Today’s world is undergoing digital disruption that will spark more connectivity than ever before, as consumers, businesses and governments leverage digitization to drive innovation forward. Yet, the more connected we become, the more opportunities we create for cybercriminals. In order for enterprises to operate effectively in today’s environment, they have to focus their security efforts on stopping advanced threats in the current dynamic threat landscape.
IT teams have been asked to manage security using a patchwork of siloed point products, starting with legacy next-generation firewalls (NGFW), which were created with a focus on application and bolted on best effort threat protection. As such, these legacy NGFWs are unable to provide an enterprise with the contextual information, automation, and prioritization that they need to handle today’s modern threats. Operators are thus unable to realize the promise of platform consolidation and complexity reduction with legacy NGFWs. Additionally, they are forced to deploy dedicated threat platforms or to take telemetry from the legacy NGFWs and push it into other systems for contextualization and non-real time analysis. This “franken-structure” approach to security, with disparate technology silos tied to a multitude of different consoles places undue pressure on budgets, propagates complexity, and ultimately leaves organizations vulnerable to attacks.
To address these challenges, today we unveil the Cisco Firepower 4100 Series Next-Generation Firewall(NGFW), the industry’s first fully integrated, threat-focused Next-Generation Firewall.
Cisco Firepower NGFW is built from the ground up to keep organizations safer. Firepower NGFW also keeps the cost and complexity that legacy NGFWs create in check by delivering fully integrated security – with a single interface to ease the management burden. We do not add to the number of appliances or consoles in the already sprawling security technology “stack” companies typically manage.
For starters, Firepower appliances are optimized for performance, deliver class-leading throughput of up to 80 Gbps in only one rack unit, delivering density not found in legacy NGFWs. Performance is vital for a truly threat-focused NGFW, and Firepower performance makes it suitable for the network edge and other high-performance environments.
Today’s dynamic threat landscape means the NGFW must evolve with a focus on enabling enterprises to stop, prioritize, understand, and automate responses to modern threats in real-time. Firepower NGFW is unique in its threat-focus, with a foundation of comprehensive network visibility, best-of-breed threat intelligence and highly-effective threat prevention to address both known and unknown threats. Firepower NGFW also enables retrospective security, through Advanced Malware Protection, that can “go back in time” to quickly find and remediate sophisticated attacks that may have slipped through defenses. This has led to a significant reduction in time-to-detection (TTD) for Cisco customers compared to industry averages.
Cisco built Firepower NGFW upon the bedrock of theindustry’s leading threat platform which we acquired via the Sourcefire acquisition in late 2013. We seamlessly combined that with best of the ASA firewall, the most battle-tested firewall the world has seen, delivering a single unified image and management console. The Firepower NGFW provides the best of breed industry leading stateful firewall with the best of breed threat capabilities such as next-generation intrusion prevention and Advanced Malware Protection, URL filtering, application control and even Radware DefensePro DDoS Protection. All of this is tied together with unified visibility and policy management in the Firepower Management Center that provides threat focused workflows and automation not seen in legacy NGFWs where advance threat protection is a bolt on.
Our approach doesn’t stop there. We address customers’ challenges with advanced threat protection that extends from the network out to the endpoints. And we have seamlessly integrated AMP for Endpoint, AMP Threat Grid, andCisco Identity Services Engine (ISE) with the platform. This enables Cisco to extend the power and visibility of the Firepower NGFW across the network and directly to the endpoint. AMP for Endpoint is an industry leading next-generation endpoint security technology for protecting the endpoint against advanced malware that can feed its observations directly to Firepower NGFW. Likewise, ISE can provide its context directly to Firepower NGFW and Firepower NGFW can instruct ISE to automatically take action on the network on its behalf. A threat-centric NGFW must be more than yet another bump in the wire. It must be able to extend its visibility and control across the distributed network and endpoints, Modern threats are sophisticated and will easily defeat point in time bolted on threat protection.
Another crucial point when thinking about threats is that products are only as good as the threat research and intelligence behind them. Cisco Talos, the world’s leading threat research and intelligence team, powers the detections in Firepower and the rest of our security portfolio. The value of Talos is reflected in our leading security effectiveness scores in third party testing. Our NGFW, NGIPS and AMP lead their respective NSS Labs tests, proving that we stop more threats than any other corresponding security platform.
So let’s not lose sight of the value of a threat-focused NGFW – It stops more threats with the industry’s most effective threat protection so organizations stay safer. When we couple this with full integration and robust management, security can become an enabler for businesses to confidently take full and secure advantage of opportunities presented by the digital age.
In coming posts, we’ll examine how Firepower NGFW is fully integrated to cut cost and complexity while it enables greater focus and insight with robust management.
Take a moment to watch the webcast for more details and ask any questions below.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.