One of the most frightening realities IT security professionals are faced with today is the fact that network security defenses are becoming less and less effective at blocking targeted and sophisticated threats and advanced malware attacks. A major culprit is that malware signatures are evolving more quickly than security vendors’ abilities to create patches. According to research from Cisco, for example, antivirus vendors have created protection for more than 20 million known viruses, but hackers are estimated to have created more than 100 million—and that number grows more and more each year.
Next-generation firewalls (NGFWs) were created as an answer to modern security threats. NGFWs give IT solution providers and end users more visibility into their network policies and provide additional depth with regard to what users can allow or deny. However, many of these tools suffer from the same shortcomings as legacy firewalls and signature-based antivirus software—they can only detect and defend against what they “understand.”
How Threat-Focused NGFWs “Think” Differently
In contrast to traditional NGFWs, threat-focused NGFWs like Cisco ASA (adaptive security appliance) with FirePOWER Services appliances comprise a set of detection engines that leverage both signature-based and signature-less technologies to evaluate data flows, files and other bits of information. How well this is done depends on the intelligence built into the verdict engines—not only allowing detection and dispositions of point-in-time events, but detecting threats beyond the event horizon.
Unlike traditional security solutions that often are siloed, labor-intensive, (add comma)and lack threat visibility, Cisco ASA with FirePOWER Services offers an adaptive and threat-focused NGFW, which includes Sourcefire’s next-gen IPS (NGIPS). It provides in-depth protection and shares telemetry and intelligence across the entire attack continuum. Additionally, its advanced malware capabilities identify and safeguard against emerging and unknown threats. The solution features integrated layers of security, such as intrusion prevention, firewall routing and switching, URL filtering, identity-policy control and VPN. Working in harmony, these features make it easier to detect emerging and unknown threats that other security products miss.
One of Cisco ASA with FirePOWER Services’ key differentiators is the Cisco FireSIGHT Management Center. From there, users can see client applications, operating systems, mobile devices, virtual machine-to-machine communication, VoIP phones, command and control servers, routers and switches, and malware. In addition to receiving far more information than other management systems, security automation reduces labor and cost to prioritize, tune and triage incident responses. Cisco ASA with FirePOWER Services can be used for branch offices, internet edge sites or large data centers.