into your network. You can even connect to it from your phone if you wanted to. And then of

157
00:16:20,760 --> 00:16:24,320
course, there's always the REST APIs, right? So APIs are a kind of a

158
00:16:24,320 --> 00:16:33,680
programming interface that allows you to manage and get information from your devices.

159
00:16:34,640 --> 00:16:43,280
So a lot of options there for managing FTD. I personally like the cloud management one. I mean,

160
00:16:43,280 --> 00:16:50,480
if my firewall has internet access, then that's all I need. Let Cisco host it in the cloud. I just

161
00:16:50,480 --> 00:16:55,200
have a username and password and as long as my firewalls can reach the cloud, I'm good to go.

162
00:16:55,200 --> 00:17:01,040
Yeah. And then you don't have to worry about the hardware or, you know, in my situation, I don't

163
00:17:01,040 --> 00:17:08,400
have the server to spin up a virtual FMC and I don't have to maintain it. I don't have to update

164
00:17:08,400 --> 00:17:12,400
it or anything. Cisco takes care of it. We definitely see that in the industry too,

165
00:17:12,400 --> 00:17:16,080
not just firewalls, but in general, everything moving to like SaaS based offerings.

166
00:17:16,080 --> 00:17:20,720
Hey, just give me an account. Just, you know, let me have an accountant management.

167
00:17:22,880 --> 00:17:28,800
I don't want to be the guy that is always bringing the nostalgia back, but I do remember from

168
00:17:29,600 --> 00:17:38,240
the past, the management was a little tricky. It was a little difficult, but I think we have to

169
00:17:38,240 --> 00:17:44,400
think that, you know, there's been a lot of enhancements, flexibility, just, you know, having

170
00:17:44,400 --> 00:17:50,640
multiple options to have a way to manage your firewalls. That's really good. It's actually

171
00:17:50,640 --> 00:18:03,840
really good to see. All right. So I guess we do have a few more questions and this one is

172
00:18:03,840 --> 00:18:11,360
one that is really, really, really important to me, important from seeing multiple vendors,

173
00:18:11,360 --> 00:18:20,240
seeing multiple solutions and just, let's talk about a little bit of how FTD will fit into

174
00:18:20,800 --> 00:18:25,440
our customer's ecosystem. Like let's talk integrations. What are the things that

175
00:18:26,480 --> 00:18:32,400
you guys see in the field and find out about? What are the things that you guys see in the field?

176
00:18:32,400 --> 00:18:36,960
And if you don't mind, anybody can answer this one and just go for it.

177
00:18:38,240 --> 00:18:43,200
Yeah. I mean, I love to talk, so I'll hop in here. It's been a few minutes. It's been awful.

178
00:18:43,200 --> 00:18:48,560
So in terms of, you know, some integrations that I typically see, right, or at least I think can

179
00:18:48,560 --> 00:18:53,440
prove to be the most useful from a scalability perspective, right? One of them I actually referred

180
00:18:53,440 --> 00:18:58,800
to earlier was the Active Directory integration, but the way that that happens, right, we used to

181
00:18:58,800 --> 00:19:04,320
have an overall user agent that was deployed, but now we've actually leaned on the identity services

182
00:19:04,320 --> 00:19:09,280
engine to give us that information, to query that from that Active Directory source or other

183
00:19:09,280 --> 00:19:13,760
identity sources as well, right? It doesn't just have to be Active Directory. That's one primary

184
00:19:13,760 --> 00:19:19,360
integration that I usually see. We used to have a lot of jokes around talking about, you know, how

185
00:19:19,360 --> 00:19:24,240
it's a story of fire and ice, but I don't think that stuck too well, but that was definitely one

186
00:19:24,240 --> 00:19:29,200
of the primary integrations that I had personally seen. There are some other ones that are happening

187
00:19:29,200 --> 00:19:36,320
too. I think one that is not necessarily open or I should say everyone's aware about is the umbrella

188
00:19:36,320 --> 00:19:40,320
and the firepower integration as well, right? If you're not familiar with umbrella, umbrella is

189
00:19:40,320 --> 00:19:45,600
essentially going to be helping us from a DNS level, right, to be able to block or to permit

190
00:19:45,600 --> 00:19:50,160
access to different types of domains based on the threat intelligence information we get, right?

