New Innovations in Cisco's Adaptive Security Appliance (ASA), TrustSec and Identity Services Engine (ISE) Allow Enterprises to Say Yes to More Applications, Devices and the Evolving Global Workforce
SAN FRANCISCO – Feb. 28, 2012 – Building upon its established security Cisco SecureX, Cisco is extending the Cisco Adaptive Security Appliance, the world’s most widely deployed firewall platform, with the new Cisco® ASA CX Context-Aware Security solution. This solution moves the ASA platform well beyond the capabilities of existing “next generation” firewalls by providing unprecedented visibility into security threats and highly-customizable application access control. The Cisco ASA CX enables administrators to control which devices and users have access, and which type of access, to network resources and more than 1,000 applications and 75,000 micro-applications.
Additionally, Cisco is updating its midrange firewall appliances to use the Cisco SecureX Framework for a context-aware approach to security. With additions to the Cisco TrustSec® solution and its policy-management platform, Cisco Identity Services Engine (ISE), Cisco is once again setting the industry benchmark for security.
Today’s business needs have changed the face of network security. Enterprises are being driven to enable more types of users – from employees to contractors and even sometimes their “co-opetition” – with greater access to applications, devices and resources. But these enterprises need to make sure that only the right users get access to specific applications, data and service functionality, while securing the rest. These demands have broken legacy security models, which force IT to choose between enabling greater productivity or greater security.
Cisco’s security offerings turn this “or” to “and” by enabling businesses to accommodate an increasingly mobile workforce while mitigating the inherent risk in “borderless” enterprises. Using fine-grained controls that combine context awareness, identity awareness, policy and threat intelligence, Cisco delivers a unique and powerful combination that will help enterprises accelerate their businesses while delivering the right levels of security for all devices in all segments of their network.
- Cisco ASA CX: The next-generation context-aware security solution:
- Extends the ASA platform by setting the industry bar for having the broadest visibility and most fine-grained control. It identifies more than 1,000 applications, such as Facebook, Google+, LinkedIn, Twitter and iTunes, which it breaks down into more than 75,000 micro applications. It buckets these micro applications into easy-to-use categories so that firewall administrators can easily allow or deny access to the relevant parts of the application. (E.g., Facebook micro applications are categorized into business, community, education, entertainment, games and so on.) This gives IT more flexibility in allowing users to access greater numbers of applications without completely denying access.
- Utilizes the power of the Cisco SecureX Framework – a context-aware, network-centric security framework that’s delivered across unified access, edge, branch, data center and cloud segments of an overall network, supported by Cisco’s portfolio of security products and services.
- Unlike other firewalls, only ASA CX uses SecureX to gain end-to-end network intelligence, aggregating information from the local network using Cisco AnyConnect Secure Mobility as well as near real-time threat data from the global Cisco Security Intelligence Operation (Cisco SIO), an advanced security infrastructure that provides threat identification, analysis and mitigation to continuously provide the highest level of security for Cisco customers.
- Empowers administrators to enable devices and applications with high levels of protection and control. Administrators can clearly see the specific type of device, as well as the operating system it’s running, its location and its current security posture.
- Cisco TrustSec and Cisco Identity Services Engine: Cisco TrustSec 2.1 and ISE 1.1 provide comprehensive visibility via new device sensors that are integrated into the infrastructure to automatically detect and classify all devices attaching to the network. ISE 1.1 also provides real-time directed endpoint scans, based on policy, to gain more relevant insight and accuracy while classifying devices. Together, they provide the industry’s most scalable, reliable and comprehensive view across an entire corporate infrastructure. In addition, TrustSec 2.1 broadens support for Cisco’s innovative Security Group Access (SGA) technology, which provides highly granular control through policy-based enforcement across both wired and wireless infrastructures.
- Cisco ASA 5500-X Series midrange security appliances: These new high-performance, next generation Cisco ASA appliancesinclude the ASA 5512-X, 5515-X, 5525-X, 5545-X and 5555-X, areoptimized for Internet edge deployment for small-to-large enterprises. Utilizing the Cisco SecureX Framework’s context-aware approach, they deliver multiple security services (without requiring additional hardware modules), multi-gigabit performance, flexible interface options, and redundant power supplies – all in a compact 1RU form-factor. They optionally deliver broad and deep network security through cloud- and software-based integrated security services, backed by threat intelligence through Cisco SIO.
