Segmentation on Security in 45 | Cisco Security Podcast

Cisco ISE Configuration Guide: 802.1X, Profiling, and Secure Access

Mon, 30 Mar 2026 00:00:00 +0000

Cisco Identity Services Engine (ISE) is the policy backbone of a zero trust network. It answers the fundamental question: who and what is connecting to my network, and what should they be allowed to do? Whether you are enforcing 802.1X authentication on wired switch ports, wireless SSIDs, or VPN connections through a Cisco FTD firewall, ISE is the centralized policy decision point that ties it all together.

This guide walks through a practical ISE deployment covering switch configuration, Windows supplicant setup, FMC/FTD integration for VPN, profiling basics, and the policy sets that make it all work. We assume ISE is already installed and licensed — this guide focuses on the configuration that matters.

Zero Trust Architecture: Real-World Examples & Implementation

Mon, 09 Feb 2026 00:00:00 +0000

 Perimeter security is dead. The network boundary that once defined our security strategy has dissolved into cloud services, remote work, and distributed infrastructure. [Zero Trust](/pillars/zero-trust/) Architecture represents a fundamental shift in how we think about access control and threat prevention—one where no user, device, or application is trusted by default, regardless of whether they're inside or outside the traditional network edge. In this episode, Mike and Andres explore real-world examples and practical implementation strategies that show what Zero Trust actually looks like when deployed at scale. If you're still relying on the assumption that "inside the firewall = safe," this conversation is essential.

What This Episode Covers

Zero Trust fundamentals: Moving from perimeter-based security to a “never trust, always verify” model
Architectural components: Practical elements like micro-segmentation, identity verification, and continuous authentication
Real-world deployment examples: How organizations like Google implement Zero Trust at enterprise scale
Key architectural principles: Understanding trust boundaries, protected surfaces, and shifting security controls
Government & regulatory perspective: CISA guidance and public sector Zero Trust adoption strategies
Implementation pathways: Actionable steps for teams beginning their Zero Trust journey
Common misconceptions: Why Zero Trust isn’t just a technology, but a mindset shift

Deep Dive

Understanding Zero Trust Architecture: Beyond the Perimeter

For decades, network security operated on a castle-and-moat model. You built a strong perimeter, and everything inside was assumed safe. Zero Trust completely inverts this assumption. Rather than creating a fortress around your network, Zero Trust assumes breach is inevitable and designs security controls accordingly.

Network Segmentation Strategy: Micro vs VLAN Approaches

Fri, 13 Dec 2024 00:00:00 +0000

 Network segmentation remains one of the most critical—yet surprisingly underutilized—pillars of enterprise security. As cyber threats grow more sophisticated and breach containment becomes a primary concern, organizations are discovering that a solid segmentation strategy can mean the difference between a localized incident and a company-wide catastrophe. But segmentation isn't one-size-fits-all; the debate between traditional VLAN-based approaches and modern micro-segmentation strategies has evolved considerably over the past decade, especially as cloud environments and dynamic workloads have fundamentally changed how we think about network boundaries.

What This Episode Covers

The evolution of network segmentation strategies over the past ten years
VLAN-based segmentation versus micro-segmentation approaches
How group-based policy (GBP) enables more granular control than traditional VLAN segmentation
Proactive versus reactive segmentation and their roles in Zero Trust architecture
Enforcement mechanisms including VLANs, zone-based firewalls, and access control lists
Cisco TrustSec and Security Group Tags (SGTs) as enforcement tools
Cloud considerations and dynamic segmentation
How Cisco solutions (ISE, Duo, Multi-Cloud Defense) integrate to support segmentation
Designing segmentation to limit blast radius and contain breaches

Deep Dive

The Evolution of Network Segmentation

Ten years ago, network segmentation was relatively straightforward: you created VLANs, separated traffic by business function or department, and called it a day. Today’s threat landscape and infrastructure complexity have rendered that approach insufficient for serious security programs.

Cloud Security Posture Management: AWS, Azure, GCP

Wed, 02 Oct 2024 00:00:00 +0000

 As organizations accelerate their cloud migration strategies, the security complexity multiplies exponentially. With workloads distributed across AWS, Azure, and GCP—each with their own security models, compliance requirements, and configuration options—the traditional perimeter-based security approach no longer applies. Organizations are increasingly turning to [zero trust](/pillars/zero-trust/) principles to address these challenges. In this latest episode of Security in 45, hosts Mike Veedock and Andres Sarmiento tackle one of the most pressing challenges facing modern enterprises: how to maintain visibility and control over your cloud security posture as you scale across multiple providers.

What This Episode Covers

The strategic and operational benefits of cloud migration
Characteristics and differences between major cloud providers (AWS, Azure, GCP)
Essential security controls for cloud environments (MFA, network segmentation, encryption)
The critical role of Cloud Security Posture Management (CSPM) tools
Common cloud security risks and threat landscapes
Industry resources for deepening cloud security knowledge

Deep Dive

The Business Case for Cloud Migration

Cloud adoption has become less of a competitive advantage and more of a business necessity. Organizations are moving to the cloud not just for the “cool factor,” but for tangible, measurable benefits that directly impact the bottom line.

