1
00:00:00,000 --> 00:00:12,800
Well, welcome everybody. Today is March 19th. Welcome to the latest episode of Security in 45. Today we're covering one of Cisco's newest technologies on the market, Cisco Secure Access.

2
00:00:13,200 --> 00:00:25,280
We're joined by two esteemed Cisco engineers, both with excellent but different beards. I'm very excited about that. David Keller and Justin Murphy.

3
00:00:25,280 --> 00:00:29,280
We'll send you the Venmo for the introduction later.

4
00:00:29,280 --> 00:00:32,280
Don't forget. Yeah.

5
00:00:32,280 --> 00:00:44,280
Yeah, Mike, this is great. So yeah, again, secure access game changing solution. We've seen a lot of customers, you know, it's part of a lot of our conversations.

6
00:00:44,280 --> 00:01:01,280
Very flexible to be used in terms of use cases and things that we can do with secure access. So, you know, super excited to have David and Justin part of the episode today.

7
00:01:01,280 --> 00:01:16,280
And again, we're going to tag into what we had last time, which was Cisco Talos. This one is also another product that we can that can talk Talos in, you know, can get the intelligence from Cisco Talos.

8
00:01:16,280 --> 00:01:28,280
So it's going to be really, really good. So now, David and Justin, if you don't mind, let's get a quick introduction. I will start with you, David. And then we go with Justin.

9
00:01:28,280 --> 00:01:45,280
Sounds good. So I'm David. I'm a Solutions Engineer here at Cisco. I've been with Cisco for roughly six, six years, depending on when you start counting based out of RTP. RTP in North Carolina has a lot of, you know, opportunities for outdoor things.

10
00:01:45,280 --> 00:01:58,280
So in addition to tech and just really liking to learn and tinker with things in my lab environments, I really like doing things outdoors, you know, hiking, paddle boarding, all kinds of stuff.

11
00:01:58,280 --> 00:02:09,280
And with that, I'll pass to Justin. Sure. Thanks, David. So I'm Justin Murphy. I'm a Tech Marketing Engineer for Cisco. I've been here for around eight years.

12
00:02:09,280 --> 00:02:28,280
Before that, I was a customer engineer, we're sought for a large bank and things like that. I am based out of RTP as well. I also like to learn things, everything from the latest technologies to how to floss so I can teach my son and play around with him.

13
00:02:28,280 --> 00:02:41,280
And then I also like to travel. I've been fortunate enough to be able to go around the world to like Australia and New Zealand and things like that and take part in sort of adventure sports there as well. So it's been a lot of fun.

14
00:02:41,280 --> 00:02:55,280
And that I'll pass that. So you guys not only are supposedly smart, but you're also well rounded. I mean, flossing that's pretty awesome. And David, I can picture you out there on the lake with that paddle board. Excellent.

15
00:02:55,280 --> 00:03:06,280
I'm just not flossing while I'm doing it. So, neither the dance move nor the hygiene. Flossing on the paddle board.

16
00:03:06,280 --> 00:03:10,280
You'll see me on Instagram.

17
00:03:10,280 --> 00:03:25,280
So, alright, so today we're talking about secure access but I think it'd be good for the audience to talk about some of the higher level kind of acronyms and the building blocks.

18
00:03:25,280 --> 00:03:45,280
I'm going to try not to confuse myself as I even ask this question. But if you could kind of clarify these acronyms that we hear all the time, SSC s a se or sassy CASB and s a s where the SS are both capitalized and the, you know, the A's are usually the lower case

19
00:03:45,280 --> 00:03:59,280
and the S a s. Maybe an example would be really helpful. And David, I'll kick this one over to you. Sure. Sure. So I'll kind of tell us is like an evolution almost. I know this is kind of up for debate and it really depends on where you're looking.

20
00:03:59,280 --> 00:04:10,280
And I don't really know if the evolution itself matters quite so much as it is the principles behind it and the actual architecture looking to solve for.

21
00:04:10,280 --> 00:04:24,280
I think we can all kind of remember a before time where all applications were on premise and behind centralized, you know security solutions whether that was a DLP solution or your firewall wafts what have you.

22
00:04:24,280 --> 00:04:42,280
So there's shifts, you know, either from users going remote or just issues with power cooling, any kind of reasons where there might be a either optics or capex positive to move to a cloud hosted offering and that's where the first acronym comes in of

23
00:04:42,280 --> 00:05:03,280
sass or software as a service and then it's based that's really just software that you're paying to access and utilize but you're not having to manage the underlying infrastructure, whether that's the platform itself the infrastructure itself or anything else, rather than having in your own data center on a server or, you know, hybrid cloud or in public cloud.

24
00:05:03,280 --> 00:05:12,280
And as they shifted, right organizations in general shifted applications to the cloud and leveraging sass.

25
00:05:12,280 --> 00:05:20,280
You lost some of the visibility you gained from your centralized security services. And that's where the second thing comes in of the content access security broker.

26
00:05:20,280 --> 00:05:39,280
So the Cosby's were solutions and these are all terms, Krone by Garner were solutions geared toward providing that visibility and control for applications that you no longer had on premise, either, you know in line as a, you know, as a solution or out of band via

27
00:05:39,280 --> 00:05:54,280
API or a different kind of method of plugging in.

28
00:05:54,280 --> 00:06:08,280
There were of course some challenges and limitations that led to the next evolution which, and again this is up for debate but I'll say it was secure access services edge or sassy sassy took has been controls and added additional focus on the networking aspect.

29
00:06:08,280 --> 00:06:24,280
And also additional security controls so now you've had things like secure Web Gateway or Web proxy. You had the casby controls, but you also had networking in terms of like SD when or wide area network architectures.

30
00:06:24,280 --> 00:06:45,280
The challenge with that is now you've got a solution that is both the software defined network for for your when, as well as the security services. And that's where the final term that I'll go over is the security services edge or as a CEO architecture comes in, which is the disaggregated

31
00:06:45,280 --> 00:07:10,280
or can be thought of as a disaggregated security services from sassy just separate. So now you can use it regardless of any other underlying network infrastructure and sassy of course is bringing similar Casper controls, similar Web proxy, you know, data loss prevention, all kinds of stuff that will, of course, talk about during this call.

32
00:07:10,280 --> 00:07:26,280
Did that answer your question, Mike. Definitely did. Thank you. And I think you explained that pretty well. And I think it's good to understand because, you know, the product we're talking about today is using these components at some level.

