Guest

Cisco ASA 5500-X Series Next-Generation Firewalls

Cisco ASA 5500 Series Content Security Edition for the Enterprise

  • Viewing Options

  • PDF (239.1 KB)
  • Feedback

Viruses and other malicious code can overwhelm your IT resources, disrupting business operations and impacting business transactions. The onslaught of spyware and unwanted Internet content can seriously impact employee productivity and expose individuals to identity theft. Providing comprehensive malware protection and content control, the Cisco® ASA 5500 Series Content Security Edition allows enterprises to make full use of the Internet without the risks and costs associated with infections and threats impacting client systems. Combining a proven firewall with high-quality malware protection, the Cisco ASA 5500 Series Content Security Edition delivers a powerful solution that provides strong protection and control for business network communications; stops network threats such as viruses, worms, spyware, spam, and phishing; and controls unwanted email and web content-while reducing the operational costs and complexity of deploying and managing multiple point solutions.

Challenge

In today's marketplace, businesses rely on the Internet for their productivity, efficiency, customer interaction, and financial success. At the same time, the Internet has become a source of network threats from benign to severe, including viruses, spyware, phishing, and other threats. Once a playground for those driven by fame and notoriety, the Internet has transitioned into a world of opportunity for cyber-criminals and organized crime, motivated by profit.
Businesses strive to maximize business continuity and security, increase employee productivity, control information theft and legal liabilities, and reduce operational expenses and management burden. Most businesses find it difficult to attain these business goals, given the steady stream of Internet threats that target client systems. Historically, balancing business demands with security requirements has meant adding more devices and technology-and more costs and complexity-to the network.

Solution

The Cisco ASA 5500 Series Content Security Edition provides a comprehensive gateway security and VPN connectivity solution that enables organizations to maximize the benefits of network connectivity, without sacrificing security. With its integrated firewall, content security, and VPN capabilities, the Cisco ASA 5500 Series Content Security Edition removes malware, spyware, spam, and phishing attempts from email and Internet traffic, to maximize business continuity and security. Combined with integrated URL filtering, which enables organizations to enforce employee Internet usage policies, the Cisco ASA 5500 Series Content Security Edition provides flexible, comprehensive perimeter security and helps increase employee productivity. And with the inclusion of VPN services in the same solution, secure remote access is also possible.

• Most trusted and deployed firewall technology: Building on more than 15 years of market-proven firewall capabilities, the Cisco ASA 5500 Series allows legitimate business traffic, while blocking malware and other Internet threats. In addition, its application control capabilities can be used to limit peer-to-peer, instant messaging, and malicious traffic, which can lead to security leaks and introduce network threats.

• Market-leading content security capabilities: The Cisco ASA 5500 Series integrates award-winning gateway security technology from Trend Micro with Cisco threat prevention capabilities, providing a comprehensive malware protection solution against spyware, viruses, spam, and inappropriate content.

– Antivirus and anti-spyware: Using Trend Micro's award-winning antivirus and anti-spyware technology, Cisco ASA 5500 Series appliances can prevent virtually all known malicious code from crossing the Internet edge. This helps prevent the disruption of business-critical applications and services, and reduces the costly process of cleaning up after an infection.

– URL and content filtering, anti-phishing: Integrated URL filtering, content filtering, and anti-phishing technology helps protect confidential information, and helps reduce potential legal liabilities. It can also help businesses comply with regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX), and the Data Protection Act 1998.

– Anti-spam: Integrated anti-spam technology removes most unsolicited email before it hits the mail server, increasing employee productivity and maximizing network bandwidth and storage.

• Threat-protected VPN: Building upon the market-proven VPN capabilities of the Cisco VPN 3000 Series Concentrator, the Cisco ASA 5500 Series Content Security Edition provides secure site-to-site and remote-user access to corporate networks and services. This solution offers businesses maximum flexibility for secure connectivity by combining support for Secure Sockets Layer (SSL) and IP Security (IPsec) VPN connectivity in a single appliance, which effortlessly connects with Cisco's user-acclaimed, seamless access client, the Cisco AnyConnect Secure Mobility client, Using the services offered by the Cisco ASA 5500 Series Content Security Edition, businesses can enforce identity-based security and networking policies to prevent malware and many other forms of attack, while securely extending their network to employees, contractors, and business partners.

