Security in 45

Identity has officially replaced email as the #1 threat vector — and attackers already know you have MFA. In this episode, Andres and Mike break down why the old network perimeter is dead, what modern identity attacks look like in the wild, and the concrete steps every organization should take to defend themselves in 2026.What we cover:🔴 Identity is the New Perimeter Credentials, sessions, and tokens are the crown jewels now. Your firewall no longer defines your security boundary — your identity layer does.🏛️ IGA — Identity Governance & Administration Not a product, a framework. How organizations manage user identities, roles, permissions, and compliance across every user, device, and workload.⚔️ Modern Identity AttacksPush Fatigue — bots flooding MFA requests timed for nights and weekendsToken Theft — bypasses MFA entirely by stealing your sessionOAuth Abuse — using legitimate workflows to gain persistent app accessSession Hijacking — stealing cookies and replaying tokensPrivilege Escalation — enumerating users, targeting admin accounts🔐 MFA Evolution Phishing-resistant MFA, BLE proximity auth (your phone must be physically near the device), passwordless with biometrics, and Cisco Duo + Persona for social-engineering-proof identity resets.🛡️ How to Defend Require phishing-resistant MFA, implement device trust, continuously verify after initial access, monitor Identity Behavior Analytics signals (impossible travel, unusual token usage, suspicious admin activity), and isolate privileged workflows.Resources:Verizon DBIR: verizon.com/business/resources/reports/dbirCrowdStrike Global Threat Report: crowdstrike.com/global-threat-reportCisco Duo: duo.comPersona: withpersona.com🎙️ Next episode: Season 3, Episode 3 — Ransomware 🌐 All episodes + show notes: securityin45.com

How Does Zero Trust Look Like — Architecture & ExamplesPractical example components and tactics used in Zero Trust👉 12 Zero Trust Architecture Examples With Actionable GuideBreaks down real architectural elements you’ll see in a Zero Trust deployment (like micro-segmentation, identity verification, etc.). Zero Trust explained in simple terms with key goals👉 Zero Trust Security Model Explained — ZPE Systems GuideCovers model vs perimeter security, how trust boundaries shift to protect surfaces, and key principles. Government & public sector perspective including ZTA guidance👉 Zero Trust | Cybersecurity and Infrastructure Security Agency (CISA)Official guidance on how Zero Trust is being defined and applied in practice across agencies. Beginners + real project example (Google’s BeyondCorp)👉 BeyondCorp (Google’s Zero Trust Model) — WikipediaGoogle’s BeyondCorp is a well-known industry example of Zero Trust in large scale production

The meeting discussed the importance of segmentation for network performance and security, highlighting Cisco's role in providing solutions and support for implementing effective segmentation.The importance of rewatching the recorded meeting on various platforms like YouTube and Apple podcasts is mentioned.Micro segmentation using group based policy is considered more granular than VLAN to VLAN segmentation.The meeting discussed the topic of segmentation, with a focus on proper segmentation and its importance for network performance and security.The evolution of segmentation over the past ten years was highlighted, including the transition to dynamic segmentation and the impact of cloud environments.Segmentation was described as having both proactive and reactive components, with a proactive approach being important for implementing zero trust and a reactive approach being necessary to respond to threats and contain potential breaches.Segmentation can be enforced at various points in the network, such as through VLANs, zone-based firewalls, and group-based policy.Different organizations use different methods for segmentation enforcement, including firewalls and access control lists on switch ports.Trustsec and security group tags (SGTs) are effective ways to enforce segmentation and maintain a common policy across the network.Cisco plays a key role in segmentation, with products like ISE, duo, and multi-cloud defense.Integration of different security solutions makes implementing segmentation easier and more effective.Cisco's secure access and secure workload offer additional features for application micro-segmentation and resource connectors for hybrid workers.Segmentation is critical for network security and should be planned and designed carefully.Cisco offers solutions and support to help achieve segmentation goals and limit the blast radius of network breaches.

