Cisco on Security in 45 | Cisco Security Podcast

Cisco ISE Configuration Guide: 802.1X, Profiling, and Secure Access

Mon, 30 Mar 2026 00:00:00 +0000

Cisco Identity Services Engine (ISE) is the policy backbone of a zero trust network. It answers the fundamental question: who and what is connecting to my network, and what should they be allowed to do? Whether you are enforcing 802.1X authentication on wired switch ports, wireless SSIDs, or VPN connections through a Cisco FTD firewall, ISE is the centralized policy decision point that ties it all together.

This guide walks through a practical ISE deployment covering switch configuration, Windows supplicant setup, FMC/FTD integration for VPN, profiling basics, and the policy sets that make it all work. We assume ISE is already installed and licensed — this guide focuses on the configuration that matters.

MITRE ATT&CK Framework Explained: A Practical Guide for Security Teams

Mon, 30 Mar 2026 00:00:00 +0000

If you work in cybersecurity, you have almost certainly encountered references to MITRE ATT&CK. It appears in vendor dashboards, threat intelligence reports, incident response playbooks, and compliance frameworks. Yet many security practitioners interact with ATT&CK only superficially, treating it as a taxonomy they recognize but rarely use to drive decisions. That is a missed opportunity. The framework is one of the most powerful tools available to security teams for understanding how adversaries actually operate, and more importantly, for identifying where your defenses have gaps.

SASE vs SSE vs ZTNA: Understanding the Key Differences

Mon, 30 Mar 2026 00:00:00 +0000

If you have spent any time evaluating modern security architectures, you have probably run into a wall of overlapping acronyms: SASE, SSE, ZTNA, SWG, CASB, DLP. Each vendor defines them slightly differently, analyst firms keep refining the categories, and the marketing noise makes it genuinely difficult to understand what you actually need to buy, build, or migrate toward.

The confusion is not accidental. These frameworks evolved over several years as Gartner and other analysts tried to keep pace with how organizations were shifting from on-premises data centers to cloud-first, hybrid workforces. The result is a set of nested concepts that are easy to conflate but critical to distinguish when you are making architecture and procurement decisions.

Identity is the New Perimeter — How Attackers Bypass MFA in 2026

Fri, 27 Mar 2026 00:00:00 +0000

For years, the security industry built its defenses around the network perimeter — firewalls, VPNs, DMZs. But in 2026, that perimeter has fundamentally shifted. According to the latest Verizon DBIR and CrowdStrike Global Threat Report, identity-based attacks have officially overtaken email as the number one threat vector. Attackers are no longer trying to break through your firewall — they are logging in with legitimate credentials. In this episode of Security in 45, hosts Mike Veedock and Andres Sarmiento unpack why identity is the new perimeter, how modern attacks exploit MFA weaknesses, and what organizations must do to defend themselves.

Network Segmentation Strategy: Micro vs VLAN Approaches

Fri, 13 Dec 2024 00:00:00 +0000

 Network segmentation remains one of the most critical—yet surprisingly underutilized—pillars of enterprise security. As cyber threats grow more sophisticated and breach containment becomes a primary concern, organizations are discovering that a solid segmentation strategy can mean the difference between a localized incident and a company-wide catastrophe. But segmentation isn't one-size-fits-all; the debate between traditional VLAN-based approaches and modern micro-segmentation strategies has evolved considerably over the past decade, especially as cloud environments and dynamic workloads have fundamentally changed how we think about network boundaries.

What This Episode Covers

The evolution of network segmentation strategies over the past ten years
VLAN-based segmentation versus micro-segmentation approaches
How group-based policy (GBP) enables more granular control than traditional VLAN segmentation
Proactive versus reactive segmentation and their roles in Zero Trust architecture
Enforcement mechanisms including VLANs, zone-based firewalls, and access control lists
Cisco TrustSec and Security Group Tags (SGTs) as enforcement tools
Cloud considerations and dynamic segmentation
How Cisco solutions (ISE, Duo, Multi-Cloud Defense) integrate to support segmentation
Designing segmentation to limit blast radius and contain breaches

Deep Dive

The Evolution of Network Segmentation

Ten years ago, network segmentation was relatively straightforward: you created VLANs, separated traffic by business function or department, and called it a day. Today’s threat landscape and infrastructure complexity have rendered that approach insufficient for serious security programs.