• Easy deployment and management: The centralized management and monitoring suite enables large-scale deployment and operation of the Cisco ASA 5500 Series Content Security Edition, while minimizing staff and operational expenses. In addition, the included Cisco Adaptive Security Device Manager (ASDM) provides a powerful, yet easy-to-use browser-based management and monitoring interface for individual devices.

• Exceptional scalability: The Cisco ASA 5500 Series scales to meet a wide range of business needs. With a wide range of form factors, performance levels, and security services, the Cisco ASA 5500 Series scales to provide a comprehensive security solution-from the branch office to the enterprise,

Business Benefits

The Cisco ASA 5500 Series Content Security Edition provides your business with:

Enhanced business continuity, by preventing malware infections and security breaches from disrupting business-critical applications and services

Cost savings, by reducing the need to remove spyware, viruses, and other malware

Increased employee productivity, due to reduction of spam, spyware, and related distractions

Efficient use of network resources, by removing non-business relevant traffic and content

B0067P 0318

Figure 1. Solution Architecture

Primary Components

Cisco ASA 5500 Series Content Security Edition provides comprehensive client security at the edges of the network and remote locations.

Management

Cisco Security Manager provides an enterprise-grade management infrastructure for large-scale deployments of Cisco security technologies.

Complementary Solutions

The Cisco ASA 5500 Series is a modular platform that provides the next generation of security and VPN services for small and medium-sized business and enterprise applications. The comprehensive portfolio of services within the Cisco ASA 5500 Series enables customization for location-specific needs through its four tailored package product editions: the Firewall, IPS, Content Security, and SSL/IPsec VPN Editions.
In addition, the newest member of the ASA 5500 Series, the Cisco ASA 5585-X, is tailored to meet the high performance needs of mission-critical data centers. The ASA 5585-X delivers MultiScale™ performance that delivers 8 times the performance density of competitive appliances. Supporting the highest VPN session counts and twice as many connections per second as competitive firewalls, the ASA 5585-X meets the growing needs of today's most dynamic organizations-in a compact 2RU footprint. The ASA 5585-X also combines the world's most proven firewall with the industry's most comprehensive IPS for the most effective security solution in the industry to significantly decrease business risk and address regulatory compliance.
These packages enable superior protection by providing the right services for the right location. At the same time, they enable standardization on the Cisco ASA 5500 Series platform to reduce costs in management, training, and sparing. Finally, each edition simplifies design and deployment by providing pre-packaged, location-specific security solutions.

Figure 2. Complementary Solutions

Cisco and its partners offer world-class service and support that is tailored for your business. Cisco has adopted a lifecycle approach to services that addresses the necessary set of requirements for deploying and operating Cisco ASA 5500 Series security appliances. This approach can help you improve your network's business value and return on investment. For more information on Cisco security services, visit http://www.cisco.com/en/US/products/svcs/ps2961/ps2952/serv_group_home.html.

Recommended Solutions

Tables 1 and 2 provide part numbers and descriptions for Cisco ASA 5500 Series products. To place an order, visit the Cisco Ordering home page.