191
00:19:50,160 --> 00:19:54,320
So most of the solutions that we have are going to be powered by our Talos threat intelligence

192
00:19:54,320 --> 00:19:59,040
source. And another integration that comes to mind now that I'm thinking about it is also

193
00:19:59,040 --> 00:20:05,120
extra threat intelligence feeds, right? Right now, as far as spinning up firepower in this kind of

194
00:20:05,760 --> 00:20:10,320
native state, I should say, natural born state, right? You'll get the threat intelligence sources

195
00:20:10,320 --> 00:20:14,400
from Talos threat intelligence, but there are other external threat feeds that you could pull

196
00:20:14,400 --> 00:20:18,880
from as well, right? So it's not just limiting you to one team, right, if that's something you

197
00:20:18,880 --> 00:20:22,880
don't want to do, you can pull from multiple different sources that can once again help you

198
00:20:22,880 --> 00:20:28,480
to make more educated, more defined decisions, right? Another one I'm trying to think of off

199
00:20:28,480 --> 00:20:34,480
the top of my head, if you're not aware, actually, this is a good one, is also going to be Cisco XDR.

200
00:20:35,280 --> 00:20:39,920
Now it's called Cisco XDR, but XDR stands for Extended Detection and Response, right? But they're

201
00:20:39,920 --> 00:20:45,280
calling it Cisco XDR. So what you can do with Cisco XDR is you can also pull an telemetry from

202
00:20:45,280 --> 00:20:50,400
firepower into what we call that kind of single pane of glass solution, allow us to make those

203
00:20:50,400 --> 00:20:55,680
ultimate decisions based on the incidents that we see across different platforms, right? So those

204
00:20:55,680 --> 00:21:00,000
are some of the primary ones that we've seen, but it's not just limited to Cisco solutions, right?

205
00:21:00,000 --> 00:21:05,120
We still have integrations with other third parties that we do either via APIs, for example,

206
00:21:05,120 --> 00:21:09,520
or other types of ways that we may bring those together. So it's a very scalable ecosystem,

207
00:21:09,520 --> 00:21:14,400
I think, that firepower can reach. And that's what it should be, right? At its base, a firewall is

208
00:21:14,400 --> 00:21:19,280
kind of that, you know, that I would say almost like the bare minimum layer, right? So we need

209
00:21:19,280 --> 00:21:27,680
to make sure it's as scalable as possible. I like the idea that we can integrate with

210
00:21:27,680 --> 00:21:34,000
third party as well, third party and, you know, native Cisco integrations. I think it's important,

211
00:21:34,000 --> 00:21:41,120
and a lot of people don't understand the breadth of Cisco in a topology, Cisco security specifically,

212
00:21:41,120 --> 00:21:46,720
like where the endpoint, the network, you know, the data center, any of the cloud providers,

213
00:21:46,720 --> 00:21:52,000
your private cloud you may have. But when we start talking about integration, specifically with

214
00:21:52,000 --> 00:21:57,040
firewall, we're kind of like connecting into all of those areas. And that really helps with things

215
00:21:57,040 --> 00:22:02,720
like threat hunting as well. Having my firewall, you know, maybe I detected this threat through

216
00:22:02,720 --> 00:22:08,960
an email that came in, but I'm able to use the capabilities that the firewall is giving me to

217
00:22:08,960 --> 00:22:12,720
provide insight into that threat that was, you know, originally detected in an email.

218
00:22:13,440 --> 00:22:18,080
Yeah, like the whole point of that is just, oh, sorry, Rob brought up his hands. Did I interrupt

219
00:22:18,080 --> 00:22:24,320
you? No, please go ahead. All I was going to say is, right, that just brings back the basis of just

220
00:22:25,040 --> 00:22:31,680
shortening and minimizing the overall mean time to respond, right? Time is of the essence in any

221
00:22:31,680 --> 00:22:36,480
type of ecosystem when it comes to security. So that's all I wanted to say there. But Rob,

222
00:22:36,480 --> 00:22:42,080
please, by all means. I just wanted to add about the integrations, you know, it's not just Cisco,

223
00:22:42,080 --> 00:22:51,200
right? Because Cisco collaborates with, you know, other technology partners to ensure that the FTD

224
00:22:51,200 --> 00:22:56,800
can integrate effectively with other security solutions that are out there in the market.

225
00:22:56,800 --> 00:23:02,080
You know, our goal is to make a holistic approach to network security. Yeah.

