Skip to main content

A closer look at what Cisco's new firewall means for your business

Cisco have jumped into the security space with both feet, releasing a "next generation firewall" as part of an end-to-end security strategy.

The Cisco ASA with FirePOWER Services, which Cisco describes as "the industry's first threat-focused Next-Generation Firewall (NGFW)," combines the Cisco ASA 5500 Series firewall with application control, Next-Generation Intrusion Prevention Systems (NGIPS), and Advanced Malware Protection (AMP) to address threats across "the entire attack continuum" – that is, from initial compromise to the ongoing attack and the aftermath.

ITProPortal spoke to Sean Newman of Cisco about just what the new offerings meant for the security world.

"We're trying to build a business outcome approach to this. And the challenges businesses face, is they want to move new technologies like adopting mobility, bring your own device, using the cloud and everything as a service, with all the benefits those bring. But at the same time those approaches are opening them up to the more sophisticated attackers out there today."

"We often talk about the threats being industrialised, moving from individual people writing malware to essentially having an industry out there, and that industry is allowing attackers to develop their level of sophistication."

So what exactly does a next-generation firewall look like?

"The term 'next generation firewall' was first conceived almost a decade ago now," Sean told us. "At the time, it solved a perfectly legitimate challenge, which is that regular firewalls just looked at traffic coming into an organisation, and stop the traffic coming from an unknown source – and that was becoming harder to deal with. And with the rise of Google and social media and so on, with people using increasing amounts of web-based applications, the old firewalls just couldn't put effective policies in place."

"So the next-generation firewall gave them visibility over the actual applications that were sending that traffic, so they could set up a policy that said they didn't want a certain type of application to send traffic – I don't want peer-to-peer traffic, for instance, because that's a lot riskier than other kinds of traffic. But back then we didn't have this industrialised landscape."

"This is really about changing our thinking with regards to our security and our firewall policy. The landscape has moved so far now that we have to start thinking differently."

As well as the new firewall, Cisco has unveiled enhancements to its security channel programs. Partners now have two new security specialization options—ESS-IPS (Intrusion Prevention System) and ASA (Advanced Security Architecture).

Also new from Cisco is Security Ignite, a programme that rewards Cisco's partners with additional upfront discounts of up to six per cent on new next-gen security business solutions that they register through the Opportunity Incentive Program (OIP) or Teaming Incentive Program (TIP).

Paul has worked as an archivist, editor and journalist, and has a PhD in the cultural and literary significance of ruins. His writing has appeared in the New York Times, The BBC, The Atlantic, National Geographic, and Discover Magazine, and he was previously Staff Writer and Journalist at ITProPortal.