Cisco Demonstrates Shadow Traffic Detection on Firepower 6100 at Mobile World Congress 2026
What Happened – Cisco deployed its new Firepower 6100 hardware with Secure Firewall 10.0 software in the live, high‑density environment of Mobile World Congress 2026, monitoring traffic from over 100 000 participants. The platform’s Shadow Traffic detection feature automatically identified evasive connections that attempt to bypass traditional firewall controls.
Why It Matters for TPRM –
- Highlights the emergence of “shadow traffic” that can evade conventional security policies, a risk for any third‑party network provider.
- Demonstrates that next‑gen firewalls can reduce manual log‑analysis effort, improving detection of covert malware C2 communications.
- Provides a real‑world validation of Cisco’s detection engine, useful for organizations evaluating firewall vendors for supply‑chain security.
Who Is Affected – Enterprises, telecom operators, event organizers, and any organization that outsources network security to firewall vendors.
Recommended Actions –
- Review existing firewall capabilities against shadow‑traffic detection; consider upgrading to solutions with integrated AppID, Encrypted Visibility Engine, and TLS/QUIC decryption.
- Validate that third‑party network providers can detect and report evasive traffic.
- Incorporate shadow‑traffic monitoring requirements into vendor security questionnaires.
Technical Notes – The detection engine correlates Application ID, Encrypted Visibility Engine, and TLS/QUIC decryption to flag >80 known evasive tools and techniques. No specific CVEs were disclosed; the focus is on behavioral detection of encrypted and obfuscated traffic. Source: Cisco Security Blog