In our previous blog post, we discussed how Cisco has reimagined Zero Trust, delivering an in-office experience for users and things from anywhere accessing resources everywhere. You're probably thinking "Ok, but how? How exactly has Cisco reimagined Zero Trust Access?" You're in the right place to get a look into the technical details.
In this blog post, I'll unpack some of the technological components that allow us to leapfrog legacy approaches, and in doing so, avoid many of the limitations of last generation ZTNA and Security Service Edge (SSE) solutions. If this piques your interest, I would like to invite you to dig deeper and get your hands on the capabilities, in one of the upcoming Cisco Secure Access Hands-on Introductory Labs.
As exponential growth in web, SaaS and private application traffic continues unabated, so does the demand for Zero Trust Access (ZTA) based on more efficient and secure networking protocols. To maintain not just a good - but excellent - end user-experience, we need seamless, fast and secure data transport. This has led to the development of cutting-edge technologies and protocols like MASQUE, QUIC and VPP. Each of these protocols is poised to significantly impact how we handle network data and when put together, they are a serious game changer.
Let's dive into how they work and what their combined potential can offer for network efficiency and performance.
An easy way to think of QUIC is to envision a new high speed rail system. QUIC is the underlying track system that enables high-speed custom designed trains to move various types of cargo (all ports/protocols as the payload). QUIC is a transport protocol initially designed by Google and later adopted by Internet Engineering Task Force (IETF). It operates on top of UDP and brings several performance advantages compared to traditional TCP.
Key performance benefits include:
By leveraging UDP instead of TCP, QUIC sidesteps many inefficiencies related to congestion control, retransmissions, and connection management, ultimately making it an ideal companion to MASQUE for modern network traffic optimization.
Lastly, if QUIC is blocked in an organization, which can be the case for a variety of reasons, there is a built-in fallback capability to HTTP2 if required.
Continuing with our high-speed rail analogy, consider MASQUE to be the high-speed trains designed to run on those efficient tracks that we laid down. From a technical perspective, MASQUE is a new standard developed to efficiently tunnel network traffic over QUIC. It aims to enhance privacy and reduce overhead while providing seamless support for different protocols.
The key benefits of MASQUE are:
The integration of MASQUE and QUIC into existing applications, such as web browsers and mobile devices, is expected to improve end-user experience by making network operations more transparent and reducing the complexity of traffic routing and encryption. A real-world example of MASQUE and QUIC can be seen in iCloud Private Relay. It enhances privacy and performance by securely routing internet traffic through multiple relay servers, ensuring users' data remains private. These technologies are seamlessly integrated into iOS and Samsung devices, providing robust, secure connectivity for users across both platforms.
Given the global footprint of Zero Trust Access by Cisco, we need a high-speed, high-performing packet processing engine and that is exactly what VPP delivers. VPP is an advanced, high-performance packet processing framework that operates on a software-based network stack. Unlike traditional processing, which handles packets one at a time, VPP processes vectors (or batches) of packets. This vectorized approach increases throughput by utilizing the CPU cache more efficiently.
Key benefits of VPP include:
Each of these technologies represents a significant improvement in network design. But their true power comes when used together. Here's how they complement each other:
Zero Trust Access by Cisco is available easily via our User Protection Suite licensing, which includes Cisco Secure Access. With the industry-leading technologies outlined in this blog post and an identity-first approach, Cisco Zero Trust Access (and Cisco Secure Access) provides an easy-to-manage and deploy SSE platform. Whether your organization is remote-first or hybrid, you can now deliver consistent in-office experience everywhere, ensuring that security does not hinder productivity.
Discover more about Cisco Zero Trust Access, and how it can transform your security approach, by registering for an upcoming workshop or exploring a product tour of Cisco Secure Access.
We'd love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!