Cisco debuts Secure Firewall 10.0
Cisco announced Secure Firewall 10.0 with machine‑learning based intrusion prevention, AIOps upgrades that claim 90% faster updates, and unified policy enforcement across data center, branch and cloud environments. The release positions the appliance as a tool for operational security teams aiming to reduce manual policy drift and speed patching. (x.com)
Cisco has rolled out Secure Firewall 10.0, adding machine learning to spot some attacks before a signature exists and pushing more firewall operations into one cloud console. (blogs.cisco.com) A firewall is the gatekeeper that decides which network traffic gets through, and modern versions also inspect that traffic for malware and suspicious behavior. Cisco said version 10.0 expands its SnortML system to detect SQL injection, command injection, and cross-site scripting, three common ways attackers abuse web applications. (blogs.cisco.com) Cisco’s release notes show version 10.0.0 was first published on December 3, 2025, with version 10.0.1 dated February 18, 2026 and no new features added in that point release. The same notes list redesigned management menus, identity-based dynamic access control, and syslog export to Splunk or other security information and event management tools among the headline changes. (cisco.com) The company is also trying to solve a basic operations problem: security teams often write one rule for a data center, another for a branch office, and a third for cloud workloads, then spend months keeping them aligned. Cisco has been pitching that approach as a “hybrid mesh firewall,” with Security Cloud Control as the single management layer across those environments. (blogs.cisco.com) Cisco said its AIOps features in Security Cloud Control make upgrade workflows “90% faster” by tailoring software updates to each device. The company also said a new Tenable connector can feed vulnerability data into policy decisions so the firewall can tighten controls around exposed hosts without waiting for a full software patch. (blogs.cisco.com; secure.cisco.com) Encrypted traffic is another target for the release, because attackers increasingly hide malware delivery and command traffic inside normal-looking secure connections. Cisco said 10.0 adds an intent-based decryption workflow, certificate handling on the policy page, and more visibility into Quick UDP Internet Connections, or QUIC, the protocol used by many modern web apps. (blogs.cisco.com; blogs.cisco.com) The release also tightens policy writing in smaller but practical ways. Cisco said applications in access rules now map to their default ports automatically, which is meant to reduce the common habit of allowing an app on “any port” and accidentally widening access. (secure.cisco.com; blogs.cisco.com) Cisco is tying the software update to newer hardware as well. Its version 10 release notes list Secure Firewall 200 and Secure Firewall 6100 among the highlights, and Cisco used the 6100 platform at Mobile World Congress 2026 to showcase “shadow traffic” detection on a live event network with more than 100,000 participants. (cisco.com; blogs.cisco.com) For Cisco, the pitch is less about a single new box than about reducing the number of manual decisions security teams make every week. Version 10.0 bundles detection, decryption, logging, and policy updates into the same firewall line the company has been steadily shifting toward cloud-managed operations. (cisco.com; blogs.cisco.com)
