Cisco Systems, Inc. (CSCO) Earnings Call Transcript & Summary

Hello, everyone. Welcome to today's webinar session regarding Zero Trust. My name is Salah Ramlawi. I am an engineering product manager in the SD-WAN business unit, specifically looking over a security. So in today's session, we're going to start first with why Zero Trust and why now. There's been a lot of hype in the market about Zero Trust. It's often being used even as a buzzword these days. All of this is creating confusion about it where is it actually need it, do we actually need Zero Trust in the network. But today, we're going to start off by basically breaking down Zero Trust to its bare-bones. We're going to talk about its fundamentals, it's requirements and how it can actually help your day-to-day and also assist you with securing your network or having a tighter grip on your network. From there on, we're going to jump into Cisco SD-WAN and to the strategy that we are following to deploy Zero Trust in our portfolio. One thing that you probably hear me talk about a bunch of times is Zero Trust is not a product. Zero Trust is a solution. That solution can be modified and tailored to your customer needs. Finally, we're just going to conclude with a few use cases about Zero Trust, and then we're going to finish it off with a bit of Q&A. All right. So let's start with why Zero Trust. To really talk about why Zero Trust we need to take a step back and basically paint a picture of the changing IT landscape. So think about it this way. Traditionally, you would wake up, you go to the office, open your laptop or open your company workstation. These are what we call managed devices. From there on, you will hop on to the network and you would access an enterprise application. More than likely 95% of the time, at this point, those applications are hosted within the confines of your enterprise data center. All of this has changed, has transformed. Instead of only using your company laptop, you might be using your own laptop, your smartphone, your tablet, any other gadget. All of those are known as unmanaged devices. Instead of only accessing the applications from the workspace, you might be sitting at home, you might be in a cafe. You know now you've heard the term hybrid workforce. This is now a reality. So where are you accessing the application from has also changed. And finally, the application itself. Before, enterprises used to host the applications within their data center. This is completely moving now. You've heard about a big migration of applications moving from the private data center over to the public cloud. At the same time, enterprises are now taking advantage of SaaS applications right over the public internet. So all of that to say is the entire IT landscape has changed, has transformed. This has also dramatically increased the attack surface. Right now you're not dealing with only a few sanction devices. You're dealing with a bunch of unmanaged devices. Instead of only working from one place, you might be all over the place and the applications that you're accessing are not only confined in one case also. So with that, all of this, in this reality, businesses now cannot use the traditional security model to govern their day-to-day activity or their network security. Because of this, they now need to adopt a different mindset, a Zero Trust mindset. So to that, simply put, enterprises now need a Zero Trust model to adapt to the changing security paradigm. So now we talked about why Zero Trust, why do we need to trust. Now let's really talk about what Zero Trust is. From the name itself, Zero Trust is basically you're never assuming trust to an identity or to a device. Once this identity or once a user and a device has verified their identity, you will continuously verify that identity, and you will only give them access to the space that they are confined to. So let me put it this way. Before Zero-Trust, for example, you might be able to enter into a building and then you will be free to roam around the building and all of its rooms freely without any restrictions. With the Zero Trust model, you will now have an ID keycard. You will number one need to scan your ID keycard to even enter the building. Once you enter the building, you will need to scale your ID card every time you want to enter a room. Some of these rooms you will be able to enter, some of these rooms you will not be able to enter. It really depends on the access privilege that has been provided to you with that ID card. Now also to put in the notion of always verifying. For whatever reason, let's assume that you did something that is against the rules of this building. What will happen is your ID keycard will stop working and then you will no longer be able to enter into any of the rooms, not even to the building itself. This is pretty much how Zero Trust principles also work on the network security side. Now because Zero Trust, as I mentioned a bit ago, is not a single product, Zero Trust is a solution. It's a mindset. So there's a bunch of elements that come with it. Number one, first and foremost, it segments your network. Hence, the word Zero Trust network access. It divides your network into specific segments, and it also gives you privilege to only access a certain part of the network. Now it's not only giving you access, it's also governing what you're doing. So it's looking at the health of the device that you are using, your endpoint security. It's also scanning what you're doing. When you're accessing an application, Zero Trust is able to understand what am I doing with this application? Am I doing anything malicious? Am I downloading a file that I'm not supposed to download. So you have a firewall with all of its gadgets that's also looking at not only what you're doing but how you're doing it and are you allowed to do this. And first and foremost, probably I should have even started with that, Zero Trust will always start with the identity. It will verify