Traditional network security solutions have been built from disparate point technologies that create gaps in traditional defenses that sophisticated attackers exploit. With an integrated approach, organizations gain the full contextual awareness and dynamic controls necessary to automatically assess all threats, correlate intelligence, and optimize defenses to protect modern enterprise networks. An integrated threat defense also considers both network and endpoint perspective across the extended enterprise. Contrast this with point solutions that lack the visibility needed to spot multi-vector threats and to see what users, applications, content and devices are on the network and what each are doing.
In today’s dynamic network environment, point solutions lack the visibility and control required to implement effective security policy to accelerate threat detection and response. In addition, disparate solutions add to capital and operating costs and administrative complexity. They also result in higher implementation costs to integrate with the existing IT environment, work stream, and network fabric. By integrating defense layers, organizations can enhance visibility, enable dynamic controls, and provide advanced threat protection that address the entire attack continuum – before, during, and after an attack
Cisco ASA with FirePOWER Services is a new, adaptive, threat-focused next-generation firewall that delivers superior, multi-layered protection, improves visibility, and reduces security costs and complexity. It provides integrated threat defense for the entire attack continuum by combining proven ASA firewall skills with industry- leading Sourcefire next-generation IPS and advanced malware protection.
I know more than once now the Cisco ISR/ISR-G2’s Series have been dubbed as the ‘Swiss Army Knife’ of networking devices, simply due to the amount of flexibility & the number of technologies available to you when deploying these devices. Luckily for us, these devices provide even more features available to us to assist with troubleshooting and maintaining the overall health of the network. What is even better is that many of these useful troubleshooting features exist on many of the other product families not just ISR/ISR-G2’s. I’ve had the pleasure to work on networks all around the world for some decent size companies so I wanted to kick off this list with what I consider to be the most useful tools built-in to Cisco devices that are not very well known out there.
1. Embedded Packet Capture (EPC) -- There is no doubt about it, but the ability to perform a packet capture at key points throughout the network can make troubleshooting particular issues that much easier. Luckily this feature exists on many different devices:
1. ISR G2′s -- Even the older ISR’s have this ability
2. ASA Firewalls
3. IOS-XE devices -- From the powerful ASR’s to the newer Catalyst 3850
4. NX-OS devices -- Granted on NX-OS you can capture packets that are process switched, there is an easy way around this by creating an Access-list to match the traffic you want to capture.
5. Even in Cisco UCS we can configure a traffic monitoring policy to capture traffic directly from particular servers and capture directly off the Fabric Interconnects. *This is more of a SPAN-type session than Embedded Packet Capture. Read More »
Why is platform-based a key imperative for next-generation firewalls (NGFWs)? In our previous blog posts, we outlined what it means to be threat-centric, integrating best-in-class security layers with shared intelligence across all layers to combat advanced multi-vector threats.
Multiple point products create considerable management complexity and cost for IT staff who are under tremendous pressure to efficiently manage IT environments, keep operational costs low, and maintain the best defenses to keep pace with the dynamic threat landscape.
To protect extended networks, the idea of being platform-based entails delivering a more effective yet simplified architecture with fewer security devices to manage and deploy. Unifying security layers in a single device not only closes gaps that attackers exploit but this architecture also reduces cost and complexity in a number of ways.
The 135 Spanish Steps are perhaps one of the most popular tourist attractions in Rome—and this in a city where your alternatives include stunning options like visiting the Vatican, the Colosseum or the Trevi Fountain. And yet, a visitor to the Spanish Steps today is first—and ahead of any chance to delve into the rich history or architectural heritage of this monumental stairway—forewarned of the dangers of the omnipresent pickpockets that frequent the area! I bring this up because while European vacations may not always be part of our quotidian routine, our daily lives do involve shopping online, visiting our neighborhood retailer or posting updates on social media. And none of these places post enough warning signs urging us to be wary of the virtual pickpockets, waiting to steal and profit from personal, financial and business information that traverses across thousands of transactions at places we visit in person or on our browsers every single day.
As consumers we may even squeeze by with a bit of a lax attitude, but businesses are only painfully aware of the speed, ferocity and variety with which attackers move to try and gain access to critical business data. Our customers tell us that their cybersecurity teams work tirelessly—but often in reactive mode—to fight against breaches and constantly assess ways to eliminate vulnerable links. Today, we are thrilled to share that we’re stepping up to provide our customers and partners with enhanced capabilities to combat the changing nature of threats. Cisco ASA with FirePOWER Services integrates the proven Cisco ASA 5500 Series firewall with application control, and the industry-leading Next-Generation Intrusion Prevention Systems (NGIPS) and Advanced Malware Protection (AMP) from Sourcefire in a single device, providing integrated threat defense across the entire attack continuum—before, during and after an attack. Read More »
In addition to offering an unprecedented network visibility foundation, a NGFW must also be threat-centric to stop advanced, multi-vector threats, both known and unknown.
This means offering integrated threat defense for better control to combat these attacks across the attack continuum—before, during, and after an attack.
In complex environments, delivering integrated threat defense means ensuring that best-in-class capabilities, such as third-party tested and market-leading Intrusion Prevention Systems (IPS), Advanced Malware Protection (AMP), and URL filtering work together to protect against threats coming from multiple vectors.
Other NGFWs have not offered best-in-class network security capabilities in their devices, but rather, rudimentary versions of them. In addition, these solutions are poorly integrated and cannot share intelligence between security layers, making advanced threat detection and remediation difficult, if not impossible. Read More »