New Intrusion Prevention System, Updates to Core ASA Firewall Platform Boost Performance, Visibility for Addressing Virtualized and Cloud-Based Data CentersSeptember 12, 2012
SAN JOSE, Calif. – September 12, 2012 – Cisco today introduced a set of security solutions designed to fortify data centers against the threats they face in moving toward more consolidated and virtualized environments, while also enabling businesses to take advantage of new cloud-based models. Collectively, the offerings extend data center and security professionals' power to enforce end-to-end security for high-capacity data centers and mobile workforces. The offerings include new highly scalable software for the world's most widely deployed firewall, the Cisco® Adaptive Security Appliance (ASA) line; virtualized ASA for multitenant environments; a data-center-grade intrusion prevention system (IPS); and new improvements to the Cisco AnyConnect® Secure Mobility Client to meet the stringent requirements of a more mobile and productive workforce.
The virtualization and cloud mega trend is forcing profound shifts within data centers, affecting everything from IT services to business models to architectures. If addressed properly, these trends offer business benefits such as reduced capital investments, new revenue growth and the greater efficiency, agility and scalability demanded by globalization. With this announcement, Cisco is helping security to keep pace with the demands of changing high-performance virtual and cloud environments, as well as the demands of increased complexity, compliance and employees bringing their own devices to work, among other trends.
Operating under the principle that security must be integrated across the network to ensure protection of unified data centers, Cisco believes network policies must be unified across physical and virtual worlds, intra-virtual machine communication should be secured, and access to applications by wired and mobile clients must be protected. This security approach has become imperative as customers look to make the migration to cloud and a more flexible device-agnostic corporate culture. Cisco's latest product developments support such an approach.
Cisco ASA 9.0 Platform: Major update to the operating system
- Delivers data-center-caliber performance, scaling to 320 Gbps of firewall and 60 Gbps IPS throughput, and 1 million connections per second and 50 million concurrent connections, delivering eight times the performance density of competing solutions.
- Delivers pay-as-you-grow scale as application and VM traffic increases, eliminating the need for costly chassis investment. Scaling is achieved through clustering technology, which allows IT to manage a stack of ASAs as a single logical device.
- Provides context-awareness for next-generation visibility and control. Supports TrustSec security group tags and identity-based firewall capabilities to provide enhanced visibility for more granular policy enforcement. Provides multitenant security to support cloud computing use cases.
- Integrates with Cisco Cloud Web security (formerly ScanSafe) to enable deep content scanning with little to no impact on ASA performance.
- Delivers enhanced, highly secure remote access capabilities by supporting IPv6 connections with minimal performance impact and Next Generation Encryption capabilities, including NSA "Suite B" set of cryptographic algorithms.
Cisco ASA 1000V: Mainstream ASA technology optimized for virtual/cloud environments
- ASA firewall built specifically for multitenant virtual and cloud environments. Unlike competitive offerings, it goes beyond merely offering the current physical ASA in a VM to provide superior flexibility and more efficient use of resources.
- A single ASA 1000V instance can protect many workloads with different security policies across multiple ESX hosts, reducing deployment complexity and improving scalability in heterogeneous environments.
- Protects the tenant edge and enables highly secure segmentation for consistent, end-to-end security across physical, virtual and public/private cloud environments using a proven firewall.
- Built on the industry-leading Cisco Nexus® 1000V Series switch and complements the Cisco Virtual Security Gateway (VSG) for end-to-end security for virtual and cloud infrastructures.
Cisco IPS 4500 Series: A new intrusion prevention system (IPS) built for data centers:
- Delivers the highest-performance density in the industry: 10 gigabits per second (Gbps) per rack unit, for ultra-efficient application protection in the data center.
- Purpose-built for the data center, it protects critical data center resources in a compact 2RU form factor, delivering superior IPS performance density.
- Enables easy insertion of IPS into a wide range of networks and ensures interoperability with existing network elements.
- Drives effective mitigation decisions via a context-aware IPS implementation that incorporates network reputation.
- Builds on the most widely deployed IPS technology in the market providing comprehensive, proven attack protection (Infonetics, Gartner).
Cisco Security Manager 4.3: Cisco Security Manager (CSM) provides scalable, centralized management from which administrators can efficiently manage a wide range of Cisco security devices, gain visibility across the network deployment, and share information with other essential network services like compliance systems and advanced security analysis systems.