33
00:07:26,280 --> 00:07:37,280
Justin anything you'd want to add to that. Yeah, so sassy and SSC do look very similar but they they solve different needs there for different teams right.

34
00:07:37,280 --> 00:08:01,280
So when you're looking at a sassy solution and everything sort of being together under one roof under one management system, you're you're looking at smaller teams smaller organizations where you're going to have a single solution for your network and your your security stack together and the teams are going to work hand in hand and may even be all the same people want working your network and your security group.

35
00:08:01,280 --> 00:08:28,280
Whereas sassy would be larger organizations that you have a mixed environment, maybe you need to maybe you have a separation of networking and security practices and things like that. That's where you would bring in the sassy and that's where you would have the the very similar stack, but it would it would be a little more flexible to fit into any environment and integrate with your existing network infrastructure.

36
00:08:28,280 --> 00:08:37,280
Last point I have on this topic is how long is your guys's Excel spreadsheet to like map all these acronyms to all their meanings.

37
00:08:37,280 --> 00:08:40,280
Under a page.

38
00:08:40,280 --> 00:08:47,280
I don't think Excel's big enough to handle that. I've got a separate database I've spun off to just install my records.

39
00:08:47,280 --> 00:08:54,280
Yeah, I can get crazy with all the acronyms and everything so yeah I know.

40
00:08:54,280 --> 00:09:02,280
All right guys so I do have a new question this one's for you Justin.

41
00:09:02,280 --> 00:09:17,280
What are what are the, the primary components for secure access we heard you know some of those acronyms, but we want to know what are the components of, you know, a solution like secure access, you don't mind going over.

42
00:09:17,280 --> 00:09:24,280
Sure. Yeah, so I'm gonna have to throw some more acronyms at you, but we'll make it through it I think.

43
00:09:24,280 --> 00:09:35,280
So when we when we design secure access we really want to make it simple and we broke it down into really three parts. We, we really wanted to talk about users access to application.

44
00:09:35,280 --> 00:09:50,280
So we broke it down into who, which are the users. The what which is applications whether it's private cloud public cloud data center wherever they are. And then the what, which is the security in between which is the actual meat of secure access.

45
00:09:50,280 --> 00:10:07,280
So in order to get those three things together to get that traffic through secure access, we need a couple components right we need the CSC or the Cisco secure client, and that has modules to acquire traffic from the users, whether it's CTA VPN roaming all these

46
00:10:07,280 --> 00:10:24,280
types of different data acquisition methods are all in one simple unified client to get that traffic to secure access to acquire security stack. And then on the other side to get to the applications we've got some standard protocols things like IP sec tunnels

47
00:10:24,280 --> 00:10:42,280
like site VPN, as well as resource connectors which we can dive into a little bit later, which will give you that ability or that transport to get to those applications. And so, once we have that traffic into your access then that's where we can apply firewall

48
00:10:42,280 --> 00:10:59,280
controls, IPS rules that holds security gateway or SIG stack that we have there with the proxy and all the different controls, as well as posture and and authentication, those types of things so.

49
00:10:59,280 --> 00:11:07,280
So it's really just all in comes in way of getting users to application securely.

50
00:11:07,280 --> 00:11:16,280
That's actually really good info. Yeah, really good that we see you know all the components everything that we can do with it and.

51
00:11:16,280 --> 00:11:25,280
And it's just you know, a lot of impact for for users going hybrid going on site and things like that so that's awesome.

52
00:11:25,280 --> 00:11:44,280
I guess at a high level then you're taking all these users that you mentioned like they may or may not have a client on them and then we've got these locations. And it sounds like connect all of all the other, all the humans and all the devices together.

53
00:11:44,280 --> 00:12:01,280
And then while we're where we are all connected that's we're going to apply that security stack as well. Right. So the motto is to connect from anywhere to anywhere. Right. And we're highly distributed within the cloud so to make that a pleasant experience for the

54
00:12:01,280 --> 00:12:15,280
users as well as to make those applications available. And when we do break those two things down we usually break them down into SBA which is secure private access for your applications that you're hosting and secure internet access and that's where you're going through that

55
00:12:15,280 --> 00:12:31,280
additional security controls are going out to the internet. Interesting. So as opposed and I won't dive too deep into it right now but I heard you mentioned like umbrella SIG for example so we're using components of that to do the security in the cloud.

56
00:12:31,280 --> 00:12:51,280
And then access is a collection of a very integrated security controls that we've already have so a lot like our secure client. It's technologies that we've been developing for years that that we've brought together and simplified with our unified policy and other

57
00:12:51,280 --> 00:13:01,280
things that we can dive into to be able to protect those applications and get those users connected. Excellent. Excellent.

58
00:13:01,280 --> 00:13:18,280
David, what about okay so I'm a user, and my company is now using secure access from a user experience, what are the pain points and some of the problems that secure access solves for me as the user.

59
00:13:18,280 --> 00:13:31,280
Yeah, so, and this is just another way of looking at, you know, the components of secure access where secure access is geared toward, you know, three high level use cases.

60
00:13:31,280 --> 00:13:33,280
The first is going to be security advocacy.

61
00:13:33,280 --> 00:13:50,280
No matter how pretty a dashboard is if it's not actually providing any kind of actual purpose and security. It's not worth anything, you know, it might as well be Facebook or something as like a GUI for you to manage, which is where, as I mentioned earlier

62
00:13:50,280 --> 00:13:53,280
we were leveraging talents for that threat intelligence.

63
00:13:53,280 --> 00:14:03,280
The second part is the admin experience, and I think we might be covering that in a later question so I'll leave that on the table for now.

64
00:14:03,280 --> 00:14:12,280
And then the third of course is the actual user experience that you're, you know, wanting to know more about from a user experience perspective we're geared toward two primary directions.

65
00:14:12,280 --> 00:14:19,280
One is reducing friction, especially when accessing private resources.

66
00:14:19,280 --> 00:14:31,280
We're looking to secure access to both private and public, you know, anything on the internet you're still going to have visibility control through both the DNS and secure web gateway controls.

67
00:14:31,280 --> 00:14:36,280
And along with that the security, you know features and components that they provide.

68
00:14:36,280 --> 00:14:44,280
We're also looking to reduce the friction to private resources. And so that would be you know an application or a service or server that you're hosting on premise.

69
00:14:44,280 --> 00:14:56,280
For those users there's really three ways that they can connect to those applications. The first is remote access VPN as a service and that's going to work the same way as it does today if you have, you know, Cisco heading you're using any connect.