Zero Trust Architecture: Cisco Secure Access Simplification

Fri, 01 Nov 2024 00:00:00 +0000

 # Zero Trust Architecture: Cisco Secure Access Simplification

In an era where remote work, hybrid cloud deployments, and encrypted traffic have become the norm, enterprise security teams face an unprecedented challenge: how do you maintain robust zero trust access controls without overwhelming administrators and end users with complexity? Cisco’s Secure Access and User Suite represents a significant step toward solving this problem by consolidating multiple security tools and connectivity solutions into a unified platform. In a recent episode of Security in 45, hosts Mike Veedock and Andres Sarmiento explored the latest updates and vision for this platform, revealing how organizations can simplify their security posture while maintaining the strict access controls that zero trust demands.

AI Security Risks: How Cisco Secures Artificial Intelligence

Wed, 02 Oct 2024 00:00:00 +0000

 Artificial intelligence has moved from science fiction to business reality, but organizations racing to adopt AI are discovering that innovation and security don't always move at the same pace. As AI systems become increasingly central to enterprise operations—from customer service automation to data analysis and decision-making—they're also becoming attractive targets for attackers and sources of unexpected vulnerabilities. In this episode of Security in 45, hosts Mike Veedock and Andres Sarmiento explore the critical intersection of AI and security, discussing the emerging risks that come with AI adoption and how organizations can build and maintain secure AI systems. If you're responsible for enterprise security or infrastructure decisions, understanding these risks and mitigation strategies has moved from "nice to know" to essential.

What This Episode Covers

AI fundamentals and why adoption is accelerating — understanding what AI actually is and why we’re seeing explosive growth in AI implementations right now
The security dangers of AI systems — examining real threats including data exposure, generation of inaccurate information, and attack vectors targeting AI systems
Cisco’s approach to AI security — how Cisco is addressing these challenges through monitoring, testing, and secure design practices
Practical recommendations for AI users — actionable guidance for organizations deploying AI in their environments

Deep Dive

Understanding AI: Beyond the Hype

To properly secure AI, we first need to understand what it actually is—and perhaps more importantly, what it isn’t. One of the most useful framings from this episode describes AI as “a fancy expensive autocomplete.” While this might sound reductive, it’s actually quite insightful.

Endpoint Detection and Response: Zero Trust Security With Cisco

Wed, 02 Oct 2024 00:00:00 +0000

 Endpoint security has evolved from a simple antivirus checkbox into a critical battleground in modern cybersecurity defense. With attacks becoming increasingly sophisticated—from fileless malware to zero-day exploits—organizations can no longer rely on traditional perimeter defenses alone. The shift toward [zero trust](/pillars/zero-trust/) security principles means every endpoint must be verified, monitored, and controlled, regardless of whether it's in the office, at home, or anywhere in between. In this episode, Mike and Andres explore how Cisco Secure Endpoint addresses these challenges with a comprehensive platform that combines prevention, detection, and response capabilities into a single, integrated solution.

What This Episode Covers

Endpoint Detection and Response (EDR) — How advanced threat detection works beyond signature-based detection
Endpoint Protection Platform (EPP) — Real-time malware and ransomware protection capabilities
Zero Trust Security — The principles behind modern endpoint security architecture
Vulnerability Management — Identifying and prioritizing endpoint vulnerabilities for patching
Data Loss Prevention (DLP) — Protecting sensitive data from exfiltration
Network Access Control (NAC) — Enforcing device health and identity-based access policies
Centralized Management — Unified administration and visibility across endpoint fleets
Integration Strategy — How Cisco Secure Endpoint works within a broader security ecosystem

Deep Dive

Endpoint Protection Platform: The First Line of Defense

An Endpoint Protection Platform (EPP) is the foundational layer of endpoint security, designed to prevent threats from ever executing on your devices. Think of it as your security team’s first checkpoint—it examines files, processes, and network communications in real time to block known malware, viruses, and ransomware before they can cause damage.

Firepower Firewall Updates: Snort 3.0 and Network Security

Wed, 02 Oct 2024 00:00:00 +0000

 As enterprise networks become increasingly complex and threats more sophisticated, the tools we use to defend them must evolve just as rapidly. Cisco's Firepower platform, combined with the latest innovations in intrusion prevention and cloud-native security, represents a significant leap forward in network defense capabilities. In this episode of Security in 45, Mike Veedock and Andres Sarmiento dive deep into Snort 3.0, cloud-based management, encrypted traffic visibility, and practical deployment strategies that are reshaping how organizations approach firewall modernization. Whether you're managing legacy [ASA](/pillars/firewall/) environments or scaling cloud infrastructure, the insights here will help you understand where Firepower fits in your security architecture.