The meeting discussed updates and plans for Secure Access and User Suite, including hybrid cloud deployment, VPN enhancements, simplification of connectivity and policy management, and the consolidation of tools into a single dashboard. Secure Access and User Suite were discussed in a recent meeting, including plans for a hybrid cloud deployment. There have been updates to VPN, such as radius support and SMB version two for ZTA. The use of quick and mask for performance improvement is being discussed, but no claims are being made yet. Participants discussed their plans for trick-or-treating and handing out candy on Halloween. They also mentioned decorating their houses with inflatables and lights for the occasion. Secure Access offers flexibility for connecting different devices and users to various resources. The goal is to move towards simplicity, allowing end users to connect without thinking about the process. Security features include zero trust access, user identity verification, posture controls, and various security controls for internet and private access. Secure access is working on all aspects of the dashboard, including policy, internet experience insights, and analyzing reporting and logs. Experience insights integrated with secure access dashboard provides real-time monitoring of user experience, device resources, and network performance. Secure access simplifies connectivity by allowing application definitions to be defined once and providing redundancy through network tunnel groups and resource connectors. The goal is to have a unified policy that can be implemented across all layers and aspects of the network. Secure access aims to simplify remote access VPN for end users and make it easier for administrators. The secure access solution consolidates multiple tools and services into a single dashboard. There is a focus on simplification, enabling engineers to be more strategic and less tactical. SSL decryption in secure access allows for global decryption at the firewall level and selective decryption for web traffic. TLS 1.3 is fully decrypted, providing advanced capabilities to block specific aspects of applications. Secure access offers scalability and handles increased encrypted traffic without impacting user experience or requiring additional hardware.

The meeting discussed the features and benefits of Cisco XDR, including its integration capabilities, threat detection capabilities, and plans for expansion. Season two of the Security 45 show will feature live demos after each conversation. Matt Robertson, a distinguished engineer at Cisco, focuses on threat detection and oversees analytics stacks. XDR has gained higher demand and market traction over the past year, with Cisco XDR acquiring new customers. Cisco XDR defines XDR as a collection of telemetry from multiple sources and the application of analytics for threat detection and response. Cisco XDR is an open ecosystem that integrates with third-party vendors, even direct competitors, to provide comprehensive threat detection capabilities. Meraki integration allows for easy deployment of network detection and response product with direct cloud upload of logs. The XDR integration solves the problem of overlapping IP spaces in branch scenarios, allowing for unique profiling of devices. Matt is the champion of the effort to bring Cisco's solutions together and make them simple and unified. XDR has added many integrations for responsive actions, including extra hop, dark trace, and Microsoft 3605 for email. XDR allows for customization of guided response playbooks and the sharing of workflows on the automate exchange. Cisco XDR simplifies incidents by consolidating related information into a single incident. Advanced analytics and correlation across multiple sources help determine incident severity and prioritize actions. XDR's ability to correlate data from suspicious emails to network logons enables the identification of compromised accounts. Cisco plans to expand XDR capabilities to include enterprise networking spaces like Meraki and Cat 9000. Vendors are transitioning from EDR or SIM to XDR, with Cisco, Microsoft, and Palo Alto making acquisitions. Cisco aims to bring together threat detection, incident response, and intelligent response management for customers. Integration and collaboration between different solutions, such as Splunk Enterprise and XDR, are being prioritized.

Summary (AI-Generated) what AI is and how it works; why we are seeing so much emphasis on AI these days; the dangers of AI, such as data exposure and wrong information; what Cisco is doing to secure AI; recommendations for customers who are using AI. Some key points from the video: AI is a fancy expensive autocomplete. We are seeing so much emphasis on AI these days because we have more resources to really see it explode and to see the benefits of it. The dangers of AI include data exposure, wrong information, and hacks. Cisco is working on securing AI by monitoring it, testing it out all the time, and keeping it secure. Recommendations for customers who are using AI include monitoring it, testing it out all the time, and keeping it secure.

