Murali Rathinasamy: [00:00:00] Everyone is now an application developer. These agents now can sort of look like a user, but they're doing things in ways that users don't do. And a lot of these MRI machines are still running software that's like Windows XP.

AshIsh Rajan: Micro-segmentation. It's probably the most spoken, yet least implemented space of the industry.

Murali Rathinasamy: Micro-segmentation always stalls in the phase of how do I know what I need to go protect? It's not a different set of threats. It's the same sort of threats, it's just a much higher volume of those threats on a much shorter timeline.

AshIsh Rajan: You don't have to eat the entire pie in one go.

Murali Rathinasamy: Take it one bite at a time.

Murali Rathinasamy: Think of that as the destination, don't think of that as the journey.

AshIsh Rajan: You've been working in the cloud security space for some time, you probably have a good understanding of firewall. Well, at least that's what I thought until I heard about hybrid mesh firewall and how the world of AI, Kubernetes, cloud and on-premise has made our lives more complicated.

AshIsh Rajan: So firewall's now evolving to hybrid mesh firewalls. For this particular conversation, I had Murali from Cisco talk about hybrid mesh firewall, what it is, and where do people use it? Do I still need it if [00:01:00] I have an EDR or any of the other traditional things? And how different is this to a next gen firewall that a lot of people may have heard of throughout their career?

AshIsh Rajan: All this and a lot more in this episode with Murali. If you have been listening or watching an episode of Cloud Security Podcast for some time, I would really appreciate if you take a quick second to hit the subscribe button or follow, depending on whichever platform you are listening or watching this on.

AshIsh Rajan: We are on Apple, Spotify, LinkedIn and YouTube. And thank you to Cisco for sponsoring this particular episode of Cloud Security Podcast as well. I hope you enjoy this conversation. I'll talk to you soon. Peace. Hello, welcome to another episode. Uh, my name is Ashish, and today we have Murali. Thanks for coming on the show, man.

Murali Rathinasamy: Yeah, absolutely. Great to meet you, and happy to be here.

AshIsh Rajan: Thanks, man. And, uh, just to start off with, could you share a bit about yourself, your professional background, and where you are now?

Murali Rathinasamy: Yeah, absolutely. So, uh, Murali Rathinasamy, Senior Director of Product at Cisco, primarily focused on, uh, network security, covering hybrid mesh firewall.

Murali Rathinasamy: My specific patch of the world is security cloud control, so making sure that the unified security platform, uh, brings together the outcomes customers are looking for, as well as a new unified [00:02:00] policy orchestration capability that supports both Cisco enforcement points as well as non-Cisco enforcement points, which we'll talk more about for hybrid mesh firewall.

Murali Rathinasamy: Uh, I've been at Cisco now for three years now, but I spent about seven years in AWS doing cloud security, and then prior to that was on the customer side, uh, deploying security tools within a large enterprise.

AshIsh Rajan: Oh, nice. Actually I'm definitely am quite keen to understand hybrid mesh firewall because before I talk- I started talking to you, I was trying to Google, like, what is hybrid mesh firewall?

AshIsh Rajan: I mean, and someone, as someone who's been in the cloud security space for a long time, I was just surprised the first time I heard of it. Why have I not heard of this enough? So what is this for people who are, uh, uninitiated like me?

Murali Rathinasamy: Yeah, absolutely. So, hybrid mesh firewall is really the next evolution of how the industry really thinks of firewalling.

Murali Rathinasamy: If you were to go back 30 years ago at the beginning of firewalling, it was really just a perimeter firewall that was really just based on, uh, A allow it to B. There was no, no- ... before the days of, you know, encryption and all that other stuff, so it's a very primitive firewall. And then it evolved over to next gen firewall, which starts getting into decryption, [00:03:00] DLP, being able to actually see what the threats are, getting a little bit better in terms of, uh, threat categories, malicious IPs, all that kind of goodness.

Murali Rathinasamy: Uh, hybrid mesh firewall is really the next evolution that recognizes the complexity of enterprise networks have gone from just data centers and multiples of data center now into cloud environments, and really how do you protect these hybrid environments. But what we've seen in the industry is the challenge is that customers will often think about their cloud security as one island in one pocket of the world, but then their on-prem is a different pocket of the world.

Murali Rathinasamy: Really though no enterprise thinks about them separately. It's all one hybrid network, and wherever the application are and wherever the users are, they wanna pro- uh, protect that in totality. And so this is a new category that sort of reflects the reality of the complexity of the network evolving and needing to still simplify the management and operation associated with that.

AshIsh Rajan: And, A, I'm glad we, we don't call it next gen firewall, because that would totally confuse people. Yeah, absolutely. Yeah.

Murali Rathinasamy: Next gen.

AshIsh Rajan: Yeah, 'cause it's like... And I honestly thought I knew about next gen, right? 'Cause I think that today as we talk about [00:04:00] cloud, it's... I was gonna say it's a lot more complex, but it's a lot more complex after AI even more, 'cause now it's just, uh, we have cloud workloads that we have done and worked with, protected for a long time, but we also have Kubernetes workload, container workload, API workload, AI workload through Bedrock and anything else that's coming through as well.

