PostHole
Compose
Login
Double Defense: Cisco Secure Firewall 10.0 Confronts Encrypted Traffic and Emerging Attack Challenges
Discover how Cisco Secure Firewall 10.0 boosts visibility and protection against modern threats, from encrypted attacks to AI-driven exploits.
February 11, 2026 Leave a Comment
Security
Double Defense: Cisco Secure Firewall 10.0 Confronts Encrypted Traffic and Emerging Attack Challenges
3 min read
The latest release of Cisco’s Secure Firewall comes as today’s cyberthreats are more complex, elusive, and fast evolving than ever before. Organizations must defend against sophisticated, AI-driven attacks while remaining vigilant against longstanding tactics that continue to threaten network security.
Encryption has become the standard for modern digital communication, providing vital privacy and security for data in transit. While encryption protects sensitive information, it also creates blind spots that attackers are eager to exploit. Malicious actors are increasingly using encrypted channels to hide malware delivery, command-and-control communications, and data exfiltration. However, decrypting this traffic for inspection is no small feat. Not only is it technically challenging and performance-intensive, but it also raises concerns about privacy and compliance. Organizations must carefully balance the need for deep security inspection against the operational costs and privacy implications of large-scale decryption.
Meanwhile, the emergence of artificial intelligence (AI) is fundamentally transforming the threat landscape. Advanced AI tools are empowering attackers to create more convincing phishing lures, automate vulnerability discovery, and adapt their tactics at machine speed, making detection and response more difficult than ever. Yet, even as AI-driven threats become more sophisticated, attackers continue to rely on tried-and-true techniques to gain initial access. Recent high-profile incidents like Salt Typhoon (PDF) highlight that many threat groups, including state-sponsored actors, still achieve their objectives by leveraging valid credentials, often obtained through credential theft, phishing, or exploiting default passwords that remain unchanged in enterprise environments. These methods require minimal technical effort but can be devastatingly effective, underscoring the ongoing importance of basic cyber hygiene even as organizations prepare for the next wave of AI-enabled attacks.
It is within this challenging environment that Cisco Secure Firewall 10.0 introduces a new suite of threat-protection features, designed to restore visibility and control for organizations facing the dual challenges of encrypted traffic and both emerging and established attack techniques. Below is a high-level look at the key enhancements in this release.
Key observability features in Cisco Secure Firewall 10.0
Simplified decryption and QUIC visibility
With most threats now concealed within encrypted traffic, Cisco Secure Firewall 10.0 significantly simplifies the decryption process. This simplification is achieved by prioritizing ease of use, allowing users to focus on what their policy should accomplish, while the system handles how to generate it. The solution provides a unified experience with all relevant options on a single screen, minimizing pop-ups and page navigation. Additionally, it decrypts modern protocols like Quick UDP Internet Connections (QUIC). This empowers organizations to efficiently inspect encrypted sessions and uncover hidden risks even when most information about a connection is hidden.
**Shadow traffic and loss of visibility reporting
**New reporting tools shine a light on areas where privacy technologies or evasive techniques obscure traffic, helping security teams quickly identify and address visibility gaps. Specifically, new features include a dedicated widget for Shadow Traffic in the FMC summary page, and new dashboard widgets designed to track privacy technologies such as Encrypted DNS, Evasive Private VPN traffic, Domain Fronting, and more.
**Intelligent, context-rich logging
**Advanced logging capabilities provide deeper insights into application behaviors, protocol anomalies, and security-relevant events, enabling detection of malicious activity like command-and-control malware and data exfiltration. Seamlessly send logs to platforms like Splunk to accelerate investigation and response.
Key threat-detection and control features in Cisco Secure Firewall 10.0
**AI-powered threat detection with SnortML
**SnortML leverages in-line machine learning to spot zero-day and emerging threats beyond the reach of traditional signature-based systems, recognizing and immediately blocking malicious exploits. While we previously introduced protection against SQL Injection and Command Injection, SnortML 10.0 now expands its capabilities to recognize and immediately block traffic Cross-Site Scripting.
**Expanded application and DNS control
**Policy enforcement is now even more precise and adaptive. Default port specifications for applications now automatically determine the correct ports, removing the need for customers to manually identify them. This, along with DNS filtering tied to Security Group Tags, allows organizations to apply context-aware controls, no matter where users connect from.
Advanced portscan protection for clustered firewalls
Coordinated portscan attempts can now be detected and blocked even in clustered firewall environments, shutting down a common reconnaissance tactic favored by attackers.
To explore each of these features in greater detail, don’t miss our in-depth blogs on Security observability improvements and Greater protection across networks and architectures.
Sign up for the Cisco Secure Firewall Test Drive, an instructor-led, 4-hour hands-on course where you’ll experience the Cisco firewall technology in action and learn about the latest security challenges and attacker techniques.
We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.
Cisco Security Social Media
Authors
Vignesh Sathiamoorthy
Director of Product Management
Security Business Group
📄 BRKSEC-2499.pdf