226
00:23:02,080 --> 00:23:08,320
That's actually really good. Yeah. I mean, I think that we can probably talk all day about the

227
00:23:08,320 --> 00:23:15,040
integrations. There are so many great things that we can see. We get to see customers just, you know,

228
00:23:15,040 --> 00:23:22,480
exporting all logs, using all logs to support it to SIEMs, to XDR systems. It's not only Cisco XDR,

229
00:23:22,480 --> 00:23:29,680
of course, you know, that is an availability for multiple customers and just the ease of integration

230
00:23:29,680 --> 00:23:39,200
with multiple systems just makes a lot of sense. So that's great. And I think we could have a whole

231
00:23:39,200 --> 00:23:45,680
call, like you said, Andre, on just integrations among Cisco products, not just firewall. Maybe

232
00:23:45,680 --> 00:23:50,320
we'll do that. And Kiana, thank you for the plug about Cisco XDR, which is going to be our next

233
00:23:50,320 --> 00:23:58,240
call. So excellent work there. All right. A couple months ago, we had internal training about

234
00:23:58,240 --> 00:24:03,280
internal training about what we call the firewall road skill. And we talked a lot about

235
00:24:04,640 --> 00:24:11,600
firepower and the latest and greatest in terms of technical advancements and innovations.

236
00:24:11,600 --> 00:24:16,720
Some of those are things that only Cisco has. And I thought it was pretty amazing.

237
00:24:18,080 --> 00:24:23,040
Let's talk about some of those innovations and why are Cisco firewalls,

238
00:24:23,040 --> 00:24:25,840
you know, the leader in our industry when it comes to security.

239
00:24:25,840 --> 00:24:32,880
Oh, okay. So I think one of the ones that I, it's my personal favorite, just because I think it's

240
00:24:32,880 --> 00:24:38,080
such a cool topic. And I don't think it's discussed enough is something called EVE, which once again,

241
00:24:38,080 --> 00:24:43,360
acronyms, right? EVE stands for the encrypted visibility engine. So essentially it allows us

242
00:24:43,360 --> 00:24:49,840
to be able to identify applications and the processes of those applications without decrypting

243
00:24:49,840 --> 00:24:56,000
encrypted traffic, right? Which sounds like it sounds a little bit like a misnomer, right? But

244
00:24:56,000 --> 00:24:59,680
essentially the way that we do that is we're taking a look at the client hello packets and

245
00:24:59,680 --> 00:25:04,800
the fingerprinting of those particular applications. And then we're actually taking that back to our

246
00:25:04,800 --> 00:25:11,840
app ID database, which has 7,000 applications so far, right? And we're able to identify those.

247
00:25:11,840 --> 00:25:15,920
And then we can give you that information in multiple different areas, right? The most

248
00:25:15,920 --> 00:25:20,080
popular area in terms of depending on your management style is going to be some type of

249
00:25:20,080 --> 00:25:25,040
event viewer. So for FMC, it's a unified event viewer, for example, you can actually take a look

250
00:25:25,040 --> 00:25:28,640
at the applications that are in some of that traffic without actually having to do the

251
00:25:28,640 --> 00:25:34,240
decryption. The reason why this feature is so important, right? Is because I think anyone

252
00:25:34,240 --> 00:25:38,480
that's been on this call that's had any type of conversations with firewall vendors have always

253
00:25:38,480 --> 00:25:45,760
talked about the capability of SSL decryption specifically. And so with the overall topic of

254
00:25:45,760 --> 00:25:50,720
SSL decryption, usually there's always that kind of caveat that says, hey, depending on the amount

255
00:25:50,720 --> 00:25:54,880
of traffic that you're looking to decrypt, there may be some type of performance on the firewall,

256
00:25:54,880 --> 00:25:59,200
right? We don't have to worry about that with the encrypted visibility engine if we're just taking

257
00:25:59,200 --> 00:26:03,520
a look at the applications and the processes are inside of it, right? And then that also saves a

258
00:26:03,520 --> 00:26:09,120
lot of money too, right? And I mean, I love saving money, right? I love Target. And so I think that

259
00:26:09,120 --> 00:26:14,320
when we get to those big cups, oh yeah, exactly. This is what I'm talking about, right? Saving money

260
00:26:14,320 --> 00:26:19,520
so I can buy my, you know, just feed my addiction, my collection. And so, you know, it saves a lot of

261
00:26:19,520 --> 00:26:25,040
money there too, right? Because when we're talking about any potential performance hits in the past

262
00:26:25,040 --> 00:26:30,320
and enabling SSL decryption, usually you have to kind of over utilize a firewall or meaning you

263
00:26:30,320 --> 00:26:35,200
have to kind of over spec it, right? At this point, you can actually work with what exactly it is the

264
00:26:35,200 --> 00:26:39,280
requirements you're looking for without having to think about these, you know, kind of like,

265
00:26:39,280 --> 00:26:44,880
you know, doomsday caveats such as, right? Taking a look at the applications within that traffic.

