Cisco Ramps Up Firewall Options

  • By Dian Schaffhauser
  • 02/29/12

Cisco has introduced a new "reimagined" firewall that adds a level of security smarts that could eventually show up in the company's line of switches and routers, as well as other hardware. This week, during RSA Conference 2012 in San Francisco, the company introduced the new Cisco ASA CX line, which performs "context aware" inspection and allows security administrators to gain granular control over the types of network and online resources services their users can access. The ASA CX follows a framework called SecureX, mapped out by Cisco to address newer security challenges faced by enterprises, such as delivery of applications through the Web and proliferation of mobile devices on the network for doing computing activities.

Cisco also announced updates to its TrustSec and Cisco Identity Services Engine, introduced a new line of midrange firewall appliances, and modified the objectives of its security certifications.

The Cisco ASA CX provides a way for administrators to control which devices and users have access to network resources and which types of access on sites with "micro-applications," such as business, community, education, entertainment, and games for Facebook. The ASA CX allows administrators to see user device types, operating systems, location, and security posture to determine level of network access. But it's that deeper inspection that's generating headlines for the product. The company claims coverage of more than 1,000 applications, such as Facebook and Google+, LinkedIn, Twitter, and iTunes, as well as 75,000 micro-applications. It categorizes micro applications for more specific control. This approach is intended to give IT more flexibility in allowing users to access greater numbers of applications without completely locking users out of sites.

As Cisco's Jeff Aboud, a product marketing manager in Cisco's Security Technology Business Unit, explained in a blog post, "Knowing which interns are the heaviest Facebook users is one thing; knowing that the majority of their network traffic is due to video uploads to Facebook--and having the ability to disallow those uploads--is quite another."

The security coverage is powered and continually updated by Cisco's Security Intelligence Operation, a company-run security lab that handles threat identification, analysis, and mitigation proposals.

Cisco's new ASA 5500-X series of midrange security appliances provide firewall, intrusion prevention, and virtual private networking functionality in five different models. At the low end is the ASA 5512-X, which has 1 gigabit firewall throughput, 250 megabit firewall/IPS throughput, up to 100,000 firewall connections, and a maximum of 250 VPN user sessions; at the high end is the 5555-X, which delivers 4 gigabit firewall throughput, 1.3 gigabit firewall/IPS throughput, up to a million firewall connections, and 5,000 VPN user sessions.

The appliances, which come in a single rack unit size, deliver multiple security services, multigigabit performance, redundant power supplies, and flexible interface options. When an organization's security needs change, it can purchase additional cloud- and software-based security services to extend appliance functionality.

Cisco also said it was updating its midrange firewall appliances to use new versions of the company's policy-based network access platform, TrustSec and, Identity Services Engine (ISE). TrustSec 2.1 and ISE 1.1 feature "device sensors" to detect and classify devices attaching to the network so that the right policies can be applied to them.

"Instead of taking a firewall-only approach, Cisco has taken a context-aware approach where the firewall is a living, breathing and dynamic part of the highly secure network," said Christopher Young, senior vice president of Cisco's Security and Government Group. "Cisco is building security into the network, utilizing all of the unique ability of the network to deliver context, intelligence, and control. No part of your infrastructure knows more about what's happening in the environment than the network. We are bringing that powerful contextual awareness forward, starting with our firewall."

To reflect changes in security needs, the company announced that it has revised its security certifications and training. The CCNA Security, CCNP Security, and Security Specialist credentials will address trends such as bring-your-own-device, mobility, cloud-based computing, and virtualization.

"With constantly evolving threats and compliance requirements, it is critical to continuously refine educational offerings to ensure Cisco certified individuals have the most comprehensive understanding of how to secure infrastructure against the latest security challenges," said Jeanne Beliveau-Dunn, vice president and general manager of Learning@Cisco. "Updates to our industry-leading security certifications ensure we are providing the technical skills and depth of knowledge required for professionals to stand out in today's job market and enable a competitive advantage for their employers."

Featured

  • digital learning resources including a document, video tutorial, quiz checklist, pie chart, and AI cloud icon

    Quizizz Rebrands as Wayground, Announces New AI Features

    Learning platform Quizizz has become Wayground, in a rebranding meant to reflect "the platform's evolution from a quiz tool into a more versatile supplemental learning platform that's supported by AI," according to a news announcement.

  • red brick school building with a large yellow "AI" sign above its main entrance

    New National Academy for AI Instruction to Provide Free AI Training for Educators

    In an effort to "transform how artificial intelligence is taught and integrated into classrooms across the United States," the American Federation of Teachers (AFT), in partnership with Microsoft, OpenAI, Anthropic, and the United Federation of Teachers, is launching the National Academy for AI Instruction, a $23 million initiative that will provide access to free AI training and curriculum for all AFT members, beginning with K-12 educators.

  • stylized illustration of a desktop, laptop, tablet, and smartphone all displaying an orange AI icon

    Survey: AI Shifting from Cloud to PCs

    A recent Intel-commissioned report identifies a significant shift in AI adoption, moving away from the cloud and closer to the user. Businesses are increasingly turning to the specialized hardware of AI PCs, the survey found, recognizing their potential not just for productivity gains, but for revolutionizing IT efficiency, fortifying data security, and delivering a compelling return on investment by bringing AI capabilities directly to the edge.

  • Abstract AI circuit board pattern

    Nonprofit LawZero to Work Toward Safer, Truthful AI

    Turing Award-winning AI researcher Yoshua Bengio has launched LawZero, a nonprofit aimed at developing AI systems that prioritize safety and truthfulness over autonomy.