Cisco Delivers New Data Center Security Solutions8:00 AM EST Wed. Sep. 12, 2012
Cisco has rolled out a new product plus additional enhancements aimed at protecting data centers moving towards consolidated and virtual environments, as well as cloud enablement.
"Rather than bolting on security as an afterthought, we are layering all of our security throughout the network itself," said Jeff Aboud, product marketing manager at Cisco. "We get a lot of network information and pull that intelligence, based on millions of endpoints, in order to establish what is really going on. Security needs to be able to scale. You need to secure the environment without introducing chokepoints."
Highlights include software updates to increase the scalability of the Cisco Adaptive Security Appliance (ASA) line of firewalls, a virtualized variant of the ASA to support multi-tenant environments, a new intrusion prevention system (IPS) product optimized for the data center, as well as various improvements to the Cisco AnyConnect Secure Mobility Client in order to better secure BYOD environments.
[Related: How To Avoid The Five Biggest BYOD Mistakes]
ASA 9.0 is being characterized as a major update to the operating system that supports the full ASA firewall line. "The main difference is that we can now enable our data centers to cluster up to eight of our highest performing firewalls into one logical unit to deliver up to 320 gigabits of firewall throughput and 60 gigabits of IPS throughput," explained Aboud. "We've also added a lot of identity pieces, such as Cisco TrustSec security group tags, in order to have extensive identity, content and application security. A lot of our competitors can provide next-generation capabilities, but what sets us apart is that we can provide it at data center speed."
The announcement also includes secure remote access capabilities that support IPv6 connections and Next Generation Encryption capabilities, including NSA "Suite B" cryptography.
In addition, Cisco is tackling the cloud and virtualization environments through the arrival of its new ASA 1000V firewalls, which were designed specifically for multi-tenant virtual and cloud environments.
"This was built from the ground-up using ASA code so that it is optimized for a virtual and cloud environment," explained Aboud. "This gives us a great deal of flexibility to work properly in the virtual cloud environment with one security policy from the physical world that will also work in the virtual cloud environment. It also sits as a service on top of the Nexus 1000V switch which secures up to 64 ESX hosts and supports multiple hypervisors. As those workloads move, our security policies move with them because we support V-motion. If you move something, your security policies will be intact and you don't have to recast them."
NEXT: Partner Asks Cisco To Add Marketing Muscle To Security
Another new offering, the IPS 4500 Series, is a new intrusion prevention system (IPS) designed for data center-grade performance. "This is a standalone IPS that is really built for the enterprise," said Aboud. It has 10 Gbps IPS throughput, and the top slot is empty so that in future releases we can double the performance of the device."
Meanwhile, Cisco Security Manager 4.3 provides centralized management for a wide range of Cisco security devices, featuring high visibility and information sharing in order to augment compliance and assessments.
"We've added a lot of new capabilities that really streamline the operation and increase efficiency," said Aboud. It has everything from health and performance monitoring to physical network security deployment, all from a single screen. You can also set parameters for proactive alerts. It also does image upgrade capabilities that makes it a lot easier to load updates."
Supported devices include the Cisco ASA 5500 and 5500-X Series Adaptive Security Appliances; Cisco IPS 4200, 4300 and 4500 Series Sensor Appliances; the Cisco AnyConnect Secure Mobility Client; and Cisco Secure Routers.
Cisco AnyConnect 3.1 is positioned as a BYOD enabler, providing full IPv6 support as well as next-generation "Suite B" cryptography.
Cisco has also included various professional and support services that can smooth customer transitions as well as added additional margin for channel partners.
"Partners can follow the money and be able to provide the products and services that solve the problem that the customers deal with," said Susan Don, director of security business development. "This will help partners to call on customers of all sizes, and bring to the table a full opportunity. The partner can really be consultative and then back it up with their professional services. They can see a 30 percent uplift by incorporating security into the conversation."
At least one Cisco partner is recognizing the opportunity associated with the raft of new security products being rolled out.
"This has the performance that we need to take the discussion to the next level with our customers," said Michael Zozaya, practice manager for security, wireless, and network infrastructure at Nexus IS, a Valencia, Calif.-based partner. We love having all these firewall capabilities within the virtual stack. We think it is going to be a very good moneymaker for us."
Zozaya also called upon Cisco to market and evangelize their security capabilities more effectively than they have done in the past. "They go to the mainstream trade shows in the security space, but they are a lot more focused on collaboration and everything else that they do. So they are not seen as a security player, regardless of market share, because they don't say very much about it. That really needs to change."
PUBLISHED SEPT. 11, 2012