End-to-End Network Intelligence and Control
Multifaceted, highly dynamic applications and bring-your-own-device (BYOD) workplaces have become the norm. And with them comes the challenge to balance productivity with security. A new approach is needed — without abandoning time-tested methods — to unify the network's security framework, accelerate business innovation, and proactively protect against new and emerging threats.
Learn about features and capabilities of Cisco ASA Next-Generation Firewall Services. (4:12 min)
Learn how Cisco ASA Next-Generation Firewall Services helps administrators make better security decisions. (2:52 min)
Features and Capabilities
Cisco ASA Next-Generation Firewall Services address these needs by adding next-generation capabilities, including Application Visibility and Control (AVC) and Web Security Essentials (WSE), to the industry's most proven stateful inspection firewall. The results are end-to-end network intelligence and streamlined security operations. And your organization can reap the productivity benefits of new applications and devices without compromising security.
End-to-End Network Intelligence
The ASA Next-Generation Firewall delivers application and user ID awareness capabilities for enhanced visibility and control of network traffic. In addition, ASA Next-Generation Firewall Services enable administrators to:
- Control specific behaviors within allowed micro-applications using AVC
- Restrict web and web application usage based on reputation of the site using WSE
- Proactively protect against Internet threats using Cisco Security Intelligence Operations (SIO)
- Enforce differentiated policies based on the user, device, role, and application type
Granular Application Control
Dynamic, multifaceted applications have blurred the line between legitimate business applications and those that can distract employees and misuse bandwidth. ASA Next-Generation Firewall Services include AVC to recognize over 1000 applications and more than 75,000 micro-applications.
As a result, administrators can enforce individual- and group-based access to specific components of an application while disabling others. They can also block port- and protocol-hopping applications for more effective security, while writing fewer policies. Specific behaviors can be blocked within allowed micro-applications for an additional layer of control.
Proactive, Intelligent Threat Protection
Using Cisco SIO, ASA Next-Generation Firewall Services gather threat intelligence feeds from nearly 2 million Cisco security devices worldwide. So you can get near-real-time protection from zero-day threats.
Cisco WSE uses these same feeds to enable reputation-based web application security policies. In addition, WSE enables robust content-based URL filtering with differentiated access policies based on user, group, device, and role.
Many Devices, Total Control
Workers want anywhere, anytime access to the network from a variety of business and personal mobile devices. With ASA Next-Generation Firewall Services, administrators can confidently allow these devices while maintaining high levels of network protection and control.
Using Cisco AnyConnect, ASA Next-Generation Firewall Services let you clearly see the specific type of device attempting to gain access to the network. It gives information on whether the device is located within the network or is attempting remote access, and supports differentiated access policies based on this information.
- Cisco 2013 Annual Security Report
Read breaking analysis with a global perspective into evolutionary threats.