The expanding attack surface created by hybrid work, cloud adoption, and external partnerships demands a more unified approach to security. Managing firewall policies in this complex landscape often results in fragmented and error-prone implementations, as network operations teams struggle to navigate multi-vendor environments and identify the right firewall devices to grant secure access. Over time, these challenges can lead to inconsistent policies and a lack of visibility, leaving teams uncertain about why certain rules were implemented in the first place but hesitant to update or remove them for fear of breaking production access.
In response, Cisco is the first hybrid mesh firewall vendor to introduce intent-based policy management across multi-vendor firewalls through Cisco Security Cloud Control with Mesh Policy Engine.
Program once, enforce everywhere
In a hybrid mesh firewall architecture, organizations use Security Cloud Control—our unified, cloud-native security management interface—to specify access intent a single time which is automatically implemented across Cisco and third-party vendor firewalls. Cisco’s intent-based policy management approach eliminates the need for network operators to determine which firewalls need to be updated, craft and deploy those rules through each firewall vendor’s management interface, and then hope the request was correct to begin with. Mesh Policy Engine supports Cisco’s firewalls and third-party firewalls such as Palo Alto Networks, Fortinet, and Juniper firewalls, with more coming in the future.
Manage policy by intent, not device
Mesh Policy Engine is a new feature of Security Cloud Control which redefines how policies are created and managed. The traditional approach for granting access places a lot of overhead on the network operator: first validate the request actually has all the right rules, then figure out which firewalls to update, then finally add the rules, while being unaware if existing rules already grant some of other access and do the deployment. With Mesh Policy Engine, the network operator simply expresses the access intent (application A to application B on the specific ports and protocols) within the user interface or through the API. Mesh Policy Engine handles the determination of what device should get what policy, then deploys it.
This approach enables security teams to log into Security Cloud Control to quickly understand what access applications have and have confidence that changing or revoking that access won’t impact other applications or have unintended consequences. Using an intent-based approach enables true network access policy lifecycle management—from new application deployment to eventual deprecation and revoking of network access.
Implement policy in minutes, not weeks
Once an organization’s network topology is mapped to Security Cloud Control, complete with a unified view of firewalls, connections, and paths, they can use Mesh Policy Engine to unlock significant efficiency gains:
- Deploy policies automatically: New or updated Layer 3/4 (L3/L4) policies can be created and applied to the appropriate firewalls within minutes. This is a stark contrast to traditional processes that can take weeks and often require back-and-forth with the application owner.
- Avoid rip-and-replace: The engine supports a hybrid mesh firewall architecture by effortlessly integrating new devices, including third-party firewalls, without requiring a complete overhaul of existing infrastructure enabling you to use Cisco firewalls for your segmentation strategy without having to replace everything.
- Improve segmentation: By focusing on intent, the engine removes up to 80% of redundant rules and 35% of objects, simplifying policy management, improving adaptability, and enhancing network segmentation to prevent unauthorized access.
- End fire drills: With streamlined rules and enhanced automation, teams can redirect their energy from reactive, last-minute adjustments to more strategic, forward-looking tasks.
The future of policy management
By continuing to lead the way in intent-based policy management through Security Cloud Control, Cisco ensures that its Hybrid Mesh Firewall architecture not only protects your applications wherever they reside, but also delivers a unified, intelligent, and scalable approach to policy management across security tools that meets you where you are in your firewalling journey. Cisco Hybrid Mesh Firewall continues to expand what’s possible in firewall policy management, empowering organizations to move faster, stay secure, and maintain clarity in an ever-changing IT landscape.
See how Mesh Policy Engine can help you adopt Cisco Hybrid Mesh Firewall more easily. Register for a hybrid mesh firewall design clinic.
We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.
Cisco Security Social Media
