When you click on links to various merchants on this site and make a purchase, this can result in this site earning a commission. Affiliate programs and affiliations include, but are not limited to, the eBay Partner Network.
Meet theindustry’s first adaptive, threat-focused next-generation firewall (NGFW)designed for a new era of threat and advanced malware protection. Cisco®ASAwith FirePOWER Services delivers integrated threat defense for the entireattack continuum - before, during, and after an attack. How? By combining theproven security capabilities of the Cisco ASA firewall with theindustry-leading Sourcefire®threat and Advanced MalwareProtection (AMP) features together in a single device. The solution uniquelyextends the capabilities of the Cisco ASA 5500-X Series Next-GenerationFirewalls beyond what today’s NGFW solutions are capable of. Whether you needprotection for a small or midsized business, a distributed enterprise, or asingle data center, Cisco ASA with FirePOWER Services provides the needed scaleand context in a NGFW solution.
Cisco ASA with FirePOWER Services brings distinctivethreat-focused next-generation security services to the Cisco ASA 5500-X SeriesNext-Generation Firewalls and Cisco ASA 5585-X Adaptive Security Appliancefirewall products. It provides comprehensive protection from known and advancedthreats, including protection against targeted and persistent malware attacks(Figure 1). Cisco ASA is the world’s most widely deployed, enterprise-classstateful firewall. Cisco ASA with FirePOWER Services features these comprehensivecapabilities:
●Site-to-site and remote access VPN andadvanced clustering provide highly secure, high-performance access and highavailability to help ensure business continuity.
●Granular Application Visibility andControl (AVC) supports more than 4,000 application-layer and risk-basedcontrols that can launch tailored intrusion prevention system (IPS) threatdetection policies to optimize security effectiveness.
●The industry-leading Cisco ASA withFirePOWER next-generation IPS (NGIPS) provides highly effective threatprevention and full contextual awareness of users, infrastructure,applications, and content to detect multivector threats and automate defenseresponse.
●Reputation- and category-based URLfiltering offer comprehensive alerting and control over suspicious web trafficand enforce policies on hundreds of millions of URLs in more than 80categories.
●AMP provides industry-leading breachdetection effectiveness, sandboxing, a low total cost of ownership, andsuperior protection value that helps you discover, understand, and stop malwareand emerging threats missed by other security layers.
Unprecedented Network Visibility
Cisco ASA with FirePOWER Services is centrally managed bythe Cisco Firepower Management Center (formerly known as Cisco FireSIGHTManagement Center), which provides security teams with comprehensive visibilityinto and control over activity within the network. Such visibility includesusers, devices, communication between virtual machines, vulnerabilities,threats, client-side applications, files, and web sites. Holistic, actionableindications of compromise (IoCs) correlate detailed network and endpoint eventinformation and provide further visibility into malware infections. Cisco’senterprise-class management tools help administrators reduce complexity withunmatched visibility and control across NGFW deployments. Cisco FirepowerManagement Center also provides content awareness with malware file trajectorythat aids infection scoping and root cause determination to speed time toremediation.
Cisco Security Manager provides scalable and centralizednetwork operations workflow management. It integrates a powerful suite ofcapabilities; including policy and object management, event management,reporting, and troubleshooting for Cisco ASA firewall functions when utilizingCisco Firepower Management Center.
For local, on-device management including deployments forsmall and midsized businesses, Cisco Adaptive Security Device Manager (ASDM)7.3.x provides, access control and advanced threat defense management. ASDM V7.3.x provides an enhanced user interface that provides quick views on trendsand the ability to drill down for further analysis.
Reduced Costs and Complexity
Cisco ASA with FirePOWER Services incorporates an integratedapproach to threat defense, reducing capital and operating costs andadministrative complexity. It smoothly integrates with the existing ITenvironment, work stream, and network fabric. The appliance family is highlyscalable, performs at up to multigigabit speeds, and provides consistent androbust security across branch, Internet edge, and data centers in both physicaland virtual environments.
With Cisco Firepower Management Center, administrators canstreamline operations to correlate threats, assess their impact, automaticallytune security policy, and easily attribute user identities to security events.Cisco Firepower Management Center continually monitors how the network ischanging over time. New threats are automatically assessed to determine whichones can affect your business. Responses are then focused on remediation andnetwork defenses are adapted to changing threat conditions. Critical securityactivities such as policy tuning are automated, saving time and effort, whileprotections and countermeasures are maintained in an optimal state.
Cisco Firepower Management Center integrates easily withthird-party security solutions through the eStreamer API to streamlineoperation workflows and fit existing network fabrics.
Table 1 highlights the best-in-class features and benefitsof Cisco ASA with FirePOWER Services.
Table 1.Featuresand Benefits of Cisco ASA with FirePOWER Services
Feature
Benefits
Next-generation firewall
Industry’s first threat-focused NGFW; provides ASA firewall functionality, advanced threat protection, and advanced breach detection and remediation combined in a single device
Proven ASA firewall
Rich routing, stateful firewall, Network Address Translation, and dynamic clustering for high-performance, highly secure, and reliable access with Cisco AnyConnect®VPN
Market-leading NGIPS
Superior threat prevention and mitigation for both known and unknown threats
Advanced malware protection
Detection, blocking, tracking, analysis, and remediation to protect the enterprise against targeted and persistent malware attacks
Full contextual awareness
Policy enforcement based on complete visibility of users, mobile devices, client-side applications, communication between virtual machines, vulnerabilities, threats, and URLs
Application control and URL filtering
Application-layer control (over applications, geolocations, users, websites) and ability to enforce usage and tailor detection policies based on custom applications and URLs
Enterprise-class management
Dashboards and drill-down reports of discovered hosts, applications, threats, and indications of compromise for comprehensive visibility
Streamlined operations automation
Lower operating cost and administrative complexity with threat correlation, impact assessment, automated security policy tuning, and user identification
Purpose-built, scalable
Highly scalable security appliance architecture that performs at up to multigigabit speeds; consistent and robust security across small office, branch offices, Internet edge, and data centers in either physical and virtual environments
On-device management
Simplifies advanced threat defense management for small and medium sized business with small scale deployments
Remote Access VPN
Extends secure corporate network access beyond corporate laptops to personal mobile devices, regardless of physical location; support for Cisco AnyConnect Secure Mobility Solution, with granular, application-level VPN capability, as well as native Apple iOS and Android VPN clients
Site-to-site VPN
Protect traffic, including VoIP and client-server application data, across the distributed enterprise and branch offices
Integrated wireless access
Integrated Wi-Fi is available in the desktop form factor (ASA 5506W-X) for compact and simplified small office deployments
Ruggedized form factor
A ruggedized model (ASA 5506H-X), designed specifically for extreme environmental conditions, is available for critical infrastructure and control network applications
Third-party technology ecosystem
Open API that enables the third-party technology ecosystem to integrate with existing customer work streams
Integration with Snort and OpenAppID
Open source security integration with Snort and OpenAppID for access to community resources and ability to easily customize security to address new and specific threats and applications quickly
Collective Security intelligence (CSI)
Unmatched security and web reputation intelligence provides real-time threat intelligence and security protection
PLEASE NOTE: This is for CISCO ASA-5506X (Specific versions may vary between v02 & v04)Popular Tutorials