Firewall technology has been the cornerstone of network security for decades, yet the landscape continues to evolve at a rapid pace. In the latest episode of "Security in 45," hosts Mike Veedock and Andres Sarmiento explore Cisco's remarkable journey from the PIX firewall era through ASA and into the modern Firepower Threat Defense (FTD) platform. This evolution tells a compelling story about how security must constantly adapt to emerging threats while balancing innovation with operational efficiency. Whether you're managing legacy systems or planning next-generation deployments, understanding this trajectory provides crucial context for making informed decisions about your organization's firewall strategy.

What This Episode Covers

  • Cisco’s firewall evolution: The progression from PIX to ASA to FTD and what each generation addressed
  • Firepower Threat Defense (FTD): Modern capabilities and flexible deployment models
  • Encrypted Visibility Engine (EVE): Analyzing encrypted traffic without sacrificing privacy
  • Management flexibility: Cloud-based, on-premises, and hybrid management options
  • Identity-based security policies: Integration with Active Directory for user-centric access control
  • Third-party integration: Ecosystem approach to security orchestration
  • Hands-on learning: Cisco’s webinar series and sandbox environments for practical engagement
  • Future direction: Upcoming innovations like Cisco Extended Detection and Response (XDR)

Deep Dive

Understanding Cisco’s Firewall Evolution: From PIX to FTD

To appreciate where Cisco’s firewall technology stands today, it’s important to understand the historical context. The PIX firewall, introduced in the mid-1990s, was revolutionary for its time—it delivered stateful inspection and became the gold standard for perimeter defense. However, as threats evolved and networks became more complex, the need for more sophisticated capabilities became apparent.

The transition to ASA (Adaptive Security Appliance) represented a significant leap forward, introducing features like advanced threat inspection, SSL/TLS decryption capabilities, and more granular policy controls. ASA still powers countless organizations worldwide and remains a stable, proven solution.

Enter FTD—Cisco’s next-generation platform that represents not just incremental improvements but a fundamental rethinking of how firewalls should operate in modern threat landscapes. FTD integrates threat prevention, application control, and intelligence in ways that previous generations couldn’t. This isn’t merely about processing more traffic faster; it’s about delivering smarter threat detection and prevention capabilities that can adapt to previously unseen attack patterns.

The evolution reflects a critical lesson in security architecture: static defenses become obsolete. Each generation of Cisco’s firewall platform has had to account for new threat vectors—from application-layer attacks to encrypted traffic manipulation to sophisticated malware that evades traditional detection methods. Understanding this progression helps organizations recognize that today’s “current” solution will eventually require modernization.

Firepower Threat Defense: The Modern Firewall Platform

FTD represents Cisco’s current-generation firewall architecture and is purpose-built for enterprises that need to defend against advanced, evolving threats. But what makes FTD fundamentally different from its predecessors?

At its core, FTD combines multiple security functions into a cohesive platform: stateful firewall inspection, intrusion prevention (IPS), advanced malware protection, and application-aware controls. Rather than treating these as separate modules bolted together, FTD integrates them with shared intelligence—meaning threat data discovered by one component informs the behavior of others.

The platform’s true power emerges in its deployment flexibility. Organizations can run FTD on various hardware platforms, virtual environments, or cloud instances. This flexibility is crucial because not all organizations operate with identical infrastructure. A financial services company might run FTD on dedicated appliances in their data center while simultaneously deploying it virtually for branch offices. A cloud-native organization might deploy FTD in containerized environments or leverage cloud-native firewall offerings.

Additionally, FTD’s policy engine operates on multiple levels. Traditional port-based rules still exist but are supplemented by application-layer policies, user-based rules, and threat-level policies. This multi-layered approach acknowledges a fundamental truth: modern threats don’t care about port numbers—they exploit application logic, manipulate protocols, and hide within encrypted channels.

Encrypted Visibility Engine: Seeing Through the Encryption

One of the most sophisticated challenges in modern network security is the visibility problem. Industry statistics indicate that 80-90% of network traffic is now encrypted, which is generally good for privacy but creates a security blind spot. How do you detect malware, data exfiltration, or command-and-control communications when you can’t see the payload?

This is where EVE becomes critical. The Encrypted Visibility Engine analyzes encrypted traffic without requiring full decryption of the session. How? Through a combination of techniques:

Metadata analysis: EVE examines traffic patterns, packet sizes, timing, and flow characteristics that often betray malicious behavior even within encrypted channels.

Certificate inspection: By inspecting the SSL/TLS handshake and certificate chain, EVE can identify suspicious certificate usage or man-in-the-middle attempts.

Protocol behavior analysis: Even encrypted, protocols have distinctive patterns. Ransomware command-and-control traffic has different behavioral signatures than normal HTTPS web traffic.

Machine learning: EVE applies intelligent algorithms to identify anomalies that might indicate compromise.

The real-world value is substantial. A healthcare organization can now detect when a compromised workstation is exfiltrating patient data through encrypted channels without having to decrypt every employee’s HTTPS traffic to their personal email. A financial institution can identify trading floor workstations communicating with unauthorized servers even though the traffic is encrypted.

However, it’s important to acknowledge the complexity here. EVE isn’t magic—it works best as part of a layered strategy. It excels at detecting behavioral anomalies and known threat signatures but might miss sophisticated, well-crafted attacks designed to mimic legitimate traffic. This is why it’s most effective when combined with endpoint detection and response, user behavior analytics, and regular threat hunting.

Management Flexibility: Adapting to Your Organization’s Reality

Legacy firewalls often required on-premises management infrastructure—standalone management consoles, dedicated admin workstations, and complex backup procedures. FTD changes this paradigm by offering multiple management approaches.