Firewall Evolution: Cisco's PIX to FTD Journey Explained

Wed, 02 Oct 2024 00:00:00 +0000

 Firewall technology has been the cornerstone of network security for decades, yet the landscape continues to evolve at a rapid pace. In the latest episode of "Security in 45," hosts Mike Veedock and Andres Sarmiento explore Cisco's remarkable journey from the PIX firewall era through ASA and into the modern Firepower Threat Defense (FTD) platform. This evolution tells a compelling story about how security must constantly adapt to emerging threats while balancing innovation with operational efficiency. Whether you're managing legacy systems or planning next-generation deployments, understanding this trajectory provides crucial context for making informed decisions about your organization's firewall strategy.

What This Episode Covers

Cisco’s firewall evolution: The progression from PIX to ASA to FTD and what each generation addressed
Firepower Threat Defense (FTD): Modern capabilities and flexible deployment models
Encrypted Visibility Engine (EVE): Analyzing encrypted traffic without sacrificing privacy
Management flexibility: Cloud-based, on-premises, and hybrid management options
Identity-based security policies: Integration with Active Directory for user-centric access control
Third-party integration: Ecosystem approach to security orchestration
Hands-on learning: Cisco’s webinar series and sandbox environments for practical engagement
Future direction: Upcoming innovations like Cisco Extended Detection and Response (XDR)

Deep Dive

Understanding Cisco’s Firewall Evolution: From PIX to FTD

To appreciate where Cisco’s firewall technology stands today, it’s important to understand the historical context. The PIX firewall, introduced in the mid-1990s, was revolutionary for its time—it delivered stateful inspection and became the gold standard for perimeter defense. However, as threats evolved and networks became more complex, the need for more sophisticated capabilities became apparent.

Multicloud Defense: Unified Visibility Across Cloud Environments

Wed, 02 Oct 2024 00:00:00 +0000

 As organizations continue their migration to cloud infrastructure, many find themselves juggling security across multiple cloud providers—AWS, Azure, Google Cloud, and more. The complexity multiplies when you're trying to maintain visibility and enforce consistent security policies across disparate environments, each with its own native security tools and management consoles. This fragmentation not only creates operational headaches but introduces dangerous blind spots where threats can slip through the cracks. In this episode, Mike Veedock and Andres Sarmiento explore how Cisco Multicloud Defense addresses this critical challenge by delivering unified security visibility and control across your entire cloud footprint.

What This Episode Covers

Unified visibility across multicloud environments — How to achieve a single pane of glass for security monitoring regardless of which cloud providers you use
Automated threat detection and response — The role of AI and machine learning in identifying sophisticated attacks without manual intervention
Centralized management and configuration — Simplifying security operations by consolidating control into one platform
Scalability for organizations of all sizes — Ensuring your security infrastructure grows with your business
Compliance and regulatory alignment — Meeting standards like PCI DSS and HIPAA across cloud deployments
Real-world protection scenarios — Defense against malware, ransomware, DDoS, and other contemporary threats

Deep Dive

The Multicloud Reality: Why Unified Visibility Matters

Most enterprise organizations today don’t operate in a single cloud environment. Instead, they’ve adopted a multicloud strategy—deliberately using multiple cloud providers to avoid vendor lock-in, optimize costs, take advantage of best-of-breed services, or meet regional compliance requirements. While this flexibility offers significant advantages, it creates substantial security challenges.

Zero Trust Identity Management with Cisco ISE

Wed, 02 Oct 2024 00:00:00 +0000

 In today's threat landscape, traditional perimeter-based security is no longer sufficient—attackers are already inside your network, and trust is no longer a default setting. Identity and Access Management (IAM) has evolved from a compliance checkbox into a critical security control, with [Zero Trust](/pillars/zero-trust/) architecture now representing the gold standard for enterprise access governance. Cisco's Identity Services Engine (ISE) addresses this shift head-on, providing the centralized intelligence and policy enforcement needed to authenticate and authorize every access request, regardless of where it originates. For IT leaders and security practitioners grappling with increasingly complex hybrid and cloud environments, understanding how modern IAM solutions like ISE can enforce Zero Trust principles is no longer optional—it's essential to survival.

What This Episode Covers

Centralized Access Control and Policy Enforcement — How ISE enables administrators to define granular, context-aware access policies based on user identity, device type, and other security attributes
Zero Trust Architecture — The shift from implicit trust to explicit verification for every access request, and how ISE operationalizes this model
Endpoint Visibility and Device Profiling — Gaining real-time insight into all connected devices and using that data to segment and control network access
Multi-Factor Authentication Integration — Layering identity verification to reduce the risk of compromised credentials
Ecosystem Integration — How ISE works alongside other Cisco security solutions to create a cohesive security fabric

Deep Dive

Centralized Access Control and Policy Enforcement

At its core, IAM is about answering a simple but critical question: Who should be allowed to access what, and under what conditions? Cisco ISE provides a centralized platform for defining and enforcing the answer to that question across your entire network.

