A Visibility-Driven Approach to Next-Generation Firewalls
Cisco ASA with FirePOWER Services has redefined the next-generation firewall (NGFW) as an adaptive, threat-focused platform, delivering superior, multi-layered protection, unparalleled visibility, and reduced security costs and complexity.
This innovative new solution addresses three strategic imperatives—being visibility-driven, threat focused, and platform-based. In this post, we will examine the necessity of a foundation of full contextual awareness and visibility—to see everything in an environment, detect multi-vector threats and eliminate the visibility gaps in traditional defenses comprised of disparate point technologies that sophisticated attackers exploit.
In an aptly titled recent post from Joseph O’Laughlin, “You Cannot Protect What You Can’t See,” he discusses why visibility (and subsequent control) into only applications and users is no longer enough to protect today’s dynamic environments and outlines how visibility into the network enables better network protection. This core concept of visibility into the network is at the heart of Cisco ASA with FirePOWER Services (and our Next-Generation Intrusion Prevention Systems too) that sets it apart from all other network security competitors.
While NGFWs have captured lots of industry attention for their ability to provide access controls on applications and users, visibility is what is most key to protect dynamic, changing environments. In an era of sophisticated threats, a visibility-driven approach requires insight into all users, mobile devices, client side applications, operating systems, virtual machine-to-machine communications, vulnerabilities, threats, and URLs. This provides real-time contextual awareness, gives network defenders a holistic view of the network, makes it easier to pinpoint suspicious behavior when it happens and is vital to identifying malware. It is a necessity for every modern NGFW.
Cisco ASA with FirePOWER Services Delivers Unprecedented Network Visibility
Cisco ASA now addresses modern requirements for unprecedented network visibility with full contextual awareness into users, mobile devices, client-side applications, operating systems, virtual machine-to-machine communications, vulnerabilities, threats, and URLs to let in trusted users and keep the trespassers and unwanted guests out of networks. Our solution provides Application Visibility and Control for over 3,000 applications and sub-applications to minimize risky activity on networks. Cisco ASA monitors all the assets in network and passively gathers detailed activity information. FireSIGHT then correlates this intelligence to display comprehensive information in a single console, including threats, users, applications, file transfers, and much more.
Cisco ASA is the first and only NGFW to include Indicators of Compromise correlation from both network and endpoint.
With full understanding of who the good guys are and their expected behavior, FireSIGHT can rout out unexpected activity and derive holistic, multi-vector indicators of compromise (IoCs) that correlate detailed network and endpoint event intelligence and provide further visibility into malware infections. IoCs ensure that network defenders focus on the top suspicious behaviors to quickly identify sources of infection, malware trajectory inside the network, and root cause determination to aid quick remediation and maximize security effectiveness. We’ll talk more about using contextual awareness for threat correlation and automated policy tuning in a future post.
The Best Choice for Next Generation Firewall
Cisco ASA provides the complete visibility and control to protect businesses. Our solution integrates a powerful suite of capabilities to comprehensively observe, detect, and remediate intrusions and ensure no further infections occur. This visibility and context serves as the basis for dynamic controls to establish adaptive trust. This concept starts with the assumption of zero trust, but expands as information regarding the behavior of the device, user, or application expands.
A future blog in the series will focus on how this trust is the baseline for then automating security actions. We’ll also discuss how Cisco ASA now delivers on the promise of threat-centric security with superior multilayered protection against known and emerging threats.