266
00:26:44,880 --> 00:26:49,280
So that's one of the first ones that I think is just a really cool feature. And the reason I think

267
00:26:49,280 --> 00:26:53,600
it's super cool as an engine is because all you have to do is click a radio button to enable it

268
00:26:54,320 --> 00:26:57,920
in your access control policy, right? So, I mean, that's one thing that I think is really

269
00:26:57,920 --> 00:27:02,880
cool to use there. Now, keep in mind that with the encrypted visibility engine that is on

270
00:27:03,760 --> 00:27:09,760
Firepower version 7.2, keep me out on this everyone, I think it's 7.2 and above. But there is

271
00:27:09,760 --> 00:27:14,080
another feature that was available a little bit earlier than that, like in the 6.x days. And this

272
00:27:14,080 --> 00:27:20,080
was something called TLS Server Identity Discovery, which doesn't have an acronym, so it doesn't really

273
00:27:20,080 --> 00:27:25,600
roll off the tongue really, right? But that allowed us to be able to essentially unencrypt the

274
00:27:25,600 --> 00:27:30,320
certificate information, the server certificate information by doing kind of like a sidecar,

275
00:27:31,120 --> 00:27:35,680
you know, session. So for example, if we had a connection coming in on TLS 1.3,

276
00:27:35,680 --> 00:27:40,560
you could do a sidecar conversation that opens a TLS 1.2 conversation to take a look at that

277
00:27:40,560 --> 00:27:46,160
information. Once again, this is also something that we could do in terms of, you know, utilizing

278
00:27:46,160 --> 00:27:50,240
some of those innovative features. And that was only like the top two, right, that I think about

279
00:27:50,240 --> 00:27:54,240
off the top of my head. There, even in our firewall roadshow, I think we had about what,

280
00:27:54,240 --> 00:27:58,320
four different use cases covering a myriad of other information too.

281
00:27:59,760 --> 00:28:03,040
You know, Rob, before I know you probably want to jump in as well, but

282
00:28:04,480 --> 00:28:11,680
the ability to analyze encrypted traffic without decrypting, I mean, I agree when I first heard

283
00:28:11,680 --> 00:28:16,640
that, it was kind of mind blowing because, you know, most of my tech career was on the BPN team,

284
00:28:16,640 --> 00:28:23,200
and that's all we did was encryption and privacy and the integrity of traffic. And with this

285
00:28:23,200 --> 00:28:30,720
technology now, we are able to have our policies still apply without actually compromising the

286
00:28:30,720 --> 00:28:34,880
privacy of the data. Because like you said, we're just looking at fingerprints of the encrypted

287
00:28:35,520 --> 00:28:42,640
headers basically. And it's just pretty amazing. Cisco being the only vendor in the world that can

288
00:28:42,640 --> 00:28:49,680
currently do that. It's incredible to me that, you know, 80% of the world's traffic, over 80%

289
00:28:49,680 --> 00:28:55,840
is encrypted. So we spend so much time fine tuning our policies. Like we want our users to be able

290
00:28:55,840 --> 00:29:01,680
to go here safely, but not to these other more dangerous sites. And the user can just skip all

291
00:29:01,680 --> 00:29:06,880
of that just by encrypting that traffic. And we can't enforce that policy anymore. So I really

292
00:29:06,880 --> 00:29:11,520
like the concept of being able to keep everyone's data private, but still being able to enforce our

293
00:29:11,520 --> 00:29:16,960
policies. Like you said, Kiana, looking at a data sheet saying, this is the firewall you want,

294
00:29:16,960 --> 00:29:20,640
but if you want to really enforce those policies, you know what? You can still do that at line rate

295
00:29:20,640 --> 00:29:27,040
speed by toggling a button. Pretty amazing. Time to be alive truly.

296
00:29:29,760 --> 00:29:36,160
So many, yeah, so many, so many features, so many things to do with the innovations that we started

297
00:29:36,160 --> 00:29:46,080
seeing a few years ago and get to see today. And I don't know if you guys heard there's a new

298
00:29:46,080 --> 00:29:51,280
improvement that is a chat bot. I don't know if you guys heard about this one. It's coming. It's

299
00:29:51,280 --> 00:29:59,200
pretty fresh out of the, out of the, the oven, but it's pretty cool. Actually one of the things that

300
00:29:59,200 --> 00:30:06,640
I want to do at the end of it, or maybe in a further webinar is just talk about that because

301
00:30:07,280 --> 00:30:12,080
it's interesting. It allows you to talk to the firewall, right? Just say, Hey,

302
00:30:12,080 --> 00:30:18,080
do I have any policies that are not being used? So pretty cool. And it responds right away,

