SlideShare uma empresa Scribd logo

Top 10 considerations when purchasing a cisco next generation firewall

Transferir como DOCX, PDF
IT Tech
IT Tech

Top 10 considerations when purchasing a cisco next generation firewall. More tips...

Tecnologia
1 de 8
Top 10 Considerations When Purchasing a Cisco Next-Generation Firewall Is it necessary to buy a next-generation firewall to solve the problem of network security? For many midsize companies, traditional firewalls seem not effective at seeing what they are doing, the types of applications they’re accessing, or the devices they’re using. Most of them may found that they must reinforce their traditional security solution to address new trends arising from mobility and cloud, and meet a rising threat landscape. These dynamics complicate the challenge of maintaining network security, and tax the network’s ability to perform optimally for the business. And the next- generation firewalls are designed to help close some of the gaps between the modern network security and the traditional. Cisco offers top 10 considerations for midsize companies to weigh when evaluating a next- generation firewall solution: 1. Is the firewall built on a comprehensive stateful firewall foundation? 2. Does the solution support robust, secure remote access for mobile users? 3. Does the firewall provide proactive threat protection? 4. Can the firewall maintain performance when multiple security services are running? 5. Does the solution offer deep visibility into applications with granular application controls? 6. Is the firewall able to deliver user, network, application, and device intelligence to help drive context-aware protection? 7. Does the firewall offer cloud-based web security? 8. Can you deploy a future-proof solution that can scale as your organization grows? 9. Does the firewall vendor have extensive support and services to ease the migration path? 10. Does the firewall vendor offer attractive financing options to speed deployment time? Cisco ASA 5500-X Series, the Cisco’s Next-Generation Firewall (NGFW) provides an“all in one” solution featuring a range of next-generation firewall services that are affordable and easy to deploy and manage. In this following part, we will discuss that how the Cisco ASA 5500-X helps organizations of all sizes to: • Stay ahead of today’s emerging threats with collective security intelligence
• See and control user activity, device access, and malicious behavior • Reduce complexity, capital, and operating costs with fewer devices to manage and deploy According to the Cisco 2014 Annual Security Report, “all organizations should assume they’ve been hacked.” Cisco Security Intelligence Operations (SIO) researchers found that malicious traffic is visible on 100 percent of corporate networks; this means there is evidence that adversaries have penetrated these networks and may be operating undetected over long periods. • These findings underscore why it’s critical for all organizations—large or small—to deploy a next-generation firewall solution that can provide continuous security and end-to-end visibility across the network. Successful attacks are inevitable, and IT teams must be able to determine the scope of the damage, contain the event, remediate, and bring operations back to normal—fast. Organizations should therefore consider these questions when choosing a next-generation firewall solution: 1. Is the firewall built on a comprehensive stateful firewall foundation? A next-generation firewall needs to understand both threat traffic and network traffic. It also must be able to identify which users are connecting to the network and from where, what devices they’re using, and which applications and websites they’re accessing. A solution built on a comprehensive stateful firewall foundation also can provide visibility into potential security gaps, such as open ports. The foundation for the Cisco ASA 5500-X is built on the world’s most widely deployed and most proven stateful inspection firewall. It features an extensive stateful inspection engine that helps protect critical assets while also delivering high-performance security and reliability. The Cisco ASA 5500- X NGFW maximizes network security with clear, deterministic Layer 3 and
Layer 4 policies. Capabilities such as site-to-site virtual private network (VPN), network address translation (NAT), and dynamic routing also help secure the perimeter and provide access control. 2. Does the solution support robust, secure remote access for mobile users? Today’s users require anywhere, anytime access to the network from a variety of company-owned and personal mobile devices. But opening up the network to accommodate this type of access leads to loss of control and visibility. To provide secure connectivity from device to application while also protecting the network, organizations need to know, at all times, what types of user devices are attempting to gain access to the network, and from what location. Cisco provides the only next-generation firewall solution that can deliver user identity, application, and device awareness to enforce access control and mitigate threats. Cisco combines networkwide identity and fine-grained behavior controls with the class leading VPN technology, Cisco AnyConnect. Installed on more than 150 million endpoints, AnyConnect is the most widely used VPN, as well as the most mature and comprehensive secure mobility client in the market today. AnyConnect provides the information on user identity and location, device operating system and version, and user access privileges that the ASA 5500-X NGFW needs to enforce network access based on context. 