Enable Digital Business with the Industry’s First Fully Integrated, Threat-Focused NGFW
Today’s world is undergoing digital disruption that will spark more connectivity than ever before, as consumers, businesses and governments leverage digitization to drive innovation forward. Yet, the more connected we become, the more opportunities we create for cybercriminals. In order for enterprises to operate effectively in today’s environment, they have to focus their security efforts on stopping advanced threats in the current dynamic threat landscape.
IT teams have been asked to manage security using a patchwork of siloed point products, starting with legacy next-generation firewalls (NGFW), which were created with a focus on application and bolted on best effort threat protection. As such, these legacy NGFWs are unable to provide an enterprise with the contextual information, automation, and prioritization that they need to handle today’s modern threats. Operators are thus unable to realize the promise of platform consolidation and complexity reduction with legacy NGFWs. Additionally, they are forced to deploy dedicated threat platforms or to take telemetry from the legacy NGFWs and push it into other systems for contextualization and non-real time analysis. This “franken-structure” approach to security, with disparate technology silos tied to a multitude of different consoles places undue pressure on budgets, propagates complexity, and ultimately leaves organizations vulnerable to attacks.
Cisco Firepower NGFW is built from the ground up to keep organizations safer. Firepower NGFW also keeps the cost and complexity that legacy NGFWs create in check by delivering fully integrated security – with a single interface to ease the management burden. We do not add to the number of appliances or consoles in the already sprawling security technology “stack” companies typically manage.
For starters, Firepower appliances are optimized for performance, deliver class-leading throughput of up to 80 Gbps in only one rack unit, delivering density not found in legacy NGFWs. Performance is vital for a truly threat-focused NGFW, and Firepower performance makes it suitable for the network edge and other high-performance environments.
Today’s dynamic threat landscape means the NGFW must evolve with a focus on enabling enterprises to stop, prioritize, understand, and automate responses to modern threats in real-time. Firepower NGFW is unique in its threat-focus, with a foundation of comprehensive network visibility, best-of-breed threat intelligence and highly-effective threat prevention to address both known and unknown threats. Firepower NGFW also enables retrospective security, through Advanced Malware Protection, that can “go back in time” to quickly find and remediate sophisticated attacks that may have slipped through defenses. This has led to a significant reduction in time-to-detection (TTD) for Cisco customers compared to industry averages.
Cisco built Firepower NGFW upon the bedrock of theindustry’s leading threat platform which we acquired via the Sourcefire acquisition in late 2013. We seamlessly combined that with best of the ASA firewall, the most battle-tested firewall the world has seen, delivering a single unified image and management console. The Firepower NGFW provides the best of breed industry leading stateful firewall with the best of breed threat capabilities such as next-generation intrusion prevention and Advanced Malware Protection, URL filtering, application control and even Radware DefensePro DDoS Protection. All of this is tied together with unified visibility and policy management in the Firepower Management Center that provides threat focused workflows and automation not seen in legacy NGFWs where advance threat protection is a bolt on.
Our approach doesn’t stop there. We address customers’ challenges with advanced threat protection that extends from the network out to the endpoints. And we have seamlessly integrated AMP for Endpoint, AMP Threat Grid, andCisco Identity Services Engine (ISE) with the platform. This enables Cisco to extend the power and visibility of the Firepower NGFW across the network and directly to the endpoint. AMP for Endpoint is an industry leading next-generation endpoint security technology for protecting the endpoint against advanced malware that can feed its observations directly to Firepower NGFW. Likewise, ISE can provide its context directly to Firepower NGFW and Firepower NGFW can instruct ISE to automatically take action on the network on its behalf. A threat-centric NGFW must be more than yet another bump in the wire. It must be able to extend its visibility and control across the distributed network and endpoints, Modern threats are sophisticated and will easily defeat point in time bolted on threat protection.
Another crucial point when thinking about threats is that products are only as good as the threat research and intelligence behind them. Cisco Talos, the world’s leading threat research and intelligence team, powers the detections in Firepower and the rest of our security portfolio. The value of Talos is reflected in our leading security effectiveness scores in third party testing. Our NGFW, NGIPS and AMP lead their respective NSS Labs tests, proving that we stop more threats than any other corresponding security platform.
So let’s not lose sight of the value of a threat-focused NGFW – It stops more threats with the industry’s most effective threat protection so organizations stay safer. When we couple this with full integration and robust management, security can become an enabler for businesses to confidently take full and secure advantage of opportunities presented by the digital age.
In coming posts, we’ll examine how Firepower NGFW is fully integrated to cut cost and complexity while it enables greater focus and insight with robust management.
Hello,We have just upgraded FTD 2110 firewall to firmware version 6.6.1. Since the AC element count is 800k, FMC shows a warning message "the number of access list elements generated for the access control policy exceeds the limit for this platform", sugg...
So I have come to learn that AMP doesn't have features that I am accustom to. Is there a way, beside creating more policies, to apply an exclusion to a single system? I am needing to create a 5 separate exclusion for my backup software. The machine f...
If my firewall can route to a certain subnet that I haven't included in my split tunnel, any authorized user can add that route by open connect Linux app and get into my network, how can we enforce only the split tunnel ACL subnets to get in? Thanks
We created rules to block inbound and outbound traffic using a geolocation object. Both rules were at the top of the ACP, and were basically inverse of each other. The rules were set up as follows:----------------------------------------------------------...
Hi all, I have an ASA 5525x with PC-A on the INSIDE network with IP address 10.20.32.40. PC-B is in DMZ with an IP address of 10.20.30.10. The security level for INSIDE is 100 and DMZ is 50. I have rules to allow PC-A to communicate with...