Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/12/2012
10:14 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cisco Delivers New Wave Of Security Solutions For Data Centers

Offerings enforce end-to-end security for high-capacity data centers and mobile workforces

SAN JOSE, Calif. – September 12, 2012 – Cisco today introduced a set of security solutions designed to fortify data centers against the threats they face in moving toward more consolidated and virtualized environments, while also enabling businesses to take advantage of new cloud-based models. Collectively, the offerings extend data center and security professionals' power to enforce end-to-end security for high-capacity data centers and mobile workforces. The offerings include new highly scalable software for the world's most widely deployed firewall, the Cisco® Adaptive Security Appliance (ASA) line; virtualized ASA for multitenant environments; a data-center-grade intrusion prevention system (IPS); and new improvements to the Cisco AnyConnect® Secure Mobility Client to meet the stringent requirements of a more mobile and productive workforce.

Cisco TV will broadcast "Defending the Data Center" today at 10:00 am PDT / 1:00 pm EDT / 17:00 GMT. To watch, visit Cisco's Secure Data Center website at http://www.cisco.com/web/solutions/netsys/security/secure_data_center.html

The virtualization and cloud mega trend is forcing profound shifts within data centers, affecting everything from IT services to business models to architectures. If addressed properly, these trends offer business benefits such as reduced capital investments, new revenue growth and the greater efficiency, agility and scalability demanded by globalization. With this announcement, Cisco is helping security to keep pace with the demands of changing high-performance virtual and cloud environments, as well as the demands of increased complexity, compliance and employees bringing their own devices to work, among other trends.

Operating under the principle that security must be integrated across the network to ensure protection of unified data centers, Cisco believes network policies must be unified across physical and virtual worlds, intra-virtual machine communication should be secured, and access to applications by wired and mobile clients must be protected. This security approach has become imperative as customers look to make the migration to cloud and a more flexible device-agnostic corporate culture. Cisco's latest product developments support such an approach.

Key Highlights

· Cisco ASA 9.0 Platform: Major update to the operating system

o Delivers data-center-caliber performance, scaling to 320 Gbps of firewall and 60 Gbps IPS throughput, and 1 million connections per second and 50 million concurrent connections, delivering eight times the performance density of competing solutions.

o Delivers pay-as-you-grow scale as application and VM traffic increases, eliminating the need for costly chassis investment. Scaling is achieved through clustering technology, which allows IT to manage a stack of ASAs as a single logical device.

o Provides context-awareness for next-generation visibility and control. Supports TrustSec security group tags and identity-based firewall capabilities to provide enhanced visibility for more granular policy enforcement. Provides multitenant security to support cloud computing use cases.

o Integrates with Cisco Cloud Web security (formerly ScanSafe) to enable deep content scanning with little to no impact on ASA performance.

o Delivers enhanced, highly secure remote access capabilities by supporting IPv6 connections with minimal performance impact and Next Generation Encryption capabilities, including NSA "Suite B" set of cryptographic algorithms.

· Cisco ASA 1000V: Mainstream ASA technology optimized for virtual/cloud environments

o ASA firewall built specifically for multitenant virtual and cloud environments. Unlike competitive offerings, it goes beyond merely offering the current physical ASA in a VM to provide superior flexibility and more efficient use of resources.

o A single ASA 1000V instance can protect many workloads with different security policies across multiple ESX hosts, reducing deployment complexity and improving scalability in heterogeneous environments.

o Protects the tenant edge and enables highly secure segmentation for consistent, end-to-end security across physical, virtual and public/private cloud environments using a proven firewall.

o Built on the industry-leading Cisco Nexus® 1000V Series switch and complements the Cisco Virtual Security Gateway (VSG) for end-to-end security for virtual and cloud infrastructures.

· Cisco IPS 4500 Series: A new intrusion prevention system (IPS) built for data centers:

o Delivers the highest-performance density in the industry: 10 gigabits per second (Gbps) per rack unit, for ultra-efficient application protection in the data center.

o Purpose-built for the data center, it protects critical data center resources in a compact 2RU form factor, delivering superior IPS performance density.

o Enables easy insertion of IPS into a wide range of networks and ensures interoperability with existing network elements.

o Drives effective mitigation decisions via a context-aware IPS implementation that incorporates network reputation.

o Builds on the most widely deployed IPS technology in the market providing comprehensive, proven attack protection (Infonetics[1], Gartner[2]).