AshIsh Rajan: How do you see hybrid mesh firewall fit into this world? And where is it different to- People who already know about the CNAPP and CSPM world

Murali Rathinasamy: Yeah, absolutely. So one of the things that we, we see is that these are all tools that kind of interoperate together, but it really is based on, who is traditionally responsible for what part of the stack So where we see hybrid mesh firewall, uh, being a huge value proposition, for example, I think we'll talk a little bit more about them, um, Royal College of Surgeons in Ireland, where you have your traditional network persona, your traditional network security persona that's now responsible for this new cloud environment.

Murali Rathinasamy: They really see this as, "I need to be able to use my existing tools to go extend." So in, uh, in that specific case, Kevin was, is responsible for both [00:05:00] maintaining the on-prem network security as well as the cloud network security. And so then having that environment where you have a, an on-premises network en- engineer or firewall admin having to go figure out CNAPP and CSPM and these different tools that are only relevant to one half of their environment adds a lot of complexity, requires a lot of skilling up that these folks may not have.

Murali Rathinasamy: And so instead, you know, what we see as hybrid mesh firewall is enabling a customer to fully extend their existing security paradigms into the cloud, but in a cloud-native way. Like, what you'll see from what, uh, our cloud assets really has is, like, you're not just taking a virtual firewall and deploying it in the cloud, you're taking a virtual firewall and operating it like a cloud service.

Murali Rathinasamy: And so that starts helping bridge this gap between my traditional on-prem security and my cloud security, but allowing me not to have a different skill set to go do it. So from an enterprise perspective, it's really allowing your existing talent to go manage their, the new paradigm of this complicated world.

Murali Rathinasamy: And, like, what we think about AI, where I see AI more than anything else, is that [00:06:00] it's gonna explode this blast, uh, this, like, blast radius of things. Like, you now have new applications because at the end of the day, everyone is now an application developer because they can go and create their own applications.

Murali Rathinasamy: These agents now can sort of look like a user, but they're doing things in ways that users don't do. So even traditional behavioral analysis tools may not work because you'll see user Murli traditionally uses this application, and now his agents are going all over the place. And so you really have to think about both the operational side as well as the security posture associated with it and the totality of the network.

AshIsh Rajan: Uh, could you... Uh, I think you mentioned the RCSI example. Could you share a bit more about what was their challenge and what were they trying to work on and why a hybrid? Uh, it's like, did they not have a, a traditional CNAPP provider or... Like, I'm just curious from a... And obviously, as much as you can share.

AshIsh Rajan: I understand they're a customer of yours, so, um, I'm curious in terms of for people who are listening in who probably already have a CNAPP, are working for an enterprise, are pro- maybe today solving both cloud and AI challenges and as well as on-premise challenges. I'm curious as to what was the [00:07:00] RCSI example that made them go down that path of a hybrid mesh firewall.

Murali Rathinasamy: Yeah, absolutely. So, uh, RCSI, Royal College of Surgeons in Ireland, they're a, a very old organization, I think over 200-year-old organization, and, uh, it's a very large, uh, educational organization that's protecting applications for this institution, and these applications are both hosted on-prem as well as their application teams have started developing applications for the cloud environment.

Murali Rathinasamy: But it's the same team that is sort of responsible for both. And one of the challenges that they were coming into was they started down the journey, as many enterprises do, of Hey, I've got a physical firewall today. I may have virtual firewalls on-prem to give me some of the segmentation or east-west use cases.

Murali Rathinasamy: Why don't I just use that in the cloud? And so they'll go deploy it in the cloud, but what is very common, even for the Cisco virtual firewall ecosystem, is it requires a lot of configuration in front of and behind the virtual firewall to get the virtual firewall to work. Like in the RC- RCSI case specifically, there's a lot of route table configurations that need to be done, transit gateways that need to be [00:08:00] configured, all of this infrastructure that needs to be plumbed together to make it work.

Murali Rathinasamy: And then when you have a traditional, uh, virtual firewall that's in the cloud, a lot of the times the auto-scaling of that is, uh, on you, the upgrading is on you, the administrator. And so what RCSI realized was like, hey, this is just not a scalable model. Like, any time I need to do a software upgrade for the firewall, I have to go take downtime?

Murali Rathinasamy: My cloud application teams are like, "That's crazy." Like, no cloud team really thinks about downtime to do an upgrade. It's always a blue-green upgrade. Yeah. And so the team started looking for an alternative.

Murali Rathinasamy: So you know I mentioned that, uh, the customer would have to go cur- uh, configure route tables, and do transit gateways, VPC peering, all of this other stuff to make all this stuff work. Multicloud Defense handles all of that for you. It connects into, uh, your cloud providers, AWS, Azure, GCP, Oracle, whatever it may be, to give you this great visual of how your applications are interacting with one another.

Murali Rathinasamy: And then either through a Terraform script or through a UI, makes it very easy to say, "I'm gonna go deploy a new service to VPC. I want it to have this amount of, uh, this- these policies and these [00:09:00] capabilities," and then we handle all the rest of it. We go deploy the virtual firewall We manage it, we auto scale it based on whatever thresholds you set, and then when you need to do a software upgrade on it, it's a blue-green upgrade.