Meeting summary AI-generated The meeting discussed technical challenges with editing webinar links, the concept of zero trust as a security approach, the importance of multi-factor authentication and endpoint protection in implementing zero trust, and the need for careful planning and a multi-vendor approach in achieving comprehensive security solutions. The participants discuss technical issues and difficulties with editing links for a webinar. They talk about their busy schedules and inability to say no to requests. They also have casual conversations about their backgrounds, camping experiences, and military service. The concept of zero trust originated more than 20 years ago as a way to define a better and closer concept of security. Zero trust is not a product, but an industry concept that vendors contribute to with their products and capabilities. Everyday examples of zero trust include configuring social media privacy settings and setting parental controls on devices for children. In the industry, examples of zero trust can be seen in multi-factor authentication for banking access and limiting access to specific servers based on individual roles. Zero trust is a journey and requires the adoption of technologies and tools. Implementing multi-factor authentication (MFA) is essential as relying solely on usernames and passwords is risky. Endpoint protection and segmentation are important steps in the zero trust journey. Balancing security and usability is crucial, and implementing hidden technologies can frustrate attackers while providing a consistent user experience. Zero trust is a continuous journey and requires ongoing effort and improvement. Implementing zero trust involves careful planning, identifying areas of improvement, and seeking help from experts. It is important to avoid rushing into implementing security measures without considering the specific needs of the company. Zero trust requires a multi-vendor approach and no single vendor can provide a complete solution.

Cisco’s Identity and Access Management (IAM) tools, such as the Identity Services Engine (ISE), are designed to provide secure access to networks by ensuring that the right people or devices can access the appropriate resources. Some of the key features include: Centralized Access Control: ISE provides policy-based network access control, enabling administrators to define rules based on user identity, device type, and other contextual data. This is critical in enforcing security policies. Zero Trust Architecture: It supports a Zero Trust model, which requires users and devices to authenticate every time they request access to resources, reducing the risk of security breaches. Endpoint Visibility and Profiling: Cisco ISE identifies and profiles devices that are connected to the network, enabling administrators to monitor, segment, and control access based on device type and security posture. Multi-factor Authentication (MFA): Integrating with MFA, Cisco IAM solutions provide added layers of security by ensuring that users must prove their identity with multiple factors. Integration with Other Cisco Solutions: Cisco’s IAM integrates seamlessly with other Cisco security and networking solutions, like Secure Network Analytics and Cisco Umbrella, to provide enhanced visibility and protection.

Notes The conversation briefly touches on VPN vulnerabilities and internet connectivity issues. They also discuss the importance of building good relationships with colleagues and customers, emphasizing the value of being a trusted advisor and someone who can handle stressful situations without adding to the stress. The participant from the Department of Defense has experience in special operations programs and previously worked in the United States Navy. The participant from Cisco has been with the company for 10 years and focuses on adoption in their current role as a customer success specialist. Snort 3.0 is the latest version of the intrusion prevention system acquired by Cisco in 2013, offering improvements such as multi-threaded architecture and easier customization of snort rules. Cloud FMC is a cloud-based version of the traditional FMC, eliminating the need for hardware maintenance and patching. Cloud FMC allows for quick response times and offers logging options to offsite SIEM or on-prem FMCs. Encrypted Analytics Engine enables visibility into encrypted traffic without decryption, allowing for the identification and blocking of malicious applications. The meeting discussed the use cases of SD-WAN on Firepower and the benefits of dynamically failing over between VPN tunnels. TLS 1.3 was discussed, highlighting the encryption of the handshake and its impact on enforcing policy and identifying applications. The deployment options for Power and Firepower in cloud environments were mentioned, including cloud-native and cloud-ready options with increased agility, availability, and automation capabilities. Cisco is heavily invested in hardware innovations, particularly in their firewalls, with significant improvements and partnerships with NVIDIA. Using variables within the rules of firewalls allows for dynamic configurations and avoids the need for static rules. The Cisco Firepower Migration Tool can help migrate from ASA to Firepower, and there are teams available to assist with the migration process.