303
00:30:18,080 --> 00:30:25,440
just like chat, dbt type of thing. Yeah. And Kiana mentioned, you know, applications and

304
00:30:25,440 --> 00:30:33,600
we now have SD-WAN light or light capabilities, right? So now with firepower, we can direct

305
00:30:33,600 --> 00:30:39,760
traffic based off of the application. So if we have multiple, uh, internet links, right, we can send

306
00:30:39,760 --> 00:30:47,360
WebEx traffic over the primary link or some other application off the backup link and we can monitor

307
00:30:47,360 --> 00:30:54,160
the link's health, right? So depending on the round trip time or packet loss, we can pick and

308
00:30:54,160 --> 00:30:59,440
choose which interfaces we want to send that traffic. So a lot of capabilities are being added

309
00:30:59,440 --> 00:31:05,760
into firepower, which is really exciting to see. And Rob, that ability for the SD-WAN light use

310
00:31:05,760 --> 00:31:10,480
cases, that's automated, I'm assuming, right? Yep. We can go in there and manually do anything,

311
00:31:10,480 --> 00:31:15,600
based on something like getter or latency delay. Right, right. So we'll constantly monitor the

312
00:31:15,600 --> 00:31:20,480
interface itself. If something changes, we can reroute the traffic a different path.

313
00:31:21,520 --> 00:31:28,320
That's awesome. That's very cool. The other thing I would just think top of mind is,

314
00:31:28,320 --> 00:31:32,080
you know, we just talked about a lot of software-based features, but then the

315
00:31:32,080 --> 00:31:39,040
hardware as well. Cisco's always coming out with, you know, leading hardware technology as well,

316
00:31:39,040 --> 00:31:44,400
like the new 4200 series. I know the 1150 has been out a while, but some pretty cost-effective

317
00:31:44,400 --> 00:31:52,880
solutions for the wide breadth of customer base that Cisco has. Yeah, yeah. And thank you for that.

318
00:31:52,880 --> 00:31:57,920
Actually, I want to mention something about the 3105, just, you know, with the issues that we had

319
00:31:57,920 --> 00:32:06,560
with logistics and, you know, making this hardware platform, this one, it will start just

320
00:32:07,600 --> 00:32:15,600
with that in mind. So with the shortage on supplies and this platform, 3105, and I think the new

321
00:32:15,600 --> 00:32:23,440
4200 is going to be around more effective supply chain. So we're going to see some improvements

322
00:32:23,440 --> 00:32:30,480
on that area. Now, I'd like to move to the next one. And yeah, this one, I think it touches a

323
00:32:30,480 --> 00:32:36,320
little bit on that nostalgia. I think I mentioned this three times today on the webinar series,

324
00:32:36,320 --> 00:32:45,360
but if anyone can just talk about a little bit of growing pains that we've had with firepower

325
00:32:45,360 --> 00:32:50,800
in its early years, anything that you can mention that, you know, we cannot really, I'm pretty sure

326
00:32:50,800 --> 00:32:56,000
we cannot relate with some of them, but I'd like to hear from the experts on the call, if you don't mind.

327
00:32:56,880 --> 00:33:03,360
Yeah, absolutely. You know, the Sourcefire acquisition brought significant expertise and

328
00:33:03,360 --> 00:33:11,280
technologies to Cisco, right? And integrating Sourcefire's advanced threat detection and

329
00:33:11,280 --> 00:33:19,440
technologies into our existing security products required complex re-engineering.

330
00:33:19,440 --> 00:33:26,480
Complex re-engineering, right? We were talking about taking two very different software architectures

331
00:33:27,680 --> 00:33:35,440
as well as like cultures and technologies and adding them, you know, each one had different

332
00:33:35,440 --> 00:33:43,760
roadmaps. And so deciding which features to implement first was challenging, right?

333
00:33:43,760 --> 00:33:51,120
So in order to resolve that, you know, Cisco not only spent a lot of money, but time and resources

334
00:33:51,120 --> 00:33:58,960
to address these issues. And we continue to invest in all of our security products,

335
00:33:58,960 --> 00:34:05,040
you know, refining and enhancing the integration of Sourcefire's technologies to

336
00:34:05,040 --> 00:34:12,720
expand our cybersecurity portfolio. And honestly, now we're starting to see those results, right?

