Cisco Cloud Security – Should you get it?

Cisco helped wire the world to create an internet that was safe for commerce.

Today they continue that valuable work, providing clients best-in-class protections for all types of cloud assets.The services that comprise Cisco Cloud Security are built to allow IT administrators greater visibility and control over their entire ecosystem.

The modern reality is that more people are working remotely, off the corporate network, using SaaS apps in the cloud, across hybrid and multi-cloud environments. The in-house security solutions that come with Salesforce, Microsoft 365, or Google Cloud are very good, but these companies aren’t responsible for your data, workloads, and user access management.

With Cisco Cloud Security, you can centralize oversight for all of these moving parts. By providing a real-time picture of threats across your organization and tools to respond, Cisco Cloud Security makes it easier to do a better job keeping everything protected.

In this post, we’ll review the major services, as well as how they complement and extend your existing cloud security. In closing, we’ll address who should get Cisco Cloud Security and some other solid options.

What is Cisco Cloud Security

Cisco Cloud Security is a suite of tools designed to protect the varied hybrid and cloud environments that make up the modern workplace.

Typically, Cisco products are more expensive than similar products from other vendors, but they have a reputation for being deep, flexible, and mature solutions. A single Cisco Cloud Security solution may cover the function of several more budget-friendly products.

Additionally, their products are easy to deploy and integrate with other leading cloud security services.

All this means that you can use Cisco Cloud Security products to quickly enhance your existing perimeter and harden your cloud security posture.

Let’s take a look at the core products.

Cisco Umbrella

Cisco Umbrella is well-known as a reliable DNS filtering tool, but it has expanded over the years to include a range of enterprise-ready cloud security services.

In its current iteration, Umbrella outfits IT admins with a sophisticated set of tools to detect devices, monitor traffic, configure network rules, and enforce consistent policies for users no matter where they are. The major features of Umbrella include:

  • DNS-layer security: Malicious IP blocking over all ports and protocols.
  • Secure web gateway: Web traffic logging and inspection.
  • Cloud-delivered firewall: IP, port, protocol, and IPsec tunnel configuration.
  • Cloud access security broker (CASB): Application discovery and management.
  • Interactive threat intelligence: Threat detection and response via Umbrella Investigate integration.

Umbrella deploys in minutes without hardware or software, and begins blocking malware, phishing, and botnets immediately. With integrations and APIs, Umbrella can be customized to improve or replace your current security systems and workflows.

If you need to protect branch users, Umbrella SD-WAN integration is also easy to deploy.

The exact features that come with Umbrella depend on the subscription. There are three different cloud security packages that, broadly speaking, meet the needs of small businesses, midmarket, and enterprise clients:

  • DNS Security Essentials: comes with the DNS-filtering and CASB functionality companies need to detect shadow IT and ensure the safety of web traffic.
  • DNS Security Advantage: includes more tools to proxy risky domains and investigate suspicious activity.
  • Secure Internet Gateway Essentials: includes full filtering, detection, response, and policy control capabilities.

It’s important to pay attention to the specific features that come with these security packages because they may help you eliminate reliance on another third-party vendor. Even DNS Security Essentials is a fairly full-bodied solution compared to other dedicated DNS-filters on the market.

The best description of the different Umbrella packages and what they offer is this short, excellent video from Cisco.

Cisco Stealthwatch Cloud

Stealthwatch Cloud performs behavior anomaly detection to surface internal and external threats to your cloud assets (on-prem, private network, public cloud, or hybrid). It’s a SaaS, agentless solution that requires minimal expertise to deploy and use.

Stealthwatch ingests network telemetry and logs, and scans them for potential compromise, malicious activity, ransomware, misconfigured resources, and more. Essentially, it uses the data to generate models of normal entity behavior. When an entity deviates from the model, Stealthwatch catches the new behavior and generates a detailed report.

These high-fidelity alerts are generated automatically and addressed from a single console, quickening response time and streamlining management.

There are two primary offerings of Stealthwatch:

  1. Public Cloud Monitoring: works for AWS, Azure, and Google Cloud Platform, as well as for containers and serverless compute environments.
  2. Private Network Monitoring: works for on-premises network.

No matter how distributed the deployment, Stealthwatch improves incident response by providing a real-time analysis of network traffic and entity behavior.

Cisco Cloudlock

Cisco purchased Cloudlock a few years ago, and has been integrating its cloud-native CASB capabilities into other Cisco services. It’s available as a standalone product, or as part of an Umbrella subscription.

