Cisco Upgrades Firewalls and Anti-Intrusion Products

Cisco Systems has upgraded its family of intrusion-prevention and firewall systems, security management software and other products, in order to tackle the growing needs of virtualised and cloud-based data centres.

Leading off the list of new products announced 12 September is the Cisco ASA 1000V Firewall for cloud environments, part of the Adaptive Security Appliance (ASA) line from Cisco. The ASA 1000V runs on top of a Cisco Nexus 1000V switch and complements the Cisco Virtual Security Gateway (VSG), which secures virtual and cloud infrastructure, the company says. A single instance of the product secures up to 64 VMware ESX host servers running virtual machines (VMs) internally.

Security Upgrades

The Cisco virtual firewall approach differs significantly from that of some of its competitors, said Jeff Aboud, marketing manager for enterprise network security at Cisco.

Other vendors use a virtual firewall in which they take existing firewall code and wrap it up in a VM wrapper, which is quick and easy to install and deploy, Aboud said.

“The bad news, though, is that it was really a firewall that was built for the physical world and has been retrofitted in order to handle virtual workloads,” he said. “What we have done is taken our baseline mainstream ASA code and optimised it for the virtual cloud environment.”

Cisco has also introduced the IPS 4500 series intrusion-prevention system (IPS), which offers 400 percent higher performance density, consumes 75 percent less power and occupies 75 percent less rack space than a Juniper Networks system chosen for comparison. It delivers 10 Gbps throughput and supports up to 100,000 connections per second. Supported by the Cisco Security Intelligence Operation (CISO), Aboud said the IPS can intercept an intruder before it enters the network while competing systems can detect a breach only after it has occurred.

Cisco is also introducing version 9.0 of its ASA operating system. Among the new enhancements from version 8.4, it delivers up to 320 Gbps of firewall and 60 Gbps of IPS throughput, 1 million connections per second and 50 million concurrent connections. It also offers higher density, 84 percent less power consumption and takes up 75 percent less rack space than a Juniper system.

Also, Cisco is introducing AnyConnect 3.1, an upgrade of its VPN for securely connecting mobile devices to the corporate network, which is a way of enabling employees to leverage the bring-your-own-device (BYOD) trend but ensure secure access of that device to the network.

Network Perimeter

This set of announcements from Cisco means the company is following through on a tentative road map laid out at the RSA security industry conference earlier this year, when company officials said they were concentrating on securing the data centre and the network perimeter, said John Grady, senior research analyst for security products at IDC.

“Scalability, application control and security for virtual environments are significant issues for organizations today, and these products help solve those issues,” Grady told eWEEK in an email.

Because Cisco’s product offerings are so vast, it has different competitors depending on the product category, he added. Overall, Juniper and Check Point are Cisco’s top competitors, but Palo Alto Networks competes in the application firewall space, while McAfee, Sourcefire, Hewlett-Packard and IBM are all competitors in the IPS space.

Also new from Cisco is Security Manager 4.3, which helps make sure that security policy is uniform across physical, virtual and hybrid computing environments.

IDC’s Grady said management can be a significant challenge in these hybrid cloud and physical environments and with personal devices accessing the corporate network.

“The issue arises in trying to keep consistency and simplicity of policy across these different solutions and environments,” he said. “Because of Cisco’s portfolio, they’re in a good position to tie everything together to accomplish this.”

Are you a security expert? Try our quiz!