Cisco Secure Access LaaSCisco SecurityBlogCiscoSASESecurity
Blog6 minute read

Cisco Secure Access is a Natural Evolution of Cisco Umbrella

In a rapidly evolving digital landscape, traditional security measures fall short. Cisco Secure Access, a cloud-delivered SSE solution, integrates zero trust, AI-driven threat intelligence, and defense-in-depth protection. It simplifies security operations, enhances user experience, and adapts to modern threats, ensuring seamless, secure access across diverse environments.

We have seen a lot of change in the last 6 years. The prevalence of hybrid work, the rise of cloud computing, and the stratospheric rise of AI have combined to create a fundamental shift in the threat surface. Organizations cannot rely on security technology from the 2010s to secure their hybrid work environments. Today's approach must ensure that users are protected when working from home, at the airport, in a coffee shop and in the office. They need to be able to seamlessly access SaaS applications, private applications hosted in data centers, and private clouds, all while being protected from threats on the web.  

The solution to this problem is called security service edge (SSE). SSE combines all the security components of secure access service edge (SASE), providing the perfect solution for securing hybrid workforces. With it, we can secure web traffic and the cloud while enjoying the benefits of firewall-as-a-service (FWaaS) and zero-trust network access (ZTNA). You can find out more about SSE here

The change in the IT landscape we have seen over the past six years requires functionality that did not previously exist. Existing products like Cisco Umbrella have evolved into Cisco Secure Access to better meet organizations' needs.  

Cisco Secure Access is a cloud-delivered SSE solution grounded in zero trust. With it, organizations can ensure that any user enjoys secure, seamless access to public, private, cloud and AI applications. Instead of a fragmented approach to security, SSE solutions like Cisco Secure Access combine them into a single solution. Functionality you get with Cisco Secure Access includes: 

  • Zero Trust Network Access (ZTNA)
  • Secure Web Gateway (SWG)
  • Cloud Access Security Broker (CASB)
  • Firewall as a Service (FWaaS)
  • DNS Protections
  • Data Loss Prevention (DLP)
  • Remote Browser Isolation (RBI)
  • AI Guardrails

All of this can be controlled from just one console, simplifying security operations in increasingly distributed environments. 

We all know how frustrating it can be to jump through multiple hoops to access the resources we need to do our jobs. Security is an integral part of any environment, but when users must sign in multiple times a day, they may resort to workarounds that leave their organization vulnerable. With Secure Access, identity can be automatically verified – all the end user must do is log in to their computer, and they are ready to access private applications or webpages without having to launch multiple clients with different sign-ons and passwords. If identity is not automatically verified, the user signs in just once with their company credentials.  With this, users will not waste time entering a code from any of their MFA apps, allowing them to be more productive. It's really the best of both worlds, secure and unobtrusive.  

Secure Access also makes IT teams' lives much easier. There is just one cloud-managed console where administrators can create a policy for the entire environment, view logs and generate reports on data loss prevention events, AI guardrails, access protection, etc. Secure Access is also a single point of export for troubleshooting and finding the root cause of problems.  Integrations with Splunk, XDR and Thousand Eyes make finding the problem easier than ever before.  

Modern cyberattacks are sophisticated threats that can cripple organizations, making protecting against them a complex effort that requires thoughtful design. Cisco Secure Access is built with that in mind, taking a defense-in-depth approach that layers security controls across every point of exposure rather than relying on a single line of defense. Employees and contractors alike are protected as they go about their day, while security teams shrink the attack surface, ensure devices are secure before granting access, and enforce least privilege. Instead of being in the dark about the cloud apps used in their organization, security teams gain visibility into sanctioned and shadow IT usage. With that knowledge, they can permit or block access in real time. Internal resources are also kept hidden from external discovery, depriving attackers of a foothold they use in the early stages of a breach.  

In case you have been living under a rock, AI is here, and so are the risks that come with it. Sensitive corporate data (code, PII, PHI) can be fed, intentionally or not, into public AI models. AI outputs can be manipulated, and given the pace of adoption, security teams are discovering tools after they have already caused a security incident. Secure Access turns the tables, giving security teams real-time insight into the tools being used and the ability to add guardrails to those tools, preventing sensitive files from being uploaded to a public AI. This functionality is on the same unified platform and management console as every other feature, meaning that organizations don't need a separate tool or license to secure their AI usage. 

All of this is supercharged by Talos Threat Intelligence, Cisco's intelligence organization that provides real-time cybersecurity research, threat detection, and proactive defense. That knowledge is continuously fed into Secure Access, meaning it not only reacts to known threats but also stays ahead of emerging ones.  

Every attempt to access network resources should be treated as a potential threat. Attackers have become adept at exploiting the broad attack surface that comes with a hybrid workforce, compelling the need for stronger identity with zero-trust principles. Cisco Secure Access is built on a zero-trust foundation, meaning that users and devices are never explicitly trusted – they must earn it. Every access request is evaluated against identity, device posture, and contextual policy before access is granted. Because access is enforced at the application level instead of the network, the blast radius of a compromised account or device is much smaller. 

The security challenges faced today are fundamentally different from those even five years ago, and they continue to evolve. What remains constant is the need for a platform that can adapt and deliver protection without becoming a burden for the security team or the users that it should protect. Secure Access meets that standard by bringing together zero-trust access, AI-driven threat intelligence, gen-AI governance, and defense-in-depth protection. Secure Access is the natural evolution of Cisco Umbrella, taking the trusted, proven security foundation that has been relied upon for years and extending it into a modern SSE architecture designed for where work happens today. Secure Access is not a leap of faith; it is the logical next step for more security, simplicity and confidence for the future of enterprise security.  

Technologies