Cisco Blogs


Cisco Blog > Security

Evolving the Next-Generation Firewall: The Importance of Being Platform-Based

Why is platform-based a key imperative for next-generation firewalls (NGFWs)? In our previous blog posts, we outlined what it means to be threat-centric, integrating best-in-class security layers with shared intelligence across all layers to combat advanced multi-vector threats.

Multiple point products create considerable management complexity and cost for IT staff who are under tremendous pressure to efficiently manage IT environments, keep operational costs low, and maintain the best defenses to keep pace with the dynamic threat landscape.

To protect extended networks, the idea of being platform-based entails delivering a more effective yet simplified architecture with fewer security devices to manage and deploy. Unifying security layers in a single device not only closes gaps that attackers exploit but this architecture also reduces cost and complexity in a number of ways.

Read More »

Tags: , , , ,

Step Up to a New Standard in Threat Defense

The 135 Spanish Steps are perhaps one of the most popular tourist attractions in Rome—and this in a city where your alternatives include stunning options like visiting the Vatican, the Colosseum or the Trevi Fountain. And yet, a visitor to the Spanish Steps today is first—and ahead of any chance to delve into the rich history or architectural heritage of this monumental stairway—forewarned of the dangers of the omnipresent pickpockets that frequent the area! I bring this up because while European vacations may not always be part of our quotidian routine, our daily lives do involve shopping online, visiting our neighborhood retailer or posting updates on social media. And none of these places post enough warning signs urging us to be wary of the virtual pickpockets, waiting to steal and profit from personal, financial and business information that traverses across thousands of transactions at places we visit in person or on our browsers every single day.

As consumers we may even squeeze by with a bit of a lax attitude, but businesses are only painfully aware of the speed, ferocity and variety with which attackers move to try and gain access to critical business data. Our customers tell us that their cybersecurity teams work tirelessly—but often in reactive mode—to fight against breaches and constantly assess ways to eliminate vulnerable links. Today, we are thrilled to share that we’re stepping up to provide our customers and partners with enhanced capabilities to combat the changing nature of threats. Cisco ASA with FirePOWER Services integrates the proven Cisco ASA 5500 Series firewall with application control, and the industry-leading Next-Generation Intrusion Prevention Systems (NGIPS) and Advanced Malware Protection (AMP) from Sourcefire in a single device, providing integrated threat defense across the entire attack continuum—before, during and after an attack. Read More »

Tags: , , , , , , ,

Why a Next-Generation Firewall Must Be Threat-Centric

In an earlier blog, we discussed the importance of a visibility-driven approach to Next-Generation Firewalls (NGFWs) and the need for capabilities that offer full visibility and contextual awareness into everything on networks since we know you can’t protect what you can’t see.

In addition to offering an unprecedented network visibility foundation, a NGFW must also be threat-centric to stop advanced, multi-vector threats, both known and unknown.

This means offering integrated threat defense for better control to combat these attacks across the attack continuum—before, during, and after an attack.

In complex environments, delivering integrated threat defense means ensuring that best-in-class capabilities, such as third-party tested and market-leading Intrusion Prevention Systems (IPS), Advanced Malware Protection (AMP), and URL filtering work together to protect against threats coming from multiple vectors.

Other NGFWs have not offered best-in-class network security capabilities in their devices, but rather, rudimentary versions of them. In addition, these solutions are poorly integrated and cannot share intelligence between security layers, making advanced threat detection and remediation difficult, if not impossible. Read More »

Tags: , , , , , ,

#EngineersUnplugged S2|Ep9: IPv6 or 1970s Math

April 10, 2013 at 12:13 pm PST

The Internet of Everything fuels our daily lives, but leads to some new challenges in the networking space. Join us for this week’s episode of Engineers Unplugged as Damian Karlson (@sixfootdad) and Tom Hollingsworth (@networkingnerd) discuss the pros and cons of IPv6, firewalls, and the failure of 1970′s math. Watch and see:

Welcome to Engineers Unplugged, where technologists talk to each other the way they know best, with a whiteboard. The rules are simple:

  1. Episodes will publish weekly (or as close to it as we can manage)
  2. Subscribe to the podcast here: engineersunplugged.com
  3. Follow the #engineersunplugged conversation on Twitter
  4. Submit ideas for episodes or volunteer to appear by Tweeting to @CommsNinja
  5. Practice drawing unicorns

Follow us on Facebook.com/EngineersUnplugged for inside information, extra pictures, and to volunteer episode ideas. What’s your take on IPv6?

Damian Karlson, Tom Hollingsworth, a unicorn, and a whole lot of zeroes

Damian Karlson, Tom Hollingsworth, a unicorn, and a whole lot of zeroes

Tags: , , , , ,

Cisco Still Number One for Data Center Security

We were excited to read the Infonetics Data Center Security Strategies and Vendor Leadership: North American Enterprise Survey, which was released yesterday. It revealed Cisco’s continued leadership in a market that spans a multitude of vendors – application/database, client, data center integration and network. The report indicates that leaders need to offer the right mix of products across the data center security and cloud arenas as well as demonstrate security efficacy and integration into adjacent markets. Cisco has continued to execute on a unified security portfolio spanning firewallsIntrusion Prevention System (IPS), gateways, and integrated threat intelligence further complemented by strategic partnerships. Seamless integration and shared security intelligence with routing and switching (Nexus and Catalyst) and converged infrastructure (Cisco UCS) enables our customers to benefit from optimized traffic links, the highest levels of security resilience, increased availability and scalability as well as lower costs of ownership. Per the report, “to say you’re the leader in the data center/cloud security is to say you are an innovator who can tackle the biggest problems in IT security for the biggest and most demanding customers.”

We’d like to highlight two areas that Cisco has continued to demonstrate an outright lead over other vendors. In the area of perception as the top data center security supplier, Cisco leads with 47 percent of votes compared to IBM with 38 percent and McAfee with 28 percent, who ranked second and third. Cisco scored between 40 to 60 percent of respondents’ votes (covering 10 criteria) for being the leading data center security supplier with McAfee scoring 15 points below Cisco, HP received around 20 percent of votes, and Juniper and Trend with 15 percent.  Read More »

Tags: , , , , , , ,