3. Does the firewall provide proactive threat protection? The Cisco ASA 5500-X NGFW blocks the majority (> 80 percent) of malware at the gateway, with minimal intervention required from administrators. It does this with near-real-time threat intelligence from Cisco SIO, the world’s largest cloud-based security ecosystem. Cisco SIO correlates intelligence in the cloud from 100 terabits of live data feeds from more than 1.6 million deployed Cisco email, web, firewall, and intrusion prevention system (IPS) solutions. Cisco ASA Next-Generation Firewall Services use the same URL filtering database as Cisco Web Security solutions.Cisco SIO takes advantage of its visibility into more than a third of global Internet traffic to update this database—which includes more than 50 million blocked sites—every five minutes. Unlike next generation firewalls that use third-party URL filtering solutions, Cisco owns its technology. And while some vendors only allow one URL filtering policy for the enterprise, organizations can use Cisco ASA Next- Generation Firewall Services to create URLbased rules for users and groups, creating differentiated access to the Internet. 4. Can the firewall maintain performance when multiple security services are running?
Purchasing, deploying, and then managing multiple, dedicated security services modules is a complex and expensive process. But it has long been the only way for organizations to scale for security services as their needs change. As a single-box solution that combines firewall, VPN, anti-malware, and IPS, the Cisco ASA 5500-X NGFW provides acceleration hardware as part of its base platform. Security services can be turned on simply by activating the appropriate software license. Expanded security services are also delivered with minimal impact to network performance. A recent lab test of enterprise firewalls using real-world traffic found that the ASA 5500-X NGFW with IPS enabled can process 10 percent more connections per second over IPv4 and 24 percent more over IPv6 compared to competitive products. Other findings: UDP throughput using IMIX (IPv4 and IPv6) was 57 percent better, and HTTP traffic throughput on Cisco appliances was 60 percent greater than comparable competitor products. 5. Does the solution offer deep visibility into applications with granular application controls? Organizations can’t control what they can’t see. To ensure acceptable use and security policies are enforced within Web 2.0 websites that contain embedded applications, a next-generation firewall solution must be able to identify and control, with precision, individual applications utilizing application signatures or other methods. Granular control is critical, considering the volume of actions that can be performed within a commonly used application such as Facebook: posting content, “liking” a user’s status, sending mail, chatting, and more. Micro- applications used within a bigger application, such as Farmville on Facebook, also must be identified and considered when making access control decisions. Cisco ASA Next-Generation Firewall Services offer highly granular controls that allow administrators to create firewall policies that match the nuanced business needs of today. They not only identify more than 1200 applications, but also more than 150,000 micro-applications. Cisco ASA Next Generation Firewall Services also identify application behavior: what action a user is taking within an application. As an example, the Facebook Videos category identifies whether a user is uploading, tagging, or posting a video. An administrator may set a granular control for this category, allowing users to view and tag videos, but not upload a video. 6. Is the firewall able to deliver user, network, application, and device intelligence to help drive context-aware protection?
Network intelligence allows organizations to set differentiated security policies for users, particularly those coming into the network from other locations and using their own devices. Cisco ASA 5500-X NGFW receives rich information from the Cisco Identity Services Engine (ISE), which, like the Cisco AnyConnect service, helps organizations support BYOD more securely. ISE offers insight into device profiles, device postures, 802.1x authentication details, and more. This capability on the Cisco ASA 5500-X NGFW enables organizations to deliver consistent and granular access control. 7. Does the firewall offer cloud-based web security? Threat protection delivered through the cloud can help organizations of all sizes gain a highly distributed security perimeter that can enable new applications and protect all users proactively. Cisco Cloud Web Security, powered by Cisco SIO, is integrated into the Cisco ASA 5500-X NGFW. It provides zero-day protection to all users, regardless of location. Web security, application control, management, and reporting are fully integrated into a cloudbased service that provides industry-leading security and control, with 99.999 percent availability and uptime with zero- day threat protection through heuristics analysis. 8. Can you deploy a future-proof solution that can scale as your organization grows? As an organization expands its operations, its security needs change. But scaling security solutions to meet changing business needs should not be cost-prohibitive—or increase administrative complexity. Cisco provides an easily manageable single-box solution to support midsize companies as they grow. Cisco ASA 5500-X NGFW helps organizations reduce capital and operating costs by consolidating multiple security solutions including stateful firewall, VPN gateway, application control, web security, IPS, and anti-malware in one box. Cisco Prime Security Manager helps simplify Cisco ASA 5500-X NGFW deployments and reduce administration complexity with a single, unified management console. Cisco has a complete portfolio of next-generation firewall solutions that enable organizations to scale from the smallest branch to the largest Internet- edge security solutions that can interoperate with the ASA 5500-X NGFW: • Sourcefire Next-Generation Intrusion Prevention System (NGIPS), which provides advanced threat protection, integrating real-time contextual awareness, intelligent security automation, and industry-leading threat prevention effectiveness.5
