Cisco unveils security-product barrage at Cisco Live Conference

Includes a push into virtualising its ASA firewall,

Cisco's Advanced Malware Protection (AMP) technology, known as FireAMP, is already supported in its firewalls and e-mail gateways, but now the company is making AMP available as a standalone product.

That's just one of a slew of security announcements the company is making at this week's Cisco Live Conference.

The dedicated AMP for Networks appliances include the FirePOWER AMP8150 (up to 2Gbps performance) and AMP7150 (up to 500Mbps performance), a line of products that start at $48,000. Both of the new dedicated AMP appliances are designed to monitor and block malware, including zero-days, via Cisco's cloud-based content-inspection technology. But for Cisco customers that don't want to send their data off premises in this sandboxing process, Cisco has also come up with an on-premises option called the AMP Private Cloud Appliance that starts at $100,000.

+ ALSO ON NETWORK WORLD Cisco announces security service linked with new operations centers | Cisco details Sourcefire security-threat integration, integration, open-source direction +

The AMP Private Cloud appliance was created to meet the needs of organizations working under security and data-privacy rules that restrict where data can be transmitted. It will work the same way as the other AMP choices, such as collecting information from AMP endpoint connector agents for Windows, Mac OS X or Android.

"There's a synchronization mechanism to keep up with all the dynamic analysis, machine-learning and blacklists," said Marty Roesch, vice president and chief architect for Cisco's Security Business Group. AMP for Endpoints starts at $30 per user for enterprise deployments over 5,000 seats.

Cisco says it's also expanding how AMP works by including a search engine for threat analysis that lets the security manager perform forensics related to file and host names relative to the scope and containment of malware across an enterprise. In addition, AMP 5.3 has a "file extraction" capability that lets the security manager request that a host computer that has an AMP agent send up a copy of a file if it hasn't gone through the sandboxing analytics process to be inspected for malware. Cisco has also added a way to correlate "indicators of compromise" using AMP. In forensics, indictors of compromise point to the strong likelihood of specific compromise or intrusion into an enterprise network.

One Cisco customer, Dan Polly, vice president enterprise information security manager at First Financial Bank, says unknown threats and social engineering attacks, especially phishing attacks on employees, remain a key concern. First Financial Bank has deployed several security technologies, but AMP is considered an "anchor" of defense for the bank because its sandboxing approach "finds things traditional A/V can't," Polly says. First Financial expects to also look into the newer option Private Cloud option.

Cisco today also announced its intent to acquire ThreatGRID, the New York City-based security firm that offers malware analysis and threat intelligence technology, for an undisclosed price. Cisco said it's acquiring ThreatGRID to enhance Cisco's Advanced Malware Protection (AMP) products.

Cisco also made a push into virtualising its ASA firewall, saying the new software-based ASAv is designed to run on the VMware platform initially with plans to add support for KVM and Microsoft's HyperV. "Our goal is to make it hypervisor-agnostic," says Raja Patel, Cisco's senior director, cloud security and threat intelligence product management.

Patel says the virtualized ASAv firewall was built with RESTful APIs so it can be used to run in Cisco's Software-Defined Network data center environment or any SDN supporting RESTful APIs. The ASAv firewall is not oriented toward next-generation application filtering but is mainly port-based for flexibly firewalling virtualized workloads, for example in bursting environments. Cisco says it's possible to spin up virtual machines and leverage one to four cores to produce 2Gbps of performance per instance. The Cisco ASAv virtual firewall starts at $56,000.

Cisco also announced an updated version of the ASA 5585-X series that will now support 16-node clustering for up to 640Gbps throughput. It starts at $29,995. All of these products are available now, and by the end of next month, Cisco will be providing a free Cisco Validated Design guide for Cisco Secure Data Center that outlines planning and design architectures.

Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: emessmer@nww.com

Read more about wide area network in Network World's Wide Area Network section.

Tags ampsourcefireanti-malwareWide Area NetworkFirewall & UTM

Show Comments