News Release

Cisco Systems Expands Adaptive Security Appliance Family, Enhances Threat Control to Give Businesses Broader Protection

New Cisco® ASA 5505 and 5550 models strengthen security in remote office and large enterprise environments - software updates deliver more than 50 new features, including advanced firewall services
Jul 10, 2006

SAN JOSE, Calif., July 9, 2006 - Cisco Systems® today announced two new models in its Cisco® ASA 5500 Series Adaptive Security appliance family: the Cisco ASA 5505, a next-generation solution designed to defend small businesses, remote offices and enterprise teleworkers, and the Cisco ASA 5550, which extends gigabit-class threat protection and highly scalable IPsec and Secure Sockets Layer virtual private network (SSL VPN) services to large business sites. As part of the announcement, the company introduced numerous enhancements to the Cisco ASA family's underlying software that, when combined with the advantages of a broader appliance portfolio, can extend the benefits of integrated security across an organization.

Cisco ASA 5505 and 5550 appliances are core components of the Cisco Self-Defending Network. Both appliances are part of a multifunction network security appliance family that offers the necessary breadth and depth for protecting businesses of all sizes. Their proactive threat defense helps prevent attacks from spreading throughout corporate networks, helping businesses protect various segments of a network while consolidating security investments, minimizing deployment complexities and reducing operation costs.

The Cisco ASA 5505 packs many capabilities into its compact desktop form factor. Designed for providing high-performance security services for next-generation broadband environments, it delivers 150 megabits per second (Mbps) of firewall throughput and 100 Mbps of encrypted VPN throughput. It also provides significant flexibility and investment protection through its unique modular design, offering an expansion slot for future capabilities. In addition, the Cisco ASA 5505 can act as a hardware VPN client for simplified management. It offers hardware-accelerated SSL VPN services, an integrated 8-port 10/100 switch that supports the creation of multiple security "zones," and two built-in Power-over-Ethernet (PoE) ports. Among their many uses, these PoE ports can provide zero-touch deployment for Cisco IP phones and can power Cisco wireless access points for enhanced user mobility.

The Cisco ASA 5550 extends the market-leading firewall and IPsec/SSL VPN services to support large-enterprise network environments. It can deliver more than 1.2 gigabits per second (Gbps) of firewall throughput and supports 200 virtual local-area networks (VLANs), so businesses can segment a network into numerous high-performance zones for improved security. It also offers highly scalable VPN services, supporting as many as 5,000 IPsec and SSL VPN clients per appliance. Using its integrated VPN clustering and load-balancing capabilities, businesses can cluster up to 10 Cisco ASA 5550 appliances, supporting a maximum of 50,000 concurrent IPsec and SSL VPN users.

By expanding the Cisco ASA family's scope and taking advantage of the new Cisco ASA Software 7.2 services, businesses can broaden the application of robust security across their network. This latest software release offers more than 50 new security features that strengthen the Cisco ASA family's application-layer firewall, remote access VPN, high availability, network integration and management capabilities.

Of these enhancements, some of the more significant involve application-layer firewall services and the integration of Cisco Network Admission Control (NAC) services. Cisco's application-layer firewall services give businesses greater control over their applications and help prevent threats from entering corporate networks. They enhance protection for application protocols such as Web, e-mail, voice over Internet Protocol (VoIP), instant messaging, file transfer and Microsoft networking protocols. Cisco ASA's support for Cisco's NAC solutions administers comprehensive posture assessment for users and devices accessing the network via IPsec and SSL VPN connections. This assessment involves verifying appropriate updates to security software and operating systems before granting network privileges.

"A broader Cisco Adaptive Security Appliances portfolio and richer security capabilities help us protect our IT investments - from the network to various applications," said Tom Lewis, global wide-area network manager for Oakley, Inc. "The Cisco ASA 5500 Series gives us one versatile security platform for minimizing operational risk and improving efficiency. With the additions of the Cisco ASA 5505 and 5550 appliances, we can easily extend this value from large corporate offices to our smallest, most remote sites."

Cisco ASA 5500 solutions offer flexible management via the Cisco Adaptive Security Device Manager (ASDM). Cisco ASDM 5.2 supports all new features in Cisco ASA Software 7.2 and offers numerous enhancements itself, such as a new Packet Tracer utility that significantly improves troubleshooting efficiency. Packet Tracer provides a step-by-step analysis of how packets are processed within a Cisco ASA 5500 Series appliance, and can help identify and remediate configuration errors rapidly.

In addition to these features, Cisco announced enhancements to the Cisco ASA 5500 Series' Content Security and Control Security Services Module (CSC SSM). CSC SSM v6.1 provides anti-malware protection from Trend MicroTM, and it incorporates enhanced anti-spam support via Network Reputation Services (NRS), a service from Trend Micro that can stop as much as 80 percent of unwanted mail before it floods a business network. The new software also enables the CSC module to be centrally managed for coordinated security across a business network, based on Trend Micro Control ManagerTM.

Cisco IOS Software Enhancements

Cisco also announced the availability of Cisco IOS® Software release 12.4(9)T, which incorporates additional application firewall and VPN capabilities into Cisco security routers, extending Cisco's leadership in delivering converged routing, security, voice and wireless services within a single platform.

New firewall enhancements can allow IT to detect and control non-business applications, reduce the proliferation of worms, and protect WAN bandwidth. Point-to-point application firewall enhancements include protocol definitions to control BitTorrent, eDonkey, FastTrack, KaZaA, and Gnutella, and the ability to install future definitions without upgrading the software image. In addition, Cisco's continued integration of IP services and security functions within the router enables the firewall to institute rate-limit sessions, providing unprecedented control over the usage of WAN bandwidth.

Additional enhancements improve monitoring capabilities for Dynamic Multipoint VPN - Cisco's industry-leading site-to-site VPN solution - as well as additional authentication and accounting for SSL VPN remote access.