New business requirements, the evolvement of social networking and web 2.0 and new generation technologies are driving new requirements for network and information security. Gartner has recently published their definition for next-generation firewalls, and they have noted that their famous “magic quadrant” reports for enterprise firewalls will now be taking into account the Next Generation Firewall capabilities of each tested device and vendor. The “Next Generation Firewall” concept, according to Gartner, will be a progression of current firewall and IPS devices which must include extra features and capabilities, mainly application and content inspection and protection. Next generation firewalls must be fully application aware (up to Layer7 protection) and not only up to Layer4.
Gartner’s recent Magic Quadrant report for enterprise firewalls, brought a new player into the first position, the Palo Alto Networks. Cisco has stayed behind this new generation security concept and they are now trying to catch up with the announcement of next generation capabilities in the new Cisco ASA CX product line. The new Cisco direction in network security was announced by Chris Young, senior vice president of Security, in RSA Conference 2012.
The new Cisco ASA CX products will be “context aware” and therefore they can provide protection against application threats and also offer inspection and traffic access control towards popular “micro-applications”, such as games in facebook or gambling apps in other popular websites. The new firewalls can also control access towards more than 1000 applications (facebook, twitter, google+, linkedin etc) and more than 75,000 micro applications for more granular context-aware control. So the main idea that we can take from this announcement is that the CX ASA product line will be centered around granular application, user and device control and better visibility in the network traffic. Just keep in mind also that in order to provide this comprehensive end-to-end security posture, the Cisco ASA CX must cooperate with other Cisco security products and solutions, such as Cisco SecureX Framework, Cisco AnyConnect Secure Mobility Client, and Cisco SIO (Security Intelligence Operations) for global threat intelligence data.
There are new Cisco ASA models available now, which will be under the CX framework. Specifically, the following new models were introduced:
- ASA 5512-X
- ASA 5515-X
- ASA 5525-X
- ASA 5545-X
- ASA 5555-X
At the moment there is not much documentation and explanations about the new features introduced in those new models, so we can not describe them in more detail. We will come back again after more info is available.