Cisco ASA Next-Generation Firewall Services include security software customers can add to the Cisco ASA family of stateful inspection firewalls. These services allow customers to gain end-to-end network intelligence, streamline security operations, and quickly adopt new applications or connect unknown devices without compromising security.
Features and Capabilities
Cisco ASA Next-Generation Firewall Services add new capabilities, including Application Visibility and Control (AVC), Intrusion Prevention (IPS), and Web Security Essentials (WSE), to the ASA 5500-X Series. You can easily scale and manage these next-generation services with the Cisco Prime Security Manager, a centralized management application.
End-to-End Network Intelligence
The ASA Next-Generation Firewall delivers application and user ID awareness capabilities for enhanced visibility and control of network traffic. In addition, ASA Next-Generation Firewall Services help administrators to:
- Control specific behaviors within allowed micro-applications using AVC
- Restrict web and web application usage based on reputation of the site using WSE
- Proactively protect against Internet threats using Cisco Security Intelligence Operations (SIO)
- Enforce differentiated policies based on the user, device, role, application type, and threat profile
- Safeguard your business by supporting threat prevention capabilities using IPS
Granular Application Control
AVC recognizes more than 1200 applications and more than 150,000 micro-applications. As a result, you can enforce individual- and group-based access to specific components of an application while disabling others. You can also block port- and protocol-hopping applications and even block specific behaviors within micro-applications, for more effective security, while writing fewer policies.
Proactive, Intelligent Threat Protection
Using Cisco SIO, ASA Next-Generation Firewall Services gather threat intelligence feeds from nearly two million Cisco security devices worldwide, giving you near-real-time protection from zero-day threats. Cisco ASA Next-Generation Firewall Services uses these same feeds to enable reputation-based web security and IPS policies.
Many Devices, Total Control
With ASA Next-Generation Firewall Services, you can now confidently allow employees to use their personal mobile devices while maintaining high levels of network protection and control. Using Cisco AnyConnect, ASA Next-Generation Firewall Services identify the specific type of device attempting to gain access to the network, whether it is local or remote, and supports differentiated access policies based on this information.
In summary, the ASA Next-Generation Firewall Services can help you unify your network's security framework, accelerate business innovation, and proactively protect against new and emerging threats.
- Cisco 2014 Annual Security Report
Read breaking analysis with a global perspective into evolutionary threats.