Murali Rathinasamy: There's no outage that you need to really think about. We are just kinda handling it for you. And the combination of the security posture, uh, our CSI was already familiar with Cisco firewall, they had FTD in their on-prem environment, so they're happy with the security p- uh, profile that we provided them, coupled with this orchestration capability to give them a complete picture of what they need to secure, and then actually deploying the security is what gave them confidence that our solution was the right way to go, and doing it all through security cloud control as the manager for Cisco's Hybrid Mesh Firewall.

AshIsh Rajan: But why not use the native ones? 'Cause, you know, uh, obviously a lot of people are on that bandwagon of that we have l- already invested so much into AWS, Azure, GCP, which already comes with native firewall capability, and I think they already have, like, a firewall service, firewall manager, network manager, all of that too.

Murali Rathinasamy: Yep,

AshIsh Rajan: 100%. Um, what is the incentive in, in, in not using that? 'Cause I think the whole, at least the [00:10:00] pitch that all of us, and I put myself in the category as well, who drank the Kool-Aid from Cloud Native for a long time, it was just that, hey, if, as long as you're entirely in the ecosystem, which by the way, the, uh, caveat is that assuming you always remain only AWS or always remain only Azure- Yep

AshIsh Rajan: and maybe I'm answering a question as well. But- Yep ... uh, it's like, um, what's the incentive there? 'Cause I think I find that, uh, for a long time we had the anti-pattern of, hey, you cannot, uh, rely on outside static firewall because it's not dynamic enough, and to your point, c- we, it doesn't allow for blue-green deployments.

AshIsh Rajan: You are, uh, then at the, at the mercy of not understanding the context of security groups and all of that because it's not natively used inside the product ecosystem of those cloud providers. What's the balance there? 'Cause a lot of people were already quite invested, right?

Murali Rathinasamy: Yeah, absolutely. As a former AWS product manager, I would tell you that I would've said the exact same thing.

Murali Rathinasamy: "Hey, you're in the AWS ecosystem. We have, we've got the best in class services. Go and use ours entirely." However, the reality for all the enterprises I work with, [00:11:00] literally all of the enterprises that I work with is none of them are one cloud provider. A, none of them are one cloud provider.

Murali Rathinasamy: All of them have at least two cloud providers, and then B, they all have on-prem deployments as well. So like the, the cloud-native story really resonates if you truly are only in AWS ecosystem, for example, and you have no on-prem. The other part of it is in order for the on-prem story to work with AWS, you'd have to route all of your traffic through AWS, which then creates its own hassle and its own headache because now it's another thing that can sort of create a an issue for you.

Murali Rathinasamy: I think at the end of the day it really comes down to where do you want the ownership and responsibility boundary to be? In the enterprises that I work with, they have centralized security teams that are responsible for protecting all the applications, the users, the devices, the workloads wherever they sit.

Murali Rathinasamy: And so when you've got that model set up where it's a centralized security team that's responsible for actually configuring the firewalls, the security tools, and all of that other stuff, you're now asking this team to have to skill up significantly on every individual cloud platform, uh, in order to be, [00:12:00] to configure those best-in-class tools or what, you know, the cloud providers will tell you are best-in-class tools.

Murali Rathinasamy: What I will tell you though from what I hear from customers more than anything else is there's two key reasons why our story really resonates with them. One, first and foremost is where the cloud providers really shine is on scalability. So the fact is that they're automatically handling the scaling of the, the gateways and the firewalling infrastructure and all that other stuff, but customers routinely tell me that the security features that they have are not there just yet.

Murali Rathinasamy: They're gonna build them and like every, e- everything in the hyperscaler world, they'll get there, they'll build these capabilities, but ultimately the firewall providers, Cisco as a firewall, uh, having the experience of being a firewall provider for decades at this point means that we have a better security capability over those providers.

Murali Rathinasamy: And then secondarily is really just this consistency. Like by having hybrid me- uh, Cisco's Hybrid Mesh Firewall, they have a lot more confidence that their security posture is being applied consistently throughout the ecosystem versus like, "Oh, okay, I can go look at a policy here to go see what's going on in the on-prem world, and then I have to go and try to stitch together what is the security posture in [00:13:00] this VPC versus this VPC versus this VPC versus Azure and GCP," and, like it creates this visibility gap that becomes a bit of a challenge.

Murali Rathinasamy: And the same is true for, you know, CNAPP and CSPM tools. What's awesome about them is that they work great in a cloud environment, but a cloud environment is probably the cleanest application deployment any customer will ever have because you can log into a UI or you can programmatically describe it.

Murali Rathinasamy: The challenge is so much harder in a on-prem world where things aren't as clean in terms of how the relationships all exist.

AshIsh Rajan: But let's talk about AI workload as well then, right? Because that, there's multiple ways to use it. Some people host their own, some people, uh, use Amazon or other providers use it as well. Does the hybrid mesh firewall concept extend to AI workloads as well?

Murali Rathinasamy: 100%. So there's kind of, there's two parts to how we think about this.

