Cisco Blogs
Share

Threat-Centric Security for Service Providers


June 9, 2015 - 0 Comments

Security has never been more critical for service providers. As Sanjeev Mervana said in his recent blog: Security has become a service provider imperative. it is a key enabler for open and programmable networks that enhances business agility and profitability. With secure networks, emerging video, wireless mobility, Internet of Everything (IoE) and cloud services can more reliably drive new revenue opportunities and business outcomes. Unfortunately, cyber adversaries exploit the growing attack surface that these services expose by launching more sophisticated attacks that impact both the service provider and their customers.

Until now, the only viable approach for service providers to protect their networks has been to deploy multiple point security solutions. Massive and expensive over-provisioning of equipment is the norm to handle burstable workloads and ‘absorb’ attacks, while continuing to deliver services. Even with open APIs, the integration cost to tie these point solutions together is excessive. Worse, once integrated, the solution becomes inflexible to service chaining requirements. This approach also leaves gaps between the “integrated” security silos that attackers can exploit. Without a unifying and highly automated way to deploy secure services, organizations are challenged to keep pace with the dynamic workloads and multiple topologies they must provision.

A New, Multi-Service Security Approach

Cisco is focused on solving the integration, performance, and security effectiveness challenges that plague legacy security architectures and put service providers, their customers and data at risk. Threat-centric security is the foundation of Cisco’s Evolved Programmable Network (EPN), which provides comprehensive threat protection across the attack continuum before, during and after an attack.

Introducing Cisco Firepower 9300

 FirePower

The new Cisco Firepower 9300 security appliance is a scalable, carrier-class, multi-service platform, designed to deliver integrated security services. With tightly integrated, threat-centric security services from Cisco and complementary security partners, Cisco Firepower 9300 lowers integration costs and enables realization of secure, open, and programmable networks.

The Firepower 9300 is the appliance component of Cisco’s scalable and agile security services portfolio for service providers. It is the first component of Cisco’s vision for consistent security policies across physical, virtual, and cloud environments. This unique solution is purpose-built to protect architectures including Cisco Evolved Programmable Networks, and Evolved Services Platform, as well as secure customer workloads transiting service provider offerings.

With this new security appliance, Cisco has reimagined service provider security by utilizing containerization of its own and partner security services. Advanced threats are identified, contained and remediated without inhibiting service delivery or network flexibility, speed or scalability. In addition, dynamic and intelligent service stitching is employed to optimize both threat defense and network performance. By dynamically “stitching in” only the security services necessary to further inspect classified traffic, unnecessary processing is eliminated and throughput is optimized. With Cisco Firepower 9300’s unique security and open network approach, service providers can realize enhanced agility, reduced expense, and increased revenue.

The first shipments of Cisco Firepower 9300 include Cisco ASA firewalling and VPN. Application DDoS mitigation, powered by Radware DefensePro and additional security services, including Firepower Threat Defense capabilities (Advanced Malware Protection (AMP), Next Generation IPS (NGIPS), Application Visibility and Control (AVC) and URL Filtering) will be added in the fall.

With scalable, tightly integrated, threat-centric, security services from Cisco and its partners, Cisco Firepower 9300 lowers integration costs and enables realization of secure, open, and programmable networks. For more information, please visit our website.

Tweet us @CiscoSP360 or find us on Facebook, we would love to hear your questions or comments!

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.