337
00:34:12,720 --> 00:34:18,880
So not only with the number of features that Keanu mentioned, you know, the policy-based routing,

338
00:34:19,920 --> 00:34:27,120
clustering, multi-instance, we have that crypto accelerator chip now to alleviate a lot of the

339
00:34:27,920 --> 00:34:33,600
processing of encrypted traffic. But to me, more importantly, we're not just talking about

340
00:34:33,600 --> 00:34:41,920
the security, but to me, more importantly, stability, right? So when Firepower was first

341
00:34:41,920 --> 00:34:50,480
introduced, it could take quite a long time to deploy changes. And if your deployments ever did

342
00:34:50,480 --> 00:34:57,680
fail, it was very difficult, not only for our customers, but for ATT&CK to understand exactly

343
00:34:57,680 --> 00:35:09,200
why a deployment failed. And so, you know, troubleshooting is critical to Cisco as well.

344
00:35:09,200 --> 00:35:16,160
And so we've made it so much easier to not only understand why a deployment may have failed,

345
00:35:16,160 --> 00:35:22,160
for example, but reducing the time and effort to correct the problem.

346
00:35:22,160 --> 00:35:26,400
That's awesome. That's like some to hear. That's beautiful.

347
00:35:26,400 --> 00:35:31,680
Yeah. And, you know, I remember I lived those days right there with you, Rob and ATT&CK. And,

348
00:35:31,680 --> 00:35:38,640
you know, that was challenging when Firepower first came out. It obviously on the 7.x code,

349
00:35:38,640 --> 00:35:42,560
it's been like you mentioned, stability is huge for me too, you know, coming from ATT&CK. And

350
00:35:43,120 --> 00:35:47,200
it's been stable for many, many years. But, Andreas, I'd like that you brought up that question.

351
00:35:47,200 --> 00:35:54,640
I think it's important to consider the journey. And, you know, I tell my kids this as well. Like,

352
00:35:54,640 --> 00:35:59,840
if you're going to get to a successful position where you really want to be, you know, you're

353
00:35:59,840 --> 00:36:05,840
going to have challenges and you may stumble along those along the way. But to get to something

354
00:36:05,840 --> 00:36:12,400
really great like we have in FTD today, you know, it doesn't happen overnight. But I'm really

355
00:36:12,400 --> 00:36:17,840
personally proud of our firewalls and especially talking about some of the innovations that they

356
00:36:17,840 --> 00:36:26,400
have now, pretty remarkable stuff. Yeah, yeah, I agree. Actually, remember that what Rob just

357
00:36:26,400 --> 00:36:35,680
mentioned about the deployments, it used to take a long time. I think I had five cases with probably

358
00:36:35,680 --> 00:36:42,640
one of you two. I don't remember. We remember you, Andreas. Oh, not that guy again.

359
00:36:46,480 --> 00:36:49,760
You know, one thing, and this is probably a good opportunity to bring this up is

360
00:36:51,040 --> 00:36:58,960
that, you know, the reason it's stable to now is software based generally, you know, with some

361
00:36:58,960 --> 00:37:06,080
unification of hardware as well. But if you are running that older six code, that early six code,

362
00:37:06,080 --> 00:37:14,000
do reach out to us on the call or your more directly your Cisco account team. We help

363
00:37:14,000 --> 00:37:20,000
customers get onto stable code. And if you're listening on this call and you're like, hey,

364
00:37:20,000 --> 00:37:25,760
I'm one of those customers that's running that old six dot X version of FMC, need to consider

365
00:37:25,760 --> 00:37:31,600
getting to that seven dot X code for stability. All the innovations that we've talked about today,

366
00:37:31,600 --> 00:37:39,600
including Eve, as well as deployment times, you know, there's a packet processing, everything

367
00:37:39,600 --> 00:37:45,360
has improved just with a simple software upgrade. So just stuff to keep in mind there.

368
00:37:49,680 --> 00:37:55,520
Absolutely, absolutely. All right. Next to maybe just 30 seconds. How does the customer

369
00:37:55,520 --> 00:38:00,000
start using Firepower? I'm on this call. I like what I hear. How do I get started?

370
00:38:02,800 --> 00:38:07,920
The first thing I'd say is, you know, reach out to your account team, right? Because I mean,

371
00:38:08,720 --> 00:38:12,800
there's a few different ways you could go about it, right? One of the most common ways, right,

372
00:38:12,800 --> 00:38:17,440
especially from moving from ASA to Firepower Threat Defense, you could use a Firepower Migration

373
00:38:17,440 --> 00:38:22,640
tool to actually be able to facilitate with that, right? But there are also capabilities in place.

374
00:38:22,640 --> 00:38:28,320
If you wanted to move from a non Cisco firewall to a Cisco firewall, we actually have programs

375
00:38:28,320 --> 00:38:33,600
that would assist you in that migration there too, right? And then another thing to keep in mind is,

376
00:38:33,600 --> 00:38:38,560
you know, of course there are opportunities for us to perform demos and whatnot for you all,

377
00:38:38,560 --> 00:38:42,480
but you really won't get the best idea of how it works in your environment until you do it, right?