Murali Rathinasamy: Like, one is on the segmentation part. So how do you ensure that a agent is being, uh, is not able to go access things that it shouldn't be able to access? And so the way that we think about this is with hybrid mesh firewall, we give you the ability to segment your network in a way that [00:14:00] doesn't impact your existing user traffic.

Murali Rathinasamy: So user Murali normally accesses these applications, has an agent now on his, on his device that is suddenly trying to go discover all these other things. Your segmentation tool is able to protect that and prevent that from really expanding that blast radius. The other one is that Cisco has a, a capability called AI Defense, which will actually sit...

Murali Rathinasamy: One is it'll discover the tools that are actually being used by customers. So without deploying any additional enforcement points, it will go, uh, analyze your cloud usage. It'll go look at the Bedrock APIs, for example, to go see what models have been deployed. Also natively integrates with our secure access product, which is our user internet access and user private access, uh, security solution.

Murali Rathinasamy: Look at those logs to say, "Hey, user Murali is accessing ChatGPT and Claude," and all these other things, and tell you what's going on and even be able to show you what are the kinds of prompts that are being done. Also in firewall, so we're adding that capability to firewall initially in the 10.5 release, which I think is coming in a few months.

Murali Rathinasamy: So being able to give you the full visibility of what's going on, and then secondarily, we also sit as a proxy in the middle to be able to secure those prompts, to basically make sure that, you know, from a [00:15:00] standard DLP control, we're able to determine and detect what are the kinds of things that our users are using, and then be able to even block them to prevent a user from exfiltrating any data or anything along those lines.

Murali Rathinasamy: So hybrid mesh firewall kind of operates in totality from a single place to protect both sides of that AI equation. And then From an AI workloads perspective, it's the same, right? That's their AI workloads is really just more of your standard network security and network segmentation, um, kind of construct.

AshIsh Rajan: But maybe to take a step back as well, 'cause not everyone who's listening or watching would be a, uh, Cisco customer as well, right? So A, obviously hybrid mesh firewall is a, is a broader category. Uh, it's not just obviously not a product, so just wanna clarify. How are you seeing this as a, like a... 'Cause I obviously, as a CISO, I may already have an EDR, I may already have all these other things that I'm already in an ecosystem for, right?

AshIsh Rajan: What's the thing that I'm letting go of, or what's the thing, uh, that I would, I am currently blindsided to that makes me think of a hybrid mesh firewall versus all the ecosystem? I mean, most enterprise already have maybe [00:16:00] two of each, I guess. I mean, just depending on which you talk to, two EDRs, two CNAPPs.

AshIsh Rajan: What's the thing that I'm losing out on if I do not look into hybrid mesh firewall?

Murali Rathinasamy: I mean, at, at the end of the day, it's really consistency and operational, uh, operational efficiency. A lot of customers have multiple firewall vendors deployed in their environment, either by nature of acquisition, by nature of regulatory requirement in a lot of the financials in utility company world, or just by nature of they decided on one vendor, then they decided hopefully on Cisco, and now they're in this migration period.

Murali Rathinasamy: But no one replaces these really expensive, uh, hardware appliances or software appliances overnight. You, you know you that you just bought a firewall, but you're replacing the vendor, you're gonna keep that thing for five years. Mesh Policy Engine allows a customer to do a, a firewall agnostic intent-based policy, meaning that the administrator can go specify to Mesh Policy Engine the policy.

Murali Rathinasamy: We will then compute what is the effective outcome for the relevant enforcement points, and then go actually deploy that policy to those devices, regardless of its Cisco ASA, Cisco FTD, Palo Alto Networks, Fortinet, Juniper Firewalls. [00:17:00] There'll be more coming. But to your, your core of your question of, you know, what are you missing out by having this separate set of tools compared to having a unified Hypermesh firewall, to me it's really about the operational efficiency and total visibility that you get over the network, especially when I think about segmentation as a core value.

Murali Rathinasamy: You know, Cisco is, uh, working very closely with Mythos on being able to identify vulnerabilities in our own software to patch them very quickly, and we're realizing that Mythos is the new reality in the world of all CISOs and CIOs, CTOs have known that all software is gonna have vulnerabilities. It's really about how do you close those vu- vulnerabilities quickly and use compensating controls to make sure that they're not, uh, exploited w- before you can kind of fix it.

Murali Rathinasamy: So while we, you know, uh, enterprises talk quite a bit about segmentation and micro-segmentation, at the end of the day, micro-segmentation always stalls in the phase of how do I know what I need to go protect, and what policy should I go use?

Murali Rathinasamy: We will give you full visibility. We'll analyze the entire network, show you user Merlee's doing this, workload A is d- uh, accessing this in, on this port and protocol, [00:18:00] and then give you a, a zero trust policy that you can apply.

Murali Rathinasamy: But the real differentiator for us is that you can start agentlessly. We'll then be able to apply that policy directly to your existing infrastructure agentlessly.

Murali Rathinasamy: So the key here is, like, you're not, uh, because we're doing this based on observed traffic, you're not gonna impact any of your existing applications, but you immediately reduce this attack surface. The most commonly exploited port in a data center is the, um, Windows, or one of the most commonly exploited ports in a data center is Windows Server SMB port.