• Advanced Malware Protection for FirePOWER, a comprehensive malware-defeating solution that enables malware detection and blocking, continuous analysis, and retrospective alerting that leverage Sourcefire’s cloud security intelligence. Sourcefire enterprise-class advanced malware analysis and protection solutions are among the first to use big data analytics to provide the visibility and control that organizations need to discover, understand, and stop threats missed by other security layers. 9. Does the firewall vendor have extensive support and services to ease the migration path? Migrating to a next-generation firewall is a major undertaking. Every business infrastructure is unique, and maintaining security while transitioning to a new solution requires detailed planning and careful change management. Even short periods of downtime can undermine profitability and security. Any next- generation firewall vendor or their certified partners must be able to provide deep experience, knowledge, leading practices, and tools (including those of others) to minimize disruption and support business continuity during migration—and do so cost-effectively. Cisco Migration Services for Firewalls helps organizations migrate smoothly to the new Cisco ASA 5500-X NGFW platform, whether they’re transitioning from a legacy Cisco or third-party firewall. Cisco security engineers, as well as Cisco Security Specialized Partners, provide expert guidance and support to help organizations maintain security during a migration, and improve the accuracy and completeness of the process. Cisco Migration Services for Firewalls can support a migration with remote or on-site services, or a combination of the two, depending on an organization’s needs and preferences. Additionally, the Cisco SMARTnet Service helps reduce network downtime and other critical network issues with expert technical support, flexible hardware coverage, and proactive device diagnostics. IT personnel have anytime access (24 hours, 365 days a year) to specialized engineers in the Cisco Technical Assistance Center (TAC), as well as to an extensive range of self-support resources, tools, and training through Cisco’s online knowledge base. deployment. Additionally, Cisco’s recent acquisition of Sourcefire introduces enterprise 10. Does the firewall vendor offer attractive financing options to speed deployment time?
Spreading the cost for a next-generation firewall solution over time makes budgeting easier and payments more manageable. Vendors that provide financing give organizations the freedom to acquire the technology they need to grow their business as well as the flexibility to react to changing market needs. Investing in the right technology without making a large capital expenditure also enables organizations to channel financial resources into other areas of the business and drive success. Financing from Cisco Capital allows organizations purchasing the Cisco ASA 5500-X NGFW to take advantage of a range of financing options at competitive rates, with the flexibility to defer payments and fund the entire solution, from technology to services. Visit www.ciscocapital.com for additional information and to find a local Cisco Capital representative. Making the Move to a New Security Model A next-generation firewall is an important component of a threat centric security model, which all organizations need to adopt to gain visibility across their network—and respond appropriately to threats before, during, and after an attack. As your midsize organization evaluates next-generation firewalls, keep in mind that any solution must: • Deliver comprehensive protection: Defending the network in the modern threat landscape requires best-in-class anti-malware and intrusion protections based on vulnerability research, reputation scoring, and other critical factors. • Work with business policy: A next-generation firewall must offer complete breadth and depth of policy enforcement for application use. It also must ensure that diverse collaboration and Web 2.0 applications used for both personal and professional reasons can be monitored and controlled, at a granular level, based on business policy. • Ensure policies are enforced by device and user: A next generation firewall must offer complete insight into what devices and users are accessing the network, and from what location. It also must ensure that security policies can be differentiated according to device type and are based on corporate policy. A next-generation firewall solution also cannot degrade performance while ensuring protection, policy, consistency, and context all at once, and at wire speed. Cisco redefines the next-generation firewall with the ASA 5500-X NGFW.
Cisco ASA 5500-X NGFW helps midsize organizations to meet these challenges, and stay ahead of today’s emerging threats with collective security intelligence. It enables administrators to see and control user activity, device access, and malicious behavior. It also reduces complexity, capital, and operating costs with fewer devices to manage and deploy. To learn more about the Cisco ASA 5500-X NGFW, visit: www.cisco.com/go/asa. The full PDF file you can read from http://www.cisco.com/web/VN/solutions/smb/velocity/Security/next_generati on_firewall.pdf More Related Cisco Next-Generation Firewall Topics Cisco ASA 5500-X Series’ New Features & Main Model Comparison Does Cisco ASA 5500-X Series Support Both IPS and AVC/WSE in One Box? Cisco ASA 5585-X Comparison

