Cisco Unveils Industry’s First Threat-Focused Next-Generation Firewall
Cisco ASA with FirePOWER Services Combines Proven Firewall with Sourcefire Next‐Generation IPS and Advanced Malware Protection for Integrated Threat Defense
SAN FRANCISCO, Calif., September 16, 2014 – Cisco today is changing the way organizations protect against sophisticated threats with the introduction of the industry’s first threat-focused Next-Generation Firewall (NGFW). Cisco® ASA with FirePOWER Services provides the full contextual awareness and dynamic controls needed to automatically assess threats, correlate intelligence, and optimize defenses to protect all networks. By integrating the proven Cisco ASA 5500 Series firewall with application control, and the industry-leading Next-Generation Intrusion Prevention Systems (NGIPS) and Advanced Malware Protection (AMP) from Sourcefire®, Cisco is providing integrated threat defense across the entire attack continuum – before, during and after an attack.
Cisco ASA with FirePOWER Services is an adaptive, threat-focused NGFW that delivers superior, multi-layered protection, extending its capabilities far beyond legacy NGFW solutions. Until now, NGFWs have focused on policy and application control and have been unable to address advanced and zero-day attacks. Cisco ASA with FirePOWER Services changes this, taking a visibility-driven, threat-focused and platform-based approach:
- Visibility-Driven – Delivering full contextual awareness of users, mobile devices, client-side apps, virtual machine‐to-machine communications, vulnerabilities, threats, URLs, and other important telemetry. Its enterprise-class management capabilities provide users with dashboards and drill-down reports of discovered hosts, suspect applications, threats, and Indicators of Compromise (IoCs) for comprehensive visibility.
- Threat-Focused – Incorporating leading NGIPS for comprehensive protection from known and advanced threats, as well as AMP to combat against zero-day and persistent attacks. Big data analytics, continuous analysis and Cisco Collective Security Intelligence (CSI) work together to provide detection, blocking, tracking, analysis, and remediation capabilities to protect against the full spectrum of attacks, known and unknown.
- Platform‐Based –Cisco ASA with FirePOWER Services combines proven firewall functionality and application control, leading NGIPS capability, and advanced breach detection and remediation in a single device. The integration provides organizations with better protection, while also reducing operating costs and complexity. This new solution simplifies an organization’s security architecture and reduces its network footprint with fewer security devices to manage and deploy and ability to license subscriptions to extend functionality.
Given shifting business models and the fast-changing threat landscape, an organization’s approach to reducing the time from breach to recovery needs to be truly integrated and threat-focused. With mounting concern at the executive level regarding the threat of lost intellectual property and compromised customer information and confidence, organizations require broad coverage across all potential attack vectors that can rapidly adjust and learn from new attack methods, and then implement that intelligence to protect them. Cisco ASA with FirePOWER Services provides that integrated threat defense to truly help businesses address their biggest security risks — advanced and zero-day threats.
Cisco ASA with FirePOWER Services provides superior visibility and continuous analysis to detect advanced, multi-vector threats and streamlines and automates response for both known and unknown malware. It also offers holistic, actionable IoCs that speed threat investigation and retrospective remediation, along with integrated incident response scoping and automated detection policy updates.
All of these innovations are supported by an enterprise-class stateful firewall, VPN, advanced clustering and granular application-layer and risk-based controls that evoke tailored NGIPS threat detection policies to optimize security effectiveness. Open source security integration with Snort, OpenAppID and ClamAV further allows customers to easily customize security to address new or specific threats and applications as quickly as possible.
Customers can gain the benefits of the solutions in two ways:
- Cisco ASA with FirePOWER Services (customers can purchase ASA 5500-X Series and ASA 5585-X Series firewall products with a bundled FirePOWER Services license)
- FirePOWER Services for Cisco ASA (customers can enable FirePOWER Services on existing ASA 5500-X Series and ASA 5585-X Series firewall products)
Cisco, with its partners, also provides professional and technical security services to help accelerate migration from customers’ current security environments to the integrated threat defense of Cisco ASA with FirePOWER Services. With deep expertise, proven processes and tools, and global resource availability, Cisco’s security services help organizations migrate quickly and with minimal disruption.
More information about Cisco ASA with FirePOWER Services is available at www.cisco.com/go/asafps
“In today’s climate of industrialized hacking and sophisticated cybercrime, we’ve entered an era in which legacy NGFW solutions are not enough to thwart attackers,” said Christopher Young, senior vice president, security business group, Cisco. “Now more than ever, organizations need to be able to implement dynamic controls to manage the pace of change of their environments and address security incidents. Cisco ASA with FirePOWER Services is a major step forward for the NGFW market, empowering customers to deepen their protection from the data center, through the network, to the endpoint with the agility to identify, understand, and stop advanced threats in real-time and retrospectively.”
“Like any high profile organization, Oak Ridge National Laboratory must be diligent about our security strategy because the sad reality is that every organization is the target of an attack as we saw firsthand in 2011,” said Kevin Kerr, CISO at Oak Ridge National Laboratory. “We cannot afford another surprise malware attack to disrupt our operations, which is why we are looking at the next generation of protective tools. Cisco ASA with FirePOWER Services is among some of the tools we are considering to help us defend the Lab.”
- Introducing the Industry’s First Threat-Focused Next-Generation Firewall by Scott Harrell,vice president of product management, security business group, Cisco
- Dynamic Cyber Attacks Call for Dynamic Controls by Christopher Young, senior vice president, security business group, Cisco
- Ready to look beyond traditional security? Register now to attend a Cisco Security Webcast today from 9-10 a.m. PST or register for the replay at 11:30 a.m. PDT. You’ll learn how to defend your network and accelerate threat detection and response.
- Read the Cisco Security Blog
- Join the security conversation on Twitter by following @CiscoSecurity. You can like Cisco Security on Facebook at http://www.facebook.com/ciscosecurity.
- Learn more about financing for Cisco security technologies with Cisco Capital.
Cisco (NASDAQ: CSCO) is the worldwide leader in IT that helps companies seize the opportunities of tomorrow by proving that amazing things can happen when you connect the previously unconnected. For ongoing news, please go to http://thenetwork.cisco.com.