70
00:14:56,280 --> 00:15:07,280
Like Justin mentioned we're leveraging secure client. And all that is, is version five with a rebranding of any connect. So there's really no change for it is just a change of name.

71
00:15:07,280 --> 00:15:24,280
And the brand change is just due to, you know, Cisco leveraging the secure client as the mode of deployment management for all the other security modules, which includes any connect as a VPN module, but there's also the umbrella module we're taking for from

72
00:15:24,280 --> 00:15:35,280
umbrella we've got 1000 eyes module we have modules for ice endpoint, all kinds of stuff there's like 10 something modules already all under that one client.

73
00:15:35,280 --> 00:15:43,280
So we don't have VPN as a service today. And I think that will go into the operational component that we talked about a little bit.

74
00:15:43,280 --> 00:15:51,280
The second bit is related to the zero trust access that we're adding, both of which are geared toward reducing friction.

75
00:15:51,280 --> 00:16:08,280
So, is client based. So that's using a module under secure client that will enable the user to authenticate, you know, for a period that you specify, and then the user can access that internal application or resource, how they would have been on prem, without having

76
00:16:08,280 --> 00:16:10,280
to connect to a VPN headed.

77
00:16:10,280 --> 00:16:15,280
And they're still getting, you know, posture controls and security applied to that. But for the end user.

78
00:16:15,280 --> 00:16:27,280
So the first is if they were on network, right, they don't have to go, you know, and, you know, reconnect to the VPN or decide like, do I need to be a VPN for this or can I can just connect to it like you take all the guessing out.

79
00:16:27,280 --> 00:16:40,280
And then the second is browser based. And so it doesn't rely on having a client. And that can be used for either, you know, your regular users or if you had, you know, contractors or, or someone you wanted to give access to for a specific web app, we can proxy that

80
00:16:40,280 --> 00:16:55,280
to the network. And so you would just give them a URL that they would use to resolve that application. And it either is either of those situations, either client based or browser based, you're only allowing access to the applications, you're not allowing access to the

81
00:16:55,280 --> 00:17:01,280
best of the network like you do with remote access VPN, preventing that lateral movement, but we'll talk about that more later.

82
00:17:01,280 --> 00:17:06,280
The second bit would be related to the actual end user experience.

83
00:17:06,280 --> 00:17:21,280
We've, you know, like Justin was alluded to Cisco has a lot of things that we require we built, you know, there's 30 something things in the security stack alone, and there's hundreds of things I think in our actual overall portfolio, and very unique to Cisco,

84
00:17:21,280 --> 00:17:25,280
we've pulled the best from each thing.

85
00:17:25,280 --> 00:17:45,280
And if there were microservices to build secure access as a SaaS offering. And so we've taken from Dallas and eyes and added a end user agent for end user, you know, experience visibility so we can see, you know, things about like the actual like network

86
00:17:45,280 --> 00:18:00,280
connection or the connectivity to, you know, SaaS or to secure access. And with that visibility, you know, and this might also go into the operational side is there's a lot of overlap between these things that could be really argued, any of them could flop over.

87
00:18:00,280 --> 00:18:08,280
But now the IT team can assist with visibility for users that aren't on premise.

88
00:18:08,280 --> 00:18:20,280
So, you know, we've done a lot of things to the wireless controller to see what the, you know, the connectivity to AP looks like or, you know, have them run telnet and ping and do all these crazy things to try to get visibility now you're getting that from that agent.

89
00:18:20,280 --> 00:18:26,280
So now you can make decisions and assist, regardless where the user is located.

90
00:18:26,280 --> 00:18:55,280
So, those are the two primary things that would contribute to the user experience but really the idea is to make it so that the user doesn't have to think about how they're connecting. Right. So, all of these modules play together to where even the admin doesn't have to doesn't have to configure the VPN to ignore ZTA traffic and ZTA does get a higher level so that it is able to sort of match and and provide that transport for traffic.

91
00:18:55,280 --> 00:19:08,280
If it's if it is enabled. So we really go for, hey, can we can we go the most secure way? Can we use ZTA? Can we if not, hey, is VPN connected? Let's go VPN. If not, hey, we're going to the internet. Maybe we're the wrong module.

92
00:19:08,280 --> 00:19:24,280
Maybe we're going over VPN to go to that. So, so it really is to make it transparent for that user and it gives you some availability and benefits on the management side as well.

93
00:19:24,280 --> 00:19:29,280
Where we're talking about, David mentioned VPN as a service.

94
00:19:29,280 --> 00:19:36,280
Where, hey, I've got a stack of ASA's or FTD and I'm trying to manage my VPN.

95
00:19:36,280 --> 00:19:50,280
That way, now I've got to replace that hardware to keep it up to date, I have to size it correctly. If we have a mass exodus of folks or need some need to provide additional

96
00:19:50,280 --> 00:19:54,280
additional bandwidth for folks to connect in and get to these applications.

97
00:19:54,280 --> 00:20:05,280
We've got either plan for that or we're going to have a bad day when the folks try to connect in at 8 o'clock in the morning and and all of our VPN head ends completely saturate and turn over.

98
00:20:05,280 --> 00:20:18,280
So with VPN as a service and secure access, we can because we're in the cloud, we can elastically expand that out. You don't have to plan for that. We have that capability within your subscription to just, hey, we're going to expand out.

99
00:20:18,280 --> 00:20:24,280
We're going to provide that connectivity for those users. There's no performance it and you can keep going.

100
00:20:24,280 --> 00:20:36,280
Beyond that, we are playing further into the security stack. Like being able to provide proxy and malware analysis from internet traffic and things like that in IPS.

101
00:20:36,280 --> 00:20:48,280
Where, hey, you can offload that decryption all again, a lot of sizing and management of boxes into the cloud, particularly for remote access, but even branch to branch communication and branch out to the internet.

102
00:20:48,280 --> 00:21:01,280
Communication so that that can help with especially smaller branches where you may not want to invest in the infrastructure to have the same, the same security, but you want the same security control, right? You don't want to bring it back to your data center.

103
00:21:01,280 --> 00:21:10,280
Send it to us. We can process that traffic. We can route it wherever it needs to go, the public or private apps and provide those security controls seamlessly.

104
00:21:10,280 --> 00:21:30,280
And it's a single place of configuration. So you don't have to worry about, hey, did I go out to branch to this branch and make sure that the firewall had the same rules as this other branch? Even if I have centralized management, you don't have to worry about pushing that out and verifying those configurations because it's all in one place and distributed across our cloud presence.