- Security Certifications: Cisco also updated the security certification programs Cisco CCNA® Security, Cisco CCNP® Security and Cisco Security Specialists which include ASA training and offer professionals job-ready training and skills specific to the best practices of network security administrators, engineers and experts using the latest Cisco equipment, devices and appliances.
- Christopher Young, senior vice president of Security and Government Group, Cisco:
“Instead of taking a firewall-only approach, Cisco has taken a context-aware approach where the firewall is a living, breathing and dynamic part of the highly secure network. Cisco is building security into the network, utilizing all of the unique ability of the network to deliver context, intelligence and control. No part of your infrastructure knows more about what's happening in the environment than the network. We are bringing that powerful contextual awareness forward, starting with our firewall.”
- David Kennedy, vice president, chief security officer, Diebold, Inc.
“Cisco ISE provides a best-in-class access control solution for Diebold, enabling unmatched granularity and insight about our users without additional equipment. As a longtime trusted vendor for Diebold, where security is part of our very culture, Cisco was the right choice to enhance our global security needs. Cisco ISE has given us the power to simplify our enterprise security management and help ensure the integrity of any individual or device entering our network.”
- Nick Young, network support manager, Four Seasons Healthcare (FSHC)
“With Cisco AnyConnect, ASA, ASA CX and IronPort, we are finally getting to the point of having a joined-up approach where all the components can interact with each other. For FSHC, using Cisco security products has simplified control and given us better visibility, allowing us to be more responsive to the business needs to the point where we stop worrying about what we can allow on our network and concentrate specifically on what we don't want to allow. We are looking forward to the next developments in managing these appliances from a single global console.”
- Osamu Saito, president, Little eArth Corporation Co., Ltd. (LAC)
“Cisco's next-generation ASA 5500-X is a perfect fit for firewall deployments that require both high-performance and multiple security services running on the firewall concurrently. Cisco ASAs more than meet our requirements of a firewall and IPS running inside one appliance. From a Managed Security Service perspective, we are happy to utilize ASAs for our Japan Security Operation Center, offering the highest level of protection to organizations in Japan.”
- Chad Spiers, director, voice and data infrastructure services, Sentara Healthcare
“In Sentara Healthcare’s quest to best serve the needs of our patients, Cisco ISE met our high-water mark to strengthen our security posture, improve operational efficiency and maintain HIPAA compliance with flying colors. The use of 802.1x ensures dynamic, authorized user access, enabling us to segment and segregate clinical from consumer data and hundreds of devices, many of which are FDA regulated or vendor controlled.”
- Rick Dastin, president, Enterprise Business Group, Xerox Corporation
“Cisco and Xerox are evolving the TrustSec solution to respond to the explosion of personal devices in the workplace. To protect confidential information, companies need to secure network endpoints – such as printers, tablets, webcams – and deploy security policies faster than ever before. By allowing IT managers to automatically identify, monitor and manage all devices from a central location, TrustSec helps ensure the network path to and from these devices is secure.”
- Cisco at RSA Conference 2012
- RSA Conference keynote address by Christopher Young, Cisco Senior Vice President of Security and Government Group, Lock It Down or Free It Up, Wednesday, February 29, 3:10 p.m. Listen to the podcast preview here.
- Blog Post: Think You Know What’s Going on in Your Network? Think Again!
- Blog Post: Firewall, IPS, and Web Security Without Degrading Performance? Yes You Can Have It All!
- Press Release: Cisco Updates CCNA Security and CCNP Security Courses and Certification Exams to Support Emerging Technologies and Meet Changing Threats and Business Requirements
- Cisco SecureX
- Cisco ASA CX
- Cisco TrustSec
- Cisco Adaptive Security Appliances (ASA)
- Cisco Identity Services Engine (ISE)
- Cisco Security Intelligence Operations
- Cisco Security Services
- Visit the Cisco Security Blog – http://blogs.cisco.com/security
- Follow Cisco Security on Twitter – http://twitter.com/ciscosecurity