Cloud-managed: Cisco’s cloud-based management portal (Cisco Defense Orchestrator or similar services) allows administrators to manage FTD instances from anywhere. Policies, updates, and threat intelligence are centrally maintained and distributed. For distributed organizations, this eliminates the need for local management infrastructure at each site.

On-premises management: For organizations with compliance requirements or network segmentation needs that demand isolated management, FTD supports traditional on-premises management servers.

Hybrid approaches: Many enterprises operate with a blend—critical systems managed on-premises with tighter controls, while branch offices and less sensitive infrastructure leverage cloud management for operational efficiency.

This flexibility addresses a real pain point in enterprise security operations. Many organizations are locked into suboptimal management models not because it’s technically superior but because changing it involves significant effort. FTD’s flexibility means you’re not forced into a single approach; your management model can evolve with your organization.

The operational benefits are tangible: reduced management overhead, faster policy updates across the enterprise, simplified disaster recovery (the management plane isn’t a single point of failure), and the ability to scale security controls without proportionally scaling management staff.

Identity-Based Security: Moving Beyond IP Addresses

Traditional firewalls operate on network constructs—IP addresses, ports, protocols. But this approach has fundamental limitations. An employee working from home, in a coffee shop, or traveling for business might operate from any IP address. Conversely, a compromised workstation on your corporate network might be the same IP range as trusted assets.

FTD’s integration with Active Directory and identity management systems enables policy enforcement based on who a user is, not where they’re coming from. Here’s how this transforms security:

User-aware policies: Rules can now specify “block this application for users in Finance department” rather than “block port X.” This is both more granular and more maintainable.

Risk-based access: Combine identity with device posture information—a contractor accessing from an unmanaged device might face different restrictions than an employee on a managed laptop.

Compliance and auditing: When policies are based on identity rather than networks, compliance audits become simpler. You can demonstrate that you enforced controls based on user roles and responsibilities.

Practical example: A developer working on the corporate network shouldn’t be able to use peer-to-peer applications. With identity-based policies, this rule applies to developers everywhere—on-premises, remote, branch offices. With traditional IP-based policies, you’d need separate rules for each location.

The integration with third-party solutions extends this further. By connecting FTD with SIEM systems, endpoint management platforms, and user provisioning systems, organizations can create dynamic security policies that respond to real-time conditions.

Third-Party Integration and Ecosystem Approach

No single security tool solves all problems—a lesson the industry learned through painful experience. FTD acknowledges this through extensive integration capabilities.

Integration points include:

  • SIEM systems: Alert data flows to centralized logging and correlation engines
  • EDR: Firewall detections trigger endpoint investigations; endpoint threats inform firewall policies
  • Threat intelligence feeds: Real-time threat data from multiple sources enhances FTD’s detection capabilities
  • Identity and access management: User provisioning systems keep policies in sync with organizational changes
  • Network monitoring tools: Packet captures and flow data integrate with analysis platforms

This ecosystem approach reflects security’s evolution toward orchestration. Rather than expecting one tool to be omniscient, modern security operations build connected systems where each component shares context. A firewall detects suspicious traffic patterns and automatically triggers an EDR investigation on the source endpoint. Endpoint telemetry reveals a user shouldn’t have this level of network access, and access controls are automatically adjusted.

Implementation Considerations

If your organization is evaluating FTD or planning a migration from legacy platforms, consider these practical factors:

Assessment Phase:

  • Audit current firewall rules and policies—many are outdated. Migration is an opportunity to rationalize rule sets
  • Inventory management infrastructure and determine optimal management approach for your organization
  • Evaluate which integrations will provide immediate value versus nice-to-have features

Pilot Deployment:

  • Start with lower-risk network segments or branch offices, not your critical path
  • Run parallel with legacy systems during initial deployment
  • Validate management workflows match your operational procedures

Identity Integration Readiness:

  • Ensure Active Directory or identity management system is accurate and up-to-date
  • Define role-based policy groups before deployment
  • Plan for identity-based policy testing

Threat Intelligence Configuration:

  • Determine which threat feeds are relevant to your threat model
  • Establish processes for responding to threat intelligence alerts
  • Configure alerting thresholds to minimize false positives

Training and Readiness:

  • Operations staff need training on cloud-based management if transitioning from on-premises
  • Security team should understand EVE capabilities and limitations
  • Plan for documentation updates to reflect new policy models

Integration Planning:

  • Identify which systems will integrate with FTD
  • Establish API credentials and access requirements
  • Define data flow and determine what information should be shared

Key Takeaways

  • Firewall evolution matters: Understanding how firewall technology has progressed from PIX through ASA to FTD helps inform modernization decisions and highlights why staying current matters in security
  • Flexibility enables adoption: FTD’s multiple deployment and management options mean organizations aren’t forced into a single architectural approach; solutions can scale with your needs
  • Encryption doesn’t mean invisibility: EVE enables threat detection and prevention in encrypted traffic without requiring wholesale traffic decryption, balancing security and privacy
  • Identity transforms policy: Moving from IP-based to identity-based access control is more granular, more maintainable, and better aligned with how modern organizations actually operate
  • Integration multiplies value: FTD’s ecosystem approach means it works better when connected to other security tools—treat it as a component in an orchestrated security system
  • Migration is modernization opportunity: Transitions from legacy firewalls provide chances to rationalize policies, update processes, and implement best practices alongside technology changes
  • Hands-on experience is essential: Sandbox labs and trial environments are not luxuries—they’re critical for understanding how FTD’s advanced features like EVE and identity integration will work in your specific environment

Why This Matters

For IT professionals managing network infrastructure, firewall modernization is increasingly urgent. Legacy platforms like ASA have reached maturity, and while they remain functional, they weren’t designed for threats that didn’t exist when they were engineered. EVE, identity-based policies, and seamless cloud management aren’t nice-to-have features—they’re becoming table stakes for organizations trying to maintain effective security postures.

