We’re used to writing about all the things that are changing in the security field: the onslaught of mobile devices and connected ‘stuff,’ the advent of ‘advanced’ and ‘persistent’ adversaries, the destruction of the network perimeter.
But all this talk about change can obscure the fact that so much has not changed. Companies still maintain perimeters, after all, and they rely on nuts-and-bolts technologies to defend them.
But these days, those products need to do more – especially in the area of ‘advanced threats’ that are likely to slip past traditional antivirus and IDS products.
Enter Cisco Systems, which on Tuesday announced a new version of its ‘next generation firewall‘: the Cisco ASA (Adaptive Security Appliance) with FirePOWER Services. The appliance is the first to make full use of technology from Cisco’s acquisition of Sourcefire last year.
Specifically, the latest ASA integrates Sourcefire’s Advanced Malware Protection (or AMP) technology, which gives the devices the ability to identify novel malware without the use of a specific threat ‘signature.’
|[Check out our podcast on securing the Internet of Things with Sourcefire founder Marty Roesch here.]|
Marc Blackmer, Cisco’s Product Marketing Manager for industry solutions, said that Cisco and Sourcefire were onetime competitors in the security appliance next generation firewall (NGFW) category – though Cisco’s ASA had a better reputation (and larger market share) than SourceFire’s competing product. Since the acquisition, however, Cisco has been working to fold Sourcefire’s IP around threat identification into the ASA platform.
“The challenge was how bring these together to get the best of both,” Blackmer told Security Ledger.
ASA with FirePOWER creates a unified console for accessing a wide range of features: network firewall, intrusion prevention and advanced malware protection technology that Sourcefire obtained with its acquisition of Immunet in 2011.
For IT staff, the ASA sports features that give IT operations “full contextual awareness of users, mobile devices, client-side apps, virtual machine‐to-machine communications, vulnerabilities, threats, URLs, and other important telemetry.”
The device is an application layer firewall that supports more than 3,000 application layer controls that allow administrators to apply risk based controls to application traffic and block application layer attacks like SQL injection- a common source of large-scale compromises and breaches.
Graphical features allow operators to drill down into data to analyze possible “indicators of compromise.” (That’s a term of art that denotes ‘weird stuff’ happening on your network.)
The AMP technology allows organizations to spot novel or “zero day” malware. The technology works in concert with Cisco’s Collective Security Intelligence service to spot nascent infections and do blocking and post-mortem threat analysis.
Blackmer said that the latest ASA release is a good indication of where Cisco is going with its security products, as the company looks beyond traditional, enterprise networking to the fast-growing Internet of Things. “You’re going to see a lot more support of ‘things’ in the IT space.”
Blackmer said that products like the ASA will increasingly be tasked with managing the security of non-traditional devices, including industrial systems and other intelligent machinery. “There’s a lot more out there and that means there’s more money to be made,” Blackmer said.
Revenue from sales of security appliances, including next generation firewalls and Unified Threat Management (UTM) devices, which combine network firewalls with other security functions, like gateway antivirus and intrusion detection, jumped more than 23% in the first quarter of 2014 compared with the same quarter in 2013, IDC found.
Cisco is the largest player in the security appliance market. Data from the analyst firm IDC said the company made $371m in the first quarter of 2014 from security appliance sales – a 17.5% market share and an 11% increase from the same quarter in 2013. Other vendors in the space are Check Point, Fortinet, Palo Alto Networks and Juniper Networks.