105
00:21:30,280 --> 00:21:45,280
I'd say we as engineers, it probably was a tendency to go deep in the weeds as you could tell from my previous monologue. And I apologize to anyone that's heard this analogy before because this has been said internally quite a lot.

106
00:21:45,280 --> 00:21:56,280
But from an end user experience, I would consider it the same way as plumbing inside your house might work. Right? You need water to go out of your sink, shower, whatever. You just need access to the water.

107
00:21:56,280 --> 00:22:05,280
You don't care what the pipe is. The same way for this. The end user just needs access to the application, whether that's on the Internet or internal, they don't care.

108
00:22:05,280 --> 00:22:19,280
But you as the management need to be able to provide that securely. And so we've provided a handful of ways, three of which are practically transparent to the end user in order to access those resources.

109
00:22:19,280 --> 00:22:26,280
And so they don't have to worry about how do I need to connect to something? They just connect to it.

110
00:22:26,280 --> 00:22:38,280
Like that analogy a lot, actually. Yeah. So from the user perspective, it's completely invisible after I turn on that water or after I start trying to get to my application. I don't need to worry about that.

111
00:22:38,280 --> 00:22:53,280
I'm just connecting and getting to work. But then, Justin, your point on the management admin side, we've got all these controls that we can put in place and we've got the full power of the security and the connectivity at our fingertips, which we don't have to concern the user with.

112
00:22:53,280 --> 00:22:56,280
Very cool. Exactly.

113
00:22:56,280 --> 00:23:14,280
And the other thing that I think was really cool was just, you know, understanding all the pain points that all the users feel right now when the company starts applying security and this is just a way to get away from that friction, from that bad user experience.

114
00:23:14,280 --> 00:23:18,280
So that's awesome.

115
00:23:18,280 --> 00:23:36,280
I think some of this like for the Justin, you mentioned like the SSL decryption as well. So all of this security being done in the cloud. That's really nice for my on prem firewall, not having to get bogged down with some of these CPU intensive, you know, classic don't turn on SSL decryption.

116
00:23:36,280 --> 00:23:46,280
It could break things or slow down my firewall. So we're moving so much into the cloud by consolidating, like you said, a lot of different features from a lot of different products into this one solution.

117
00:23:46,280 --> 00:23:57,280
Correct. And we're not only sort of offloading that into the cloud, but we're also distributing it to wherever your users are right so you don't have to worry about bringing everything back to a central location.

118
00:23:57,280 --> 00:24:14,280
It's not like we're bringing it back to a central location. It's, it's across all of our data centers and the cloud. So, so we're able to provide that better experience closer to the user as well as offload that need for that high, high compute and handle those spikes.

119
00:24:14,280 --> 00:24:31,280
And then just the day to day traffic as well without having to invest additional dollars to build those boxes bigger for them like one time a year when everybody's using it like retail Black Friday, you're trying to size for Black Friday versus every other day,

120
00:24:31,280 --> 00:24:43,280
you're looking at three, four times 10 times the amount of traffic and compute that you need to like are you really going to buy that and spend that money all year long, just for one day, or what we saw with the pandemic just,

121
00:24:43,280 --> 00:24:54,280
if you have something like this solution for the pandemic, I mean talk about the ultimate flexibility and scaling. Everybody goes home to work. This solution just scales with them company holidays things like that.

122
00:24:54,280 --> 00:25:13,280
Absolutely, absolutely. When, when in 2020 I was still in sales and we got a lot of calls about folks who had firewalls and everything else that were that were needing to upgrade and add to the stack and having all of these problems and down because they were not able to handle the new traffic flows.

123
00:25:13,280 --> 00:25:27,280
And it might be worth considering right this isn't just a, here's what going to do for your existing environment, right and augment that it's also like what you're wanting to do in the future, you know if you currently a branch sites that are tunneling all traffic back to, you know,

124
00:25:27,280 --> 00:25:43,280
hub location, and that's your centralized security point you're wanting to instead, you know, move away from that and have direct internet access from branch locations. This is a way to add those security services with a centralized, you know policy stack, you know a unified

125
00:25:43,280 --> 00:25:58,280
policy single, you know, cloud manager offering without having either enable security services on devices that weren't previously sized for that, or put a second device at that location that you didn't have to find a way to manage.

126
00:25:58,280 --> 00:26:11,280
So, wait for that to come up. Yeah, because I know we talked about the unified policy of the solution and what one policy to kind of extend wherever you connect in from to maybe multiple locations.

127
00:26:11,280 --> 00:26:28,280
Right, and it applies to all of the different data acquisition methods, the same right so if I'm just in on ZTA or I'm just an on VPN, then I can be identified and use the exact same rule maybe there's additional posture when I'm connecting the ZTA, but, but all of that's part of the

128
00:26:28,280 --> 00:26:43,280
same policy so all of those components come in and I don't have to rewrite that on different boxes or have a different policy section even in the same dashboard it's all in, in one place for those users and David I like your.

129
00:26:43,280 --> 00:27:00,280
Hey, this is a good way to sort of think about how you're going to manage your traffic in your security in the future, because that's one reason that we're offering VPN as a service within our, our SEC because not all SEC's provide that capability.

130
00:27:00,280 --> 00:27:14,280
And what it does is it gives it meets you where you are in your current security journey like hey I'm very heavily relying on VPN these all these applications I'm not sure if they're going to work over ZTA, or maybe the experience isn't as good over ZTA for whatever reason

131
00:27:14,280 --> 00:27:29,280
maybe there's a server to client communication that has to happen or something like that. Well, hey, you can move over your VPN as a service distributed in the cloud take advantage of that infrastructure, and then move all of your applications

132
00:27:29,280 --> 00:27:47,280
to ZTA as it makes sense maybe the, maybe start with the crown jewels and the highest touch type stuff so that you can force that reoff or provide that per app posture and get that additional visibility into it, and then, and not allow as much access to those

133
00:27:47,280 --> 00:28:00,280
to those more secure networks. And, and so it provides you with a soft way to kind of move into the cloud, get into an SEC type solution.

134
00:28:00,280 --> 00:28:18,280
Excellent. That's good and and we've been touching in a few in a few different topics a few different points of view, you know management user experience, but I want to I want to ask you David, if, if you want to just go a little bit more specific into what are the

135
00:28:18,280 --> 00:28:33,280
components of secure access, you know just from all the things that we mentioned, let's, let's see if we can put all this together so our audience can can make sense of what are the components, you don't mind.

