Cisco Ramps Up Firewall Options

  • By Dian Schaffhauser
  • 02/29/12

Cisco has introduced a new "reimagined" firewall that adds a level of security smarts that could eventually show up in the company's line of switches and routers, as well as other hardware. This week, during RSA Conference 2012 in San Francisco, the company introduced the new Cisco ASA CX line, which performs "context aware" inspection and allows security administrators to gain granular control over the types of network and online resources services their users can access. The ASA CX follows a framework called SecureX, mapped out by Cisco to address newer security challenges faced by enterprises, such as delivery of applications through the Web and proliferation of mobile devices on the network for doing computing activities.

Cisco also announced updates to its TrustSec and Cisco Identity Services Engine, introduced a new line of midrange firewall appliances, and modified the objectives of its security certifications.

The Cisco ASA CX provides a way for administrators to control which devices and users have access to network resources and which types of access on sites with "micro-applications," such as business, community, education, entertainment, and games for Facebook. The ASA CX allows administrators to see user device types, operating systems, location, and security posture to determine level of network access. But it's that deeper inspection that's generating headlines for the product. The company claims coverage of more than 1,000 applications, such as Facebook and Google+, LinkedIn, Twitter, and iTunes, as well as 75,000 micro-applications. It categorizes micro applications for more specific control. This approach is intended to give IT more flexibility in allowing users to access greater numbers of applications without completely locking users out of sites.

As Cisco's Jeff Aboud, a product marketing manager in Cisco's Security Technology Business Unit, explained in a blog post, "Knowing which interns are the heaviest Facebook users is one thing; knowing that the majority of their network traffic is due to video uploads to Facebook--and having the ability to disallow those uploads--is quite another."

The security coverage is powered and continually updated by Cisco's Security Intelligence Operation, a company-run security lab that handles threat identification, analysis, and mitigation proposals.

Cisco's new ASA 5500-X series of midrange security appliances provide firewall, intrusion prevention, and virtual private networking functionality in five different models. At the low end is the ASA 5512-X, which has 1 gigabit firewall throughput, 250 megabit firewall/IPS throughput, up to 100,000 firewall connections, and a maximum of 250 VPN user sessions; at the high end is the 5555-X, which delivers 4 gigabit firewall throughput, 1.3 gigabit firewall/IPS throughput, up to a million firewall connections, and 5,000 VPN user sessions.

The appliances, which come in a single rack unit size, deliver multiple security services, multigigabit performance, redundant power supplies, and flexible interface options. When an organization's security needs change, it can purchase additional cloud- and software-based security services to extend appliance functionality.

Cisco also said it was updating its midrange firewall appliances to use new versions of the company's policy-based network access platform, TrustSec and, Identity Services Engine (ISE). TrustSec 2.1 and ISE 1.1 feature "device sensors" to detect and classify devices attaching to the network so that the right policies can be applied to them.

"Instead of taking a firewall-only approach, Cisco has taken a context-aware approach where the firewall is a living, breathing and dynamic part of the highly secure network," said Christopher Young, senior vice president of Cisco's Security and Government Group. "Cisco is building security into the network, utilizing all of the unique ability of the network to deliver context, intelligence, and control. No part of your infrastructure knows more about what's happening in the environment than the network. We are bringing that powerful contextual awareness forward, starting with our firewall."

To reflect changes in security needs, the company announced that it has revised its security certifications and training. The CCNA Security, CCNP Security, and Security Specialist credentials will address trends such as bring-your-own-device, mobility, cloud-based computing, and virtualization.

"With constantly evolving threats and compliance requirements, it is critical to continuously refine educational offerings to ensure Cisco certified individuals have the most comprehensive understanding of how to secure infrastructure against the latest security challenges," said Jeanne Beliveau-Dunn, vice president and general manager of Learning@Cisco. "Updates to our industry-leading security certifications ensure we are providing the technical skills and depth of knowledge required for professionals to stand out in today's job market and enable a competitive advantage for their employers."

Featured

  • From Fire TV to Signage Stick: University of Utah's Digital Signage Evolution

    Jake Sorensen, who oversees sponsorship and advertising and Student Media in Auxiliary Business Development at the University of Utah, has navigated the digital signage landscape for nearly 15 years. He was managing hundreds of devices on campus that were incompatible with digital signage requirements and needed a solution that was reliable and lowered labor costs. The Amazon Signage Stick, specifically engineered for digital signage applications, gave him the stability and design functionality the University of Utah needed, along with the assurance of long-term support.

  • cybersecurity analyst in a modern operations center monitors multiple digital screens showing padlock icons, graphs, and a global map with security markers

    Louisiana State University Doubles Down on Larger Student-Run SOC

    In an effort to provide students with increased access to real-world cybersecurity experience, Louisiana State University has expanded its relationship with cybersecurity solutions provider TekStream to launch TigerSOC, a new student-run security operations center.

  • flowing lines and geometric shapes representing data flow and analysis

    Complete College America Launches Center to Boost Data-Driven Student Success Strategies

    National nonprofit Complete College America (CCA) recently launched the Center for Leadership, Institutional Metrics, and Best Practices (CLIMB), with the goal of helping higher education institutions use data-driven strategies to improve student outcomes.

  • geometric pattern features abstract icons of a dollar sign, graduation cap, and document

    Maricopa Community Colleges Adopts Platform to Combat Student Application Fraud

    In an effort to secure its admissions and financial processes, Maricopa Community Colleges has partnered with A.M. Simpkins and Associates (AMSA) to implement the company's S.A.F.E (Student Application Fraudulent Examination) across the district's 10 institutions.