Key features of Cisco Secure Access: Cisco Secure Services Edge (Cisco SSE) is a comprehensive security platform that provides secure access to applications and data for users, regardless of their location or device. It combines network access control (NAC), identity-based access control (IBAC), and endpoint security to ensure that only authorized users can access your network and applications. Secure Web Gateway (SWG): Provides protection against web-based threats, such as malware, phishing, and ransomware. Cloud Access Security Broker (CASB): Protects your cloud applications and data from unauthorized access and data breaches. Zero Trust Network Access (ZTNA): Provides secure access to applications and data based on user identity and device posture, regardless of their location. Secure Internet Gateway (SIG): Provides protection against internet-based threats, such as DDoS attacks and advanced persistent threats. Integration with other Cisco solutions: Cisco SSE integrates seamlessly with other Cisco security solutions, such as Cisco Secure Firewall and Cisco Secure Endpoint.

Cisco Talos is Cisco's threat intelligence group. It's a team of security experts who monitor the global threat landscape, analyze cyberattacks, and provide threat intelligence to Cisco customers and the broader security community. Key responsibilities of Cisco Talos include: Threat research: Talos researchers investigate new and emerging threats, analyzing malware, vulnerabilities, and attack techniques. Threat intelligence: They collect, analyze, and distribute threat intelligence to Cisco customers and partners, helping them to stay informed about the latest threats and protect their networks. Vulnerability management: Talos tracks and manages vulnerabilities in Cisco products and provides patches and updates to address them. Security advisories: They issue security advisories to inform customers about known vulnerabilities and provide guidance on how to mitigate them. Incident response: Talos can provide incident response assistance to customers who have been affected by a cyberattack, helping them to contain and recover from the incident. Cisco Talos plays a crucial role in protecting Cisco customers and the broader security community by providing valuable threat intelligence, vulnerability management, and incident response services.

Cisco Multicloud Defense is a comprehensive security solution that provides visibility and control across your entire multicloud environment. It helps you to secure your applications, workloads, and data, regardless of where they are deployed. Key features of Cisco Multicloud Defense: Unified visibility: Cisco Multicloud Defense provides a single pane of glass for managing and monitoring your security across all your cloud environments. This gives you a complete picture of your security posture and allows you to quickly identify and address any potential threats. Automated protection: Cisco Multicloud Defense uses advanced AI and machine learning to automatically detect and block threats, even the most sophisticated ones. This frees up your security teams to focus on other critical tasks. Centralized management: Cisco Multicloud Defense is easy to manage and configure from a single console. This saves you time and effort and reduces the complexity of your security operations. Scalability: Cisco Multicloud Defense can scale to meet the needs of any organization, regardless of size or complexity. This ensures that your security is always protected, even as your business grows. Benefits of using Cisco Multicloud Defense: Improved security: Cisco Multicloud Defense helps you to protect your cloud environment from a wide range of threats, including malware, ransomware, and DDoS attacks. Increased visibility: Cisco Multicloud Defense gives you a complete view of your security posture, allowing you to quickly identify and address any potential risks. Reduced complexity: Cisco Multicloud Defense is easy to manage and configure, saving you time and effort. Improved compliance: Cisco Multicloud Defense can help you to comply with industry regulations, such as PCI DSS and HIPAA.

In this episode we get to talk about Cloud Security. We will discuss the benefits of moving to the cloud, the different cloud providers, and how to secure resources in the cloud. Some of the key points discussed in the video include: The benefits of moving to the cloud, such as flexibility, scalability, and cost-effectiveness. The different cloud providers, such as AWS, Azure, and GCP. How to secure resources in the cloud, such as using multi-factor authentication, network segmentation, and encryption. The importance of having a cloud security posture management (CSPM) tool. The importance of being aware of the risks associated with using the cloud. Find some resources for learning more about cloud security, at the Cloud Security Alliance and SANS.

