Cisco has taken the wraps off a new firewall and a technology package it says help enterprises better control hybrid workers' access to corporate resources and to enable a safer, more secure return to the office.\nOn the firewall front, Cisco has rolled out a new family of security appliances: the 1RU Secure Firewall 3100 series. The mid-range family starts with the 17Gbps-supporting 3110 and extends to the 3120, 3130, and 3140 devices which support 23Gbps-45Gbps throughputs. The series is meant to lower the barrier to entry, better support small branches and boost VPN performance, Cisco stated.\u201d\n\u201cThe big deal about the new Secure Firewall 3100 Series architecture is the emphasis on processing encrypted traffic,\u201d wrote Andrew Ossipov, a Distinguished Engineer with Cisco Security Business Group in a blog about the new firewall.\n\u201cThe traditional industry approach has been to deploy a look-aside crypto accelerator which works in tandem with the x86 CPU to process IPsec and Transport Layer Security (TLS) traffic for both VPN and transit inspection purposes. This approach results in a tremendous performance degradation, chiefly due to that look-aside nature that requires multiple traversals of the shared system bus for each encrypted or decrypted packet," Ossipov stated.\nThe 3100 includes a new custom-built Field Programmable Gate Array (FPGA) between the internal switch fabric and the x86 CPU. It implements a flow-offload engine for fast single-flow throughput and high-performance-computing grade latency and also provides in-path crypto acceleration across both IPsec and datagram TLS (DTLS) VPN connections, Ossipov stated.\n\u201cOnce programmed by Cisco\u2019s threat protection software, this intermediate component can decrypt and encrypt such flows in hardware without having to rely on the main system bus or consuming precious x86 CPU cycles,\u201d Ossipov stated.\nThe 3100\u2019s capabilities come from Cisco\u2019s Secure Firewall Threat Defense 7.0 software released last year that supports security features including packet inspection from Snort 3 and threat-intelligence updates from Cisco Talos. It also includes inference-based application identification and malware classification with Encrypted Visibility Engine (EVE), which Cisco developed in-house, Ossipov stated. \u00a0\nThe 3100 can be managed alongside other Cisco security devices through the Secure Firewall Management Center which supports unified management of firewalls, application control, intrusion prevention, URL filtering, and malware defense, Cisco stated.\nSmart Workspaces\nTargeting workers who are going back into offices at least some of the time is Smart Workspaces, a service offered as part of Cisco's cloud-based DNA Spaces, which is comprised of Cisco\u2019s Connected Mobile Experience (CMX) wireless suite and enterprise geolocation technology.\u00a0\nCMX capabilities and software are being integrated into Cisco DNA Spaces, Cisco stated. The on-premises component of Cisco DNA Spaces is the CMX location engine. This component can calculate the location of devices for use with internal systems without connection to the cloud. Without the cloud, however, you will not have the full breadth of location insights or a captive portal.\nIn the post-COVID world, organizations will need tools like Smart Workplace to make hybrid workers comfortable, said Lucas Hanson, a senior product manager for Cisco DNA Spaces.\nDNA Spaces can show not just which spaces\u2014like department stores, waiting rooms, cafeterias\u2014are being used and when, but also where people come from to get there, how long they stay, what data resources they use, and where they go after they leave.\nThe software also includes an IoT gateway service that lets customers manage a variety of IoT devices, form factors, and communications protocols. DNA Spaces includes analytics support that details who and what is in physical locations along with the ability to act on those insights in real-time, Cisco said.\nThe Smart Workspaces package includes a 3-D mapping capability and Webex support that can be used to let users locate a variety of in-office functions such as finding an empty meeting room or locating offices in large buildings. The mapping function can post graphics-rich images to Webex boards and systems.\n\u201cBasically the service lets customers see everything from room occupancy to air quality if they have those sensors,\u201d Hanson said.\n\u201cOrganization have employees that can look at the map and say there are too many people in that room to feel comfortable with so they can stay home or avoid those offices,\u201d Hanson said. \u201cOf course the flipside is true as well in the case where users want to be involved with a lot of people to engage with.\u201d\nCisco Smart Workspaces will be available in May.