136
00:28:33,280 --> 00:28:43,280
Yeah, for sure, for sure. And this will kind of tie into some what we've already talked about as well and I mean to be honest we could probably take an hour by itself just to talk about the actual components to it.

137
00:28:43,280 --> 00:28:48,280
I mean it feel a lot more like a list than it will an overview.

138
00:28:48,280 --> 00:28:56,280
But we of course have the core SEC components and secure access because it is a security services that solution so things like the web gateway.

139
00:28:56,280 --> 00:29:07,280
The cosmic controls the data loss prevention which, in our case it's multimode both in band or real time with the web proxy as well as out of band using API for a few different sanction SaaS applications.

140
00:29:07,280 --> 00:29:13,280
And then Azure Trust Network access which we talked about being client based and browser based.

141
00:29:13,280 --> 00:29:25,280
And we also have the firewalls of service, which is our centralized firewall stack, including decryption for that for layer three layer four and layer seven controls, and in line with that we have ideas and IPS leveraging support three seems

142
00:29:25,280 --> 00:29:29,280
what we use with Meraki MX and with firepower.

143
00:29:29,280 --> 00:29:41,280
And it will be, you know, more similar to what you have with Meraki MX where you have, you know, pools of signatures created by Talos but you know, like you probably talked about in your last session with Talos.

144
00:29:41,280 --> 00:29:46,280
I'm able to go back and watch it although it's on my next list.

145
00:29:46,280 --> 00:29:58,280
They're doing a lot of stuff for threat intelligence because they're the ones evaluating all the different things that we're getting from our security stack in addition to, you know what they're doing as you know innocent response or threat research.

146
00:29:58,280 --> 00:30:04,280
So, they are writing signatures that we can then leverage with that.

147
00:30:04,280 --> 00:30:17,280
Because we're Cisco, because we're able to pull from the best of everything we're also, you know, able to offer DNA security pulling from what we had with umbrella we've rebuilt that insecure access to offer it as another enforcement point.

148
00:30:17,280 --> 00:30:29,280
We have the advanced mount protection, using our, you know, amp cloud that we leverage with, you know file analysis with the web proxy because we're able to, you know fully decrypt traffic including to loss one.3.

149
00:30:29,280 --> 00:30:43,280
And because we're able to fully decrypt that traffic we don't get greater visibility with, you know, granular app controls for, you know, applications that you might need to allow access to that you don't want everyone to have full access with, you know, file analysis of course, in line with the

150
00:30:43,280 --> 00:30:51,280
web proxy. So we have the, you know, secure analytics for additional sandboxing for files of unknown disposition.

151
00:30:51,280 --> 00:30:55,280
You know file type controls, other CASB controls.

152
00:30:55,280 --> 00:31:12,280
The VPN is a service, the digital experience monitor we already talked about. And then finally, we have the remote browser isolation, also in line with the web proxy, which would be a containerized browsing session for the end user so that nothing within that browser is being

153
00:31:12,280 --> 00:31:23,280
executed within the end user's actual endpoint, it's all being executed within the browser. And then that final product is being presented to the end user using a combination of draw operations and DOM mirror.

154
00:31:23,280 --> 00:31:28,280
So we're not using pixel streaming which can cause some performance issues.

155
00:31:28,280 --> 00:31:35,280
But there's, there's a lot of stuff, kind of what you would need to use or how you would leverage it would really depend on, you know what you're looking to do.

156
00:31:35,280 --> 00:31:39,280
But it's definitely more than just kind of the core SSE components.

157
00:31:39,280 --> 00:31:43,280
So that's a really cool summary of all the components.

158
00:31:43,280 --> 00:31:46,280
It is all invisible to the user.

159
00:31:46,280 --> 00:31:49,280
Yeah, all invisible to the user. That's amazing.

160
00:31:49,280 --> 00:31:59,280
Well, and it's also part of one subscription as well right so you're not buying all these individual components and bringing them together and trying to integrate each piece yourself.

161
00:31:59,280 --> 00:32:16,280
All of these are part of the secure access solution in one management plane in one dashboard so that you can see, so that you can configure them and have that visibility and control without having to say oh I need to go out and get this and this and this and integrate

162
00:32:16,280 --> 00:32:20,280
and build a stack, it's there for you.

163
00:32:20,280 --> 00:32:33,280
It's all one it's policy as well, and you can have it be based off of, you know, I don't want Justin to go to Facebook, and I want to offer a warn page for David if he tries to go to Facebook.

164
00:32:33,280 --> 00:32:41,280
And it'll be able to do that based on user identity you can integrate with an IDP or upload identities to have policy applied for that.

165
00:32:41,280 --> 00:32:47,280
And that's for both, you know, DLP web proxy depending on how we see the traffic we can apply all kinds of stuff.

166
00:32:47,280 --> 00:32:54,280
But it's all through that one policy. And then of course, you know you, it's all in the same reporting as well and it's all one dashboard.

167
00:32:54,280 --> 00:33:07,280
So you can see within reporting kind of what users are doing and where they're going and, you know, applications are leveraging for shadow IT and all kinds of fun stuff without having to go to, you know, different management places.

168
00:33:07,280 --> 00:33:10,280
Sorry, Justin I got excited there. Were you gonna add more.

169
00:33:10,280 --> 00:33:18,280
Yeah, that's good. I like it. All right, big nerd energy on this call, you know, it's, it's a little too much.

170
00:33:18,280 --> 00:33:32,280
I know we just and you talked about consolidating a lot of this products into this one solution I'm thinking like Cisco umbrella for example which, which is only going to connect to cloud based resources but this solutions to your access.

171
00:33:32,280 --> 00:33:49,280
And you mentioned I can talk to those private resources as well. Maybe just two minutes or less Justin. What is the, the actual mechanism by which we are connecting all these users some of them are remote maybe I'm at Starbucks and then some of them are behind these

172
00:33:49,280 --> 00:33:52,280
firewalls these SD when locations.

173
00:33:52,280 --> 00:33:56,280
How do we actually connect them in together.

174
00:33:56,280 --> 00:34:03,280
So there's a few different connection methods we can use I noticed you gave me a time limit so I must be talking too much.