Recomendados

Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Cisco do Brasil
 
Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services Felipe Lamus
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context TrainingTariq Bader
 
Firewall basics
Firewall basicsFirewall basics
Firewall basicsSandeep Yadav
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Network security
Network securityNetwork security
Network securityfangjiafu
 
Incident Response: SIEM Part II
Incident Response: SIEM Part IIIncident Response: SIEM Part II
Incident Response: SIEM Part IINapier University
 
Maximizing Firewall Performance (2012 San Diego)
Maximizing Firewall Performance (2012 San Diego)Maximizing Firewall Performance (2012 San Diego)
Maximizing Firewall Performance (2012 San Diego)Cisco Security
 

Recomendados

Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Estratégia de segurança da Cisco (um diferencial para seus negócios)
Estratégia de segurança da Cisco (um diferencial para seus negócios)Cisco do Brasil
 
Cisco ASA con fire power services
Cisco ASA con fire power services Cisco ASA con fire power services
Cisco ASA con fire power services Felipe Lamus
 
ASA Multiple Context Training
ASA Multiple Context TrainingASA Multiple Context Training
ASA Multiple Context TrainingTariq Bader
 
Firewall basics
Firewall basicsFirewall basics
Firewall basicsSandeep Yadav
 
Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Troubleshooting Firewalls (2012 San Diego)
Troubleshooting Firewalls (2012 San Diego)Cisco Security
 
Network security
Network securityNetwork security
Network securityfangjiafu
 
Incident Response: SIEM Part II
Incident Response: SIEM Part IIIncident Response: SIEM Part II
Incident Response: SIEM Part IINapier University
 
Maximizing Firewall Performance (2012 San Diego)
Maximizing Firewall Performance (2012 San Diego)Maximizing Firewall Performance (2012 San Diego)
Maximizing Firewall Performance (2012 San Diego)Cisco Security
 
Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn securityJack Melson
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA FirewallsBryley Systems Inc.
 
CCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaCCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaAhmed Habib
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA FirepowerAnwesh Dixit
 
Cisco ASA . Next-Generation Firewalls
Cisco ASA . Next-Generation FirewallsCisco ASA . Next-Generation Firewalls
Cisco ASA . Next-Generation FirewallsCisco Russia
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersNetProtocol Xpert
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAAAhmed Habib
 
Has video really killed the audio star?
Has video really killed the audio star?Has video really killed the audio star?
Has video really killed the audio star?Cisco Canada
 
Jmeter Performance Testing
Jmeter Performance TestingJmeter Performance Testing
Jmeter Performance TestingAtul Pant
 
Tutorial: Context-awareness In Information Retrieval and Recommender Systems
Tutorial: Context-awareness In Information Retrieval and Recommender SystemsTutorial: Context-awareness In Information Retrieval and Recommender Systems
Tutorial: Context-awareness In Information Retrieval and Recommender SystemsYONG ZHENG
 
Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setupIT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideIT Tech
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideIT Tech
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faqIT Tech
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesIT Tech
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresIT Tech
 

Mais conteúdo relacionado

Destaque

Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn securityJack Melson
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATCisco Russia
 
CCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaCCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaAhmed Habib
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA FirepowerAnwesh Dixit
 
