Cloud-based Zero Trust platform for secure access to applications and data from anywhere. Protects web traffic, monitors cloud services, and ensures that sensitive data remains protected when working remotely.
Cisco Secure Access is a modern cloud-based Security Service Edge (SSE) solution that can transform the way that you secure access to applications, data, and Internet resources. As the traditional organizational perimeter increasingly vanishes and users access corporate resources from anywhere, Secure Access provides unified and secure access to any application, port, or protocol – from private applications in the data center to cloud apps or SaaS and web services. The platform integrates key security features, including ZTNA, SWG, CASB, and FWaaS, enabling organizations to implement Zero Trust principles and provide a consistent level of protection regardless of the user or device location.
Architecture and key components
Unified Dashboard: A central console to manage security policies and monitoring across all modules with a single identity-based policy.
Secure Client: A client that is installed on managed devices that provides secure connectivity and redirects traffic to the Secure Access cloud infrastructure.
App Connector: A component deployed in private application environments allowing secure access to such applications without opening firewall ports or deploying VPNs.
Clientless Access: Allows accessing web applications without installing a client; it is ideal for unmanaged devices.
Klíčové bezpečnostní moduly a funkce
- Zero Trust Network Access (ZTNA):Provides application-specific access to private applications in on-premises or cloud/IaaS environments based on user identity and device status. Available in both client-based and clientless versions.
- VPN as a Service (VPNaaS):Secure remote access and secure Internet access for non-web Internet traffic, as an alternative to traditional VPNs.
- DNS-layer security:DNS-level filtering to block malicious and unwanted destinations before a connection is established.
- Secure Web Gateway (SWG):Proxy service for inspecting, logging, and monitoring web traffic including TLS decryption, URL filtering, and application control.
- Cloud Access Security Broker (CASB):Detection and monitoring of cloud applications in use (shadow IT), risk assessment, and malware protection.
- Cloud-Delivered Firewall (CDFW):Inspect Internet traffic across all ports and protocols with Layer 3-7 inspection.
- Remote Browser Isolation (RBI):Protect users from online threats by isolating risky websites in a cloud sandbox.
- Data Loss Prevention (DLP):Analyzes and protects sensitive data leaving the organization via web traffic.
- Intrusion Prevention Service (IPS):Advanced network flow inspection to detect and block vulnerability-exploiting attacks.
- Secure Malware Analytics:Cloud sandboxing for the secure analysis of suspicious files.
- ThousandEyes Integration:Monitor performance and connectivity between users, applications, and network components to quickly identify and resolve issues.
Customer Benefits Implementace Cisco Secure Access přináší organizacím řadu výhod
Unified security framework
Consistent policies and protection across all access paths – to the web, SaaS, and private applications.
Increased safety
Implementation of Zero Trust principles with continuous identity verification, ensuring least-privilege access and protection against modern threats.
Improved user experience
Unified and seamless access to applications regardless of their location or type.
Simplified administration
Centralized management of security policies and visibility across all modules from a single console.
Cost and complexity reduction
Consolidating multiple security functions into a single platform eliminates the need to manage varying point solutions.
Flexible deployment
Modular design allows organizations to start by addressing the key needs, and then gradually expand functionality as required.
Hybrid environment support
Consistent protection across on-premises, multicloud, and edge environments.
Technical aspects and implementation details
Cisco Secure Access is built on a modern cloud architecture whose technical features include:
Elastic cloud infrastructure: Automatic scaling and high availability thanks to a global POP network.
Identity-based access control: Integration with identity providers including Azure AD, Okta, Ping, and custom IDPs.
Adaptive policies: Define access rights based on identity, device, location, and other contextual information.
Inline traffic inspection: Deep traffic inspection including TLS decryption to identify and block threats.
Secure Access SASE Integration: Can be combined with SD-WAN for a comprehensive SASE architecture.
API integration: Rich API to integrate with other security tools and systems.
Differences betweeen Secure Access a Cisco+ Secure Connect
While Cisco Secure Access is a modular approach to SASE with geographic scaling and advanced ZTNA features, Cisco+ Secure Connect is designed as a unified SASE solution with simplified administration via the Meraki dashboard. Secure Access is ideal for organizations that require flexible deployment options and advanced functionality, while Cisco+ Secure Connect is focused on implementation and management simplicity.
Cisco Secure Access
This is a comprehensive SSE solution that answers the challenges of modern access to applications and data in a distributed IT environment. Combining advanced security features, such as ZTNA, SWG, CASB, FWaaS, and more, it provides a platform that enables organizations to implement Zero Trust principles and ensure secure access to any application, from anywhere, on any device. With a modular approach and flexible deployment options, Cisco Secure Access is suitable for organizations just beginning their journey to SASE architecture as well as those looking for a comprehensive and integrated secure-access solution in a modern hybrid IT environment.