The broader context matters too. Security operations have fundamentally changed in the past decade. The perimeter has dissolved as users work remotely, applications move to the cloud, and data flows in directions that traditional network models never anticipated. Firewalls like FTD that can operate flexibly across on-premises, cloud, and distributed environments while providing identity-aware policies and encrypted traffic visibility are designed for this reality, not the network architecture of 2010.

Additionally, the shift toward orchestrated security—where firewalls, endpoints, SIEM systems, and threat intelligence work together—is where the industry is heading. Organizations that understand and implement this integrated approach will detect threats faster, respond more effectively, and maintain security controls with less manual effort. FTD’s architecture and integration capabilities position it well for this future, but only if implemented thoughtfully with attention to how it fits into your broader security ecosystem.

    ---

    Listen to the full episode on [YouTube](https://youtube.com/@SecurityIn45) or subscribe via [RSS](https://media.rss.com/security-in-45/feed.xml).

Full Transcript

Click to expand the full episode transcript

Well, good afternoon, everyone, or if you’re in the West Coast, good morning to you. Today is Wednesday, September 20th. And welcome to the kickoff of Cisco’s newest security specific webinar security and 45. Now, this is going to be a monthly webinar series, and we’re going to talk about the latest security challenges in our industry.

And for us on the call, how to stay ahead of the game. No slides, just good conversation. That’s what this show is going to be all about each month. And each session, we’re going to have a special guests and they’re going to be experts in particular topics.

I am very excited about the 2 amazing guests that we have today. We invite you to enjoy the series. However, is best for you. You can watch in, or you can just listen in whatever you prefer.

You can listen in from. You know, at lunch, Jim break room, whatever you want to do, you don’t necessarily have to have a screen in front of you to enjoy the series. Who am I? My name is Mike, I’m 1 of your 2 hosts for the whole series and I’m joining from my home here outside of Raleigh, North Carolina.

It is a beautiful sunny day here. I’m about 10 miles from Cisco’s RTP campus. I’ve been in the security industry. I’m going to date myself here 20 years.

The last 14 of those have been at Cisco. On various security related teams, and I’ve got to run into a lot of very fun people over the years, knowledgeable people. And I’m really excited to be here with you today. Let me turn it over next to my partner in crime.

Ladies and gentlemen, your cohost. Or my cohost are Andre Sarmiento. Thank you Mike. Thank you for that intro.

And yes, Andre Sarmiento here. Super excited about this new webinar series. It’s going to be incredible. I wish I had this a few years ago when I was starting in the field.

But just blessing of technology, we can do this and we can do it a lot of times. So I come from a background from being a partner, being a customer and now working at Cisco. Super excited to see everything that we get to see and, you know, as one of the ideas was we cannot wait to show you exactly what are the things that we have. In store for you guys and.

Just with that, I’m going to pass it to Rob. Rob, introduce yourself if you don’t mind. All right. Well, thank you very much.

Hello. My name is Rob Kator. I’m a technical solution specialist here at Cisco covering security. I’ve been with Cisco for almost geez, 12 years now started out in the tech.

And now here in sales pleasure meeting you and I hope you have enjoyed this webinar. All right, I think that’s my cue. My name is Kiana Brown. I am currently a technical solution specialist in the US public sector.

But much like much like Rob, we work in the same team. We deliver on these different security solutions and I’ve been at Cisco say. And that is not because I’ve been here very long. I would say probably about 7 or 8 years.

I’m terrible with time, but something along those lines. And spent a lot of time working with some firepower adjacent solutions before I really got to take the time to really zone in and focus on it. So super excited to talk to you all today and to get this conversation started. I’m really excited for today’s topic, which is firewalls firewalls.

They’re at the heart of security. They’re fundamental to securing everything people, assets and companies. Now, because firewalls are at the center of security, I mean, this is going to be a long series monthly, but we really wanted to start with firewalls here. Rob and Kiana, your background with firewalls is quite extensive.

I’m really looking forward to talking with you both today. Kiana, I know you said you’re not good with time, but I know you’re good with firewalls. You’re always the firewall guy back in the tech days. So, so let’s do it.

The first question and Rob, I’d like to start with you on this one. Sure. You don’t mind here. Why don’t you give us all kind of an overview Cisco’s history with firewalls.

It’s very long. Like, when I started, I mean, we don’t have anything to say, but where did we start? Where are we now? All right.

Well, thank you. Yeah. So it started back in the early 90s with the PICS firewall, right? The PICS firewall provided basic firewall capabilities.

It actually was considered a pioneer in network firewalls. It was the first commercially available firewall that introduced protocol specific filtering, denying or allowing access based off of protocol. And it provided NAT capabilities to solve at the time. The IP address shortages that we had, right?

And then in around 2005, Cisco introduced the ASA, which was a new and approved version of the PICS. It provided more advanced, well, at least at the time, considered advanced features such as intrusion prevention, VPN capabilities, advanced application inspection, and so on. Advanced application inspection and even QoS, right? And the ASA became the staple for Cisco firewalls.

And then in about 2013, Cisco acquired Sourcefire. And our first integration with Sourcefire and the ASA was with the Firepower module. With that module, we were able to do more deep inspection of packets. Malware detection and even URL filtering.

