Cisco Ramps Up Firewall Options
- By Dian Schaffhauser
- 02/29/12
Cisco has introduced a new "reimagined" firewall that adds a level of security smarts that could eventually show up in the company's line of switches and routers, as well as other hardware. This week, during RSA Conference 2012 in San Francisco, the company introduced the new Cisco ASA CX line, which performs "context aware" inspection and allows security administrators to gain granular control over the types of network and online resources services their users can access. The ASA CX follows a framework called SecureX, mapped out by Cisco to address newer security challenges faced by enterprises, such as delivery of applications through the Web and proliferation of mobile devices on the network for doing computing activities.
Cisco also announced updates to its TrustSec and Cisco Identity Services Engine, introduced a new line of midrange firewall appliances, and modified the objectives of its security certifications.
The Cisco ASA CX provides a way for administrators to control which devices and users have access to network resources and which types of access on sites with "micro-applications," such as business, community, education, entertainment, and games for Facebook. The ASA CX allows administrators to see user device types, operating systems, location, and security posture to determine level of network access. But it's that deeper inspection that's generating headlines for the product. The company claims coverage of more than 1,000 applications, such as Facebook and Google+, LinkedIn, Twitter, and iTunes, as well as 75,000 micro-applications. It categorizes micro applications for more specific control. This approach is intended to give IT more flexibility in allowing users to access greater numbers of applications without completely locking users out of sites.
As Cisco's Jeff Aboud, a product marketing manager in Cisco's Security Technology Business Unit, explained in a blog post, "Knowing which interns are the heaviest Facebook users is one thing; knowing that the majority of their network traffic is due to video uploads to Facebook--and having the ability to disallow those uploads--is quite another."
The security coverage is powered and continually updated by Cisco's Security Intelligence Operation, a company-run security lab that handles threat identification, analysis, and mitigation proposals.
Cisco's new ASA 5500-X series of midrange security appliances provide firewall, intrusion prevention, and virtual private networking functionality in five different models. At the low end is the ASA 5512-X, which has 1 gigabit firewall throughput, 250 megabit firewall/IPS throughput, up to 100,000 firewall connections, and a maximum of 250 VPN user sessions; at the high end is the 5555-X, which delivers 4 gigabit firewall throughput, 1.3 gigabit firewall/IPS throughput, up to a million firewall connections, and 5,000 VPN user sessions.
The appliances, which come in a single rack unit size, deliver multiple security services, multigigabit performance, redundant power supplies, and flexible interface options. When an organization's security needs change, it can purchase additional cloud- and software-based security services to extend appliance functionality.
Cisco also said it was updating its midrange firewall appliances to use new versions of the company's policy-based network access platform, TrustSec and, Identity Services Engine (ISE). TrustSec 2.1 and ISE 1.1 feature "device sensors" to detect and classify devices attaching to the network so that the right policies can be applied to them.
"Instead of taking a firewall-only approach, Cisco has taken a context-aware approach where the firewall is a living, breathing and dynamic part of the highly secure network," said Christopher Young, senior vice president of Cisco's Security and Government Group. "Cisco is building security into the network, utilizing all of the unique ability of the network to deliver context, intelligence, and control. No part of your infrastructure knows more about what's happening in the environment than the network. We are bringing that powerful contextual awareness forward, starting with our firewall."
To reflect changes in security needs, the company announced that it has revised its security certifications and training. The CCNA Security, CCNP Security, and Security Specialist credentials will address trends such as bring-your-own-device, mobility, cloud-based computing, and virtualization.
"With constantly evolving threats and compliance requirements, it is critical to continuously refine educational offerings to ensure Cisco certified individuals have the most comprehensive understanding of how to secure infrastructure against the latest security challenges," said Jeanne Beliveau-Dunn, vice president and general manager of Learning@Cisco. "Updates to our industry-leading security certifications ensure we are providing the technical skills and depth of knowledge required for professionals to stand out in today's job market and enable a competitive advantage for their employers."