378
00:38:42,480 --> 00:38:48,720
So we also have capabilities to do 90 day Firepower virtual trials, right? On top of,

379
00:38:48,720 --> 00:38:53,760
you know, VMware, for example, and you'll be able to actually, you know, try it before you buy,

380
00:38:53,760 --> 00:38:58,160
right? And that's if you decided to buy. If not, right, you can use those comparisons and give us

381
00:38:58,160 --> 00:39:02,400
that feedback and we'll do what we can with that information. So, okay, that was probably more than

382
00:39:02,400 --> 00:39:07,360
30 seconds, but I think I hit on at least the high points of what you could do. One more thing,

383
00:39:08,160 --> 00:39:12,800
you could also, if you don't want to deploy Firepower Threat Defense in your own environment,

384
00:39:12,800 --> 00:39:17,440
you don't want to use those virtual resources, right? You can also come to us and we can build

385
00:39:17,440 --> 00:39:21,600
a sandbox lab for you to try these things out, right? And you can actually test out those

386
00:39:21,600 --> 00:39:25,520
features, break and fix as much as you want, or you can just break stuff and leave it for us to

387
00:39:25,520 --> 00:39:30,640
fix too, right? It's kind of the fun of the trial. So I think those are a few things that off the top

388
00:39:30,640 --> 00:39:34,480
of my head that we can do there. I hope I didn't miss anything. Did I, Rob?

389
00:39:34,480 --> 00:39:39,040
No, yeah. The only other thing I was going to add was if you just want to play around with

390
00:39:39,040 --> 00:39:43,280
an environment that's already set up, kind of like you alluded to, Kiana, it's a nice easy way to do

391
00:39:43,280 --> 00:39:49,440
that. Here's your username and password. Have fun. Let us know what you think. Well, we are coming

392
00:39:49,440 --> 00:39:55,360
up on time here. We're going to jump to quick to the lightning round. We'll just get a couple

393
00:39:55,360 --> 00:40:00,800
of these questions in here before we close this out. Let's have some fun with this. All right,

394
00:40:00,800 --> 00:40:09,040
Kiana, I'm going to go straight to you. Real quick answers if we can here. What is the most underrated

395
00:40:09,040 --> 00:40:14,640
feature in Firepower in your opinion? Oh, I already said it, Eve. I think Eve by far.

396
00:40:14,640 --> 00:40:24,240
Yeah. Encrypted analysis capabilities. Okay, I like that. Impact flags. What was that? Impact

397
00:40:24,240 --> 00:40:34,080
flags. Yes, yes. Good one. Wow, great call. All right, follow-up question for you, Kiana. If Cisco

398
00:40:34,080 --> 00:40:41,840
licensing, which we all know and love, was a food item, what gift would it be and would it come with

399
00:40:41,840 --> 00:40:47,200
extra complexity sauce? Oh, for sure. That would be the garnish for sure. That's like the icing on

400
00:40:47,200 --> 00:40:53,920
top. I've been watching a lot of cooking shows lately. I'd say like it's like a risotto because

401
00:40:53,920 --> 00:40:59,040
like when I first started making risotto, I thought it was easy and then there's so many sub layers

402
00:40:59,040 --> 00:41:04,000
to it, right? At first I was like, oh, it's TMC licensing. Very simple, very straightforward and

403
00:41:04,000 --> 00:41:08,800
it's so much more to it than that. So I'd say a risotto with a little complexity garnish.

404
00:41:10,160 --> 00:41:15,920
That was good. That was good. Now, Rob, I have a couple questions for you. First one,

405
00:41:16,800 --> 00:41:23,840
what is your preferred management method for Firepower? Cloud-deloaded FMC. For me,

406
00:41:23,840 --> 00:41:32,560
it's just easy. It works. It's simple to set up. And you don't have to maintain a VM. Absolutely.

407
00:41:32,560 --> 00:41:39,120
I agree with that one. All right, the next one. This one seems a little serious and important.

408
00:41:39,840 --> 00:41:46,400
Do Cisco firewalls ever engage in debates with routers about who is more critical to the network?

409
00:41:46,400 --> 00:41:56,240
Have you heard that? Do they engage in debates with routers? No. I mean, everyone knows that

410
00:41:56,240 --> 00:42:04,960
the firewall is more important. No, but the nice thing is we can deploy the snort engine in a

411
00:42:04,960 --> 00:42:09,280
virtual container on some of our routers. So now you have the best of both worlds.