And it was a big step for us, but it did require two different managements, right? So we had the management for the ASA and then the management for the Firepower module. So in order to resolve that, Cisco developed Firewall Threat Defense or FTD. This was a unified image that combined the well-established firewall capabilities of the ASA with those advanced threat detection capabilities of Sourcefire.

FTD is designed to provide a comprehensive security capabilities in a single solution, making it one of the, you know, making it a perfect solution for your business, whether it’s a small company or largest enterprises. That’s great. You know, it’s interesting seeing the changes. And you mentioned ASA.

So, see, when I started, there were still some fixes out there that we were still supporting. And it was what we call now the classic ASA. And I remember manually having to update those ACLs and a lot of that stuff that now is just automated, but pretty interesting. Nick, you know what else is a fun fact?

I remember that ASA5505, that thing sat on my desk at TAC for so many years. We kept pushing out that end of life day because it just kept working. It was a beast. Yeah, a little box, but it did its job.

But like you mentioned, you know, now we’ve got that FTD. Things are more updated, you know, zero-day threats are downloaded immediately. So very cool stuff. Yeah, no.

And you know what, from the things that I remember, I remember the PICS. Actually, that was the first thing that I migrated to an ASA long time ago. It was crazy. Just a little bit of nostalgia here.

Anybody remember what PICS stands for? Whoa. You want me to tell you? Let’s do it.

Let’s do it, Rob. Private Internet Exchange. There you go. Exactly.

Yeah, I didn’t know what it meant at the time. All right, let’s keep going. Keon, I think one of the things that our audience wants to know probably, just to understand the high level of the Cisco Secure firewall story, what are the primary differences between FTD and the ASAs? If you don’t mind going over that for a bit.

Okay, sure. So, I mean, Rob alluded to a few of them already, right? So, I mean, when we look at just the ASA core software, right? And this is not having a Firepower Services module.

We’re looking at the basic capabilities of a firewall to really take it to that next level, right? That’s when we’re going to start looking at software that we call FTD. Cisco is terrible at acronyms and using them for everything. So I’m going to try to explain all of them.

The first one is going to be FTD, which is Firepower Threat Defense, right? So Firepower Threat Defense gives us the capability to use what we call those next-gen capabilities. So that intrusion detection and prevention is pretty standard for most modernized firewalls today. But you’ll also have the capability to take a look at how we can do some layer 7 filtering with application visibility and control.

We also have the capability to take a look inside of that traffic through quite a few features and be able to make a discernment of whether we want to permit or deny some of that traffic as well. And then on top of that, it doesn’t stop, right? We also have the capability to do URL content filtering there too. And the way that we license it now is a little different than how we would license it on the ASA, right?

Most of the licenses you’ll see for Firepower Threat Defense are going to be typically through smart accounts. And we use them as something we call TMCs, right? So that threat, that malware, and content. And respectively, right, that threat is your intrusion detection, intrusion prevention capabilities.

The malware portion, which is a really, really cool portion, allows us to take a look at the files within that traffic if we decrypt it, right, and be able to make a decision on whether those files, those attachments, or anything along those lines are clean and malicious. And then the next thing that we have, right, is C, which stands for content. It goes straight to content filtering there too. So, I mean, even just licensing aside, there are other things that we bring into play when we talk about Firepower Threat Defense, right?

One of them is also going to be the capability to actually be able to pull threat intelligence information from Talos. And then along with pulling threat information from Talos, we also have Active Directory integrations. So we can also take a look at the identities that are associated to the events that we see in the console, right? So these are just a few things that are just starting very, very high level.

But even if we take it a step further, right, we can take it one more step further and actually talk about what exactly the Firepower Threat Defense software sits on top of, right? In the past, right, there have been virtual and physical appliances moving towards Firepower Threat Defense and other technologies in the future. We are definitely looking and gearing more towards, you know, some cloud-based services. And of course, some of those cloud-based services, so we can do Firepower Threat Defense on top of AWS, for example, right?

We can take it even a step further in terms of how we want to go, you know, with innovation. I think those are some of the main differences that I can think of off the top of my head. That’s awesome. That’s great information.

I like the flexibility and the things that we can integrate with. I guess at some point we’re going to discuss some of those things. But before that, I want to bring another piece of nostalgia for everybody here. The Cisco VPN 3000 concentrator.

Anybody remember that one? I remember, yes. The 3K. That was another one that we got to play with.

So. I love that even then we choose to abbreviate even the 3000. We’re just like, no, 3K is fine too. Like we just love shorting things, don’t we?

Thinking back on it. We know we love our acronyms here at Cisco, right, Niana? Oh, for sure. No, but I think that question is great because that’s a big one I get from a lot of customers is like, I have an ASA.

Where do I go from here? You know, and there is an education piece about like, well, what is the FTD and, you know, why do I want to move there? And some of those things you mentioned are so key. A lot of that, even just simple stuff, what we call simple now, but just the ability to integrate with Active Directory.

And I don’t need to like memorize all my IP addresses and all my IP schemes. I can make a rule based on an Active Directory username or group. So. Excellent.

How do somebody talk about like the management of this new great FTD platform? You know, like Rob, when I would go to you with all my firewall tackles back in the day, it was always on ASDM. How do I manage? You know, I’ve got some firepower firewalls running this FTD software and open floor.

Just how are the management options there? Well, the good news is no more Java, right? So ASDM gone, right? To be honest, I mean, that’s one of the great things about firepower because there are several different options to manage your devices depending on your needs and preferences, right?

