IDC Research describes Cisco ASA with FirePOWER Services- noting that Cisco ASA with FirePOWER Services is our “most important step to date” since completing the Sourcefire acquisition.
Cisco Adds FirePOWER Capabilities to ASA Firewalls
1. By: John Grady; Christina Richmond
Cisco Adds FirePOWER Capabilities to ASA
Firewalls
September 25, 2014 - IDC Link
Since completing the acquisition of Sourcefire in October 2013, Cisco has prioritized the integration of its
newly owned technology and service offerings across the portfolio. Early in 2014, Cisco added Sourcefire's
Advanced Malware Protection (AMP) to its content security products, including its Email Security
Appliance, Web Security Appliance, and Cloud Web Security offerings. In addition, development of the
AMP technology continued after the acquisition with the release of version 5.3, which improved event
correlation and investigation capabilities, and with the introduction of dedicated appliances for AMP
deployments in environments with more stringent data privacy requirements.
On September 16, 2014, Cisco completed the most important step to date with the introduction of the
Cisco ASA with FirePOWER Services next-generation firewall combined with technical, professional, and
managed security services. The announcement marks the integration of the flagship products from each
vendor: Cisco's ASA firewall and Sourcefire's Next-Generation IPS (NGIPS) and AMP technologies. By
combining these technologies, and blending in Cisco's services, the new offering delivers on three key
tenants:
• Visibility — To enable administrators and analysts to more efficiently and effectively identify
threats through better context, telemetry, and indicators of compromise
• Threat prevention — Via NGIPS and AMP and Cisco Collective Security Intelligence
• Platform — Providing multiple services on a single firewall helps enable better security while
reducing complexity and costs
From an implementation perspective, FirePOWER services can be added to existing ASA 5500-X and
ASA 5585-X deployments or included with new deployments of those firewalls. Wrapped around and
broadening Cisco's design to assist customers with the "Before, During, and After" continuum are four
main service options. Cisco's Migration Services helps clients assess and implement the new architecture.
Cisco SMARTnet Technical Services provides access to support tools and expertise. Managed Services
provides full-time threat monitoring and management. Finally, the Sourcefire Incident Response team
assists customers in diagnosing, identifying, and remediating risks using FirePOWER technology. The
contextual awareness that AMP provides also feeds into Cisco's big data analysis tools for proactive
remediation (before), rapid insights into current attacks (during), and compilation and analysis of forensic
data, continuous file analysis, and visibility into file trajectory and behavior, to make more informed security
and incident response decisions (after).
As threats have become more dynamic and multi-vector, there has been an increasing focus on threat
prevention on the firewall. The addition of IPS and then application control were the first major shifts from
basic inspection to more robust analysis. The integration of core STAP functionality represents the next
evolution. Cisco has moved quickly to recognize and address this dynamic; however, the company must
take additional steps. While consolidated functionality can provide benefits, a single pane of glass
management console is preferred to enable better efficiency and stronger security. While Cisco is
developing this management structure, it is not currently available. Similarly, the integration of FirePOWER
services with Cisco's network infrastructure products (which have always been important for the delivery
of Cisco's security services) is another key development that is not available but will help drive further
adoption. That being said, the integration steps that have been accomplished and new combined
- 1-
2. messaging for Cisco's technology together with its services are strong enhancements. There is still more
work to do from a technology perspective but also to bring a seamless and cohesive message to the market
that Cisco provides end-to-end security solutions.
Subscriptions Covered:
Security Products, Security Services
Please contact the IDC Hotline at 800.343.4952, ext.7988 (or +1.508.988.7988) or sales@idc.com for information on applying the price
of this document toward the purchase of an IDC or Industry Insights service or for information on additional copies or Web rights. Visit
us on the Web at www.idc.com. To view a list of IDC offices worldwide, visit www.idc.com/offices. Copyright 2014 IDC. Reproduction is
forbidden unless authorized. All rights reserved.
- 2-