Legacy Next-Generation Firewalls are not enough to stop today’s cyber threats, according to Cisco, so a new and improved NGFW – the next generation after next? – is required. Such as Cisco ASA with FirePOWER Services, which the network giant calls a major step forward for ’empowering customers to deepen their protection from the data center, through the network, to the endpoint with the agility to identify, understand, and stop advanced threats in real-time and retrospectively.’
“This is the industry’s first threat-focused next-generation firewall,” said Scott Harrell, VP of Product Management at Cisco Security Business Group. At the end of the day we’re trying to improve customer security in a way that can be easily adopted, he told IT Trends & Analysis.
The problem with legacy NGFWs is that they focus on applications and “totally miss on the threats that are beyond that,” he said. That’s a major blind spot, considering that:
-60% of data is stolen in hours of breaches;
-54% of breaches remain undiscovered for months; and,
-100% of organizations connect to domains that host malicious threats.
“No protection is going to be 100%, said Harrell. “Stuff is going to get through, so what do I do after stuff gets through”.
One of the added benefits of Cisco’s approach is investment protection, said Harrell. There has been a massive proliferation of security software and devices, with enterprises having 50, 60, even 100 security vendors in their shops. Whey they’re asked are they more secure, it’s extremely hard to answer, he said.
“What we’re trying to do is answer how do you take security technology and make it more effective? He said the first step is assessment to prioritize requirements, followed by automation and then services to bring all the different threat technologies together.
Cisco has been busy leading up to today’s announcement. At last month’s Black Hat event it released its midyear 2014 Annual Security Report, which provided three compelling security insights tying enterprises to malicious traffic:
-“Man-in-the-Browser” attacks pose a risk for enterprises: nearly 94% of customer networks observed in 2014 have been identified as having traffic going to websites that host malware;
-Botnet hide and seek: nearly 70 % of networks were identified as issuing DNS queries for Dynamic DNS Domains, showing evidence of networks misused or compromised with botnets using DDNS to alter their IP address to avoid detection/blacklist; and,
-Encrypting stolen data: nearly 44% of customer networks observed in 2014 have been identified as issuing DNS requests for sites and domains with devices that provide encrypted channel services, used by malicious actors to cover their tracks by exfiltrating data using encrypted channels to avoid detection like VPN, SSH, SFTP, FTP, and FTPS.
According to John Stewart, Chief Security Officer and SVP, Cisco, analyzing and understanding weaknesses within the security chain rests largely upon the ability of individual organizations, and industry, to create awareness about cyber risk at the most senior levels, including Boards—making cybersecurity a business process, not about technology. “To cover the entire attack continuum — before, during, and after an attack — organizations today must operate security solutions that operate everywhere a threat can manifest itself.”
Towards the end of August the company launched the Cisco Security Community. It is designed to connect customers with Cisco Security experts and other customers for all their security questions, what’s new in threat-centric security, and the latest videos, product information, on-demand webinars, and blog posts.
At the start of September Padmasree Warrior, Cisco’s chief technology and strategy officer, advised CIOs to think of security as a platform that allows companies to integrate new defense tools. Such security platforms include APIs, programming instructions and standards that would make it easier for CIOs to integrate new security applications to quarantine and eliminate threats, including so-called “zero-day attacks” for which there are no known patches.
This approach to network defense is the cornerstone of Cisco’s security strategy, aimed at addressing challenges introduced by the growth of mobile, cloud and the Internet of Things, in which in everyday machines connected to the Internet will drastically expand the addressable “attack surface” for companies, she said. Over the last 18 months, Cisco spent nearly $3 billion to acquire SourceFire, ThreatGrid and Cognitive Security to pad its security portfolio.
In late August Gartner announced information security spending was expected to grow almost 8% – to &1.1 billion – this year, almost 4X the projected increase in 2014 IT spending, and another 8.2% in 2015. The bigger trend that emerged in 2013 was the democratization of security threats, driven by the easy availability of malicious software (malware) and infrastructure (via the underground economy) that can be used to launch advanced targeted attacks, stated Gartner research director Lawrence Pingree. “This has led to increased awareness among organizations that would have traditionally treated security as an IT function and a cost center.”
Although only a small portion of the overall security market, last week IDC reported that Cisco was a major beneficiary of a 7.3% increase in security appliance revenues, which reached $2.2 billion. It grew its year-over-year revenue by 19.7%, and held the largest share of the market, with 18.4%.
The company made a number of security announcements at May’s Cisco Live event, including extending its Advanced Malware Protection and Data Center offerings and the acquisition of ThreatGRID. Jon Oltsik, Senior Principal Analyst and resident security guru, Enterprise Strategy Group, wrote that Cisco had turned the corner with these announcements. “All of the puzzle pieces are in place today or arriving soon.”
However, he cautioned that Cisco still has some work ahead. To continue on the comeback trail, it must: compete at the product and solution layer; play the “open” card; and deliver a real security management portal. “Cisco still faces real competition as FireEye, IBM, McAfee, Palo Alto Networks, and Trend Micro are building their own enterprise security architectures that span networks and endpoints.”
The Fiddly Bits (& Bytes)
Billed as the industry’s first threat-focused Next-Generation Firewall (NGFW), Cisco ASA with FirePOWER Services provides the full contextual awareness and dynamic controls needed to automatically assess threats, correlate intelligence, and optimize defenses to protect all networks. By integrating the ASA 5500 Series firewall with application control, and the Next-Generation Intrusion Prevention Systems (NGIPS) and Advanced Malware Protection (AMP) from Sourcefire, Cisco is surpassing legacy NGFW offerings and providing integrated threat defense across the entire attack continuum – before, during and after an attack.
It takes a visibility-driven, threat- focused and platform-based approach:
-Visibility-Driven, delivering contextual awareness into users, mobile devices, client side apps, virtual machine–to-machine communications, vulnerabilities, threats, URLs, and other telemetry;
-Threat-Focused, incorporating NGIPS for protection from known and advanced threats, as well as advanced malware protection against zero-day and persistent attacks; and,
-Platform-Based – As the industry’s first, threat-focused NGFW, it combines firewall functionality and application control, intrusion prevention capability, and breach detection and remediation in a single device.
Already available, customers can gain the benefits of today’s technology introduction in two ways:
-Cisco ASA with FirePOWER Services (Customers can purchase ASA 5500-X Series and ASA 5585-X Series firewall products with a bundled FirePOWER Services license);
-FirePOWER Services for Cisco ASA (Customers can enable FirePOWER Services on existing ASA 5500-X Series and ASA 5585-X Series firewall products).