Cisco Blogs
Share

Introducing the Industry’s First Threat-Focused Next-Generation Firewall


September 16, 2014 - 2 Comments

Cisco is a strong proponent for shifting the mindset regarding the capabilities a Next-Generation Firewall (NGFW) must provide to stay relevant in a world that is dealing with dynamic threats. While nothing is technically wrong with legacy NGFWs, much is wrong with their approach.

To meet current and future needs, a NGFW must now provide full visibility and contextual awareness across applications, hosts, and the network, address dynamic threats, quickly correlate and identify multi-vector threats and deliver the dynamic controls organizations now require to combat advanced threats. It must do all of this while reducing complexity. These capabilities are crucial for enabling continuous protection across the attack continuum—before, during and after an attack.

Today, we are unveiling Cisco ASA with FirePOWER Services, the industry’s first and only adaptive and threat-focused NGFW, designed to deliver on the three imperatives a NGFW must provide to protect modern enterprise networks — being visibility-driven, threat-focused, and platform-based.

So how is Cisco ASA redefining what a NGFW should be? We start with a market-leading stateful firewall in Cisco ASA and uniquely combine it with full-stack visibility and contextual awareness to see everything on the extended network, assess the impact of security events, and automatically tune security policy accordingly. It is also the only NGFW with both market-leading NGIPS and market-leading advanced malware protection—with third party testing to validate our leadership in security effectiveness. We combine this for integrated threat defense across the entire attack continuum together in a single device for reduced cost and complexity.

Superior Multi-layered Protection

The Cisco ASA with FirePOWER Services provides comprehensive protection from known and advanced threats. Key capabilities include:

  • Cisco ASA, the world’s most widely deployed, enterprise-class stateful firewall with industry leading clustering for highly secure, high-performance access, and high availability to help ensure business continuity.
  • Granular Application Visibility and Control (AVC) includes support for more than 3,000 application-layer and risk-based controls that can invoke tailored intrusion prevention system (IPS) threat detection policies to optimize security effectiveness.
  • Cisco ASA is the only NGFW to offer proven NGIPS and remediate after attacks with retrospective security:
    • Industry-leading FirePOWER Next-Generation IPS (NGIPS) provides highly effective threat prevention and full contextual awareness of users, infrastructure, applications, and content to stop multi-vector threats and automate defense response.
    • Advanced Malware Protection (AMP) provides industry-leading breach detection effectiveness to discover and stop malware and emerging threats missed by other security layers. AMP offers multi-source Indicators of Compromise (IoC) and both point-in-time detections and continuous analysis. This enables Retrospective security to “go back in time” after attacks to contain and remediate sophisticated malware that could have initially evaded defenses.
    • Reputation- and category-based URL filtering offers comprehensive alerting and control over suspect web traffic and enforces policies on hundreds of millions of URLs in more than 80 categories.

Unprecedented Network Visibility

Cisco ASA is centrally managed by the Cisco FireSIGHT Management Center. Cisco FireSIGHT provides comprehensive visibility into activity within the network including users, devices, communication, OSs, between virtual machines, vulnerabilities, threats, client-side applications, files, and websites. Holistic, actionable indicators of compromise (IoCs) correlate detailed network and endpoint event information and provide further visibility into malware infections.

Cisco delivers a simplified and more effective approach to threat management. In contrast, legacy NGFW vendors require customers to correlate events across multiple of their own and third party products and management consoles and cannot deliver the superior threat defense outcomes and continuous threat protection workflows that Cisco FireSIGHT provides.

Reduced Costs and Complexity

Cisco ASA incorporates an integrated approach to threat defense, to reduce capital and operating costs and administrative complexity. This purpose-built appliance family is highly scalable, performs at up to multigigabit speeds, and provides consistent and robust security across branch, Internet edge, and data centers in both physical and virtual environments.

With Cisco FireSIGHT Management, administrators can streamline operations to quickly correlate threats, assess their impact, automatically tune security policy and easily attribute user identities to security events. Cisco FireSIGHT continually monitors how the network is changing as devices come and go. New threats are automatically assessed to determine which can affect the business, deprioritizing
non-essential events. Response efforts are then focused on remediation, and network defenses are adapted to changing threat conditions.

Cisco ASA truly defines what a NGFW should be now and into the future. In the coming days we’ll dive deeper into how Cisco ASA delivers on the promise of what we believe a NGFW should be – visibility-driven, threat-focused, and platform-based. These capabilities are foundational for enabling dynamic controls based on visibility and intelligence to automatically adapt security policy, inspection depth and controls, and better align security with the threat profile of the ever-changing environment in which we interact. Chris Young’s blog titled “Dynamic Control without Compromise,” elaborates on how the move to dynamic controls is crucial to maintain security.

For more details about today’s announcement visit the Cisco Security Community and the Cisco ASA with FirePOWER Services product page.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

2 Comments

  1. For people that have acquired in less than 2yrs IPS-SSP Modules for ASA-5585-X what will be the route? The current IPS Software will be migrated to the new Software or defenitly they need to buy new Hardware Modules? Imagine who have 3 IPS Modules. Software solutions like run as a Service on ASA can be drawbck in terms of Performance in Some Datacenter if is the route. Can you please clarify us the way to go. Kind regards,

  2. Saw yesterday a Demo Totally impressive!!! Great Performance and View Console