As an API-based CASB, Cloudlock can detect, and monitor cloud application use across the entire organization (for SaaS, PaaS, IaaS, and so on). There are three core functions of Cloudlock:

  1. Apps firewall: Discover cloud apps connected to your environment. Whitelist and ban particular apps based on a crowd-sourced risk profile. Send users alerts about specific apps or to increase awareness.

  2. Data loss prevention (DLP): Monitor sensitive information using pre-set or customizable policies. Establish automated responses to prevent or remediate the loss, misuse, or unauthorized access of sensitive information.

  3. User and entity behavior analytics (UEBA): Leverages Cloudlock’s advanced machine learning algorithms to detect anomalies and surface potential threats quickly.

Additional Cisco Cloud Security Tools

Along with the big picture products, Cisco Cloud Security has powerful tools for specific use cases and emerging threat vectors.

These highly-tunable security solutions work well together and with Umbrella, but also with third-party cloud products. There are purpose-built solutions for Gmail, AWS Kubernetes, and Microsoft 365, which allow you control security to the living edge of your perimeter.

The other key Cisco Cloud Security tools include:

  • Cisco AMP: Advanced malware protection.
  • Cisco AppDynamics: Advanced cloud monitoring and visualization.
  • Cisco Duo: Adaptive multi-factor authentication.
  • Cisco Email Security: Multi-layer threat defense, content encryption, and DLP.
  • Cisco Endpoint Security: Advanced user and device protection.
  • Cisco Firewall: Next-generation virtual firewalls for the cloud.
  • Cisco Secure Remote Worker: Scalable, safe VPN access.
  • Cisco SecureX: Integrated cloud security platform.
  • Cisco Tetration: Cloud workload protection and microsegmentation.

How much does Cisco Cloud Security Cost?

The total cost to start using Cisco Cloud Security tends to be relatively high compared to similar solutions from other vendors.The exact price will depend on the selection of services you use and how many endpoints, users, devices, nodes, and so on you need to cover.

As you consider your options, here’s a few things to keep in mind:

  • Cisco has a number of financing and payment options available
  • Support almost always has to be purchased separately
  • You can access a 60-day free trial of Stealthwatch, and demo other Cisco Cloud Security products before committing.

Once you have a good sense of what you need, talk to sales to get an accurate price.

Who should get Cisco Cloud Security?

The appeal of Cisco Cloud Security extends beyond those who have already invested in the company’s products. Cisco infrastructure and collaboration tools are great, but not a prerequisite for easy adoption.

Cisco has a deep set of products that are easy to deploy at scale. Businesses, hospitals, and universities can start rolling out new protections without disrupting the experience of end users.

Many businesses turn to Cisco Cloud Security products to:

  • Securely configure multi-cloud environments. Cisco Cloud Security helps you cover the entire perimeter: remote access, SaaS apps in the cloud, and shared responsibility for IaaS security.
  • Manage access and usage: Compromised accounts and suspicious behavior need to be blocked. Cisco ensures that access is fast and secure for valid users, while clamping down on malicious activity immediately
  • Protect email: No SaaS app is more widely used or attacked. Cisco lets you enable extra layers of defense without impacting user experience.
  • Save money. Cisco is not the cheapest option, but they offer an unified solution that can streamline IT security management and reduce overhead.

It’s easy to add Cisco Cloud Security products incrementally as needs evolve, which means less IT drama and limits your future attack surface. These are not one-off solutions, but robust tools that address an entire area of cloud security.

For organizations with assets in the public cloud, Cisco picks up where the major vendors leave off. These tools will help you address your end of the shared responsibility in Azure, AWS, and Google Cloud, extending your visibility and control to every device and user.

Cisco Cloud Security can also be beneficial for organizations without premium licensing. Someone with a Microsoft 365 E3 subscription, for example, doesn’t have access to Microsoft Cloud App Security, which is the company’s CASB. Moving to an E5 subscription is going to cost a lot more per user than adding Cloudlock or Umbrella.

Are there other options that are better?

Cisco is one of several excellent cloud security companies that can help you harden your cloud environment. The best option is going to depend on your current infrastructure and future goals.

Because they’ve been around, Cisco has solutions for a wide range of legacy devices and deployments. They can help organizations gradually transition away from their pre-cloud environment as appliances depreciate, migrating to the cloud with complete oversight and security.

Palo Alto Networks, Akamai, and Check Point Software offer comparable services and products. It’s impossible to say whether one is better or worse without context. What matters is how well each suite fits with your specific needs.

The better you can map your ecosystem and its defenses, the better you will be able to answer the question of whether Cisco Cloud Security is good enough.

Incredible companies use Nira

Every company that uses Google Workspace should be using Nira.
Bryan Wise
Bryan Wise,
Former VP of IT at GitLab

Incredible companies use Nira