Murali Rathinasamy: But it's also almost never used in a data center. So the easiest thing you can do is to block that port, but, that would either require a human in the loop to discover that it's not used, or a tool that can map out all these flows and tell you, and then apply that policy to your firewall, and then that buys you time to go do the actual agent deployment to get to true micro-segmentation.

AshIsh Rajan: I'm with you. So with the hybrid mesh firewall, uh, I guess where I'm coming from is obviously every CISO out there would look at every other solution out there, uh, in terms of- Of course

AshIsh Rajan: how this is. So maybe if you were to take a step back, because you've obviously done a lot, a lot of research and spoken to a lot of [00:19:00] customers that are using this hybrid mesh firewall, uh, what are some of the, the things that you see are, uh, some of the moving parts that are a key component? I think you mentioned segmentation earlier.

AshIsh Rajan: Because a lot of people approach networking very differently. What do you see are the key components for someone to even use something like a hybrid mesh firewall that makes it like, oh, this is the ideal use of it? 'Cause obviously this, we're all trying to go towards the same goal of having an understanding of what we are building and how do we protect o- how do we protect it.

AshIsh Rajan: What do you see are the key components that every CISO or operator who is basically working on addressing this particular problem of not having unO- uniformity, what do you think is of, uh, that, how they should consider as important components of a, if I'm trying to build a hybrid mesh firewall or bring in one in my organization, these are things that I should, A, already have, and B, should consider in a, in a solution moving forward?

Murali Rathinasamy: Yeah, absolutely. I, I think from a what I should already have perspective, hybrid mesh firewalling as a solution, note, so not specific to Cisco, provides your, both your north-south, so your perimeter firewalling, your inspection capabilities, [00:20:00] your decryption, DLP As well as inbound security, so being able to do, uh, web application firewall protections and detection of, like, Log4j and other vulnerabilities like that as a compensating control.

Murali Rathinasamy: As well as your east-west, so being able to use a firewall to go do your segmentation. The thing that I would say is, uh, probably the unique thing that customers need to think about as they go more into the hybrid mesh firewall world is how to decouple their firewall so you don't just have a data center core firewall, but you start thinking about how you distribute the firewalling more throughout your network, and then that's how you get the real hybrid mesh firewall benefits is by having a distributed set of firewalls to meet your use cases.

Murali Rathinasamy: Containers are another good example of this, right? So mentioned earlier, like, cloud native applications are another challenge, and one of the parts of the challenge there is the fact that really the security posture for a container stops at the container host edge. Once the traffic exits the container, you sort of lose that identity of what container was generating that traffic, so you need a good container firewall story that understands the identity at a namespace level instead of a container level.

Murali Rathinasamy: Yeah. Because a traditional data [00:21:00] center identity model of being an IP address is no longer sufficient when we start thinking about things like Lambda or containers. You now have to think about actually putting the security within that boundary. And so, you know, really a hybrid mesh firewall's differentiated value is giving you that, that total view across your entire network and then being able to secure it, uh, the closest to the workload you possibly can to help you with, um, ultimately getting that total security.

AshIsh Rajan: And do you find that... And I guess maybe, and then I, if I bring back my question for the hybrid mesh firewall is across all your kind of... Uh, it's not workload specific, which is what CNAPP pitch was. Correct. That we are Kubernetes, we are cloud native, all of that. It's being more doesn't really matter what kind of workload is it, which is why we could do the AI workload as well.

AshIsh Rajan: It's more about having some kind of a, a standardization across the board for what your network policy needs to be.

Murali Rathinasamy: 100%, yeah, and visibility because, you know, when, when I go talk to customers, like I, I work very closely with larger, a lot of large financials. A lot of lar- the large financials are like, "Hey, I've got AI workloads, I've got virtual machines, I've got bare metal hosts, but I also have [00:22:00] my users.

Murali Rathinasamy: Like, I have my users on the enterprise side. How do I think about the campus branch's security?" And then I start talking to, uh, large healthcare providers or li- large healthcare provider insurance companies that are like, "Hey, uh-" I also... How do I think about my MRI machine? A lot of these MRI machines are still running software that's like Windows XP.

Murali Rathinasamy: So it's a whole different security posture that needs to be thought about, and it's, it's really this proliferation and complexity and heterogeneity of the environment that is where customers really see the hybrid mesh firewall technologies being differentiated. But you're absolutely correct that like, hey, if my application team is responsible for its security posture, that CNAPP tool may be the right fit for them because they are, they are only responsible for their small portion of the network versus having to have a full visibility and full security of the entire network.

Murali Rathinasamy: You mentioned like things like EDR and other solutions like that. A core value proposition of, um, hybrid mesh firewall is not necessarily to completely replace those, but to be able to integrate with them to make sure that the telemetry and signals that are coming from there are also informing the hybrid mesh firewall policy compensating controls and things like that.

AshIsh Rajan: Right. [00:23:00] Okay. And I... that kinda makes sense because I think a lot of people who would be listening or watching obviously are, have heavily invested in cloud for a long time as well. So you're almost like unplugging it out of that, all the battles that have to be undone or actually we're gonna go back, it's gonna be not, not an easy conversation at that point in time.

