This is a comprehensive list of Cisco’s primary security controls, categorized by their function within an organization's architecture. Cisco defines a "control" not just as a policy, but as the technology solution used to enforce that policy.
These controls are designed to protect the integrity, confidentiality, and accessibility of the network infrastructure and the data traversing it.
Firewalls & Threat Prevention
Next-Generation Firewalls (NGFW): These provide stateful inspection combined with application visibility and control (AVC), intrusion prevention (IPS), and advanced malware protection. (e.g., Cisco Secure Firewall series).
Next-Generation Intrusion Prevention Systems (NGIPS): Deep packet inspection technologies that identify and block known and unknown threats by analyzing network traffic against threat signatures and anomalies.
DDoS Protection: Controls that detect and mitigate Distributed Denial of Service attacks, preventing network saturation.
Secure Access & Segmentation
Network Access Control (NAC): Technology that identifies every user and device trying to access the network and enforces a security policy based on their role, device type, and location. (e.g., Cisco Identity Services Engine (ISE)).
Macro-segmentation: Large-scale separation of network traffic (e.g., separating the Guest network from the Corporate network) using VLANs or VRFs.
Micro-segmentation: Granular control over traffic between individual workloads, often within data centers or cloud environments, to stop lateral movement during a breach. (e.g., Cisco Secure Workload).
Visibility & Analytics
Network Traffic Analytics: Monitoring and analyzing network telemetry (like NetFlow) to establish baseline behavior and detect anomalies that indicate a threat. (e.g., Cisco Secure Network Analytics).
These are agile, software-based controls delivered from the cloud to protect users on and off the corporate network, as well as workloads running in public clouds.
Cloud Edge & Internet Gateway
DNS-Layer Security: A control that inspects and filters DNS requests, blocking connections to malicious domains, IP addresses, or cloud applications before a connection is even established. (e.g., Cisco Umbrella).
Secure Web Gateway (SWG): A full web proxy that inspects all web traffic (HTTP/HTTPS) for malware, enforces acceptable use policies, and provides sandboxing.
Cloud-Delivered Firewall (CDFW): IP, port, and protocol-level filtering of internet traffic, enforced in the cloud.
Application & Identity Access
Cloud Access Security Broker (CASB): A control point placed between cloud service users and cloud applications to monitor activity, enforce security policies, and detect shadow IT. (e.g., Cisco Cloudlock).
Multi-Factor Authentication (MFA): Verifying a user's identity by requiring two or more pieces of evidence (factors) before granting access to application or data. (e.g., Cisco Duo).
Zero Trust Network Access (ZTNA): Granting access to specific applications on a case-by-case basis based on user and device trust, rather than granting broad network access.
These are deployed directly on devices—such as laptops, servers, mobile phones, and IoT devices—to protect them from infection and data exfiltration.
Endpoint Protection Platform (EPP)
Next-Generation Antivirus: Using machine learning, behavioral analysis, and signature-less detection to stop known and zero-day malware.
Ransomware Defense: Specific mechanisms within endpoint agents designed to detect and halt encryption processes common in ransomware attacks.
Endpoint Detection and Response (EDR)
Continuous Monitoring: Recording endpoint activity to provide visibility into what happened before, during, and after an attack.
Automated Remediation: The ability to isolate an infected device from the network, terminate malicious processes, or delete malicious files remotely.
Orbital Advanced Search: A feature that allows security analysts to perform complex, real-time queries across thousands of endpoints to hunt for threats.
These controls protect specific types of applications and data types from exploitation and abuse.
Email Security
Anti-Spam/Anti-Phishing: Inspection of incoming email traffic to identify and block spam, malicious attachments, and phishing URLs. (e.g., Cisco Secure Email).
Domain Protection: Enforcement of DMARC, SPF, and DKIM protocols to prevent domain spoofing.
Mailbox Defense: An API-based control that scans internal emails for threats and malicious behavior between colleagues.
Web Application Security
Web Application Firewall (WAF): A control that protects web applications by inspecting HTTP traffic, blocking common attacks like SQL injection and cross-site scripting (XSS). (e.g., Cisco Web Application and API Protection (WAAP)).
API Security: Specific controls to discover, analyze, and secure APIs from exploitation or accidental data exposure.
These are not standalone products, but capabilities that enable other Cisco controls to communicate and act as a single system.
Threat Intelligence: Global threat data ingested by all controls to provide real-time updates on malicious IPs, URLs, and file hashes. (e.g., Cisco Talos).
Extended Detection and Response (XDR): A centralized platform that unifies telemetry from network, endpoint, cloud, and email controls to provide a holistic view of an attack and enable rapid, unified response. (e.g., Cisco XDR).
Unified Policy Management: A control center that enables administrators to manage security policies across different types of firewalls (physical, virtual, and cloud) from a single interface.