Zero Trust Network Access: Cisco Secure Access Explained

Wed, 02 Oct 2024 00:00:00 +0000

 The traditional perimeter-based security model is dead. As organizations embrace hybrid work, cloud-first strategies, and multi-device workforces, the old castle-and-moat approach simply doesn't cut it anymore. [Zero Trust](/pillars/zero-trust/) Network Access has emerged as the gold standard for modern enterprise security, but understanding how to implement it effectively requires grappling with complex architectural concepts and integration challenges. This episode dives deep into how Cisco Secure Access brings Zero Trust principles to life through an integrated platform that assumes no user or device is trustworthy by default.

What This Episode Covers

Cisco Secure Services Edge (SSE): The foundational platform combining network access control (NAC), identity-based access control (IBAC), and endpoint security
Secure Web Gateway (SWG): Web-based threat protection against malware, phishing, and ransomware
Cloud Access Security Broker (CASB): Safeguarding cloud applications and data from unauthorized access
Zero Trust Network Access (ZTNA): Identity and device posture-based access control regardless of user location
Secure Internet Gateway (SIG): Defense against internet-based threats including DDoS and APTs
Integration and ecosystem: How Cisco Secure Access works seamlessly with other Cisco security solutions

Deep Dive

Understanding Cisco Secure Services Edge (SSE)

Cisco SSE represents a fundamental shift in how organizations think about network security. Rather than relying on IP addresses and network location to determine trust, SSE implements a multi-layered approach that evaluates every access request based on multiple factors.

Zero Trust Security Strategy: Expert Insights on Implementation

Wed, 02 Oct 2024 00:00:00 +0000

 In an era where traditional perimeter-based security has become obsolete, organizations are racing to adopt a fundamentally different approach to protecting their digital assets. [Zero trust](/pillars/zero-trust/) security—a concept that's been around for over two decades—has finally moved from industry buzzword to business imperative, especially as remote work, cloud migration, and sophisticated threat actors have rendered castle-and-moat security architectures dangerously ineffective. But implementing zero trust isn't about buying a single product or flipping a switch; it's a strategic journey that requires careful planning, the right mix of technologies, and a commitment to continuous improvement. In this episode of Security in 45, hosts Mike Veedock and Andres Sarmiento explore what zero trust really means, how to approach implementation, and the critical technologies that make it work in practice.

What This Episode Covers

The origins and evolution of zero trust as an industry concept
Why zero trust is fundamentally different from traditional security models
The role of multi-factor authentication (MFA) in zero trust strategies
Endpoint protection and network segmentation as core pillars
Real-world examples of zero trust in consumer and enterprise contexts
The importance of balancing security with user experience
Why a multi-vendor approach is essential to comprehensive zero trust deployment
Practical considerations for planning and implementing zero trust initiatives
Common pitfalls and how to avoid rushing implementation

Deep Dive

Understanding Zero Trust: Beyond the Buzzword

Zero trust isn’t a new invention—the concept emerged more than 20 years ago as security professionals recognized that the traditional model of “trust but verify” was fundamentally flawed. In a zero trust framework, the basic assumption is inverted: nothing is trusted by default, whether it originates from inside or outside the network perimeter. Every access request, every user, every device, and every application must be verified and validated before granting access.

Zero Trust Security: Beyond Products to Concepts

Wed, 02 Oct 2024 00:00:00 +0000

 Zero Trust has become one of the most talked-about concepts in enterprise security, yet many organizations still struggle to understand what it actually means—and more importantly, how to implement it. If you think Zero Trust is just another security product you can buy off the shelf and deploy, you're missing the point entirely. In this episode, hosts Mike Veedock and Andres Sarmiento dive deep with industry experts to explore Zero Trust not as a destination, but as a foundational security philosophy that requires careful planning, the right mix of technologies, and a fundamental shift in how organizations approach access control.

What This Episode Covers

Zero Trust as a concept, not a product — understanding why Zero Trust is an industry framework rather than a single solution you can purchase
The 20+ year evolution — how Zero Trust originated and why it’s more relevant today than ever
Real-world examples — from everyday social media privacy settings to enterprise banking authentication
Multi-factor authentication (MFA) as a cornerstone — why passwords alone are no longer sufficient
Endpoint protection and segmentation — critical technologies in the Zero Trust journey
The multi-vendor approach — why comprehensive security requires coordinating multiple solutions
Implementation strategy — the importance of careful planning, identifying priorities, and avoiding rushed deployments
Balancing security with usability — maintaining user experience while strengthening defenses

Deep Dive

Zero Trust: Concept, Not Product

One of the most critical misconceptions in enterprise security is treating Zero Trust as a product—something you can procure from a single vendor and deploy to solve your security problems. The reality is quite different. Zero Trust is an industry concept that has evolved over more than two decades and represents a fundamental shift in security philosophy.