Table 1. Recommended Cisco ASA 5500 Series Content Security Edition Bundles and Options

Description

User Capacity

Part Number

Cisco ASA 5500 Series Content Security Edition Bundles

Cisco ASA 5510 Appliance Content Security Edition Bundle

Includes Content Security and Control Security Services Module 10 (CSC-SSM-10), 50-user antivirus/anti-spyware license with 1-year subscription service*, firewall services, 250 IPsec VPN peers, 2 SSL VPN peers, and 3 Fast Ethernet interfaces

Up to 500 users

ASA5510-CSC10-K9

Cisco ASA 5510 Appliance Content Security Edition Bundle

Includes CSC-SSM-20, 500-user antivirus/anti-spyware license with 1-year subscription service*, firewall services, 250 IPsec VPN peers, 2 SSL VPN peers, and 3 Fast Ethernet interfaces

Up to 1000 users

ASA5510-CSC20-K9

Cisco ASA 5520 Appliance Content Security Edition Bundle

Includes CSC-SSM-10, 50-user antivirus/anti-spyware license with 1-year subscription service*, firewall services, 750 IPsec VPN peers, 2 SSL VPN peers, 4 Gigabit Ethernet interfaces, and 1 Fast Ethernet interface

Up to 500 users

ASA5520-CSC10-K9

Cisco ASA 5520 Appliance Content Security Edition Bundle

Includes CSC-SSM-20, 500-user antivirus/anti-spyware license with 1-year subscription service*, firewall services, 750 IPsec VPN peers, 2 SSL VPN peers, 4 Gigabit Ethernet interfaces, and 1 Fast Ethernet interface

Up to 1000 users

ASA5520-CSC20-K9

Optional Upgrade Licenses

Cisco ASA 5500 Series CSC-SSM-10 Plus license (adds URL filtering, content filtering, anti-phishing, anti-spam, 1-year subscription service1)

-

ASA-CSC10-PLUS=

Cisco ASA 5500 Series CSC-SSM-20 Plus license (adds URL filtering, content filtering, anti-phishing, anti-spam, 1-year subscription service1)

-

ASA-CSC20-PLUS=

Cisco ASA 5500 Series CSC-SSM-10 User License upgrades (total users2)

-

ASA-CSC10-USR-100=

ASA-CSC10-USR-250=

ASA-CSC10-USR-500=

Cisco ASA 5500 Series CSC-SSM-20 User License upgrades (total users2)

-

ASA-CSC20-USR-750=

ASA-CSC20-USR-1k=

1First year of subscription services is included in the base price of the product for the first year of service as measured from time of license registration. Customers are required to purchase hardware maintenance separately for an additional fee (e.g., Cisco SMARTnet® service or equivalent). This Cisco SMARTnet service fee is not included in the base price of the product for the first or subsequent years.
2The optional user license upgrades are absolute, relative to the base user license for each CSC-SSM model. A 250-user upgrade, for example, applied to a CSC-SSM-10 will increase the base 50-user license by an additional 200 users, resulting in a total of a 250-user capacity license.

For a complete list of all product part numbers, please see the Cisco ASA 5500 Series data sheet.

Table 2. Cisco ASA 5500 Series Orderable Components

Description

Part Number

Platforms

Cisco ASA 5510 Adaptive Security Appliance

ASA5510-BUN-K9

Cisco ASA 5520 Adaptive Security Appliance

ASA5520-BUN-K9

Cisco ASA 5540 Adaptive Security Appliance

ASA5540-BUN-K9

Services

Cisco ASA 5500 Series CSC-SSM-10 with 50-user antivirus/anti-spyware license, 1-year subscription service

ASA-SSM-CSC-10-K9=

Cisco ASA 5500 Series CSC-SSM-20 with 500-user antivirus/anti-spyware license, 1-year subscription service

ASA-SSM-CSC-20-K9=

For more information, please visit the following links:

• Cisco ASA 5500 Series: http://www.cisco.com/go/asa

• Cisco Adaptive Security Device Manager: http://www.cisco.com/go/asdm

• Cisco product certifications: http://www.cisco.com/go/securitycert

• Cisco technical support: http://www.cisco.com/en/US/products/svcs/ps3034/serv_category_home.html

• Cisco Advanced Services: http://www.cisco.com/en/US/products/svcs/ps2961/serv_category_home.html

Note: The Cisco ASA 5500 Series CSC-SSM includes embedded software and support from Trend Micro. Point of sale and registration data will be provided to both Cisco and Trend Micro.