your identity, and it will continuously verify that this is actually you and you are only able to do the stuff that you are allowed to do. So now let's wrap that all together and let's summarize what we've spoken about. Zero Trust starts with, number one, identifying the workforce, who is trying to access the application and what device they are using to access this application. Then it looks at the workplace. Where is the user accessing the application from? Are they sitting in the office and trying to access the application from there? Are they sitting somewhere outside of the office and then trying to access this application because Zero Trust might limit your access privilege, depending on where you're trying to access the application from. And finally, you've been hearing me talk about application for the past few minutes now. We are also looking at the workload itself. So Zero Trust is governing all 3 together, the workforce, the workplace and in the end, the workload where they are trying to access or what they're trying to access? Is it a workload? Is it a database? Is it an application? Is it a server? So the way it happens is, number one, the identity is verified. I am Salah, I belong to the engineering group. My identity has been verified. Now since I belong to the engineering group, I'm only going to be able to access engineering applications. I'm not going to be able to access, let's say, finance applications. This is where the security -- the secure controls are coming in. So number one, we are verifying the identity. Actually, we can also verify what laptop I'm using. I'm Salah, I'm using Cisco's and I'm trying to access an engineering application. Now let's say I'm going to try to access a finance application I'm not allowed to because I'm part of the engineering. So the security controls -- the security folks, they access control these and Zero Trust will block me from doing that. Now during the time I'm using the application, my security posture is continuously being verified, meaning does my laptop has any malicious files on it. Am I trying to do any malicious activity as there's threat associated with me or my laptop, the security posture is continuously verified. And at any point in this process for whatever reason, a threat is now associated with me over the device I'm using, my access privilege will be revoked. It will either be decreased or it will be completely blocked from the network. All right. So we've printed a picture about what Zero Trust is and why is it important to the network. Now let's talk about Cisco SD-WAN and how we are bringing in a Zero Trust strategy and framework. So within Cisco, we've identified, if you want, important elements or pillars to govern Zero Trust. Number one, first and foremost, the users and the devices. Users and devices will first hop into the network through a specific LAN atmosphere, a LAN environment, which is usually our Cisco SDA fabric. Those users and devices will be identified through a specific mechanism. In this case, we are using Cisco ISE as our identity service. And finally, you will need a WAN network and security enforcement point. And in this model, it will be Cisco SD-WAN fabric. So all of these elements are playing and not communicating with each other to number one, identify the user and the device. Then it will give it the proper access privileges from the LAN side. And finally, you'll have a layer 3, layer 4 and then an application firewall and a security inspection stack being governed by Cisco SD-WAN. So now let me walk you through a typical use case of how Cisco SD-WAN ISE and SDRA can all talk with each other to deploy a Zero Trust strategy. So let's take Joe. Joe is an employee in company ads. Joe brings his laptop, opens it up, hops to the network at wants to access application Y. The first thing that Joe does is once he opens his laptop, he wants to connect to the network. If Joe was sitting in the office, he's very lightly connected, let's say, to some Cisco Catalyst switch. If he's sitting at home, let's say, for example, is using our SDRA solution. In either of these cases, once Joe wants to connect to the network, the first thing that he's going to do is identify himself. This is picked up by Cisco ISE. Cisco ISE will see, okay, this is Joe. He's an employee of the company, and he belongs to user group HR, for example. The second thing ISE does, ISE will inspect Joe's laptop. Is this a company sanctioned laptop? Does this laptop have any threats associated with it? If that's not the case, meaning that there are no threats, and this is actually the sanctioned laptop that Joe is supposed to use. Then I think we'll tag this laptop with a green SGT. SGT is what we call a secure group tag. It's literally just a tag that ISE will use to associate specific devices or tag specific devices. What the second thing it does, ISE will relay this information over to vManage. Now on vManage, which is part of Cisco SD-WAN, this will be the one enforcement point and the security inspection stack to make security policy on vManage that says. Any device that has green SGT is application wide. And there is another security policy that says any entity that is tagged with a red SGT is not allowed to access application wide. So Joe meets the requirement, his laptop is clean. He has a green tag. He is now able to access the application that he wants. During this time, Joe is doing his thing on the application and then for whatever reason, he has now felt infected with them. It might be some command issues that he should not have or suddenly his laptop now has a threat associated to it, maybe there's a malicious file that he initially does not know about. CISCO ISE now picks it up. Once Cisco ISE picks it up, and this is the continuous security posture check that's happening in the background, CISCO ISE, okay, now Joe's laptop is infected. So the first thing that happens is ISE will now update the SGT that is associated with the Joe's