AshIsh Rajan: So let's talk about the whole micro-segmentation for one second, right? I feel like It's probably the most spoken yet least implemented space of the industry. A- and you can correct me if I'm wrong if that's, uh, just a hypothetical that I've, we're landing on. How do you describe that in this world of, uh, hybrid mesh firewall?

AshIsh Rajan: Like, what's the, what's the goal from it, and how do you see that being applied across some of the customers you may be talking to?

Murali Rathinasamy: Yeah, absolutely. You know, the notion of segmentation, I think, has existed forever. So even I, when I was on my sys admin days more than 15 years ago at this point, it was the same way.

Murali Rathinasamy: We were internally deploying zonal firewalls to get this agentless sort of segmentation story. I remember we had deployed a appliance [00:24:00] into our VMware, our hypervisor, our VMware hypervisor environments to be a, a per host based firewall. And ultimately, the challenge that we kept coming into was, how do you actually consistently manage this from end to end?

Murali Rathinasamy: Because what would end up happening is, is an application team would go put in a request. We would try to identify the relevant firewalls that are between these two points. Inevitably, we would do it wrong. We would implement the firewall rule on one firewall device. It would be wrong. The team would come back and say, "Hey, I still can't...

Murali Rathinasamy: This thing is still not working." I'd have to packet trace it. I'd go find the next one in the loop, and then ideally I'd get it, and just creates a lot of frustration from all the parties involved, right? So I think the core challenge that I see from a lot of customers is they know that they need to segment, but they all sort of get stuck on analysis paralysis, thinking, "Oh, I haven't done any segmentation yet.

Murali Rathinasamy: Segmentation is really complicated. How do I do it?" The first thing that I help them understand is, one is you've already started segmenting. You have a firewall. It's between you and the internet. So fundamentally, you've got one segment, and almost all of my customers that I interact with now, regardless of manufacturing, financial, new tech, old school enterprise, whatever it is, they all have [00:25:00] internal firewalls that are saying, "These are my crown jewels applications, so I've got a firewall here," or, "I'm firewalling off my cloud environment, so I do have some amount of segmentation."

Murali Rathinasamy: So it's like, great. You guys are doing great. You've got a good start on it. Now let's help you with telemetry to help you understand how you can do better without needing a human in the loop to go analyze it. Because right now, by default, if you don't have a segmentation product or a segmentation tool in the environment, your segmentation is all human based, and humans make mistakes.

Murali Rathinasamy: It requires a lot of computation to understand payroll application to payroll web server to payroll database server, what ports and protocols, what are the IP addresses, all of this other stuff that needs to go into it. And the core that I would say customers really need to think about is like Think of this as a journey.

Murali Rathinasamy: It is not a, "I'm just gonna go deploy a tool, and magically it all works." It's a journey. Start with the visibility, understand what is talking to what. User Murali is doing this, workload, uh, A is doing this. And then from there, design a policy that allows you to reduce attack surface. I know workload A is not using port 445.

Murali Rathinasamy: Cool, block it. I don't need it. Or SSH only [00:26:00] comes from my specific Bastion host. Great, block 22 to everything but my, my jump hosts. And use that as your base point so that immediately you're reducing your attack surface that prevents a compromised application from compromising other stuff, and then worry about the north star of true micro-segmentation where every individual VM, every individual container, every individual device is really locked down.

Murali Rathinasamy: Think of that as the destination, don't think of that as the journey.

AshIsh Rajan: And it's your point, I think because we all, I won't say fell for zero trust, but we definitely wa- all wanted zero trust eventually. It's kind of where the micro-segmentation piece kind of just kept evolving, and it landed on a part, unfortunately in a bucket where it's too hard to do kind of bucket.

AshIsh Rajan: And I guess what you're saying is that you don't have to eat the entire pie in one go. You just basically take it one bite at a time.

Murali Rathinasamy: That's exactly it. Take it one bite at a time. The large healthcare provider in California that I was working with, it's exactly what they did. They're like, "Hey, look, we know that our EMR, the medical record system itself, is the crown jewels.

Murali Rathinasamy: For that, I will go tell the application team, 'You have to deploy the agent.' I know that this is the most sensitive application I have, so I will do true [00:27:00] micro-segmentation on that." For everything else, they're like, "Man, I've got these fire- I've got Cisco firewalls already deployed. I can just go have policy deployed to that.

Murali Rathinasamy: Get me agent with security that gets me, like, 80% of the way there. I'll worry about the agent some other time." But that has already immediately reduced their attack surface because then an application, the risk of one application compromising something unrelated or using it as a jumping off point to the EMR is gone.

Murali Rathinasamy: Yeah. Because now I know that, you know, my payroll application shouldn't be talking to my EMR application, and so I've already blocked that communication from happening, so this chain reaction is no longer feasible.

AshIsh Rajan: Do you find that, I'm thinking of the Mythos example that you gave earlier, a lot of those Mythos communications are not really...