- Manages a diverse Cisco security environment, including Cisco ASA 5500 and 5500-X Series Adaptive Security Appliances; Cisco IPS 4200, 4300 and 4500 Series Sensor Appliances; the Cisco AnyConnect Secure Mobility Client; and Cisco Secure Routers.
- Unlike other management products, which require multiple deployments to achieve scale, a single installation of CSM can manage a very large number of devices, dramatically improving scalability.
- Enables health and performance of Cisco ASA and IPS devices to be continuously monitored, and sends alerts when preset thresholds are reached.
- Uses an intuitive wizard to greatly simplify and streamline image upgrades for individual or groups of ASA firewalls.
- Enables API-based access for Cisco Security Manager policy configuration data to allow organizations to share information with other essential network services such as compliance and advanced security analysis systems.
Cisco AnyConnect 3.1: Enables highly secure remote access to network resources:
- Offers differentiated device access to help enable BYOD deployments, IPv6 capability and latest Next Generation Encryption, including NSA's Suite B Cryptography.
- Security Services: Professional and support services, from Cisco and its partners, help customers plan, build and manage highly secure, complex data center and cloud infrastructures. Cisco Data Center Security Services can help address both protection and enablement needs, such as protecting data, enabling highly secure access, assuring regulatory compliance and thwarting intrusion.
Christopher Young, senior vice president and general manager of Security and Government Group, Cisco
"For enterprises to confidently seize the business benefits offered by data center virtualization and the cloud, security must be seen as the art of the possible, not as a hindrance. As with the rest of your network, we make consistent security a deployment decision that enables policies to work throughout hybrid environments—physical, virtual and cloud—and enables data center professionals to deliver IT as a service with a high degree of security without impeding network performance."
Ken Owens, cloud chief technology officer, Savvis, a CenturyLink company
"As a global, enterprise-focused cloud provider, Savvis always monitors the latest in security technologies. We are evaluating the Cisco ASA 1000V Cloud Firewall, which not only appears to satisfy enterprise cloud security controls, but meets the rigorous deployment requirements required for enterprise-class functionality."
Nick Schmidt, senior manager, Information Technology, CDW
"Security is measured by levels of trust. It's about global authority and access. There has been a true shift in the realm of security. Cisco's security solutions play a key role in protecting our company, and enables us to use a mix of public and private cloud approaches, depending on the need."
Mike Zozaya, practice manager, Security/Mobility/Infrastructure, Nexus IS
"The advent of virtualized data centers and cloud-based infrastructures has elevated security requirements for our customers. Cisco's latest integrated security offerings address the context aware security requirements for many of our data center customers, and provides Nexus IS with the innovative and integrated technologies to help our customers build end-to-end security solutions for virtual and multitenant cloud infrastructures."
- Cisco Secure Data Center
- Blog Post: Defending the Data Center
- Blog Post from Cisco SVP and Chief Security Officer John N. Stewart: Does Virtualization Improve Security?
- Blog Post: Putting VDI Security Concerns to Bed
- Cisco SecureX
- Cisco Adaptive Security Appliances (ASA)
- Cisco ASA 1000V Cloud Firewall
- Cisco IPS 4500 Series Sensor Appliances
- Cisco AnyConnect Client
- Cisco Security Manager
- Cisco TrustSec
- Cisco Identity Services Engine (ISE)
- Cisco Security Intelligence Operations
- Cisco Security Services
- Visit the Cisco Security Blog – http://blogs.cisco.com/security
- Follow Cisco Security on Twitter – http://twitter.com/ciscosecurity
Technorati Tags: Cisco, data center, Context-Aware, Network Security Architecture, Adaptive Security Appliances Software, ScanSafe, virtual private networks, AnyConnect, secure mobility, secure desktop, network security, security manager, developers, firewalls, intrusion prevention systems, cloud, security as a service, enterprise security, security appliance. SecureX, SIO, TrustSec, CCNA, CCNP, SGA, threat intelligence.
Cisco (NASDAQ: CSCO) is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Information about Cisco can be found at http://www.cisco.com. For ongoing news, please go to http://newsroom.cisco.com.
# # #
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.
 Infonetics - Network Security Appliance and Software Report, Q2 2012
 Gartner - Market Share: Enterprise Network Security Equipment and Routers, Worldwide, 2011