175
00:34:03,280 --> 00:34:21,280
I just want to make sure we have time for that dad jokes at the end that's that's why people tune in. Absolutely. So, so yeah so we'll talk about the, the remote users first because we've touched on that quite a bit with the secure client would dig a little bit deeper into that so we're using

176
00:34:21,280 --> 00:34:29,280
the same VPN technology that we've had obviously we moved it into the cloud we've got microservices and things like that running around it.

177
00:34:29,280 --> 00:34:48,280
But we can, we can perform the same sort of posture and certificate based off and as they had mentioned, we can have an IDP like Azure or others and and a sample solution like do over something like that integrated in with this so that we can authenticate and we can provide

178
00:34:48,280 --> 00:35:01,280
that VPN connectivity and what that does is that does obviously route all ports of protocols we can do a full tunnel, and that's going to get you into that flow to get into that six stack as well as to private applications.

179
00:35:01,280 --> 00:35:17,280
Now, just below that we have our ZTA module and our ZTA module actually includes the dual health agent so this is another like sort of under the hood type thing that you don't really have to worry about, but it's inside that ZTA module, where hey we're going

180
00:35:17,280 --> 00:35:28,280
to again check your identity we're going to check your posture and we're going to give you per app tunneling to those applications that are ZTA enabled.

181
00:35:28,280 --> 00:35:46,280
So, and that that traffic as I mentioned earlier is something that where the ZTA module is looking for that at the application layer right below the application there the socket layer to be able to grab that traffic before the VPN can even see it so as long as the VPN is

182
00:35:46,280 --> 00:35:57,280
aware that ZTA is doing this, there's no conflicts there so we can have those running side by side and get that app, that private app traffic, where it needs to go securely.

183
00:35:57,280 --> 00:36:13,280
And then we have the roaming module that's sort of our tried and true roaming module that will send DNS traffic up to secure access provide those DNS controls so that hey we can stop threats before they even try to attempt to connect for your clients try to connect to those

184
00:36:13,280 --> 00:36:31,280
malicious websites or undesired destinations where there's content category and other things. And then it can also pull that user identity from the device and apply policies through the proxy and provide all of those security controls that we do have in our proxy

185
00:36:31,280 --> 00:36:48,280
because that is sort of where a lot of the magic happens with with decryption with file analysis with RBI and all of those other components that we've talked about that roaming client just by itself can get you all of those types of things in front of your user or for your users traffic.

186
00:36:48,280 --> 00:37:04,280
And then if your user comes on premise, then we have things like IP sec tunnels where you can build with standard protocols with other third party components as well as our own routers and firewalls and things but we also have integrations with our catalyst SD-WAN

187
00:37:04,280 --> 00:37:28,280
so that we can participate in in the routing power of SD-WAN and the filtering and traffic shaping and and wrap and steering of those components of hey we can get into secure access get that security stack in front of things you want to be in, or we can go branch to branch and get that traffic directly there.

188
00:37:28,280 --> 00:37:48,280
And so those are sort of the main ways that we do this. The final one we've added actually recently is resource connector, and that's something that works hand in hand with our ZTA module to provide a path for users to get to applications right so if I have an application

189
00:37:48,280 --> 00:38:00,280
configured for ZTA, and I have a resource connector deployed which is just a VM that can run in AWS and ESXi today, it will expand into other clouds as well soon.

190
00:38:00,280 --> 00:38:12,280
Basically what it does is it means I don't have to build IP sec tunnels, I don't have to worry about routing, I just need to put this VM in my data center on a VLAN on a network that can access these applications.

191
00:38:12,280 --> 00:38:24,280
And then I just define the application secure access, and everything else happens for you. The tunnel is built from the resource connector out to the cloud automatically.

192
00:38:24,280 --> 00:38:40,280
And the cloud basically just says hey, this application lives behind this resource connector and sends it there and then once it's behind on your purpose you can have a laugh or a firewall between the resource connector and your application if you need additional security,

193
00:38:40,280 --> 00:39:00,280
but we can we can provide that transport easily without modifying your firewall rules or anything on your edge or routing within your network as far as like building out IP sec tunnels to say hey I need these sites to connect through secure access, that resource connector will do that for you.

194
00:39:00,280 --> 00:39:12,280
Now, that last one about the resource connector for these, I get a lot of calls about people looking to replace my VPN and go clientless. Would that work there? Can I have no client and still access that private access?

195
00:39:12,280 --> 00:39:41,280
So yeah, so that's our clientless ZTA. I neglected that a little bit on this interview, but yeah, so the clientless ZTA does participate in that as well and that is another way that we connect users. So if you have unmanaged devices, whether it's BYOD or contractors or partners that are trying to connect to applications, you can either use those IP sec tunnels or you can use the resource connectors to get back to those applications and provide that posture using that user agent.

196
00:39:41,280 --> 00:39:47,280
Using that user agent string for that traffic back to web applications. Absolutely.

197
00:39:47,280 --> 00:40:00,280
Yeah, and it kind of depends on what the questions are regarding whether in terms of VPN like is it from between sites or from a head into secure access or if it's for users connecting for remote access VPN.

198
00:40:00,280 --> 00:40:12,280
From a connectivity perspective, like if you're going to zoom out, users are connected to secure access using the umbrella module for Web and DNS, remote access VPN for all traffic if you want.

199
00:40:12,280 --> 00:40:22,280
The client based ZTA module that can do private application access, you know, any port protocol as long as it's, you know, client to server.

200
00:40:22,280 --> 00:40:26,280
And then browser based access, which is of course the web proxy.

201
00:40:26,280 --> 00:40:38,280
The connection from your private application to secure access would be their tunnel, which is an option for backhaul or that resource connector, which can act as kind of a proxy for secure access and the end user trying to connect.

202
00:40:38,280 --> 00:40:47,280
And on the network itself and it's going to be what's going to reach out to the private application and then of course to secure access building a tunnel by itself.

203
00:40:47,280 --> 00:40:59,280
So yeah, you could, you know, replace VPN either for the backhaul connectivity or the end user connectivity, but it would ultimately come down to, you know, your existing architecture what applications you need to allow access for, you know, there are going to be

204
00:40:59,280 --> 00:41:04,280
situations where remote access VPN is still necessary for better or worse.

205
00:41:04,280 --> 00:41:16,280
It is might be for a smaller user pool or for fewer applications, as you make that migration and that's part of why we've included, you know VPN as a service, because I mean any anyone that offers ZTA is going to still require

206
00:41:16,280 --> 00:41:24,280
you to have a VPN, because it's either going to be something peer to peer or, you know, serve a client, it's going to require it.