AshIsh Rajan: I guess they're on network, but they're different kinds. They're not technical challenge. It's not like my port 555. It's like, hey, Anthropic talks on, I don't know, port 80, let's just say, and it just talks. How do you see the-- or what do you see as the role of hybrid mesh firewall in an AI workload world where even the cloud native firewalls don't work.

Murali Rathinasamy: Yeah, absolutely. I mean, I, I think it's kind of a, a couple of things, right? Like [00:28:00] one is I need to protect my applications, but they're a commercial off-the-shelf software, so I don't have the ability to patch my own application. I need to be able to apply a compensating control. Hybrid mesh firewall i- provides you the compensating control.

Murali Rathinasamy: Let's say it's a Log4J style vulnerability where I can actually do a, a rule that detects that malicious, uh, request and then blocks it, or it's just a comp- like a step-up authentication. Like I now know this application is vulnerable, therefore I'm gonna say I want to ensure that my users have to do an MFA before they can access the application.

Murali Rathinasamy: So it's kind of a core part of it, and then the other half of that is actually just being able to detect how applications are being used and actually protect them in that scenario and, and make sure that they're being safe. But to me, like the AI world is really more about, it's not a different set of threats.

Murali Rathinasamy: It, it's the same sort of threats, it's just a much higher volume of those threats on a much shorter timeline, right? So I think that's really where hybrid mesh firewall being more a unified platform with total visibility helps solve that problem of being able to shrink the timeline to be able to apply a compensating control or protect an application.

AshIsh Rajan: So, well, and do, do you [00:29:00] mind explaining how? Because I guess the way I s- I... and maybe this is me and other people, because firewall as a concept is always like a support number thing. Uh, hey, I-- to your point about destination A talking to destination B, yay or nay was a simple explanation that most people understood firewall as.

AshIsh Rajan: That's what tran- it kind of evolved a bit in the cloud world because it was not just my port number anymore, it's also, hey, my EC2 instance, which has a security group, I can have that hooked onto my RDS, uh, se- security group as well. How is the hybrid mesh firewall different in the AI workload space, uh, in terms of reducing that?

Murali Rathinasamy: No, it's, it's exactly the same. The thing though is, is that we also support the dynamism of the cloud. So exactly what you're describing of the security groups, we can do policy based on your cloud tags and things like that to also reduce that attack surface. So, like, ultimate- and then there's also inspection capabilities, so we can inspect, like, the, uh, OpenAI prompts and things like that to see what the attack vector is and try to pro- protect it or control against it.

Murali Rathinasamy: But in reality, like, the fire- the traditional firewall, you're absolutely correct that traditional firewalling [00:30:00] is very much about, like, a, the identity as a defined IP address. Yeah. But in a container world, that's no longer the case, and our firewalls are aware of those namespaces and can set up policy against that.

Murali Rathinasamy: Or even being able to apply to your EC2 security group the rules to make sure that we're securing that environment from a segmentation perspective as well. And then for traffic that's going out of the VPC, being able to inspect it.

AshIsh Rajan: Yeah, but I guess, , hybrid mesh firewall, you mentioned reduces the, uh, amount of exposure or the time of exposure that we may be exposed

Murali Rathinasamy: reduces the attack surface, and

AshIsh Rajan: then- Oh, reduces, yeah.

AshIsh Rajan: So, okay. But, so, but then I guess we don't know a zero day, I guess, right? So is it basically-

Murali Rathinasamy: Correct. Correct. So there are, there are things that we are working on in that regard. Like, we, we do have EDRs ourselves, so we, we have, like, secure network analytics and other tools like that that can go do behavioral analysis and help with feed those policies in.

Murali Rathinasamy: So we do have both sides of it. But ultimately, you're correct that- Like we're... The zero day will still exist. It's just more of how do you accelerate a time to detect a zero day has been exploited, and then applying a policy and a compensating control while [00:31:00] you're able to either work with a vendor or your application teams are actually able to develop a patch for it.

Murali Rathinasamy: Yeah. There's some other cool stuff that you'll see coming soon. Um, Cisco Live US is in, in like two weeks at this point, but there are some, some cool things that we're doing, uh, like with our Live Protect technology, where we will be able to, uh, potentially extend that in other ways to help customers with shielding their custom applications, not just shielding our own infrastructure.

AshIsh Rajan: Oh, yeah. I mean, so I, I, I get that part. I think where I was coming more from was that, you know how these days to what, even what you said, the AI vulnerabilities are a lot more language driven than technical driven, I guess, in a way. Yeah. Like I'm a- I'm just simply asking, "Hey, to AI, tell me the password," instead of a, a zero day, and I think that's kind of where I was getting confused.

AshIsh Rajan: So in the hy- in case of a hybrid mesh firewall, and maybe the answer is that the hybrid mesh firewall is not the tool for that kind of security, but I'm just curious if I have an AI workload that is protected by a hybrid mesh firewall, is that something in that category for, hey, it can protect from an AI, I don't know, prompt injection or any of that as well?

AshIsh Rajan: 'Cause I... In my mind, hybrid mesh, is it [00:32:00] hybrid of everything or is it hybrid from a destination, destination, and I understa- cloud context, I understand the workload context, but, um, when it comes to an agent security from a prompt injection or, uh, any of the other, uh, sweet stuff that the internet talks about, that's a, that's a separate problem.

