Cisco Ramps Up Firewall Options

  • By Dian Schaffhauser
  • 02/29/12

Cisco has introduced a new "reimagined" firewall that adds a level of security smarts that could eventually show up in the company's line of switches and routers, as well as other hardware. This week, during RSA Conference 2012 in San Francisco, the company introduced the new Cisco ASA CX line, which performs "context aware" inspection and allows security administrators to gain granular control over the types of network and online resources services their users can access. The ASA CX follows a framework called SecureX, mapped out by Cisco to address newer security challenges faced by enterprises, such as delivery of applications through the Web and proliferation of mobile devices on the network for doing computing activities.

Cisco also announced updates to its TrustSec and Cisco Identity Services Engine, introduced a new line of midrange firewall appliances, and modified the objectives of its security certifications.

The Cisco ASA CX provides a way for administrators to control which devices and users have access to network resources and which types of access on sites with "micro-applications," such as business, community, education, entertainment, and games for Facebook. The ASA CX allows administrators to see user device types, operating systems, location, and security posture to determine level of network access. But it's that deeper inspection that's generating headlines for the product. The company claims coverage of more than 1,000 applications, such as Facebook and Google+, LinkedIn, Twitter, and iTunes, as well as 75,000 micro-applications. It categorizes micro applications for more specific control. This approach is intended to give IT more flexibility in allowing users to access greater numbers of applications without completely locking users out of sites.

As Cisco's Jeff Aboud, a product marketing manager in Cisco's Security Technology Business Unit, explained in a blog post, "Knowing which interns are the heaviest Facebook users is one thing; knowing that the majority of their network traffic is due to video uploads to Facebook--and having the ability to disallow those uploads--is quite another."

The security coverage is powered and continually updated by Cisco's Security Intelligence Operation, a company-run security lab that handles threat identification, analysis, and mitigation proposals.

Cisco's new ASA 5500-X series of midrange security appliances provide firewall, intrusion prevention, and virtual private networking functionality in five different models. At the low end is the ASA 5512-X, which has 1 gigabit firewall throughput, 250 megabit firewall/IPS throughput, up to 100,000 firewall connections, and a maximum of 250 VPN user sessions; at the high end is the 5555-X, which delivers 4 gigabit firewall throughput, 1.3 gigabit firewall/IPS throughput, up to a million firewall connections, and 5,000 VPN user sessions.

The appliances, which come in a single rack unit size, deliver multiple security services, multigigabit performance, redundant power supplies, and flexible interface options. When an organization's security needs change, it can purchase additional cloud- and software-based security services to extend appliance functionality.

Cisco also said it was updating its midrange firewall appliances to use new versions of the company's policy-based network access platform, TrustSec and, Identity Services Engine (ISE). TrustSec 2.1 and ISE 1.1 feature "device sensors" to detect and classify devices attaching to the network so that the right policies can be applied to them.

"Instead of taking a firewall-only approach, Cisco has taken a context-aware approach where the firewall is a living, breathing and dynamic part of the highly secure network," said Christopher Young, senior vice president of Cisco's Security and Government Group. "Cisco is building security into the network, utilizing all of the unique ability of the network to deliver context, intelligence, and control. No part of your infrastructure knows more about what's happening in the environment than the network. We are bringing that powerful contextual awareness forward, starting with our firewall."

To reflect changes in security needs, the company announced that it has revised its security certifications and training. The CCNA Security, CCNP Security, and Security Specialist credentials will address trends such as bring-your-own-device, mobility, cloud-based computing, and virtualization.

"With constantly evolving threats and compliance requirements, it is critical to continuously refine educational offerings to ensure Cisco certified individuals have the most comprehensive understanding of how to secure infrastructure against the latest security challenges," said Jeanne Beliveau-Dunn, vice president and general manager of Learning@Cisco. "Updates to our industry-leading security certifications ensure we are providing the technical skills and depth of knowledge required for professionals to stand out in today's job market and enable a competitive advantage for their employers."

Featured

  • AI robot with cybersecurity symbol on its chest

    Microsoft Adds New Agentic AI Tools to Security Copilot

    Microsoft has announced a major expansion of its AI-powered cybersecurity platform, introducing a suite of autonomous agents to help organizations counter rising threats and manage the growing complexity of cloud and AI security.

  • laptop on a clean desk with digital padlock icon on the screen

    Study: Data Privacy a Top Concern as Orgs Scale Up AI Agents

    As organizations race to integrate AI agents into their cloud operations and business workflows, they face a crucial reality: while enthusiasm is high, major adoption barriers remain, according to a new Cloudera report. Chief among them is the challenge of safeguarding sensitive data.

  • stacks of glowing digital documents with circuit patterns and data streams

    Mistral AI Introduces AI-Powered OCR

    French AI startup Mistral AI has launched Mistral OCR, an advanced optical character recognition (OCR) API designed to convert printed and scanned documents into digital files with "unprecedented accuracy."

  • open laptop in a college classroom with holographic AI icons like a brain and data charts rising from the screen

    4 Ways Universities Are Using Google AI Tools for Learning and Administration

    In a recent blog post, Google shared an array of education customer stories, showcasing ways institutions are using AI tools like Gemini and NotebookLM to transform both learning and administrative tasks.