laptop. First, it was a green SGT, now it becomes a red SGT. Now this information is also relayed over to Cisco vManage. Now since there's a security policy already configured on vManage that says any of the entity that has a red SGT associated to it is not allowed to access the application. So what happens is now automatically, one, Joe has a threat associated tool, his security posture is now decreased, his access privilege gets decreased by updating the tag, and Joe immediately now is no longer able to access the application. This requires no manual intervention and it happened as soon as the threat was identified. So this is really how in a very simple manner, Cisco has a Zero Trust framework that can govern user to application access. So some of the benefits of this, if I want to talk about this a bit more, some of the things that maybe I want you to walk out with is what are the benefits that Cisco SD-WAN and Zero Trust are providing to the customer? Number one, this framework allows you to identify your users and your devices that are connected to the network, right? Now in a changing landscape, you're not only connecting your company laptop, your sanctioned phone, you also might be connecting millions and now billions of IoT devices that are popping up everywhere. IoT is Internet of Things. It's basically all of the endpoints that you have now connected in your network that had no connection to the Internet before, now they're becoming smarter. They're becoming -- they're able to connect to the Internet. You're able to pick up your phone and you're able to turn on the thermostat at your house from your phone, that's an IoT. Now at the same time, this now device becomes a threat to the network because it's exposed to the Internet, a bad actor can jump on that and use it as an entry point to jump into your network. So one of the things that we will do with Zero Trust is we were able to identify such of these devices, right? So you are providing identity verification for the users, you are able to identify devices and classify them the way that you want. You are able then to look at the security posture of the users and the devices connected to your network and you are able to, very organically, block access to your critical applications as soon as the threat is associated with any of these entities, whether it is the user or the device. So all of this will allow you to scale your network in an easier way, in a more agile way. It will also enable you to have a tighter security grip on your network, which, in the end, will simplify IT management of your overall network. So now let's wrap it up with some Zero Trust use cases. We've been talking about how the Zero Trust framework works. What does it apply to, and why is it useful? Now let's conclude with how to use this in your day to day. First and foremost, we've been talking about user to application, right? If you're an employee, you're a contractor, you are a guest and you want to access the network to use a certain application. And it's very moment that it's fundamental, this is what Zero Trust is doing. It's governing that application access and that application usage. But it doesn't only stop there. A user might be governed on how to access the application. A device might be governed on how to access the application. Also, Zero Trust works on governing and securing communication from application to application. It depends on, let's say, you're in a big organization, you're using one application to be able to access another database that has another application when you go on it. And each one of these applications might be sitting in a different entity within your organization. One might be in your data center, another one might be hosted in your public cloud. So even that communication is still governed within the Zero Trust framework. Now once you are able to govern this access, identify the users and the devices, you can continuously check their trust, their identity and their security posture. Once the security posture is compromised, you are able to organically adapt to this or respond to this threat and decrease the access privilege of the entity that you are governing. And finally, maybe a note our with over here is whether it's a Zero Trust or any other security solution, a security stack is never complete without having a comprehensive visibility dashboard. And this is something that also Cisco is working on to provide to their customers as we understand that you're not only securing your entity, but you also need to visualize within your network, what threats have been caught, who are the users that are connected to your network, what devices are in play in your network as well. So we are working towards providing a dashboard that will do just that in one place, in one constant, you'll be able to look at who are your employees, your guests, your contractors that are connected to the network at any given time, what devices they are using to connect to your network? And what are they doing? What applications are they using? How much time are they spending on these applications? What -- are there any threats associated with them or with the applications that are using? All of that will be put in one place for your soft team to be able to consume this data in real time and act accordingly on it. And with this, we come to the conclusion of this webinar. I hope this today help you get an idea or a better idea about what Zero Trust is, how we can use it, how it can help you in your day-to-day job, how it can empower your IT department, your SOC and it will also help you have a tighter grip on your overall network security. Once again, my name is Salah Ramlawi. It was a pleasure having you on the webinar today. We hope to hear from you more on webinar.cisco.com. We also encourage you to go to cisco.com, look at Cisco SD-WAN, at ISE, at our Zero Trust strategy and gain a bit more information over there. Thank you very much, and have a good day.