Cisco ASA . Next-Generation Firewalls
Cisco ASA . Next-Generation FirewallsCisco ASA . Next-Generation Firewalls
Cisco ASA . Next-Generation FirewallsCisco Russia
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersNetProtocol Xpert
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security ArchitectureCisco Canada
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data CenterCisco Canada
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAAAhmed Habib
 
Has video really killed the audio star?
Has video really killed the audio star?Has video really killed the audio star?
Has video really killed the audio star?Cisco Canada
 
Jmeter Performance Testing
Jmeter Performance TestingJmeter Performance Testing
Jmeter Performance TestingAtul Pant
 
Tutorial: Context-awareness In Information Retrieval and Recommender Systems
Tutorial: Context-awareness In Information Retrieval and Recommender SystemsTutorial: Context-awareness In Information Retrieval and Recommender Systems
Tutorial: Context-awareness In Information Retrieval and Recommender SystemsYONG ZHENG
 

Destaque (15)

Asa sslvpn security
Asa sslvpn securityAsa sslvpn security
Asa sslvpn security
 
Understanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NATUnderstanding and Troubleshooting ASA NAT
Understanding and Troubleshooting ASA NAT
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
CCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asaCCNA Security 010-configuring cisco asa
CCNA Security 010-configuring cisco asa
 
Cisco ASA Firepower
Cisco ASA FirepowerCisco ASA Firepower
Cisco ASA Firepower
 
Cisco ASA . Next-Generation Firewalls
Cisco ASA . Next-Generation FirewallsCisco ASA . Next-Generation Firewalls
Cisco ASA . Next-Generation Firewalls
 
ASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & AnswersASA Firewall Interview- Questions & Answers
ASA Firewall Interview- Questions & Answers
 
Building a Security Architecture
Building a Security ArchitectureBuilding a Security Architecture
Building a Security Architecture
 
ASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment ScenariosASA Firepower NGFW Update and Deployment Scenarios
ASA Firepower NGFW Update and Deployment Scenarios
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAA
 
Has video really killed the audio star?
Has video really killed the audio star?Has video really killed the audio star?
Has video really killed the audio star?
 
Jmeter Performance Testing
Jmeter Performance TestingJmeter Performance Testing
Jmeter Performance Testing
 
Tutorial: Context-awareness In Information Retrieval and Recommender Systems
Tutorial: Context-awareness In Information Retrieval and Recommender SystemsTutorial: Context-awareness In Information Retrieval and Recommender Systems
Tutorial: Context-awareness In Information Retrieval and Recommender Systems
 

Mais de IT Tech

Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setupIT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideIT Tech
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideIT Tech
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faqIT Tech
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesIT Tech
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresIT Tech
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solutionIT Tech
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesIT Tech
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesIT Tech
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesIT Tech
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellIT Tech
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000IT Tech
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexIT Tech
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesIT Tech
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesIT Tech
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration exampleIT Tech
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700IT Tech
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration optionsIT Tech
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement modelIT Tech
 

Mais de IT Tech (20)

Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setup
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guide
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guide
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guide
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faq
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switches
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi features
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solution
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switches
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switches
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modes
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fex
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches series
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 series
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration example
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration options
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement model
 

Último

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Último (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Top 10 considerations when purchasing a cisco next generation firewall