· Cisco Security Manager 4.3: Cisco Security Manager (CSM) provides scalable, centralized management from which administrators can efficiently manage a wide range of Cisco security devices, gain visibility across the network deployment, and share information with other essential network services like compliance systems and advanced security analysis systems.

o Manages a diverse Cisco security environment, including Cisco ASA 5500 and 5500-X Series Adaptive Security Appliances; Cisco IPS 4200, 4300 and 4500 Series Sensor Appliances; the Cisco AnyConnect Secure Mobility Client; and Cisco Secure Routers.

o Unlike other management products, which require multiple deployments to achieve scale, a single installation of CSM can manage a very large number of devices, dramatically improving scalability.

o Enables health and performance of Cisco ASA and IPS devices to be continuously monitored, and sends alerts when preset thresholds are reached.

o Uses an intuitive wizard to greatly simplify and streamline image upgrades for individual or groups of ASA firewalls.

o Enables API-based access for Cisco Security Manager policy configuration data to allow organizations to share information with other essential network services such as compliance and advanced security analysis systems.

· Cisco AnyConnect 3.1: Enables highly secure remote access to network resources:

o Offers differentiated device access to help enable BYOD deployments, IPv6 capability and latest Next Generation Encryption, including NSA's Suite B Cryptography.

· Security Services: Professional and support services, from Cisco and its partners, help customers plan, build and manage highly secure, complex data center and cloud infrastructures. Cisco Data Center Security Services can help address both protection and enablement needs, such as protecting data, enabling highly secure access, assuring regulatory compliance and thwarting intrusion.

Supporting Quotes:

Christopher Young, senior vice president and general manager of Security and Government Group, Cisco

"For enterprises to confidently seize the business benefits offered by data center virtualization and the cloud, security must be seen as the art of the possible, not as a hindrance. As with the rest of your network, we make consistent security a deployment decision that enables policies to work throughout hybrid environments--physical, virtual and cloud--and enables data center professionals to deliver IT as a service with a high degree of security without impeding network performance."

Ken Owens, cloud chief technology officer, Savvis, a CenturyLink company

"As a global, enterprise-focused cloud provider, Savvis always monitors the latest in security technologies. We are evaluating the Cisco ASA 1000V Cloud Firewall, which not only appears to satisfy enterprise cloud security controls, but meets the rigorous deployment requirements required for enterprise-class functionality."

Nick Schmidt, senior manager, Information Technology, CDW

"Security is measured by levels of trust. It's about global authority and access. There has been a true shift in the realm of security. Cisco's security solutions play a key role in protecting our company, and enables us to use a mix of public and private cloud approaches, depending on the need."

Mike Zozaya, practice manager, Security/Mobility/Infrastructure, Nexus IS

"The advent of virtualized data centers and cloud-based infrastructures has elevated security requirements for our customers. Cisco's latest integrated security offerings address the context aware security requirements for many of our data center customers, and provides Nexus IS with the innovative and integrated technologies to help our customers build end-to-end security solutions for virtual and multitenant cloud infrastructures."

Supporting Resources:

· Cisco Secure Data Center

· Blog Post: Defending the Data Center

· Blog Post from Cisco SVP and Chief Security Officer John N. Stewart: Does Virtualization Improve Security?

· Blog Post: Putting VDI Security Concerns to Bed

· Cisco SecureX

· Cisco Adaptive Security Appliances (ASA)

· Cisco ASA 1000V Cloud Firewall

· Cisco IPS 4500 Series Sensor AppliancesCisco AnyConnect ClientCisco Security Manager

· Cisco TrustSec

· Cisco Identity Services Engine (ISE)

· Cisco Security Intelligence Operations

· Cisco Security Services

· Visit the Cisco Security Blog – http://blogs.cisco.com/security

· Follow Cisco Security on Twitter – http://twitter.com/ciscosecurity

Technorati Tags: Cisco, data center, Context-Aware, Network Security Architecture, Adaptive Security Appliances Software, ScanSafe, virtual private networks, AnyConnect, secure mobility, secure desktop, network security, security manager, developers, firewalls, intrusion prevention systems, cloud, security as a service, enterprise security, security appliance. SecureX, SIO, TrustSec, CCNA, CCNP, SGA, threat intelligence.

About Cisco

Cisco (NASDAQ: CSCO) is the worldwide leader in networking that transforms how people connect, communicate and collaborate. Information about Cisco can be found at http://www.cisco.com. For ongoing news, please go to http://newsroom.cisco.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.