“Simply put, we are making it incredibly obvious when our customers are configuring insecure features that introduce new and unnecessary risks into their networks,” wrote Anthony Grieco, senior vice president and chief security and trust officer at Cisco, in a blog post when the initiative was introduced. “Initially, customers will receive increased security warnings that recommend discontinuing the use of any insecure features. In subsequent releases, features will be disabled by default or require additional steps to allow for configuration. Eventually, insecure options will be removed entirely.”
Another new feature in the SD-WAN software portfolio is the ability from Meraki SD-WAN sites to define firewall policies once at the organization level and apply them everywhere, instead of configuring each site individually, according to Cisco.
“Managing firewall policies one network at a time does not scale for distributed organizations. With org-wide group policies, teams can define reusable policies once and enforce them consistently across the organization,” Tickoo wrote. “This enables a more centralized and flexible approach to policy management, reducing operational overhead while ensuring consistency across environments.”
The software also supports improved Transport Layer Security decryption capabilities. “With the majority of internet traffic now encrypted, TLS decryption plays a critical role in threat detection. At the same time, inspection must not come at the cost of performance and platforms such as the Catalyst 8375-G2—Cisco’s large enterprise branch SD-WAN router—deliver up to 1.6 Gbps throughput on 100% HTTPS traffic, enabling teams to achieve strong security outcomes without introducing performance bottlenecks,” Tickoo wrote.
As more enterprise customers deploy AI applications, Cisco said it was enhancing the Catalyst SD-WAN software to better help customers support and manage AI traffic. With the enhancements customers can automatically identify and classify AI-based application traffic across cloud, edge, and hybrid environments, according to Cisco. With that visibility, organizations can apply intent and differentiate between business-critical AI workloads and non-critical usage then apply policies that optimize performance and enforce governance, Ticktoo wrote.
“Security is built in, with Zero Trust enforcement applied directly to AI traffic and the ability to redirect traffic to Cisco Secure Access for deeper inspection when needed,” Ticktoo wrote. “The outcome is a WAN that not only carries AI traffic but continuously optimizes and secures it as usage grows.”