  • 1. Top 10 Considerations When Purchasing a Cisco Next-Generation Firewall Is it necessary to buy a next-generation firewall to solve the problem of network security? For many midsize companies, traditional firewalls seem not effective at seeing what they are doing, the types of applications they’re accessing, or the devices they’re using. Most of them may found that they must reinforce their traditional security solution to address new trends arising from mobility and cloud, and meet a rising threat landscape. These dynamics complicate the challenge of maintaining network security, and tax the network’s ability to perform optimally for the business. And the next- generation firewalls are designed to help close some of the gaps between the modern network security and the traditional. Cisco offers top 10 considerations for midsize companies to weigh when evaluating a next- generation firewall solution: 1. Is the firewall built on a comprehensive stateful firewall foundation? 2. Does the solution support robust, secure remote access for mobile users? 3. Does the firewall provide proactive threat protection? 4. Can the firewall maintain performance when multiple security services are running? 5. Does the solution offer deep visibility into applications with granular application controls? 6. Is the firewall able to deliver user, network, application, and device intelligence to help drive context-aware protection? 7. Does the firewall offer cloud-based web security? 8. Can you deploy a future-proof solution that can scale as your organization grows? 9. Does the firewall vendor have extensive support and services to ease the migration path? 10. Does the firewall vendor offer attractive financing options to speed deployment time? Cisco ASA 5500-X Series, the Cisco’s Next-Generation Firewall (NGFW) provides an“all in one” solution featuring a range of next-generation firewall services that are affordable and easy to deploy and manage. In this following part, we will discuss that how the Cisco ASA 5500-X helps organizations of all sizes to: • Stay ahead of today’s emerging threats with collective security intelligence
  • 2. • See and control user activity, device access, and malicious behavior • Reduce complexity, capital, and operating costs with fewer devices to manage and deploy According to the Cisco 2014 Annual Security Report, “all organizations should assume they’ve been hacked.” Cisco Security Intelligence Operations (SIO) researchers found that malicious traffic is visible on 100 percent of corporate networks; this means there is evidence that adversaries have penetrated these networks and may be operating undetected over long periods. • These findings underscore why it’s critical for all organizations—large or small—to deploy a next-generation firewall solution that can provide continuous security and end-to-end visibility across the network. Successful attacks are inevitable, and IT teams must be able to determine the scope of the damage, contain the event, remediate, and bring operations back to normal—fast. Organizations should therefore consider these questions when choosing a next-generation firewall solution: 1. Is the firewall built on a comprehensive stateful firewall foundation? A next-generation firewall needs to understand both threat traffic and network traffic. It also must be able to identify which users are connecting to the network and from where, what devices they’re using, and which applications and websites they’re accessing. A solution built on a comprehensive stateful firewall foundation also can provide visibility into potential security gaps, such as open ports. The foundation for the Cisco ASA 5500-X is built on the world’s most widely deployed and most proven stateful inspection firewall. It features an extensive stateful inspection engine that helps protect critical assets while also delivering high-performance security and reliability. The Cisco ASA 5500- X NGFW maximizes network security with clear, deterministic Layer 3 and
  • 3. Layer 4 policies. Capabilities such as site-to-site virtual private network (VPN), network address translation (NAT), and dynamic routing also help secure the perimeter and provide access control. 2. Does the solution support robust, secure remote access for mobile users? Today’s users require anywhere, anytime access to the network from a variety of company-owned and personal mobile devices. But opening up the network to accommodate this type of access leads to loss of control and visibility. To provide secure connectivity from device to application while also protecting the network, organizations need to know, at all times, what types of user devices are attempting to gain access to the network, and from what location. Cisco provides the only next-generation firewall solution that can deliver user identity, application, and device awareness to enforce access control and mitigate threats. Cisco combines networkwide identity and fine-grained behavior controls with the class leading VPN technology, Cisco AnyConnect. Installed on more than 150 million endpoints, AnyConnect is the most widely used VPN, as well as the most mature and comprehensive secure mobility client in the market today. AnyConnect provides the information on user identity and location, device operating system and version, and user access privileges that the ASA 5500-X NGFW needs to enforce network access based on context. 