Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/12/2012
10:14 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cisco Delivers New Wave Of Security Solutions For Data Centers

Offerings enforce end-to-end security for high-capacity data centers and mobile workforces

SAN JOSE, Calif. – September 12, 2012 – Cisco today introduced a set of security solutions designed to fortify data centers against the threats they face in moving toward more consolidated and virtualized environments, while also enabling businesses to take advantage of new cloud-based models. Collectively, the offerings extend data center and security professionals' power to enforce end-to-end security for high-capacity data centers and mobile workforces. The offerings include new highly scalable software for the world's most widely deployed firewall, the Cisco® Adaptive Security Appliance (ASA) line; virtualized ASA for multitenant environments; a data-center-grade intrusion prevention system (IPS); and new improvements to the Cisco AnyConnect® Secure Mobility Client to meet the stringent requirements of a more mobile and productive workforce.

Cisco TV will broadcast "Defending the Data Center" today at 10:00 am PDT / 1:00 pm EDT / 17:00 GMT. To watch, visit Cisco's Secure Data Center website at http://www.cisco.com/web/solutions/netsys/security/secure_data_center.html

The virtualization and cloud mega trend is forcing profound shifts within data centers, affecting everything from IT services to business models to architectures. If addressed properly, these trends offer business benefits such as reduced capital investments, new revenue growth and the greater efficiency, agility and scalability demanded by globalization. With this announcement, Cisco is helping security to keep pace with the demands of changing high-performance virtual and cloud environments, as well as the demands of increased complexity, compliance and employees bringing their own devices to work, among other trends.

Operating under the principle that security must be integrated across the network to ensure protection of unified data centers, Cisco believes network policies must be unified across physical and virtual worlds, intra-virtual machine communication should be secured, and access to applications by wired and mobile clients must be protected. This security approach has become imperative as customers look to make the migration to cloud and a more flexible device-agnostic corporate culture. Cisco's latest product developments support such an approach.

Key Highlights

· Cisco ASA 9.0 Platform: Major update to the operating system

o Delivers data-center-caliber performance, scaling to 320 Gbps of firewall and 60 Gbps IPS throughput, and 1 million connections per second and 50 million concurrent connections, delivering eight times the performance density of competing solutions.

o Delivers pay-as-you-grow scale as application and VM traffic increases, eliminating the need for costly chassis investment. Scaling is achieved through clustering technology, which allows IT to manage a stack of ASAs as a single logical device.

o Provides context-awareness for next-generation visibility and control. Supports TrustSec security group tags and identity-based firewall capabilities to provide enhanced visibility for more granular policy enforcement. Provides multitenant security to support cloud computing use cases.

o Integrates with Cisco Cloud Web security (formerly ScanSafe) to enable deep content scanning with little to no impact on ASA performance.

o Delivers enhanced, highly secure remote access capabilities by supporting IPv6 connections with minimal performance impact and Next Generation Encryption capabilities, including NSA "Suite B" set of cryptographic algorithms.

· Cisco ASA 1000V: Mainstream ASA technology optimized for virtual/cloud environments

o ASA firewall built specifically for multitenant virtual and cloud environments. Unlike competitive offerings, it goes beyond merely offering the current physical ASA in a VM to provide superior flexibility and more efficient use of resources.

o A single ASA 1000V instance can protect many workloads with different security policies across multiple ESX hosts, reducing deployment complexity and improving scalability in heterogeneous environments.

o Protects the tenant edge and enables highly secure segmentation for consistent, end-to-end security across physical, virtual and public/private cloud environments using a proven firewall.

o Built on the industry-leading Cisco Nexus® 1000V Series switch and complements the Cisco Virtual Security Gateway (VSG) for end-to-end security for virtual and cloud infrastructures.

· Cisco IPS 4500 Series: A new intrusion prevention system (IPS) built for data centers:

o Delivers the highest-performance density in the industry: 10 gigabits per second (Gbps) per rack unit, for ultra-efficient application protection in the data center.

o Purpose-built for the data center, it protects critical data center resources in a compact 2RU form factor, delivering superior IPS performance density.

o Enables easy insertion of IPS into a wide range of networks and ensures interoperability with existing network elements.

o Drives effective mitigation decisions via a context-aware IPS implementation that incorporates network reputation.

o Builds on the most widely deployed IPS technology in the market providing comprehensive, proven attack protection (Infonetics[1], Gartner[2]).