Each option provides ways to configure and control your devices, but they do differ a little bit, right? So first we have the Firewall Device Manager or FDM if you want to use your acronyms. This is a local web based interface for managing individual FTD devices. It’s an easier solution typically seen in smaller environments that prefer a more device specific management approach, right?

Firewall Device Manager offers a simplified interface for configuring security policies, network objects and basic monitoring, right? But it does lack some of those advanced features that you would see in other solutions such as the Firewall Management Center or FMC, right? So FMC is a comprehensive centralized management solution that provides not only advanced visibility and reporting capabilities, but you can manage a single device to hundreds of devices all from a single interface, right? It provides advanced policy management, customized intrusion prevention rules.

You can actually even create your own intrusion prevention rules, malware detection and application controls. FMC also provides advanced threat intelligence and analytics to help you identify and respond to security threats. Now for those that are moving towards the cloud, we have Cisco Defense Orchestrator or CDO, right? CDO is a cloud based management service platform that is designed for simplified security policies, not only for FTD devices, but you can manage the security policies for ASAs, iOS and even Meraki MX devices.

But recently we’ve added the cloud delivered FMC into CDO. So now we have those same functions and features that you would get with an on-premise FMC, but hosted in the cloud. So you can connect to CDO without having a VPN into your network. You can even connect to it from your phone if you wanted to.

And then of course, there’s always the REST APIs, right? So APIs are a kind of a programming interface that allows you to manage and get information from your devices. So a lot of options there for managing FTD. I personally like the cloud management one.

I mean, if my firewall has internet access, then that’s all I need. Let Cisco host it in the cloud. I just have a username and password and as long as my firewalls can reach the cloud, I’m good to go. Yeah.

And then you don’t have to worry about the hardware or, you know, in my situation, I don’t have the server to spin up a virtual FMC and I don’t have to maintain it. I don’t have to update it or anything. Cisco takes care of it. We definitely see that in the industry too, not just firewalls, but in general, everything moving to like SaaS based offerings.

Hey, just give me an account. Just, you know, let me have an accountant management. I don’t want to be the guy that is always bringing the nostalgia back, but I do remember from the past, the management was a little tricky. It was a little difficult, but I think we have to think that, you know, there’s been a lot of enhancements, flexibility, just, you know, having multiple options to have a way to manage your firewalls.

That’s really good. It’s actually really good to see. All right. So I guess we do have a few more questions and this one is one that is really, really, really important to me, important from seeing multiple vendors, seeing multiple solutions and just, let’s talk about a little bit of how FTD will fit into our customer’s ecosystem.

Like let’s talk integrations. What are the things that you guys see in the field and find out about? What are the things that you guys see in the field? And if you don’t mind, anybody can answer this one and just go for it.

Yeah. I mean, I love to talk, so I’ll hop in here. It’s been a few minutes. It’s been awful.

So in terms of, you know, some integrations that I typically see, right, or at least I think can prove to be the most useful from a scalability perspective, right? One of them I actually referred to earlier was the Active Directory integration, but the way that that happens, right, we used to have an overall user agent that was deployed, but now we’ve actually leaned on the identity services engine to give us that information, to query that from that Active Directory source or other identity sources as well, right? It doesn’t just have to be Active Directory. That’s one primary integration that I usually see.

We used to have a lot of jokes around talking about, you know, how it’s a story of fire and ice, but I don’t think that stuck too well, but that was definitely one of the primary integrations that I had personally seen. There are some other ones that are happening too. I think one that is not necessarily open or I should say everyone’s aware about is the umbrella and the firepower integration as well, right? If you’re not familiar with umbrella, umbrella is essentially going to be helping us from a DNS level, right, to be able to block or to permit access to different types of domains based on the threat intelligence information we get, right?

So most of the solutions that we have are going to be powered by our Talos threat intelligence source. And another integration that comes to mind now that I’m thinking about it is also extra threat intelligence feeds, right? Right now, as far as spinning up firepower in this kind of native state, I should say, natural born state, right? You’ll get the threat intelligence sources from Talos threat intelligence, but there are other external threat feeds that you could pull from as well, right?

So it’s not just limiting you to one team, right, if that’s something you don’t want to do, you can pull from multiple different sources that can once again help you to make more educated, more defined decisions, right? Another one I’m trying to think of off the top of my head, if you’re not aware, actually, this is a good one, is also going to be Cisco XDR. Now it’s called Cisco XDR, but XDR stands for Extended Detection and Response, right? But they’re calling it Cisco XDR.

So what you can do with Cisco XDR is you can also pull an telemetry from firepower into what we call that kind of single pane of glass solution, allow us to make those ultimate decisions based on the incidents that we see across different platforms, right? So those are some of the primary ones that we’ve seen, but it’s not just limited to Cisco solutions, right? We still have integrations with other third parties that we do either via APIs, for example, or other types of ways that we may bring those together. So it’s a very scalable ecosystem, I think, that firepower can reach.

And that’s what it should be, right? At its base, a firewall is kind of that, you know, that I would say almost like the bare minimum layer, right? So we need to make sure it’s as scalable as possible. I like the idea that we can integrate with third party as well, third party and, you know, native Cisco integrations.

I think it’s important, and a lot of people don’t understand the breadth of Cisco in a topology, Cisco security specifically, like where the endpoint, the network, you know, the data center, any of the cloud providers, your private cloud you may have. But when we start talking about integration, specifically with firewall, we’re kind of like connecting into all of those areas. And that really helps with things like threat hunting as well. Having my firewall, you know, maybe I detected this threat through an email that came in, but I’m able to use the capabilities that the firewall is giving me to provide insight into that threat that was, you know, originally detected in an email.