3. Does the firewall provide proactive threat protection? The Cisco ASA 5500-X NGFW blocks the majority (> 80 percent) of malware at the gateway, with minimal intervention required from administrators. It does this with near-real-time threat intelligence from Cisco SIO, the world’s largest cloud-based security ecosystem. Cisco SIO correlates intelligence in the cloud from 100 terabits of live data feeds from more than 1.6 million deployed Cisco email, web, firewall, and intrusion prevention system (IPS) solutions. Cisco ASA Next-Generation Firewall Services use the same URL filtering database as Cisco Web Security solutions.Cisco SIO takes advantage of its visibility into more than a third of global Internet traffic to update this database—which includes more than 50 million blocked sites—every five minutes. Unlike next generation firewalls that use third-party URL filtering solutions, Cisco owns its technology. And while some vendors only allow one URL filtering policy for the enterprise, organizations can use Cisco ASA Next- Generation Firewall Services to create URLbased rules for users and groups, creating differentiated access to the Internet. 4. Can the firewall maintain performance when multiple security services are running?
  • 4. Purchasing, deploying, and then managing multiple, dedicated security services modules is a complex and expensive process. But it has long been the only way for organizations to scale for security services as their needs change. As a single-box solution that combines firewall, VPN, anti-malware, and IPS, the Cisco ASA 5500-X NGFW provides acceleration hardware as part of its base platform. Security services can be turned on simply by activating the appropriate software license. Expanded security services are also delivered with minimal impact to network performance. A recent lab test of enterprise firewalls using real-world traffic found that the ASA 5500-X NGFW with IPS enabled can process 10 percent more connections per second over IPv4 and 24 percent more over IPv6 compared to competitive products. Other findings: UDP throughput using IMIX (IPv4 and IPv6) was 57 percent better, and HTTP traffic throughput on Cisco appliances was 60 percent greater than comparable competitor products. 5. Does the solution offer deep visibility into applications with granular application controls? Organizations can’t control what they can’t see. To ensure acceptable use and security policies are enforced within Web 2.0 websites that contain embedded applications, a next-generation firewall solution must be able to identify and control, with precision, individual applications utilizing application signatures or other methods. Granular control is critical, considering the volume of actions that can be performed within a commonly used application such as Facebook: posting content, “liking” a user’s status, sending mail, chatting, and more. Micro- applications used within a bigger application, such as Farmville on Facebook, also must be identified and considered when making access control decisions. Cisco ASA Next-Generation Firewall Services offer highly granular controls that allow administrators to create firewall policies that match the nuanced business needs of today. They not only identify more than 1200 applications, but also more than 150,000 micro-applications. Cisco ASA Next Generation Firewall Services also identify application behavior: what action a user is taking within an application. As an example, the Facebook Videos category identifies whether a user is uploading, tagging, or posting a video. An administrator may set a granular control for this category, allowing users to view and tag videos, but not upload a video. 6. Is the firewall able to deliver user, network, application, and device intelligence to help drive context-aware protection?
  • 5. Network intelligence allows organizations to set differentiated security policies for users, particularly those coming into the network from other locations and using their own devices. Cisco ASA 5500-X NGFW receives rich information from the Cisco Identity Services Engine (ISE), which, like the Cisco AnyConnect service, helps organizations support BYOD more securely. ISE offers insight into device profiles, device postures, 802.1x authentication details, and more. This capability on the Cisco ASA 5500-X NGFW enables organizations to deliver consistent and granular access control. 7. Does the firewall offer cloud-based web security? Threat protection delivered through the cloud can help organizations of all sizes gain a highly distributed security perimeter that can enable new applications and protect all users proactively. Cisco Cloud Web Security, powered by Cisco SIO, is integrated into the Cisco ASA 5500-X NGFW. It provides zero-day protection to all users, regardless of location. Web security, application control, management, and reporting are fully integrated into a cloudbased service that provides industry-leading security and control, with 99.999 percent availability and uptime with zero- day threat protection through heuristics analysis. 8. Can you deploy a future-proof solution that can scale as your organization grows? As an organization expands its operations, its security needs change. But scaling security solutions to meet changing business needs should not be cost-prohibitive—or increase administrative complexity. Cisco provides an easily manageable single-box solution to support midsize companies as they grow. Cisco ASA 5500-X NGFW helps organizations reduce capital and operating costs by consolidating multiple security solutions including stateful firewall, VPN gateway, application control, web security, IPS, and anti-malware in one box. Cisco Prime Security Manager helps simplify Cisco ASA 5500-X NGFW deployments and reduce administration complexity with a single, unified management console. Cisco has a complete portfolio of next-generation firewall solutions that enable organizations to scale from the smallest branch to the largest Internet- edge security solutions that can interoperate with the ASA 5500-X NGFW: • Sourcefire Next-Generation Intrusion Prevention System (NGIPS), which provides advanced threat protection, integrating real-time contextual awareness, intelligent security automation, and industry-leading threat prevention effectiveness.5
