Full NGFW integration yields streamlined security and greater value from investments

We know that security, when done properly, can be a business enabler. But as IT teams build out their security capabilities, the lack of integrated solutions yields lower threat effectiveness and inevitably leads to an explosion of complexity and cost.

When Cisco developed the Firepower NGFW, providing best-of-breed effectiveness while keeping costs and complexity in check were a priority, so organizations could focus on security while optimizing resources to focus on what they do best – seizing new business opportunities.

Today, NGFW platforms must not only be integrated and threat-focused but must also support mobility, virtualization and cloud initiatives with protections for users on and off the network. The modern NGFW platform must also seek to reduce complexity with full integration between security services within and extend outward to embrace other security technology while delivering even greater value from networking investments.

With legacy NGFWs, each security function introduces a new console and silo to manage – firewall access control, malware sandbox, endpoint security – amounting to the exploding complexity noted above. These disconnected services also miss out on opportunities to identify advanced threats that have learned how to evade point solutions and services.

This is why the Firepower NGFW is completely integrated. That means all security functions – from access controls, to intrusion policy, to file disposition, and even remediation workflow are tied together in the Firepower Management Center. This reduces complexity with one NGFW appliance offering unified visibility and policy management so teams have a single robust console for device management, event handling and policy enforcement.

Firepower NGFW further lessens complexity with full integration with other security technologies within the network so organizations better leverage their security and network investments. The innovative new platform allows hosting of Radware DefensePro DDoS protection, to increase security while reducing the cost and complexity of acquiring and managing a separate DDoS appliance. This complements the security services provided by Cisco, and provides a more holistic solution set.

We routinely advocate ‘security everywhere’ – deploying security wherever threats can manifest themselves. Fewer places are more important than with mobile users. By integrating Firepower NGFW with Cisco AMP for Endpoints, your security can travel off network. It provides a complete view in Cisco Firepower Management Center of malware analysis, progression and containment, and correlates specific events across an environment to identify compromised endpoints.

We don’t stop there – our Advanced Malware Protection (AMP), a licensable service for Firepower NGFW, has also fully incorporated Threat Grid sandboxing. Suspected malicious files are submitted to Cisco’s cloud, or on-premises, for dynamic analysis. Now there’s no need for a separate sandboxing solution as the NGFW provides this capability. Organizations now benefit from a web of shared security intelligence linking network malware analysis with the cloud-delivered security and endpoint security that protects employees wherever they may find themselves – on or off the corporate network.

Where does that leave the network? Shouldn’t the NGFW deliver seamless security integration with it? We say yes.

Firepower NGFW fits hand and glove with the Cisco Identity Services Engine (ISE) to extend visibility and deliver rapid threat containment. Integration with ISE provides user and location data to Firepower to be utilized in further strengthening access control and dynamic segmentation policies. Even more intriguing, Cisco NGFWs work in concert with ISE and other Cisco network components to automatically quarantine infected endpoints.

No other security company can deliver this level of tight integration in both the NGFW itself, but also between the NGFW, endpoint, cloud-based sandbox and the network.

When a NGFW becomes fully integrated, it has the power to not just stop more threats, but cut costs with fewer devices to purchase and less complexity, allowing organizations to get the most from their resources.

For more information on our new Firepower NGFW, watch our launch webcast or visit Cisco.com/go/ngfw.


David C. Stuart

Director, Network Security Product Marketing

Security Business Group