207
00:41:24,280 --> 00:41:30,280
And so we just included as part of the offering because I get uniquely positioned as Cisco.

208
00:41:30,280 --> 00:41:43,280
And it's cool that we're talking earlier how seamless or invisible to the user you could just have them try the VPN, if needed, if not just go down to the next connection method, kind of automatically.

209
00:41:43,280 --> 00:41:54,280
Very cool. Yeah, yeah, with the ZTA they just be connected to it as if they were on prem, and that the module self will capture the traffic and identify to say this is a private application.

210
00:41:54,280 --> 00:42:08,280
And with any of these options, there's a posture check, you know, so it can fit as part of a zero trust access architecture which I know is going to be a question you're going to ask in a second, but this feels too perfect of a segue.

211
00:42:08,280 --> 00:42:20,280
It'll be able to do a posture check for you. And if you pass the posture check, you know you're able to authenticate, it's going to put you through you know the firewall rules, it's going to look at like should you be a lot of access at all with your identity.

212
00:42:20,280 --> 00:42:30,280
And then it'll connect for you. And it'll use the resource connector that the tunnel depending on how you have connected to give you that access and you as an end user.

213
00:42:30,280 --> 00:42:44,280
So it's authenticating, and you're authenticating at the, you know, on the timing that's configured by the administrator so it can be, you know, every hour I think weekly, and there's like different time frames that you can, you can set, I don't quite remember off the top

214
00:42:44,280 --> 00:42:49,280
my head. I'm a nerd but I'm not super nerd so forgive me.

215
00:42:49,280 --> 00:43:06,280
And so like you don't have to like even try VPN first, you know I personally I would try just to connect to it. Same way as I might today, and see like can I access it, and I'm like can't that's when I would be looking at VPN, and you might find entire swaths of users don't need to use VPN after making the migration.

216
00:43:06,280 --> 00:43:08,280
Very cool.

217
00:43:08,280 --> 00:43:10,280
Yeah.

218
00:43:10,280 --> 00:43:14,280
So you just stole my question David.

219
00:43:14,280 --> 00:43:16,280
Absolutely did I'm sorry.

220
00:43:16,280 --> 00:43:31,280
It's all good it's all good but, but no just you know, just to give the audience the, the idea of, you know, zero trust, where we're looking to make sure that we understand who the user is what type of device they're using.

221
00:43:31,280 --> 00:43:43,280
And then, you know that that part that you just mentioned about the client versus client list assessment of the actual device. So yeah, that was good. That was good.

222
00:43:43,280 --> 00:43:47,280
Yeah, so I mean, as far as the zero trust architecture goes right.

223
00:43:47,280 --> 00:44:02,280
It's ultimately geared, no matter what it is for the same thing, giving users access to only the things they need access to, and making sure they like should have access, because it's not just like does David had permissions is is David on a corporate device is David's

224
00:44:02,280 --> 00:44:05,280
corporate device up to date, has he disabled his firewall.

225
00:44:05,280 --> 00:44:16,280
Is risk increased to the point where I no longer want to give David access to something. And the answer might be yes. And so you shouldn't give access to me, regardless of if I'm able to authenticate.

226
00:44:16,280 --> 00:44:31,280
And so depending on the connection method will kind of inform the posture control, but you can of course bring in your own, you know, IDP for authentication so if you're like, you know, leveraging duo for, you know, SAML to this application you're also able to do their

227
00:44:31,280 --> 00:44:44,280
conditional enforcement for device help for secure access itself. You know with the browser based access we're able to use the user agent info to get for information about the endpoint.

228
00:44:44,280 --> 00:44:50,280
Justin mentioned the device health application we brought over for the zero trust access module.

229
00:44:50,280 --> 00:44:57,280
And that is going to be checked per session that a user tries to access the application in both situations.

230
00:44:57,280 --> 00:45:00,280
Like I mentioned like way earlier.

231
00:45:00,280 --> 00:45:03,280
You're only giving access to the application itself.

232
00:45:03,280 --> 00:45:13,280
And you're not giving access to the rest of the network like you would with remote access VPN. Right. And you're able to have that intent based policy based on the user identity.

233
00:45:13,280 --> 00:45:20,280
And so I could say like, everyone in marketing can access this thing, but then I could have a specifier like up adjusting can't.

234
00:45:20,280 --> 00:45:29,280
And so you can get really specific with it. And Cisco is, you know, again, going in a direction to help simplify the deployment and management for this with them.

235
00:45:29,280 --> 00:45:33,280
Some things are working on that I'm not at liberty to talk about.

236
00:45:33,280 --> 00:45:45,280
But it's all geared to make it so you can secure your network provide access to users reduce friction without having to be a CCIE, you know, like I'm all for search I've got more than a couple myself and I'm sure everyone else who does as well.

237
00:45:45,280 --> 00:45:56,280
But you shouldn't have to have a full stack of search to be able to do these things to have these outcomes, you know, so that's really what I feel like we're going to with the zero trust side.

238
00:45:56,280 --> 00:46:06,280
Nice. I like that. Yeah, and that all falls back onto that intent based networking like I can see who I can see what I'm just kind of mapping who I want to give access to.

239
00:46:06,280 --> 00:46:18,280
All right, so I don't have any like theme music planned or anything for the next section that would hype everybody up but it is time for the dad jokes.

240
00:46:18,280 --> 00:46:31,280
I gave you guys, Andre said I said bring a dad joke that has something to do with springtime so I'm really excited to hear what you guys will come up with who Andre's you want to go first.

241
00:46:31,280 --> 00:46:36,280
All right, yes, I'm probably still one of the ones we have right here.

242
00:46:36,280 --> 00:46:38,280
The one that I like.

243
00:46:38,280 --> 00:46:45,280
So, what did the seed say to the flower.

244
00:46:45,280 --> 00:46:48,280
I have an idea, seed to the flower.

245
00:46:48,280 --> 00:46:52,280
I can't wait to grow up like you or something.

246
00:46:52,280 --> 00:46:57,280
No, it's okay bloomer.

247
00:46:57,280 --> 00:47:03,280
Probably something that one of my kids will say to me.

248
00:47:03,280 --> 00:47:10,280
No, I think that okay boomer like people get seriously upset if you say that to someone that's hilarious.

249
00:47:10,280 --> 00:47:18,280
I'll kick up the next one here. Did you guys hear about the gardener who could not wait for spring.

250
00:47:18,280 --> 00:47:27,280
He was so excited he what his plants.