What This Episode Covers

Snort 3.0 Architecture — Multi-threaded improvements and rule customization advances
Cloud FMC (Firepower Management Center) — Cloud-based management without hardware overhead
Encrypted Analytics Engine — Visibility into encrypted traffic without decryption
SD-WAN Integration — Dynamic failover and policy enforcement across distributed networks
TLS 1.3 Impact — Challenges and opportunities in enforcing policy on modern encrypted handshakes
Cloud Deployment Options — Cloud-native and cloud-ready Firepower architectures
Hardware Innovations — NVIDIA partnerships and next-generation firewall performance
Dynamic Rule Variables — Building flexible, scalable security policies
ASA to Firepower Migration — Strategies and tools for modernizing legacy platforms

Deep Dive

Snort 3.0: The Next Generation of Intrusion Prevention

Snort has been the industry standard for intrusion detection and prevention since before Cisco’s 2013 acquisition. With Snort 3.0, the architecture has been fundamentally reimagined to address the performance and flexibility demands of modern networks.

Firewall Evolution: Cisco's PIX to FTD Journey Explained

Wed, 02 Oct 2024 00:00:00 +0000

 Firewall technology has been the cornerstone of network security for decades, yet the landscape continues to evolve at a rapid pace. In the latest episode of "Security in 45," hosts Mike Veedock and Andres Sarmiento explore Cisco's remarkable journey from the PIX firewall era through ASA and into the modern Firepower Threat Defense (FTD) platform. This evolution tells a compelling story about how security must constantly adapt to emerging threats while balancing innovation with operational efficiency. Whether you're managing legacy systems or planning next-generation deployments, understanding this trajectory provides crucial context for making informed decisions about your organization's firewall strategy.

What This Episode Covers

Cisco’s firewall evolution: The progression from PIX to ASA to FTD and what each generation addressed
Firepower Threat Defense (FTD): Modern capabilities and flexible deployment models
Encrypted Visibility Engine (EVE): Analyzing encrypted traffic without sacrificing privacy
Management flexibility: Cloud-based, on-premises, and hybrid management options
Identity-based security policies: Integration with Active Directory for user-centric access control
Third-party integration: Ecosystem approach to security orchestration
Hands-on learning: Cisco’s webinar series and sandbox environments for practical engagement
Future direction: Upcoming innovations like Cisco Extended Detection and Response (XDR)

Deep Dive

Understanding Cisco’s Firewall Evolution: From PIX to FTD

To appreciate where Cisco’s firewall technology stands today, it’s important to understand the historical context. The PIX firewall, introduced in the mid-1990s, was revolutionary for its time—it delivered stateful inspection and became the gold standard for perimeter defense. However, as threats evolved and networks became more complex, the need for more sophisticated capabilities became apparent.

Multicloud Defense: Unified Visibility Across Cloud Environments

Wed, 02 Oct 2024 00:00:00 +0000

 As organizations continue their migration to cloud infrastructure, many find themselves juggling security across multiple cloud providers—AWS, Azure, Google Cloud, and more. The complexity multiplies when you're trying to maintain visibility and enforce consistent security policies across disparate environments, each with its own native security tools and management consoles. This fragmentation not only creates operational headaches but introduces dangerous blind spots where threats can slip through the cracks. In this episode, Mike Veedock and Andres Sarmiento explore how Cisco Multicloud Defense addresses this critical challenge by delivering unified security visibility and control across your entire cloud footprint.

What This Episode Covers

Unified visibility across multicloud environments — How to achieve a single pane of glass for security monitoring regardless of which cloud providers you use
Automated threat detection and response — The role of AI and machine learning in identifying sophisticated attacks without manual intervention
Centralized management and configuration — Simplifying security operations by consolidating control into one platform
Scalability for organizations of all sizes — Ensuring your security infrastructure grows with your business
Compliance and regulatory alignment — Meeting standards like PCI DSS and HIPAA across cloud deployments
Real-world protection scenarios — Defense against malware, ransomware, DDoS, and other contemporary threats

Deep Dive

The Multicloud Reality: Why Unified Visibility Matters

Most enterprise organizations today don’t operate in a single cloud environment. Instead, they’ve adopted a multicloud strategy—deliberately using multiple cloud providers to avoid vendor lock-in, optimize costs, take advantage of best-of-breed services, or meet regional compliance requirements. While this flexibility offers significant advantages, it creates substantial security challenges.

Threat Intelligence 101: Cisco Talos Experts Explain

Wed, 02 Oct 2024 00:00:00 +0000

 In today's threat landscape, cyber attacks are evolving faster than most organizations can respond. From zero-day vulnerabilities to sophisticated multi-stage attacks, the gap between threat discovery and defense deployment has become a critical vulnerability in itself. That's where organizations like Cisco Talos come in—serving as an early warning system that turns raw threat data into actionable intelligence. Understanding what threat intelligence teams do and how to leverage their research is no longer optional for security-conscious enterprises; it's essential infrastructure.

