AWS re:Inforce 2024
Segment Secure Your Cloud Network with Cisco Multicloud Defense Nis224 S

Title: AWS re:Inforce 2024 - Segment & secure your cloud network with Cisco Multicloud Defense (NIS224-S)

Insights:

  • Visibility Challenges: Over 73% of organizations lack the visibility to identify potential threats, and 39% of breaches span multiple environments. Only 15% feel adequately prepared to secure multi-cloud and hybrid environments.
  • Complex Security Needs: Achieving consistent security across different cloud environments is complicated due to varied APIs, tools, and processes, leading to a patchwork of solutions.
  • Cisco Multi-Cloud Defense Capabilities: The solution offers asset discovery and visibility, egress security (e.g., URL blocking, ransomware protection), ingress security (e.g., web application firewalling), and VPC-to-VPC segmentation.
  • Deployment Models: Multi-Cloud Defense can be deployed via a SaaS-based controller for policy creation and visualization, and a gateway as a platform as a service into cloud accounts, supporting both centralized and distributed models.
  • Integration with AWS: Utilizes AWS capabilities like Gateway Load Balancer, Transit Gateway, Route 53, and VPC flow logs for deployment and management.
  • Cloud Connectivity: Recently added features include secure cloud-to-cloud connectivity and support for AWS Cloud WAN, simplifying the connection of on-prem data centers to cloud environments.
  • Enhanced Visibility: Multi-Cloud Defense aggregates VPC flow logs and Route 53 resolutions to provide comprehensive visibility into cloud workloads and their communications, integrating with Cisco's Talos threat data for threat detection.
  • Agility and Automation: The solution supports cloud-native design, auto-scaling, and uses tags for policy application, aligning with dynamic cloud workloads. It automates scaling, provisioning, and upgrading of security postures.
  • Risk Reduction and Comprehensive Protection: Ensures continuous enforcement and visibility of security policies, providing comprehensive protection across all cloud environments with simplified management.
  • Cost Efficiency: Offers a consumption-based model (gateway hour) instead of traditional licensing, reducing the need for specific products and skill sets for each cloud, and enabling faster deployment and consolidation of security tools.
  • Free Cloud Visibility Report: Organizations can sign up for a free cloud visibility and risk report to understand their environment's security posture without any deployment or cost.

Quotes:

  • "More than 73% of organizations feel that they lack the appropriate visibility to really identify and see where their threats could potentially come from."
  • "Achieving your consistent unified security across these environments is also super complicated."
  • "Multi-Cloud Defense provides four primary capabilities: asset discovery and visibility, egress security, ingress security, and VPC-to-VPC segmentation."
  • "You need a tool and a product that can meet that same security premise."
  • "This allows you to confidently place your security controls specifically where you need them and specifically where you want them."
  • "Multi-Cloud Defense automates the scaling, provisioning, and upgrading of your security posture."
  • "This gives you comprehensive protection across all of your clouds with inbound, outbound, and east-west traffic in a much simpler way."
  • "Instead of a traditional firewall where you're buying a license and you have to commit to it based on the number of firewalls you deploy, multi-cloud defense is by gateway hour."
  • "You can actually get to this without paying for anything, no credit card, nothing, literally just sign up for it."
Security Lifecycle Management in a Multicloud World Aps222 SShielding Innovation Safeguarding Cloud and Ai Development Sec222 S