Cisco Extends Context-Based Security to the World's Most Widely Deployed Firewall for Unprecedented Visibility and Control


Tue, 02/28/2012 - 09:26
Feb 28th, 2012
User Badges:
  • Silver, 250 points or more

New Innovations in  Cisco's Adaptive Security Appliance (ASA), TrustSec and Identity  Services Engine (ISE) Allow Enterprises to Say Yes to More Applications, Devices and the Evolving Global Workforce


SAN FRANCISCO – Feb. 28, 2012 – Building upon its established security Cisco SecureX, Cisco is extending the Cisco Adaptive Security Appliance, the world’s most widely deployed firewall platform, with the new Cisco® ASA CX Context-Aware Security solution. This solution moves the ASA platform  well beyond the capabilities of existing “next generation” firewalls by  providing unprecedented visibility into security threats and  highly-customizable application access control. The Cisco ASA CX enables  administrators to control which devices and users have access, and  which type of access, to network resources and more than 1,000  applications and 75,000 micro-applications.

Additionally, Cisco is updating its midrange firewall appliances to use  the Cisco SecureX Framework for a context-aware approach to security.  With additions to the Cisco TrustSec® solution and its policy-management platform, Cisco Identity Services Engine (ISE), Cisco is once again setting the industry benchmark for security.

Today’s business needs have changed the face of network  security. Enterprises are being driven to enable more types of users –  from employees to contractors and even sometimes their “co-opetition” –  with greater access to applications, devices and resources. But these  enterprises need to make sure that only the right users get access to  specific applications, data and service functionality, while securing  the rest. These demands have broken legacy security models, which force  IT to choose between enabling greater productivity or greater security.

Cisco’s security offerings turn this “or” to “and” by enabling  businesses to accommodate an increasingly mobile workforce while  mitigating the inherent risk in “borderless” enterprises. Using  fine-grained controls that combine context awareness, identity  awareness, policy and threat intelligence, Cisco delivers a unique and  powerful combination that will help enterprises accelerate their  businesses while delivering the right levels of security for all devices  in all segments of their network.

Key Highlights

  • Cisco ASA CX: The next-generation context-aware security solution:            
    • Extends the ASA platform by setting the industry bar for having the  broadest visibility and most fine-grained control. It identifies more  than 1,000 applications, such as Facebook, Google+, LinkedIn, Twitter  and iTunes, which it breaks down into more than 75,000 micro  applications. It buckets these micro applications into easy-to-use  categories so that firewall administrators can easily allow or deny  access to the relevant parts of the application. (E.g., Facebook micro  applications are categorized into business, community, education,  entertainment, games and so on.) This gives IT more flexibility in  allowing users to access greater numbers of applications without  completely denying access.
    • Utilizes the power of the Cisco SecureX Framework – a context-aware,  network-centric security framework that’s delivered across unified  access, edge, branch, data center and cloud segments of an overall  network, supported by Cisco’s portfolio of security products and  services.
    • Unlike other firewalls, only ASA CX uses SecureX to gain end-to-end  network intelligence, aggregating information from the local network  using Cisco AnyConnect Secure Mobility as well as near real-time threat data from the global Cisco Security Intelligence Operation (Cisco SIO),  an advanced security infrastructure that provides threat  identification, analysis and mitigation to continuously provide the  highest level of security for Cisco customers.
    • Empowers administrators to enable devices and applications with high  levels of protection and control. Administrators can clearly see the  specific type of device, as well as the operating system it’s running,  its location and its current security posture.

  • Cisco TrustSec and Cisco Identity Services Engine: Cisco  TrustSec 2.1 and ISE 1.1 provide comprehensive visibility via new  device sensors that are integrated into the infrastructure to  automatically detect and classify all devices attaching to the network.  ISE 1.1 also provides real-time directed endpoint scans, based on  policy, to gain more relevant insight and accuracy while classifying  devices. Together, they provide the industry’s most scalable, reliable  and comprehensive view across an entire corporate infrastructure. In  addition, TrustSec 2.1 broadens support for Cisco’s innovative Security  Group Access (SGA) technology, which provides highly granular control  through policy-based enforcement across both wired and wireless  infrastructures.