What This Episode Covers

The mission and core functions of Cisco Talos threat intelligence group
How threat research translates into protection for enterprise networks
The vulnerability management lifecycle and patch coordination
Security advisories: their role in keeping organizations informed
Incident response services and breach containment strategies
The broader importance of threat intelligence in modern security operations
How organizations can leverage threat intelligence in their own defense strategies

Deep Dive

Understanding Cisco Talos: The Eyes and Ears of the Security Community

Cisco Talos operates as a dedicated threat intelligence organization within one of the world’s largest networking and security companies. But their impact extends far beyond Cisco’s own customer base. Talos functions as a public-facing security research team that publishes findings, maintains threat databases, and contributes to the broader security community’s understanding of emerging threats.

XDR Integration: Cisco's Open Ecosystem Approach

Wed, 02 Oct 2024 00:00:00 +0000

 # XDR Integration: Cisco's Open Ecosystem Approach

In an era where cyber threats have become increasingly sophisticated and fragmented across multiple security domains, organizations are struggling with tool sprawl, alert fatigue, and siloed security operations. Extended Detection and Response (XDR) has emerged as a critical evolution in how enterprises detect and respond to threats, but only if vendors can break down their walled gardens and create truly integrated ecosystems. In a recent episode of Security in 45, Cisco distinguished engineer Matt Robertson shares how Cisco XDR is taking an open, collaborative approach to threat detection and response—integrating not just Cisco’s own portfolio, but third-party and even competing vendors’ solutions. This conversation reveals where the security industry is headed and what it means for your organization’s threat detection strategy.

Zero Trust Identity Management with Cisco ISE

Wed, 02 Oct 2024 00:00:00 +0000

 In today's threat landscape, traditional perimeter-based security is no longer sufficient—attackers are already inside your network, and trust is no longer a default setting. Identity and Access Management (IAM) has evolved from a compliance checkbox into a critical security control, with [Zero Trust](/pillars/zero-trust/) architecture now representing the gold standard for enterprise access governance. Cisco's Identity Services Engine (ISE) addresses this shift head-on, providing the centralized intelligence and policy enforcement needed to authenticate and authorize every access request, regardless of where it originates. For IT leaders and security practitioners grappling with increasingly complex hybrid and cloud environments, understanding how modern IAM solutions like ISE can enforce Zero Trust principles is no longer optional—it's essential to survival.

What This Episode Covers

Centralized Access Control and Policy Enforcement — How ISE enables administrators to define granular, context-aware access policies based on user identity, device type, and other security attributes
Zero Trust Architecture — The shift from implicit trust to explicit verification for every access request, and how ISE operationalizes this model
Endpoint Visibility and Device Profiling — Gaining real-time insight into all connected devices and using that data to segment and control network access
Multi-Factor Authentication Integration — Layering identity verification to reduce the risk of compromised credentials
Ecosystem Integration — How ISE works alongside other Cisco security solutions to create a cohesive security fabric

Deep Dive

Centralized Access Control and Policy Enforcement

At its core, IAM is about answering a simple but critical question: Who should be allowed to access what, and under what conditions? Cisco ISE provides a centralized platform for defining and enforcing the answer to that question across your entire network.

Zero Trust Network Access: Cisco Secure Access Explained

Wed, 02 Oct 2024 00:00:00 +0000

 The traditional perimeter-based security model is dead. As organizations embrace hybrid work, cloud-first strategies, and multi-device workforces, the old castle-and-moat approach simply doesn't cut it anymore. [Zero Trust](/pillars/zero-trust/) Network Access has emerged as the gold standard for modern enterprise security, but understanding how to implement it effectively requires grappling with complex architectural concepts and integration challenges. This episode dives deep into how Cisco Secure Access brings Zero Trust principles to life through an integrated platform that assumes no user or device is trustworthy by default.

What This Episode Covers

Cisco Secure Services Edge (SSE): The foundational platform combining network access control (NAC), identity-based access control (IBAC), and endpoint security
Secure Web Gateway (SWG): Web-based threat protection against malware, phishing, and ransomware
Cloud Access Security Broker (CASB): Safeguarding cloud applications and data from unauthorized access
Zero Trust Network Access (ZTNA): Identity and device posture-based access control regardless of user location
Secure Internet Gateway (SIG): Defense against internet-based threats including DDoS and APTs
Integration and ecosystem: How Cisco Secure Access works seamlessly with other Cisco security solutions

Deep Dive

Understanding Cisco Secure Services Edge (SSE)

Cisco SSE represents a fundamental shift in how organizations think about network security. Rather than relying on IP addresses and network location to determine trust, SSE implements a multi-layered approach that evaluates every access request based on multiple factors.