Cisco combined the ASA series firewall with SourceFire's FirePOWER threat and malware detection capabilities. Expert Mike O. Villegas takes a closer look at this NGFW.
In today's cybersecurity climate, enterprises cannot afford to react to a breach at the risk of irreparable harm. To address this ever-increasing possibility, next-generation firewalls continue to baseline security measures to preempt attacks on corporate networks. Cisco's ASA with FirePOWER Services provides an adaptive, threat-focused NGFW that has a proven market acceptance and independently verified defenses to protect networks.
Cisco ASA with FirePOWER Services extends the capabilities of the Cisco ASA 5500-X Series Next-Generation Firewalls and Cisco ASA 5585-X Adaptive Security Appliance firewall products with continuous monitoring and protection. This product delivers integrated threat defense for the entire attack continuum -- before, during and after an attack -- by combining the security capabilities of the Cisco ASA firewall with the industry-leading Sourcefire threat and advanced Malware protection features together in a single device.
In February 2016, Cisco released a new firewall product which aims to completely change how security services tackle cyberthreats. Cisco stated that its Cisco FirePOWER NGFW is the first product in the industry to link contextual information about the usage of apps with threat intelligence. By focusing instead on threat defense, Cisco will help organizations better manage and minimize risk.
Feature set
Cisco NGFW features include stateful firewall, nondisruptive in-line bump-in-the-wire configuration, network address translation, serial peripheral interface, VPN, clustering and high availability. Cisco next-generation firewalls also provide dynamic routing, advanced malware protection, URL filtering and security intelligence, indications of compromise and application awareness. ASA firewalls also have an integrated signature-based IPS engine, full stack visibility and granular control, the capability to incorporate information from outside the firewall, and SSL decryption to enable identifying undesirable encrypted application and so on.
Platform coverage
Cisco ASA with FirePOWER Services is designed for small and medium-sized companies and large enterprises. This product can be deployed in virtualized, physical and hybrid environments.
It is available on the ASA 5500-X Series Next-Generation Firewall platforms and Cisco FireSIGHT Management Center and can be deployed as a physical or as virtual appliance.
Performance
Cisco ASA with FirePOWER Services provides an integrated threat defense product.
The Cisco FirePOWER 8350 rated the highest in performance of all its competitors in an NSS Labs study while the Cisco ASA 5585-X SSP60 rated third. Cisco is also releasing new Cisco FirePOWER 4100 Series appliances for high-performance applications within medium to large organizations. They are among the first with 40 GbE network connectivity in a compact, one rack-unit space.
Manageability
The Cisco ASA with FirePOWER Services is centrally managed by the Cisco FireSIGHT Management Center. Management Center provides security teams with comprehensive visibility into and control over activity within the network. Such visibility includes users, devices, communication between virtual machines, vulnerabilities, threats, client-side applications, files and websites. Holistic, actionable indications of compromise correlate detailed network and endpoint event information and provide further visibility into malware infections. Management Center also provides content awareness with malware file trajectory that aids infection scoping and root cause determination to speed time to remediation.
Pricing and licensing
The Cisco NGFW Application Visibility and Control is available as part of the base configuration at no cost. Licenses are available for NGIPS, Advanced Malware Protection and URL filtering.
Pricing is $1,100 (one to 99 users), $6,500 (100-999 users), $25,000 (1000-4999 users), and $100,000 (5000+ users). Cisco sells its NGFW products by direct sales and indirect channel including thousands of reseller partners, VAR and distributors. Customers can evaluate either the VM or a hardware appliance version of the product. A free trial is also available.
Support
Support for the Cisco NGFW includes the SMARTnet Service -- software and hardware platform support/maintenance -- and SASU -- software subscription license support/maintenance for NGIPS, URL filtering and AMP.
Differentiators
Cisco ASA with FirePOWER Services provides an integrated threat defense product that encompasses contextual awareness, threat detection and protection, enterprise-class firewall features, granular application visibility and control, advanced malware with retrospective security. With its recently announced threat-based NGFW product, Cisco is also introducing the Cisco Security Segmentation Service. It's an advisory service that helps organizations create security controls to enhance compliance, breach containment, threat detection, content security and data loss prevention across their IT infrastructure.
Summary
The Cisco ASA with FirePOWER Services brings threat-focused next-generation security services to the Cisco ASA 5500-X Series Next-Generation Firewalls and Cisco ASA 5585-X Adaptive Security Appliance firewall products. This product delivers integrated threat defense for the entire attack continuum -- before, during and after an attack -- by combining the security capabilities of the Cisco ASA firewall with the Sourcefire threat and advanced malware protection features together in a single device. It provides protection from known and advanced threats, including protection against targeted and persistent malware attacks. Cisco ASA with FirePOWER Services extends the capabilities of the Cisco ASA 5500-X Series Next-Generation Firewalls beyond what most of today's NGFW products are capable of.
Gartner's 2015 Magic Quadrant study for enterprise firewalls listed Cisco as a challenger in the market. Though Cisco NGFWs scored lower than market leaders in customer satisfaction, the product line received strong marks for customer support and Sourcefire's FirePOWER and FireSIGHT technologies.