Yeah, like the whole point of that is just, oh, sorry, Rob brought up his hands. Did I interrupt you? No, please go ahead. All I was going to say is, right, that just brings back the basis of just shortening and minimizing the overall mean time to respond, right?

Time is of the essence in any type of ecosystem when it comes to security. So that’s all I wanted to say there. But Rob, please, by all means. I just wanted to add about the integrations, you know, it’s not just Cisco, right?

Because Cisco collaborates with, you know, other technology partners to ensure that the FTD can integrate effectively with other security solutions that are out there in the market. You know, our goal is to make a holistic approach to network security. Yeah. That’s actually really good.

Yeah. I mean, I think that we can probably talk all day about the integrations. There are so many great things that we can see. We get to see customers just, you know, exporting all logs, using all logs to support it to SIEMs, to XDR systems.

It’s not only Cisco XDR, of course, you know, that is an availability for multiple customers and just the ease of integration with multiple systems just makes a lot of sense. So that’s great. And I think we could have a whole call, like you said, Andre, on just integrations among Cisco products, not just firewall. Maybe we’ll do that.

And Kiana, thank you for the plug about Cisco XDR, which is going to be our next call. So excellent work there. All right. A couple months ago, we had internal training about internal training about what we call the firewall road skill.

And we talked a lot about firepower and the latest and greatest in terms of technical advancements and innovations. Some of those are things that only Cisco has. And I thought it was pretty amazing. Let’s talk about some of those innovations and why are Cisco firewalls, you know, the leader in our industry when it comes to security.

Oh, okay. So I think one of the ones that I, it’s my personal favorite, just because I think it’s such a cool topic. And I don’t think it’s discussed enough is something called EVE, which once again, acronyms, right? EVE stands for the encrypted visibility engine.

So essentially it allows us to be able to identify applications and the processes of those applications without decrypting encrypted traffic, right? Which sounds like it sounds a little bit like a misnomer, right? But essentially the way that we do that is we’re taking a look at the client hello packets and the fingerprinting of those particular applications. And then we’re actually taking that back to our app ID database, which has 7,000 applications so far, right?

And we’re able to identify those. And then we can give you that information in multiple different areas, right? The most popular area in terms of depending on your management style is going to be some type of event viewer. So for FMC, it’s a unified event viewer, for example, you can actually take a look at the applications that are in some of that traffic without actually having to do the decryption.

The reason why this feature is so important, right? Is because I think anyone that’s been on this call that’s had any type of conversations with firewall vendors have always talked about the capability of SSL decryption specifically. And so with the overall topic of SSL decryption, usually there’s always that kind of caveat that says, hey, depending on the amount of traffic that you’re looking to decrypt, there may be some type of performance on the firewall, right? We don’t have to worry about that with the encrypted visibility engine if we’re just taking a look at the applications and the processes are inside of it, right?

And then that also saves a lot of money too, right? And I mean, I love saving money, right? I love Target. And so I think that when we get to those big cups, oh yeah, exactly.

This is what I’m talking about, right? Saving money so I can buy my, you know, just feed my addiction, my collection. And so, you know, it saves a lot of money there too, right? Because when we’re talking about any potential performance hits in the past and enabling SSL decryption, usually you have to kind of over utilize a firewall or meaning you have to kind of over spec it, right?

At this point, you can actually work with what exactly it is the requirements you’re looking for without having to think about these, you know, kind of like, you know, doomsday caveats such as, right? Taking a look at the applications within that traffic. So that’s one of the first ones that I think is just a really cool feature. And the reason I think it’s super cool as an engine is because all you have to do is click a radio button to enable it in your access control policy, right?

So, I mean, that’s one thing that I think is really cool to use there. Now, keep in mind that with the encrypted visibility engine that is on Firepower version 7.2, keep me out on this everyone, I think it’s 7.2 and above. But there is another feature that was available a little bit earlier than that, like in the 6.x days. And this was something called TLS Server Identity Discovery, which doesn’t have an acronym, so it doesn’t really roll off the tongue really, right?

But that allowed us to be able to essentially unencrypt the certificate information, the server certificate information by doing kind of like a sidecar, you know, session. So for example, if we had a connection coming in on TLS 1.3, you could do a sidecar conversation that opens a TLS 1.2 conversation to take a look at that information. Once again, this is also something that we could do in terms of, you know, utilizing some of those innovative features. And that was only like the top two, right, that I think about off the top of my head.

There, even in our firewall roadshow, I think we had about what, four different use cases covering a myriad of other information too. You know, Rob, before I know you probably want to jump in as well, but the ability to analyze encrypted traffic without decrypting, I mean, I agree when I first heard that, it was kind of mind blowing because, you know, most of my tech career was on the BPN team, and that’s all we did was encryption and privacy and the integrity of traffic. And with this technology now, we are able to have our policies still apply without actually compromising the privacy of the data. Because like you said, we’re just looking at fingerprints of the encrypted headers basically.

And it’s just pretty amazing. Cisco being the only vendor in the world that can currently do that. It’s incredible to me that, you know, 80% of the world’s traffic, over 80% is encrypted. So we spend so much time fine tuning our policies.

Like we want our users to be able to go here safely, but not to these other more dangerous sites. And the user can just skip all of that just by encrypting that traffic. And we can’t enforce that policy anymore. So I really like the concept of being able to keep everyone’s data private, but still being able to enforce our policies.

Like you said, Kiana, looking at a data sheet saying, this is the firewall you want, but if you want to really enforce those policies, you know what? You can still do that at line rate speed by toggling a button. Pretty amazing. Time to be alive truly.