Murali Rathinasamy: No, no, it's the same. So we do have, um, within hybrid mesh firewall, uh, we do include being able to detect prompt injection and be able to protect against it. So that was what I was mentioning earlier around the AI defense capabilities where we, because... So ultimately between those two points, you know, between your user and the LLM or your workload and the LLM, you'll have a firewall deployed that is able to see that request going back and forth.

AshIsh Rajan: Yeah.

Murali Rathinasamy: And so we can then send it to our, uh, LLM models to go identify, look at the total context of what's going on in those prompts to detect, oh, okay, there seems to be, in your example, like, oh, this user is trying to get a administrator password, detect it, and then block it when we determine either the prompt is an exploit itself or the, uh, response back from the LLM is giving back an answer that it shouldn't [00:33:00] have.

Murali Rathinasamy: Because ultimately you're still gonna have a firewall- in some capacity deployed in between those two points. And so we are able to actually detect and block or, uh, re- like remediate or at least, uh, notify when we're identifying these weird prompt behaviors.

AshIsh Rajan: Right. And I guess is hybrid, uh, this is probably my final question as well.

AshIsh Rajan: Is the hybrid mesh firewall, in terms of where do you see this placed within an organization? Everywhere you have workload, 'cause I think I'm, that's where I'm extending from your AI workload example. Everywhere you have a workload, whether it's a VPC or my data center, uh, where, where would this be, I guess?

AshIsh Rajan: And I think what would be the ecosystem like? I guess is, uh, and where I'm going with this is that as a s- as a CISO or an operator who's buying this, what is my network security person or a cloud security person, uh, managing at the end of the day, uh, if I was to look into the category for hybrid mesh firewall?

Murali Rathinasamy: Yeah, absolutely. So there's kind of two parts to it. One is you have your inline protections, which is a traditional, not... it's the hybrid mesh firewall appliance itself, whether it's physical, virtual, container form factor. [00:34:00] You would deploy that the same way you deploy a firewall today. Um, it, hybrid mesh firewall from a firewalling construct is the same firewall appliance that you have, just more flexibility in de- in where you deploy them and how you manage them consistently.

Murali Rathinasamy: There is also the out of band or out of the packet line, um, tools that you would be able to deploy. So Uh, things like secure workload for getting all of your visibility and telemetry to understand what's going on in your network or an EDR tool. So I, I think it's really more about, um, a consolidated management story and a uniform management story across the ecosystem of, of capabilities that you already have deployed, either Cisco or non-Cisco, and then we're bringing them together to make it simpler to manage and get you a total outcome across all of these things versus placing a lot of the burden or challenge of, uh, orchestrating and stitching all this together on the customer themselves.

Murali Rathinasamy: So Hybrid Mesh Firewall is, is a management. Uh, we do have a lot of additional capabilities that we're bringing to market that improve those detections and threat capabilities, but ultimately Hybrid Mesh [00:35:00] Firewall is really about unify- uh, uniformly managing this entire distribution of inline and out-of-band detection and threat capabilities.

AshIsh Rajan: Awesome. Well, thank you for sharing that. Where can people can learn more about Hybrid Mesh Firewall and the work you guys are doing in Cisco for this particular category?

Murali Rathinasamy: Yeah, absolutely. So Cisco Hybrid Mesh Firewall, uh, you can... I can send out... I'll send you some links so that you can, uh, learn more information.

Murali Rathinasamy: We have, uh, a lot of local, uh, innovation days and, uh, workshops, so you can go get hands-on with it and learn how to deploy it. Cisco Live is coming in two weeks, which is the easiest and greatest way to come see what the new innovations are. But otherwise, sign up for our workshops, and I will most likely be at some of them, so looking forward to meeting and, uh, working with all of you.

AshIsh Rajan: Awesome. And, uh, I'll probably put your LinkedIn in there as well for people to find you and connect with you as well. Perfect. Yeah, that'd be great. Um, but dude, thank you so much for this conversation. Uh, and, uh, explain the whole Hybrid Mesh Firewall as well. Uh, now at least I know at least, uh, what's the difference between a next gen firewall and a hybrid mesh firewall.

Murali Rathinasamy: Absolutely. And thank you for the time. It was great chatting with you.

AshIsh Rajan: Thank you. Thank you for listening or watching this episode of Cloud Security Podcast. This was brought to you [00:36:00] by TechRiot.io. If you are enjoying episodes on cloud security, you can find more episodes like these on cloudsecuritypodcast.tv, our website, or on social media platforms like YouTube, LinkedIn, and Apple, Spotify.

AshIsh Rajan: In case you are interested in learning about AI security as well, do check out our sister podcast called AI Security Podcast, which is available on YouTube, LinkedIn, Spotify, Apple as well, where we talk to other CISOs and practitioners about what's the latest in the world of AI security. Finally, if you are after a newsletter, it just gives you top news and insight from all the experts we talk to at Cloud Security Podcast.

AshIsh Rajan: You can check that out on cloudsecuritynewsletter.com. I'll see you next episode.

Peace.

‍