· Cisco Security Manager 4.3: Cisco Security Manager (CSM) provides scalable, centralized management from which administrators can efficiently manage a wide range of Cisco security devices, gain visibility across the network deployment, and share information with other essential network services like compliance systems and advanced security analysis systems.

o Manages a diverse Cisco security environment, including Cisco ASA 5500 and 5500-X Series Adaptive Security Appliances; Cisco IPS 4200, 4300 and 4500 Series Sensor Appliances; the Cisco AnyConnect Secure Mobility Client; and Cisco Secure Routers.

o Unlike other management products, which require multiple deployments to achieve scale, a single installation of CSM can manage a very large number of devices, dramatically improving scalability.

o Enables health and performance of Cisco ASA and IPS devices to be continuously monitored, and sends alerts when preset thresholds are reached.

o Uses an intuitive wizard to greatly simplify and streamline image upgrades for individual or groups of ASA firewalls.

o Enables API-based access for Cisco Security Manager policy configuration data to allow organizations to share information with other essential network services such as compliance and advanced security analysis systems.

· Cisco AnyConnect 3.1: Enables highly secure remote access to network resources:

o Offers differentiated device access to help enable BYOD deployments, IPv6 capability and latest Next Generation Encryption, including NSA's Suite B Cryptography.

· Security Services: Professional and support services, from Cisco and its partners, help customers plan, build and manage highly secure, complex data center and cloud infrastructures. Cisco Data Center Security Services can help address both protection and enablement needs, such as protecting data, enabling highly secure access, assuring regulatory compliance and thwarting intrusion.

Supporting Quotes:

Christopher Young, senior vice president and general manager of Security and Government Group, Cisco

"For enterprises to confidently seize the business benefits offered by data center virtualization and the cloud, security must be seen as the art of the possible, not as a hindrance. As with the rest of your network, we make consistent security a deployment decision that enables policies to work throughout hybrid environments--physical, virtual and cloud--and enables data center professionals to deliver IT as a service with a high degree of security without impeding network performance."

Ken Owens, cloud chief technology officer, Savvis, a CenturyLink company

"As a global, enterprise-focused cloud provider, Savvis always monitors the latest in security technologies. We are evaluating the Cisco ASA 1000V Cloud Firewall, which not only appears to satisfy enterprise cloud security controls, but meets the rigorous deployment requirements required for enterprise-class functionality."

Nick Schmidt, senior manager, Information Technology, CDW

"Security is measured by levels of trust. It's about global authority and access. There has been a true shift in the realm of security. Cisco's security solutions play a key role in protecting our company, and enables us to use a mix of public and private cloud approaches, depending on the need."

Mike Zozaya, practice manager, Security/Mobility/Infrastructure, Nexus IS

"The advent of virtualized data centers and cloud-based infrastructures has elevated security requirements for our customers. Cisco's latest integrated security offerings address the context aware security requirements for many of our data center customers, and provides Nexus IS with the innovative and integrated technologies to help our customers build end-to-end security solutions for virtual and multitenant cloud infrastructures."

Supporting Resources:

· Cisco Secure Data Center

· Blog Post: Defending the Data Center

· Blog Post from Cisco SVP and Chief Security Officer John N. Stewart: Does Virtualization Improve Security?

· Blog Post: Putting VDI Security Concerns to Bed

· Cisco SecureX

· Cisco Adaptive Security Appliances (ASA)

· Cisco ASA 1000V Cloud Firewall

· Cisco IPS 4500 Series Sensor AppliancesCisco AnyConnect ClientCisco Security Manager

· Cisco TrustSec

· Cisco Identity Services Engine (ISE)

· Cisco Security Intelligence Operations

· Cisco Security Services

· Visit the Cisco Security Blog – http://blogs.cisco.com/security

· Follow Cisco Security on Twitter – http://twitter.com/ciscosecurity

Technorati Tags: Cisco, data center, Context-Aware, Network Security Architecture, Adaptive Security Appliances Software, ScanSafe, virtual private networks, AnyConnect, secure mobility, secure desktop, network security, security manager, developers, firewalls, intrusion prevention systems, cloud, security as a service, enterprise security, security appliance. SecureX, SIO, TrustSec, CCNA, CCNP, SGA, threat intelligence.

About Cisco

Cisco (NASDAQ: CSCO) is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Information about Cisco can be found at http://www.cisco.com. For ongoing news, please go to http://newsroom.cisco.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.
CVE-2019-6659
PUBLISHED: 2019-11-15
On version 14.0.0-14.1.0.1, BIG-IP virtual servers with TLSv1.3 enabled may experience a denial of service due to undisclosed incoming messages.