So many, yeah, so many, so many features, so many things to do with the innovations that we started seeing a few years ago and get to see today. And I don’t know if you guys heard there’s a new improvement that is a chat bot. I don’t know if you guys heard about this one. It’s coming.

It’s pretty fresh out of the, out of the, the oven, but it’s pretty cool. Actually one of the things that I want to do at the end of it, or maybe in a further webinar is just talk about that because it’s interesting. It allows you to talk to the firewall, right? Just say, Hey, do I have any policies that are not being used?

So pretty cool. And it responds right away, just like chat, dbt type of thing. Yeah. And Kiana mentioned, you know, applications and we now have SD-WAN light or light capabilities, right?

So now with firepower, we can direct traffic based off of the application. So if we have multiple, uh, internet links, right, we can send WebEx traffic over the primary link or some other application off the backup link and we can monitor the link’s health, right? So depending on the round trip time or packet loss, we can pick and choose which interfaces we want to send that traffic. So a lot of capabilities are being added into firepower, which is really exciting to see.

And Rob, that ability for the SD-WAN light use cases, that’s automated, I’m assuming, right? Yep. We can go in there and manually do anything, based on something like getter or latency delay. Right, right.

So we’ll constantly monitor the interface itself. If something changes, we can reroute the traffic a different path. That’s awesome. That’s very cool.

The other thing I would just think top of mind is, you know, we just talked about a lot of software-based features, but then the hardware as well. Cisco’s always coming out with, you know, leading hardware technology as well, like the new 4200 series. I know the 1150 has been out a while, but some pretty cost-effective solutions for the wide breadth of customer base that Cisco has. Yeah, yeah.

And thank you for that. Actually, I want to mention something about the 3105, just, you know, with the issues that we had with logistics and, you know, making this hardware platform, this one, it will start just with that in mind. So with the shortage on supplies and this platform, 3105, and I think the new 4200 is going to be around more effective supply chain. So we’re going to see some improvements on that area.

Now, I’d like to move to the next one. And yeah, this one, I think it touches a little bit on that nostalgia. I think I mentioned this three times today on the webinar series, but if anyone can just talk about a little bit of growing pains that we’ve had with firepower in its early years, anything that you can mention that, you know, we cannot really, I’m pretty sure we cannot relate with some of them, but I’d like to hear from the experts on the call, if you don’t mind. Yeah, absolutely.

You know, the Sourcefire acquisition brought significant expertise and technologies to Cisco, right? And integrating Sourcefire’s advanced threat detection and technologies into our existing security products required complex re-engineering. Complex re-engineering, right? We were talking about taking two very different software architectures as well as like cultures and technologies and adding them, you know, each one had different roadmaps.

And so deciding which features to implement first was challenging, right? So in order to resolve that, you know, Cisco not only spent a lot of money, but time and resources to address these issues. And we continue to invest in all of our security products, you know, refining and enhancing the integration of Sourcefire’s technologies to expand our cybersecurity portfolio. And honestly, now we’re starting to see those results, right?

So not only with the number of features that Keanu mentioned, you know, the policy-based routing, clustering, multi-instance, we have that crypto accelerator chip now to alleviate a lot of the processing of encrypted traffic. But to me, more importantly, we’re not just talking about the security, but to me, more importantly, stability, right? So when Firepower was first introduced, it could take quite a long time to deploy changes. And if your deployments ever did fail, it was very difficult, not only for our customers, but for ATT&CK to understand exactly why a deployment failed.

And so, you know, troubleshooting is critical to Cisco as well. And so we’ve made it so much easier to not only understand why a deployment may have failed, for example, but reducing the time and effort to correct the problem. That’s awesome. That’s like some to hear.

That’s beautiful. Yeah. And, you know, I remember I lived those days right there with you, Rob and ATT&CK. And, you know, that was challenging when Firepower first came out.

It obviously on the 7.x code, it’s been like you mentioned, stability is huge for me too, you know, coming from ATT&CK. And it’s been stable for many, many years. But, Andreas, I’d like that you brought up that question. I think it’s important to consider the journey.

And, you know, I tell my kids this as well. Like, if you’re going to get to a successful position where you really want to be, you know, you’re going to have challenges and you may stumble along those along the way. But to get to something really great like we have in FTD today, you know, it doesn’t happen overnight. But I’m really personally proud of our firewalls and especially talking about some of the innovations that they have now, pretty remarkable stuff.

Yeah, yeah, I agree. Actually, remember that what Rob just mentioned about the deployments, it used to take a long time. I think I had five cases with probably one of you two. I don’t remember.

We remember you, Andreas. Oh, not that guy again. You know, one thing, and this is probably a good opportunity to bring this up is that, you know, the reason it’s stable to now is software based generally, you know, with some unification of hardware as well. But if you are running that older six code, that early six code, do reach out to us on the call or your more directly your Cisco account team.

We help customers get onto stable code. And if you’re listening on this call and you’re like, hey, I’m one of those customers that’s running that old six dot X version of FMC, need to consider getting to that seven dot X code for stability. All the innovations that we’ve talked about today, including Eve, as well as deployment times, you know, there’s a packet processing, everything has improved just with a simple software upgrade. So just stuff to keep in mind there.

Absolutely, absolutely. All right. Next to maybe just 30 seconds. How does the customer start using Firepower?

I’m on this call. I like what I hear. How do I get started? The first thing I’d say is, you know, reach out to your account team, right?

Because I mean, there’s a few different ways you could go about it, right? One of the most common ways, right, especially from moving from ASA to Firepower Threat Defense, you could use a Firepower Migration tool to actually be able to facilitate with that, right? But there are also capabilities in place. If you wanted to move from a non Cisco firewall to a Cisco firewall, we actually have programs that would assist you in that migration there too, right?

