Cisco Beefs Up IPS, Firewalls to Better Protect Data Centers
Cisco Systems is adding new security capabilities to its family of intrusion-prevention and firewall systems, security management software and other products to address the unique, but growing, security needs of consolidated, virtualized and cloud-based data centers.
Leading off the list of new products announced Sept. 12 is the Cisco ASA 1000V Firewall for cloud environments, part of the Adaptive Security Appliance (ASA) line from Cisco. The ASA 1000V runs on top of a Cisco Nexus 1000V switch and complements the Cisco Virtual Security Gateway (VSG), which secures virtual and cloud infrastructure, the company says. A single instance of the product secures up to 64 VMware ESX host servers running virtual machines (VMs) internally.
The Cisco virtual firewall approach differs significantly from that of some of its competitors, said Jeff Aboud, marketing manager for enterprise network security at Cisco.
Other vendors use a virtual firewall in which they take existing firewall code and wrap it up in a VM wrapper, which is quick and easy to install and deploy, Aboud said.
"The bad news, though, is that it was really a firewall that was built for the physical world and has been retrofitted in order to handle virtual workloads," he said. "What we have done is taken our baseline mainstream ASA code and optimized it for the virtual cloud environment."
Cisco has also introduced the IPS 4500 series intrusion-prevention system (IPS), which offers 400 percent higher performance density, consumes 75 percent less power and occupies 75 percent less rack space than a Juniper Networks system chosen for comparison. It delivers 10G bps throughput and supports up to 100,000 connections per second. Supported by the Cisco Security Intelligence Operation (CISO), Aboud said the IPS can intercept an intruder before it enters the network while competing systems can detect a breach only after it has occurred.
Cisco is also introducing version 9.0 of its ASA operating system. Among the new enhancements from version 8.4, it delivers up to 320G bps of firewall and 60G bps of IPS throughput, 1 million connections per second and 50 million concurrent connections. It also offers higher density, 84 percent less power consumption and takes up 75 percent less rack space than a Juniper system.
Also, Cisco is introducing AnyConnect 3.1, an upgrade of its VPN for securely connecting mobile devices to the corporate network, which is a way of enabling employees to leverage the bring-your-own-device (BYOD) trend but ensure secure access of that device to the network.
This set of announcements from Cisco means the company is following through on a tentative road map laid out at the RSA security industry conference earlier this year, when company officials said they were concentrating on securing the data center and the network perimeter, said John Grady, senior research analyst for security products at IDC.
"Scalability, application control and security for virtual environments are significant issues for organizations today, and these products help solve those issues," Grady told eWEEK in an email.
Because Cisco's product offerings are so vast, it has different competitors depending on the product category, he added. Overall, Juniper and Check Point are Cisco's top competitors, but Palo Alto Networks competes in the application firewall space, while McAfee, Sourcefire, Hewlett-Packard and IBM are all competitors in the IPS space.
Also new from Cisco is Security Manager 4.3, which helps make sure that security policy is uniform across physical, virtual and hybrid computing environments.
IDC's Grady said management can be a significant challenge in these hybrid cloud and physical environments and with personal devices accessing the corporate network.
"The issue arises in trying to keep consistency and simplicity of policy across these different solutions and environments," he said. "Because of Cisco's portfolio, they're in a good position to tie everything together to accomplish this."