  • Cisco ASA 5500-X Series midrange security appliances: These  new high-performance, next generation Cisco ASA appliancesinclude the  ASA 5512-X, 5515-X, 5525-X, 5545-X and 5555-X, areoptimized for Internet  edge deployment for small-to-large enterprises. Utilizing the Cisco  SecureX Framework’s context-aware approach, they deliver multiple  security services (without requiring additional hardware modules),  multi-gigabit performance, flexible interface options, and redundant  power supplies – all in a compact 1RU form-factor. They optionally  deliver broad and deep network security through cloud- and  software-based integrated security services, backed by threat  intelligence through Cisco SIO.

  • Security Certifications: Cisco also updated the  security certification programs Cisco CCNA® Security, Cisco CCNP®  Security and Cisco Security Specialists which include ASA training and  offer professionals job-ready training and skills specific to the best  practices of network security administrators, engineers and experts  using the latest Cisco equipment, devices and appliances.

Supporting Quotes:

  • Christopher Young, senior vice president of Security and Government Group, Cisco:

“Instead of taking a firewall-only approach, Cisco has taken a  context-aware approach where the firewall is a living, breathing and  dynamic part of the highly secure network. Cisco is building security  into the network, utilizing all of the unique ability of the network to  deliver context, intelligence and control. No part of your  infrastructure knows more about what's happening in the environment than  the network. We are bringing that powerful contextual awareness  forward, starting with our firewall.”

  • David Kennedy, vice president, chief security officer, Diebold, Inc.

“Cisco ISE provides a best-in-class access control solution for  Diebold, enabling unmatched granularity and insight about our users  without additional equipment. As a longtime trusted vendor for Diebold,  where security is part of our very culture, Cisco was the right choice  to enhance our global security needs. Cisco ISE has given us the power  to simplify our enterprise security management and help ensure the  integrity of any individual or device entering our network.”

  • Nick Young, network support manager, Four Seasons Healthcare (FSHC)

“With Cisco AnyConnect, ASA, ASA CX and IronPort, we are finally  getting to the point of having a joined-up approach where all the  components can interact with each other. For FSHC, using Cisco security  products has simplified control and given us better visibility, allowing  us to be more responsive to the business needs to the point where we  stop worrying about what we can allow on our network and concentrate  specifically on what we don't want to allow. We are looking forward to  the next developments in managing these appliances from a single global  console.”

  • Osamu Saito, president, Little eArth Corporation Co., Ltd. (LAC)

“Cisco's next-generation ASA 5500-X is a perfect fit for firewall  deployments that require both high-performance and multiple security  services running on the firewall concurrently. Cisco ASAs more than meet  our requirements of a firewall and IPS running inside one appliance.  From a Managed Security Service perspective, we are happy to utilize  ASAs for our Japan Security Operation Center, offering the highest level  of protection to organizations in Japan.”

  • Chad Spiers, director, voice and data infrastructure services, Sentara Healthcare

“In Sentara Healthcare’s quest to best serve the needs of our patients,  Cisco ISE met our high-water mark to strengthen our security posture,  improve operational efficiency and maintain HIPAA compliance with flying  colors. The use of 802.1x ensures dynamic, authorized user access,  enabling us to segment and segregate clinical from consumer data and  hundreds of devices, many of which are FDA regulated or vendor  controlled.”

  • Rick Dastin, president, Enterprise Business Group, Xerox Corporation

Cisco and Xerox are evolving the TrustSec solution to respond  to the explosion of personal devices in the workplace. To protect  confidential information, companies need to secure network endpoints –  such as printers, tablets, webcams – and deploy security policies faster  than ever before. By allowing IT managers to automatically identify,  monitor and manage all devices from a central location, TrustSec helps  ensure the network path to and from these devices is secure.”

Supporting Resources:



This Blog