In an effort to reduce costs and improve operational efficiency, organizations of all sizes have begun compressing their firewall and other security services into smaller form factors and fewer physical units. Many small and midsized companies have opted for UTMs to run all of their security on a single box. Unfortunately, UTMs have failed to deliver on their promise to deliver true multi-service security. Most UTMs do one or two things really well, but add all the other services as “checkbox” items just to say they have it.
Recognizing these limitations, many larger companies opt instead to purchase individual security services to achieve the quality and capabilities they’re looking for, along with a more powerful appliance that can run them more efficiently. Though this strategy has often produced better results than can be obtained from a UTM, it comes with its own set of issues. First, performance still takes a pretty major hit. That’s because, just as with pretty much everything else in life, network security comes with some pretty sizable trade-offs. In general, there’s an inverse relationship between security and performance. Any high-end box can provide high performance; likewise, multiple top-tier security services can deliver superior protection. The problem comes in when we try to put everything on a single box. Obviously, the more services we attempt to run on a single box, the larger the hit will be to performance.
The other problem with this strategy is the physical limitations of most security devices. While some services can be purchased in software form, many high-end security services are hardware-based – either as a dedicated appliance or as a hardware module that can be inserted into a security appliance. This, of course, severely limits the number of security services that can run on a single appliance, leading most organizations to simply deal with the trade-off, forced into making the impossible choice between performance and security. Others make the even harder decision to purchase an appliance that’s way outside their budget, just to try to strike a security-performance balance they can live with.
Today’s announcement of the Cisco ASA 5500-X Series midrange security appliances helps reduce this tradeoff by providing the performance small and midsize businesses need, at a price they can afford, without compromising security. The Cisco ASA 5500-X Series uses the Cisco SecureX framework for a context-aware approach to security that delivers multiple security services, multigigabit performance, flexible interface options, and redundant power supplies—all in a compact 1-RU form factor. These appliances optionally provide additional broad and deep network security through an array of integrated cloud- and software-based security services that utilize identity for security policy selection, with no need for additional hardware modules. They are built on the same proven security platform as the rest of the ASA family of security appliances, and have been designed to deliver superior performance for exceptional operational efficiency.
Enterprise-grade security services that are delivered via software and the cloud solve the physical limitation problems of most other high-end security devices; the fact that they are fully integrated into a high-performance chassis not only helps preserve as much performance as possible, but it also enables growing organizations to purchase only as much as they need today, then turn on new security services as their needs change – for a cost-effective, extensible security solution that can grow with their changing needs, without having to purchase all new hardware.
Irrespective of the hardware and platform, performance will continue to take a hit as more security services are enabled – that much is unavoidable. But a midrange appliance that delivers up to 4 Gbps of firewall throughput, 1,000,000 concurrent firewall connections, and 50,000 connections per second -- with integrated software- and cloud-based security services -- puts a high-performance, cost-effective, extensible security solution within reach for many small and midsized companies.
Hello Guys, I have been facing issues in setting up a VPN tunnel between a device behind network 20.X.X.X and our ASA on out1 interface 208.X.X.11. the VPN traffic hits the outside3 interface on the ASA however when I run a packet capture i don't see...
Hello, I have setup a Cisco Active Directory agent on my network on the corporate network which talks a domain controller on the same corporate network. That seems to be working ok and i can see the agent is running and the polling status is av...
This is regarding one of the largest ISE customer. They have installed ISE(with MDM SCCM) for 80K employees across the world . They had faced lot of issues on ISE 2.4 image and with lot of BU efforts, have been drilled down to couple of bu...
We are currently switching from the old IPsec client to AnyConnect. Unfortunately we can't get AnyConnect to connect to our ASA. The ASA is behind a Peplink loadbalancer and we think the Peplink is blocking/not forwarding correctly the SSL traffic. AnyCon...