  • 6. • Advanced Malware Protection for FirePOWER, a comprehensive malware-defeating solution that enables malware detection and blocking, continuous analysis, and retrospective alerting that leverage Sourcefire’s cloud security intelligence. Sourcefire enterprise-class advanced malware analysis and protection solutions are among the first to use big data analytics to provide the visibility and control that organizations need to discover, understand, and stop threats missed by other security layers. 9. Does the firewall vendor have extensive support and services to ease the migration path? Migrating to a next-generation firewall is a major undertaking. Every business infrastructure is unique, and maintaining security while transitioning to a new solution requires detailed planning and careful change management. Even short periods of downtime can undermine profitability and security. Any next- generation firewall vendor or their certified partners must be able to provide deep experience, knowledge, leading practices, and tools (including those of others) to minimize disruption and support business continuity during migration—and do so cost-effectively. Cisco Migration Services for Firewalls helps organizations migrate smoothly to the new Cisco ASA 5500-X NGFW platform, whether they’re transitioning from a legacy Cisco or third-party firewall. Cisco security engineers, as well as Cisco Security Specialized Partners, provide expert guidance and support to help organizations maintain security during a migration, and improve the accuracy and completeness of the process. Cisco Migration Services for Firewalls can support a migration with remote or on-site services, or a combination of the two, depending on an organization’s needs and preferences. Additionally, the Cisco SMARTnet Service helps reduce network downtime and other critical network issues with expert technical support, flexible hardware coverage, and proactive device diagnostics. IT personnel have anytime access (24 hours, 365 days a year) to specialized engineers in the Cisco Technical Assistance Center (TAC), as well as to an extensive range of self-support resources, tools, and training through Cisco’s online knowledge base. deployment. Additionally, Cisco’s recent acquisition of Sourcefire introduces enterprise 10. Does the firewall vendor offer attractive financing options to speed deployment time?
  • 7. Spreading the cost for a next-generation firewall solution over time makes budgeting easier and payments more manageable. Vendors that provide financing give organizations the freedom to acquire the technology they need to grow their business as well as the flexibility to react to changing market needs. Investing in the right technology without making a large capital expenditure also enables organizations to channel financial resources into other areas of the business and drive success. Financing from Cisco Capital allows organizations purchasing the Cisco ASA 5500-X NGFW to take advantage of a range of financing options at competitive rates, with the flexibility to defer payments and fund the entire solution, from technology to services. Visit www.ciscocapital.com for additional information and to find a local Cisco Capital representative. Making the Move to a New Security Model A next-generation firewall is an important component of a threat centric security model, which all organizations need to adopt to gain visibility across their network—and respond appropriately to threats before, during, and after an attack. As your midsize organization evaluates next-generation firewalls, keep in mind that any solution must: • Deliver comprehensive protection: Defending the network in the modern threat landscape requires best-in-class anti-malware and intrusion protections based on vulnerability research, reputation scoring, and other critical factors. • Work with business policy: A next-generation firewall must offer complete breadth and depth of policy enforcement for application use. It also must ensure that diverse collaboration and Web 2.0 applications used for both personal and professional reasons can be monitored and controlled, at a granular level, based on business policy. • Ensure policies are enforced by device and user: A next generation firewall must offer complete insight into what devices and users are accessing the network, and from what location. It also must ensure that security policies can be differentiated according to device type and are based on corporate policy. A next-generation firewall solution also cannot degrade performance while ensuring protection, policy, consistency, and context all at once, and at wire speed. Cisco redefines the next-generation firewall with the ASA 5500-X NGFW.
  • 8. Cisco ASA 5500-X NGFW helps midsize organizations to meet these challenges, and stay ahead of today’s emerging threats with collective security intelligence. It enables administrators to see and control user activity, device access, and malicious behavior. It also reduces complexity, capital, and operating costs with fewer devices to manage and deploy. To learn more about the Cisco ASA 5500-X NGFW, visit: www.cisco.com/go/asa. The full PDF file you can read from http://www.cisco.com/web/VN/solutions/smb/velocity/Security/next_generati on_firewall.pdf More Related Cisco Next-Generation Firewall Topics Cisco ASA 5500-X Series’ New Features & Main Model Comparison Does Cisco ASA 5500-X Series Support Both IPS and AVC/WSE in One Box? Cisco ASA 5585-X Comparison