Securing Multicloud Environments with Cisco Secure Firewall Threat Defense on Alkira Cloud

Protecting against Log4j with Secure Firewall & Secure IPS

December 14, 2021

NetApp ONTAP Becomes First Enterprise Storage Platform to Receive Validation from NSA for Security and Encryption

December 15, 2021

Securing Multicloud Environments with Cisco Secure Firewall Threat Defense on Alkira Cloud

Tags

In today’s security climate, NetOps and SecOps teams are witnessing increased attack surface area as applications and workloads move far beyond the boundaries of their data center. These applications/workloads move to, and reside in, multicloud architecture, adding complexity to connectivity, visibility, and control. In the multicloud world, the SecOps teams use a distributed security model that is expensive, difficult to deploy, and complex to manage.

Cisco has partnered with Alkira to help secure your multi-cloud environment. Combining Alkira’s simplified cloud connection through their cloud network-as-a-service platform (SaaS-like model) with Cisco’s industry-leading security controls, we can deliver a centralized security model for multicloud architecture that is easy to deploy, manage, and increases visibility and control.

Cisco Secure Firewall Threat Defense provides unmatched security controls such as stateful firewalling, Snort3 IPS, URL filtering, malware defense, application visibility and control, and more. Additionally, with the purchase of Secure Firewall Threat Defense, you will receive license entitlement to Cisco SecureX, our open XDR and orchestration platform, helping you accelerate threat detection, investigation, and remediation.

Cisco Secure Firewall Management Center (FMC) is required for managing Cisco Secure Firewall Threat Defense, helping administrators enforce consistent access policies, rapidly troubleshoot security events, and view summarized reports across the deployment.

Cisco Secure Firewall Threat Defense 7.1 will be available on Alkira’s service marketplace early 2022. Once it is available, customers can deploy and insert Cisco Secure Firewall Threat Defense seamlessly in their Alkira Cloud Exchange Points (CXP).

Benefits of this integrated architecture include:

Simplified network and security architecture: This solution offers a streamlined network and security architecture by leveraging fully automated insertion and service-chaining of Cisco Secure Firewall in a centralized security model.
Auto-scaling: Cisco Secure Firewall provides a flexible architecture that can autoscale with the network load. The autoscaled instance receives the configuration and licenses automatically.
Increased visibility and control: This architecture provides simplified firewall insertion in a centralized security model that supports both north-south and east-west traffic inspection.
Unified security policy: Uniformly enforce firewall security policy across on-premises, cloud, and multicloud environments

Figure 1: Multi-cloud security architecture in Alkira Cloud Exchange Point with Cisco Secure Firewall

Figure 1 shows a multicloud environment inter-connected using Alkira’s cloud exchange platform (CXP). In the above architecture, Cisco provides seamless insertion of security controls and enables the following use-cases for firewall insertion:

Multicloud Security: Cisco Secure Firewall Threat Defense provides a centralized security model that enables better security controls, visibility, and network segmentation. This deployment offers north-south (N/S) and east-west (E/W) traffic inspection models. 
Branch Security: Alkira Cloud Exchange Platform (CXP) connections branches and Cisco Secure Firewall Threat Defense protects N/S and E/W branch traffic. 
Secure Internet Edge: Deployment of Cisco Secure Firewall inside of CXP enables secure Internet edge for inbound and outbound internet traffic.
Cloud DMZ: Provides security controls for the resources deployed in the cloud DMZ.
Shared Application Services: Enforce firewall security policy for cross-segment application traffic in cases of business partner integration, mergers, acquisitions, and divestitures.

Cisco Secure Firewall Threat Defense will be available in Alkira early 2022 as a “Bring-Your-Own-License (BYOL)” licensing option. Cisco Smart licensing provides an easy way to manage and license Cisco firewalls.