Cisco to Secure the IoE (Internet of Everything) by building Security accross their products

Cisco says it is adding more sensors to network devices to increase visibility, more control points to strengthen enforcement, and pervasive threat protection to reduce time-to-detection and time-to-response. The plan includes:

• Endpoints: Customers using the Cisco AnyConnect 4.1 VPN client now can deploy threat protection to VPN-enabled endpoints to guard against advanced malware

• Campus and Branch: FirePOWER Services solutions for Cisco Integrated Services Routers (ISR) provides centrally managed intrusion prevention system and advanced malware protection at the branch office where dedicated security appliances may not be feasible

• Network as a Sensor and Enforcer: Cisco says it has embedded multiple security technologies into the network infrastructure to provide threat visibility to identify users and devices associated with anomalies, threats and misuse of networks and applications. New capabilities include broader integration between Cisco’s Identity Services Engine (ISE) and Lancope StealthWatch to allow enterprises to identify threat vectors based on ISE’s context of who, what, where, when and how users and devices are connected and access network resources.

StealthWatch can also now block suspicious network devices by initiating segmentation changes in response to identified malicious activity. ISE can then modify access policies for Cisco routers, switches, and wireless LAN controllers embedded with Cisco’s TrustSec role-based technology.

Cisco has also added NetFlow monitoring to its UCS servers give customers greater visibility into network traffic flow patterns and threat intelligence information in the data center.

Other aspects of the plan include Hosted Identity Services, which is designed to provide a cloud-delivered service for the Cisco Identity Services Engine security policy platform. The new hosted service provides role-based, context-aware identity enforcement of users and devices permitted on the network, Cisco says.

The strategy also includes a pxGrid ecosystem of 11 new partners that plan to develop products for cloud security and network/application performance management for Cisco’s pxGrid security context information exchange fabric. The fabric enables security platforms to share information to better detect and mitigate threats.

The company is also investing heavily in integrating its ASA firewalls with its Application Centric Infrastructure SDN,

More information can be found at http://www.networkworld.com/article/2932547/security0/cisco-plans-to-embed-security-everywhere.html

 

Cisco Introduces New ASA 5506/5508 to replace ASA 5505 SMB Firewall

Cisco is introducing a new line of ASAs to replace the existing SMB ASA 5505 line of firewalls.  Since Cisco’s acquisition of SourceFire, Cisco has rapidly been integrating the technology into their Firewalls and in doing so has created the most advanced perimeter network appliance on the market.  The vast breath of technology that is now incorporated into a single ASA Firewall allows business to gain all of the next generation security appliances capabilities under a single platform in their network.  Up to now Cisco hasn’t brought this advanced security technology down to the 5505 ASAs until now.  With the introduction of the new ASA 5506 it brings new capabilities and allows companies to leverage the same capabilities across all of Cisco’s firewalls.  Below I have highlighted  some of the new features that the ASA 5506/5506W (wireless version) and the 5508 ASA firewalls include.

Key Enhancements Over ASA 5505:

• NGFW(NextGen Firewall) – FirePOWER Services
  • threat-focused NGFW; provides ASA firewall functionality, advanced threat protection, and advanced breach detection and remediation combined in a single device
• Application Visibility & Control
  • Identify applications and create rules based on applications and users.
• AMP (Advanced Malware Protection)
  • Detection, blocking, tracking, analysis, and remediation to protect the enterprise against targeted and persistent malware attacks
• NGIPS (Next-Gen IPS)
  • Superior threat prevention and mitigation for both known and unknown threats
• URL Filtering Subscriptions.
  • Application-layer control (over applications, geolocations, users, websites) and ability to enforce usage and tailor detection policies based on custom applications and URLs
• Simplified Purchase Experience: Unlimited User (node) support
• VPN: Enhanced Mobility Support
• Throughput: Over 2.5x stateful Performance
• Intergraded Wireless Access Point
  • AP is similar to AP702i 2×2 MIMO
  • Autonomous and CAPWAP mode operation support
  • Separate Management for Wireless, HTTP to AP GUI
• Ruggedized Option