Perimeter
2/22/2017
03:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cisco Helps Eliminate Performance and Protection Trade-Offs with Next-Generation Firewall for the Internet Edge

Cisco Helps Businesses Eliminate Performance and Protection Trade-Offs with Next-Generation Firewall for the Internet Edge

BERLIN, GERMANY--(Marketwired - Feb 22, 2017) - Cisco (NASDAQ: CSCO) today takes on security bottlenecks, with the introduction of the Cisco Firepower® 2100 Series Next-Generation Firewall (NGFW). The 2100 series is designed for businesses that perform high volumes of sensitive transactions, such as banking and retail, and supports their need to maintain uptime and protect critical business functions and data. The series aims to end the industry tug of war between performance and protection -- with incorporation of a new scalable architecture and improvements of up to 200 percent greater throughput to eliminate bottlenecks -- from the Internet edge to the data center.

Cisco also is simplifying management of business' security portfolios from device to the cloud with productivity and threat defense enhancements to tools that match their needs. These include Cisco® Firepower Device Manager for on-box requirements, Cisco Firepower Management Center for centralized security management needs, and Cisco Defense Orchestrator for cloud-based management.

As businesses increasingly move to digital business models, cybersecurity solutions must scale to add new functions and address the latest vulnerabilities and threats without impacting application or network performance. Traditionally, this has not been the case. In fact, it is common that enabling intrusion inspection on a NGFW can slow throughput performance by up to 50 percent or more. This can have a significant impact on customer-facing web applications, such as ecommerce and online banking, which require top performance but also are often targeted by attackers. To ensure the best possible customer experience, some businesses turn off critical security capabilities putting themselves and customers at risk.

Proven Protection and Performance 
The new Cisco Firepower 2100 Series provides businesses with the confidence to pursue new digitization opportunities, knowing they have a security architecture designed to protect against the greatest threats, without affecting the performance of critical business functions.

As the industry's first architecture with dual multicore CPU complexes that accelerate key cryptographic, firewall, and threat defense functions, the 2100s are purpose-built to meet customers' ongoing protection and performance needs without compromise. The Cisco Firepower 2100 Series delivers up to 200 percent greater throughput than similarly priced offerings, even when threat inspection is turned on.

The new Cisco Firepower 2100 Series NGFW is a family of four threat-focused NGFW security platforms (2110, 2120, 2130, and 2140) that deliver throughput ranges from 1.9-8.5 Gbps, for enterprise use cases from the Internet edge to the data center. Each delivers Cisco's renowned reliability for network uptime, and twice the port density with 10 GbE connectivity in a compact 1RU design.

Simple, Effective Management
High-profile breaches have illustrated that management can be the Achilles heel of protection. Misconfiguration and missed alerts pose challenges for security teams as noted in the Cisco 2017 Annual Cybersecurity Report (Fig. 52). To combat this, Cisco has enhanced local, centralized, and cloud-based management tools that allow customers to streamline operations and more cost-efficiently address unique enterprise user requirements.

  • Firepower Device Manager: Features an on-box web-based interface to deploy Cisco Firepower NGFW devices in minutes, with the use of a guided set-up wizard.
  • Firepower Management Center (FMC): Enables simple and comprehensive security administration of multiple appliances. New FMC appliances offer a 50 percent increase in management scalability over previous models. Further simplifying and improving protection, the FMC enables users to automate security tasks, including assessment, tuning, correlation, containment and remediation. With the Cisco Threat Intelligence Director (TID), using industry standards FMC can now also automatically take in and correlate third-party and customer-specific threat intelligence providing additional defense via security sensors on your network.
  • Cloud Defense Orchestrator: Delivers simple, cloud-based policy management. This tool allows teams to streamline and scale security policy management, designing and deploying policy uniformly across an organization. CDO now offers support for Web Security Appliance v.11 and is now available via a European cloud.

Supporting Quotes
"The Cisco Next-Generation Firewalls have been proven to be the most effective on the market, but we also know that businesses everywhere are struggling with a number of factors, including lack of talent and expanding attack surfaces, which can impact the effectiveness of even the best solutions. The New Cisco Firepower 2100 Series addresses these challenges, making it easier for enterprises to manage their architecture and ensure that they have the best performance at all times."
- David Ulevitch, Vice President and General Manager, Security Business Group, Cisco

Supporting Resources
Blog: Cisco Firepower 2100 Series Delivers Business Resiliency and Effective Security with a New Architectural Approach
Follow Cisco on Twitter @CiscoSecurity
Like Cisco Security on Facebook

About Cisco
Cisco (NASDAQ: CSCO) is the worldwide technology leader that has been making the Internet work since 1984. Our people, products, and partners help society securely connect and seize tomorrow's digital opportunity today. Discover more at newsroom.cisco.com and follow us on Twitter at @Cisco.

Cisco, the Cisco logo, Cisco Systems and Cisco IOS are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. This document is Cisco Public Information.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Ludivina
50%
50%
Ludivina,
User Rank: Strategist
3/6/2017 | 6:13:27 PM
Re: Blog
It does not have to be constantly updated tho. At least once in a while
garrytroomen
50%
50%
garrytroomen,
User Rank: Apprentice
3/6/2017 | 6:14:28 AM
192.168.l.l
In the production of this kind must constantly keep upgrading
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.