412
00:42:09,280 --> 00:42:18,080
Oh, wow. Yeah. Very nice. All right. Good. Well, we could keep these Cisco-themed dab jokes going

413
00:42:18,080 --> 00:42:25,840
all day. But, Andres, why don't we wrap this one up with a quick summary? I'll start it off just to

414
00:42:25,840 --> 00:42:30,480
add my personal takeaways. Rob, we started off with you kind of going through that evolution.

415
00:42:30,480 --> 00:42:34,800
We went way back in the day. I still can't remember what it's called anymore, what the acronym stands

416
00:42:34,800 --> 00:42:40,080
for, but PICS. We went into the ASA, we had the transformation into Firepower, and today we're

417
00:42:40,080 --> 00:42:46,640
at the stable FTD software. I thought it was important, Andres, that you brought up the journey

418
00:42:46,640 --> 00:42:50,240
to get there, some of the pain points that Cisco went through to get to where we are now.

419
00:42:50,880 --> 00:42:57,200
And Kiana, you talked about some of those features of FTD. We talked about the T, the M, the C,

420
00:42:57,200 --> 00:43:02,080
the threat, the malware, the content filtering that are all built in that we don't have to update.

421
00:43:02,080 --> 00:43:08,320
We get those feeds from Talos in real time for threat information. One of my favorites was that

422
00:43:08,320 --> 00:43:14,480
Active Directory integration, as well as a Veo location, and I could keep going. Andres, what

423
00:43:14,480 --> 00:43:20,560
about you, some of the key takeaways? Yeah, actually, one of the things that really resonated

424
00:43:20,560 --> 00:43:28,880
with me, and I hope it resonates with our audience, is the flexible deployment options for FMC,

425
00:43:28,880 --> 00:43:35,760
all FMC, just multiple ways of managing your Firepower. I guess we didn't touch too much on

426
00:43:35,760 --> 00:43:41,520
the migration from ASA, but that is another great thing that we think it's going to be,

427
00:43:41,520 --> 00:43:47,360
it's going to help a lot of our customers. The integrations makes a lot of sense. This is a

428
00:43:47,360 --> 00:43:56,320
key differentiator between what we do, what other companies are doing, and this is huge. And I guess

429
00:43:56,320 --> 00:44:03,120
the ability that we have internally to help our customers do those migrations, I guess there's

430
00:44:03,120 --> 00:44:10,240
a few things that we can do, engage a team, it's called the Firestarted team, and basically we can

431
00:44:10,240 --> 00:44:17,600
help with those migrations. Last thing, which I think is super cool, is the ability to get started

432
00:44:17,600 --> 00:44:23,440
running and playing with Firepower. You can do it, download the image, if you don't want to,

433
00:44:23,440 --> 00:44:28,960
download the image and you have access to a cloud environment, let's say Azure, AWS, you can just

434
00:44:28,960 --> 00:44:35,520
spin up an FMC, an FTD, and then start playing with it with full capabilities for 90 days, I

435
00:44:35,520 --> 00:44:44,720
believe. So those are the highlights from this session today from my end, and just super happy

436
00:44:44,720 --> 00:44:51,360
to be here, and let's do this again next month. Great, yeah. A lot of the things that we've done

437
00:44:51,360 --> 00:44:58,000
today, we've done a lot of things, but we're going to keep it up to date. Great, yeah. On that note,

438
00:44:58,000 --> 00:45:04,480
Andres, thanks for being an amazing co-host and a huge thanks to Rob and Kiana for making today's

439
00:45:04,480 --> 00:45:10,320
session possible. I really appreciate all you do in the security industry. I know there's a lot of

440
00:45:10,320 --> 00:45:18,080
stuff outside of this call that you certainly help out with. Our next call is going to be on Cisco XDR,

441
00:45:18,080 --> 00:45:23,040
keep it at noon so people can just listen in even over their lunch break, whatever's best for them.

442
00:45:23,040 --> 00:45:27,520
You definitely don't want to miss this one. We're going to talk about what XDR is, what it does,

443
00:45:27,520 --> 00:45:34,000
and how it can make you look like a complete security hero. I really hope you guys have enjoyed

444
00:45:34,000 --> 00:45:38,720
this kickoff session to the series as much as I have. We'll see you on the next one. If you get

445
00:45:38,720 --> 00:45:45,200
a survey, we'd love to hear your feedback. Have a terrific day, everyone, and we'll see you soon.

446
00:45:45,200 --> 00:45:52,560
Thank you. Thanks, everyone. Have a good day. You too.