Cisco Secure Endpoint is a comprehensive endpoint security solution designed to protect devices from various cyber threats. It provides a range of security features to safeguard your endpoints, including: Endpoint Protection Platform (EPP): Offers real-time protection against malware, viruses, and ransomware attacks. Endpoint Detection and Response (EDR): Detects and responds to advanced threats, including file-less attacks and living-off-the-land attacks. Vulnerability Management: Identifies and prioritizes vulnerabilities on your endpoints, helping you patch them promptly. Data Loss Prevention (DLP): Prevents sensitive data from being exfiltrated from your endpoints. Network Access Control (NAC): Enforces network access policies based on device health and user identity. Cisco Secure Endpoint is designed to work seamlessly with other Cisco security solutions, providing a comprehensive and integrated approach to endpoint security. It offers a centralized management console for easy administration and monitoring of your endpoints.

Meeting summary AI-generated The meeting discussed technical challenges with editing webinar links, the concept of zero trust as a security approach, the importance of multi-factor authentication and endpoint protection in implementing zero trust, and the need for careful planning and a multi-vendor approach in achieving comprehensive security solutions. The participants discuss technical issues and difficulties with editing links for a webinar. They talk about their busy schedules and inability to say no to requests. They also have casual conversations about their backgrounds, camping experiences, and military service. The concept of zero trust originated more than 20 years ago as a way to define a better and closer concept of security. Zero trust is not a product, but an industry concept that vendors contribute to with their products and capabilities. Everyday examples of zero trust include configuring social media privacy settings and setting parental controls on devices for children. In the industry, examples of zero trust can be seen in multi-factor authentication for banking access and limiting access to specific servers based on individual roles. Zero trust is a journey and requires the adoption of technologies and tools. Implementing multi-factor authentication (MFA) is essential as relying solely on usernames and passwords is risky. Endpoint protection and segmentation are important steps in the zero trust journey. Balancing security and usability is crucial, and implementing hidden technologies can frustrate attackers while providing a consistent user experience. Zero trust is a continuous journey and requires ongoing effort and improvement. Implementing zero trust involves careful planning, identifying areas of improvement, and seeking help from experts. It is important to avoid rushing into implementing security measures without considering the specific needs of the company. Zero trust requires a multi-vendor approach and no single vendor can provide a complete solution.

Summary Cisco’s “Security in 45” webinar series launched, focusing on security challenges and innovations, starting with firewalls and featuring expert discussions. Highlights 🔒 New monthly webinar series on security challenges. 🌐 Focus on Cisco’s history and evolution of firewalls. 💡 Introduction of innovative features like Encrypted Visibility Engine (EVE). 📊 Flexible management options for Firepower Threat Defense (FTD). 🛠️ Seamless integration with Active Directory and third-party solutions. 🚀 Opportunities for hands-on experiences with trials and sandbox labs. 🗓️ Next session on Cisco XDR scheduled for October 27th. Key Insights 🔍 The Evolution of Firewalls: Cisco’s journey from PIX to ASA to FTD highlights significant advancements in security technology, emphasizing the need for ongoing innovation. This evolution shows how Cisco adapts to emerging threats while enhancing user experience. 🔧 Management Flexibility: FTD offers various management options, including cloud-based solutions, simplifying administration for users and allowing for scalability in different environments. This flexibility is crucial for organizations looking to optimize security management. 🔑 Integration Capabilities: The ability of FTD to integrate with Active Directory and other third-party solutions is a major advantage, allowing users to enforce security policies based on user identity rather than IP addresses, streamlining operations. ⚡ Innovative Features: EVE allows for analysis of encrypted traffic without decryption, balancing security needs with user privacy, which is increasingly important in a data-sensitive world. This positions Cisco as a leader in firewall technology. 📈 Learning Opportunities: The webinar series provides valuable insights and hands-on experiences, empowering participants to engage with Cisco’s security solutions effectively. This knowledge-sharing is vital for professionals in the field. 🌍 Community Engagement: Cisco’s approach to security emphasizes collaboration with partners and customers, promoting a holistic view of network security that encompasses various technologies. This community-centric model enhances overall security resilience. 🎯 Future Innovations: Ongoing developments, such as the introduction of Cisco XDR, indicate Cisco’s commitment to staying at the forefront of cybersecurity, ensuring that organizations can respond to threats effectively and efficiently.