Showing results for 
Search instead for 
Did you mean: 

Cisco Community Designated VIP Class of 2020

Firewall, IPS, and Web Security Without Degrading Performance? Yes You Can Have It All!

Frequent Contributor
Jeff Aboud

Jeff Aboud   |  February 28, 2012 at 4:00 am PST


In an effort to reduce costs and improve operational efficiency,  organizations of all sizes have begun compressing their firewall and  other security services into smaller form factors and fewer physical  units.  Many small and midsized companies have opted for UTMs to run all  of their security on a single box.  Unfortunately, UTMs have failed to  deliver on their promise to deliver true multi-service security.  Most  UTMs do one or two things really well, but add all the other services as  “checkbox” items just to say they have it.

Recognizing these limitations, many larger companies opt instead to  purchase individual security services to achieve the quality and  capabilities they’re looking for, along with a more powerful appliance  that can run them more efficiently.  Though this strategy has often  produced better results than can be obtained from a UTM, it comes with  its own set of issues.  First, performance still takes a pretty major  hit.  That’s because, just as with pretty much everything else in life,  network security comes with some pretty sizable trade-offs.  In general,  there’s an inverse relationship between security and performance.  Any  high-end box can provide high performance; likewise, multiple top-tier  security services can deliver superior protection.  The problem comes in  when we try to put everything on a single box.  Obviously, the more  services we attempt to run on a single box, the larger the hit will be  to performance.

The other problem with this strategy is the physical limitations of  most security devices.  While some services can be purchased in software  form, many high-end security services are hardware-based – either as a  dedicated appliance or as a hardware module that can be inserted into a  security appliance.  This, of course, severely limits the number of  security services that can run on a single appliance, leading most  organizations to simply deal with the trade-off, forced into making the  impossible choice between performance and security.  Others make the  even harder decision to purchase an appliance that’s way outside their  budget, just to try to strike a security-performance balance they can  live with.

Today’s announcement of the Cisco ASA 5500-X Series midrange security appliances helps reduce this tradeoff by providing the performance small and  midsize businesses need, at a price they can afford, without  compromising security.  The Cisco ASA 5500-X Series uses the Cisco  SecureX framework for a context-aware approach to security that delivers  multiple security services, multigigabit performance, flexible  interface options, and redundant power supplies—all in a compact 1-RU  form factor. These appliances optionally provide additional broad and  deep network security through an array of integrated cloud- and  software-based security services that utilize identity for security  policy selection, with no need for additional hardware modules. They are  built on the same proven security platform as the rest of the ASA  family of security appliances, and have been designed to deliver  superior performance for exceptional operational efficiency.

Enterprise-grade security services that are delivered via software  and the cloud solve the physical limitation problems of most other  high-end security devices; the fact that they are fully integrated into a  high-performance chassis not only helps preserve as much performance as  possible, but it also enables growing organizations to purchase only as  much as they need today, then turn on new security services as their  needs change – for a cost-effective, extensible security solution that  can grow with their changing needs, without having to purchase all new  hardware.

Irrespective of the hardware and platform, performance will continue  to take a hit as more security services are enabled – that much is  unavoidable.  But a midrange appliance that delivers up to 4 Gbps of  firewall throughput, 1,000,000 concurrent firewall connections, and  50,000 connections per second -- with integrated software- and  cloud-based security services -- puts a high-performance,  cost-effective, extensible security solution within reach for many small  and midsized companies.

For more information, visit

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here