And then another thing to keep in mind is, you know, of course there are opportunities for us to perform demos and whatnot for you all, but you really won’t get the best idea of how it works in your environment until you do it, right? So we also have capabilities to do 90 day Firepower virtual trials, right? On top of, you know, VMware, for example, and you’ll be able to actually, you know, try it before you buy, right? And that’s if you decided to buy.

If not, right, you can use those comparisons and give us that feedback and we’ll do what we can with that information. So, okay, that was probably more than 30 seconds, but I think I hit on at least the high points of what you could do. One more thing, you could also, if you don’t want to deploy Firepower Threat Defense in your own environment, you don’t want to use those virtual resources, right? You can also come to us and we can build a sandbox lab for you to try these things out, right?

And you can actually test out those features, break and fix as much as you want, or you can just break stuff and leave it for us to fix too, right? It’s kind of the fun of the trial. So I think those are a few things that off the top of my head that we can do there. I hope I didn’t miss anything.

Did I, Rob? No, yeah. The only other thing I was going to add was if you just want to play around with an environment that’s already set up, kind of like you alluded to, Kiana, it’s a nice easy way to do that. Here’s your username and password.

Have fun. Let us know what you think. Well, we are coming up on time here. We’re going to jump to quick to the lightning round.

We’ll just get a couple of these questions in here before we close this out. Let’s have some fun with this. All right, Kiana, I’m going to go straight to you. Real quick answers if we can here.

What is the most underrated feature in Firepower in your opinion? Oh, I already said it, Eve. I think Eve by far. Yeah.

Encrypted analysis capabilities. Okay, I like that. Impact flags. What was that?

Impact flags. Yes, yes. Good one. Wow, great call.

All right, follow-up question for you, Kiana. If Cisco licensing, which we all know and love, was a food item, what gift would it be and would it come with extra complexity sauce? Oh, for sure. That would be the garnish for sure.

That’s like the icing on top. I’ve been watching a lot of cooking shows lately. I’d say like it’s like a risotto because like when I first started making risotto, I thought it was easy and then there’s so many sub layers to it, right? At first I was like, oh, it’s TMC licensing.

Very simple, very straightforward and it’s so much more to it than that. So I’d say a risotto with a little complexity garnish. That was good. That was good.

Now, Rob, I have a couple questions for you. First one, what is your preferred management method for Firepower? Cloud-deloaded FMC. For me, it’s just easy.

It works. It’s simple to set up. And you don’t have to maintain a VM. Absolutely.

I agree with that one. All right, the next one. This one seems a little serious and important. Do Cisco firewalls ever engage in debates with routers about who is more critical to the network?

Have you heard that? Do they engage in debates with routers? No. I mean, everyone knows that the firewall is more important.

No, but the nice thing is we can deploy the snort engine in a virtual container on some of our routers. So now you have the best of both worlds. Oh, wow. Yeah.

Very nice. All right. Good. Well, we could keep these Cisco-themed dab jokes going all day.

But, Andres, why don’t we wrap this one up with a quick summary? I’ll start it off just to add my personal takeaways. Rob, we started off with you kind of going through that evolution. We went way back in the day.

I still can’t remember what it’s called anymore, what the acronym stands for, but PICS. We went into the ASA, we had the transformation into Firepower, and today we’re at the stable FTD software. I thought it was important, Andres, that you brought up the journey to get there, some of the pain points that Cisco went through to get to where we are now. And Kiana, you talked about some of those features of FTD.

We talked about the T, the M, the C, the threat, the malware, the content filtering that are all built in that we don’t have to update. We get those feeds from Talos in real time for threat information. One of my favorites was that Active Directory integration, as well as a Veo location, and I could keep going. Andres, what about you, some of the key takeaways?

Yeah, actually, one of the things that really resonated with me, and I hope it resonates with our audience, is the flexible deployment options for FMC, all FMC, just multiple ways of managing your Firepower. I guess we didn’t touch too much on the migration from ASA, but that is another great thing that we think it’s going to be, it’s going to help a lot of our customers. The integrations makes a lot of sense. This is a key differentiator between what we do, what other companies are doing, and this is huge.

And I guess the ability that we have internally to help our customers do those migrations, I guess there’s a few things that we can do, engage a team, it’s called the Firestarted team, and basically we can help with those migrations. Last thing, which I think is super cool, is the ability to get started running and playing with Firepower. You can do it, download the image, if you don’t want to, download the image and you have access to a cloud environment, let’s say Azure, AWS, you can just spin up an FMC, an FTD, and then start playing with it with full capabilities for 90 days, I believe. So those are the highlights from this session today from my end, and just super happy to be here, and let’s do this again next month.

Great, yeah. A lot of the things that we’ve done today, we’ve done a lot of things, but we’re going to keep it up to date. Great, yeah. On that note, Andres, thanks for being an amazing co-host and a huge thanks to Rob and Kiana for making today’s session possible.

I really appreciate all you do in the security industry. I know there’s a lot of stuff outside of this call that you certainly help out with. Our next call is going to be on Cisco XDR, keep it at noon so people can just listen in even over their lunch break, whatever’s best for them. You definitely don’t want to miss this one.

We’re going to talk about what XDR is, what it does, and how it can make you look like a complete security hero. I really hope you guys have enjoyed this kickoff session to the series as much as I have. We’ll see you on the next one. If you get a survey, we’d love to hear your feedback.

Have a terrific day, everyone, and we’ll see you soon. Thank you. Thanks, everyone. Have a good day.

You too.