251
00:47:27,280 --> 00:47:29,280
Yeah, okay.

252
00:47:29,280 --> 00:47:38,280
Alright Justin you want to go next. Sure. So that garden is excited he may not be able to plant any flowers. Do you know why.

253
00:47:38,280 --> 00:47:43,280
Because he hasn't bought any.

254
00:47:43,280 --> 00:47:50,280
I had to think about that for a second I was like, bought, bought any. Yes.

255
00:47:50,280 --> 00:47:56,280
Oh god you've asked for springtime puns but I feel like I'm taking the fall if you catch me.

256
00:47:56,280 --> 00:48:02,280
So my pond that wasn't it is why spring a good time to get into good habits.

257
00:48:02,280 --> 00:48:10,280
It's a perfect time to turn a new leaf, which is what I want to do about these puns.

258
00:48:10,280 --> 00:48:18,280
Thank you guys. Excellent. Now I got some good dad jokes to you know tell when I'm coaching my kids soccer and basketball games.

259
00:48:18,280 --> 00:48:20,280
His son out of loss.

260
00:48:20,280 --> 00:48:25,280
Yeah, I can't wait to see that.

261
00:48:25,280 --> 00:48:32,280
David and Justin real quick would you just want any closing thoughts or comments.

262
00:48:32,280 --> 00:48:34,280
Yeah, sure. I'll go first.

263
00:48:34,280 --> 00:48:48,280
So we've talked a lot about secure access and and and how it can fit into an environment, but it obviously isn't going to be the only security solution and something that's part of your security stack and defense and depth.

264
00:48:48,280 --> 00:49:00,280
Strategy. And so there are other components that you'll need to add with us for email, etc, things like that. So there are things that we can help with and we can talk about for customer journeys and things like that to help you on your way.

265
00:49:00,280 --> 00:49:16,280
As far as plugging I am on LinkedIn I don't have a whole lot going on online but I definitely recommend David's YouTube channel which I think you'll talk about in a minute so I'll pass it over to him but you are going to probably have millions of likes from your video flossing so

266
00:49:16,280 --> 00:49:24,280
that's right I got to get that panel board I was looking at some inflatable ones are discounted right now so I got there.

267
00:49:24,280 --> 00:49:30,280
I've got two inflatable boards I recommend them, but you have a truck so you might be able to use a regular board.

268
00:49:30,280 --> 00:49:33,280
Is interesting.

269
00:49:33,280 --> 00:49:38,280
I might have a user one to sell you if you'd like I don't have a truck so I have no way to transport it anymore.

270
00:49:38,280 --> 00:49:41,280
Okay.

271
00:49:41,280 --> 00:49:53,280
I'll give you a plan. We sort this out. This is the security 45 marketplace. Yeah, yeah, yeah, yeah. Let me know if you want to buy a panel board.

272
00:49:53,280 --> 00:49:59,280
Yeah, I'm on YouTube now, I've only got two videos I make no promise when I'll post new ones.

273
00:49:59,280 --> 00:50:03,280
But look me up at a security hyphen decrypted.

274
00:50:03,280 --> 00:50:15,280
I just try to make videos related to see you know simplifying security making it more, I guess, easier to understand to follow. I really simplify things I'm going to have a series on secure access I've already kind of started with an overview.

275
00:50:15,280 --> 00:50:20,280
So if you want to hear just me talk about it for 14 or so minutes for free to check that out.

276
00:50:20,280 --> 00:50:37,280
Otherwise I'm not really on social media either there's just too many other things to do but I'm on LinkedIn so hit me up.

277
00:50:37,280 --> 00:50:55,280
I don't know why not mess around with the what customers are telling me but it's always good to hear what people with, you know, boots on the ground are doing as well.

278
00:50:55,280 --> 00:51:12,280
So takeaways yeah I'm glad we covered those acronyms which are, you know, extremely confusing to a lot of different people SSC sassy software as a service CASB, we talked about those primary components of secure access I like thinking of it as a connectivity

279
00:51:12,280 --> 00:51:25,280
and a security solution where we're connect everyone out to that common cloud and right there is where we're going to apply that security policy as well we talked about that unified policy, how all of this is frictionless from the user.

280
00:51:25,280 --> 00:51:34,280
A lot of complexity that Cisco will worry about behind the scenes but from a user perspective I connect in to get to work. I think that's really important.

281
00:51:34,280 --> 00:51:49,280
Then from that management and administrative side of things. I will be able to consolidate a lot of these separate pieces of the puzzle I have maybe separate products maybe something like umbrella, and I'm able to absorb all that into this one common dashboard,

282
00:51:49,280 --> 00:51:54,280
again, which is doing my doing the bringing that connectivity and security together.

283
00:51:54,280 --> 00:52:09,280
Andres. Yeah, thank you for that Mike. My takeaways are going to be one of them. The understanding that we have now on the secure access components, what are the things that we can do.

284
00:52:09,280 --> 00:52:25,280
All those acronyms, you know the DNS security, the advanced malware protection, the browser isolation, all those things that are super fundamental for an SSC solution. They're going to be, they're going to be here on the section.

285
00:52:25,280 --> 00:52:39,280
Right. The other thing is where are users devices applications, where are we connecting from, and where are we connecting to. Those are the most important questions right.

286
00:52:39,280 --> 00:52:51,280
We have access to local applications, things that are inside of the data center, things that are cloud, and we can have control of that so that's really good to keep in mind.

287
00:52:51,280 --> 00:53:06,280
And then the last piece, which I think it's very interesting. It's going to be that, that piece on zero trust on the zero trust architecture, where we're talking about the posture assessment.

288
00:53:06,280 --> 00:53:25,280
We're talking about what is the implication for users connecting either via a client or client less. And then we see that that that piece on the framework for zero trust so that was those are really my takeaways for this one.

289
00:53:25,280 --> 00:53:40,280
Well I'm personally armed with new dad jokes and I'm feeling pretty good today. Thank you so much, David and Justin David Keller and Justin Murphy for being guests on the show and all the good you do in the security world.

290
00:53:40,280 --> 00:53:55,280
Next call is going to be April 17, we're going to be discussing what's new in Cisco's firepower latest version.

291
00:53:55,280 --> 00:54:05,280
Firewalls that are new. I've loved today's session on secure access please stay secure, and we will see you on the next show everybody. Thank you all.

292
00:54:05,280 --> 00:54:10,280
Bye bye. Yeah.