Cisco crams multiple security boxes into appliance

Cisco Systems last month introduced a security appliance that rolls multiple services into a single box.

The aim is to make it easier for businesses to secure network borders.

Unveiled at the Interop 2005 conference in Las Vegas, the Adaptive Security Appliance (ASA) 5500 is designed to collapse VPN, firewall, Intrusion Prevention System (IPS), and other services into a single box. The device could help users deploy less security gear and make it easier to manage the detection and prevention of blocking worms, viruses, spyware and other unwanted network traffic.

The ASA 5500 series combines the functions of PIX firewalls, Cisco VPN 3000 Concentrators, Cisco IPS 4200 series appliances, and anti-virus and network quarantine technology based on Cisco’s Network Admission Control (NAC) multi-vendor effort.

The devices come in three models: the ASA 5510, 5520 and 5540, which support 300Mbps, 450Mbps and 650Mbps of security processing bandwidth, respectively. Cisco claims each device can move traffic at its maximum throughput rate with all services turned on — stateful firewall traffic inspection, SSL VPN and IPSec encryption and tunnel termination, as well as IPS functions.

The device runs a management application that allows users to administer multiple network security services from a single interface. Policies can more easily be pushed across VPN, firewall and IPS services running on the box. Users can also use this tool to configure anti-spyware, anti-virus and denial-of-service attack detection services, as well as singling out and controlling specific applications (such as Kazaa or other peer-to-peer applications).

The boxes are meant to sit at the edge of a corporate network, securing incoming and outgoing packet flows, as well as remote access VPN traffic. The devices could also reside in a corporate data centre, or on segments of a LAN, allowing administrators to restrict access to certain network assets, or for monitoring and securing internal traffic for malicious software.

Cisco said it plans to integrate the ASA technology into its Catalyst 6500 switch platform, as well as a service blade in its access routers. But the company did not give a road map for when this would happen.

“The benefit of this is obvious,” says Jayshree Ullal, senior vice-president of Cisco’s Security and Technology Group. “You don’t have to log in and out of firewalls and IDS devices,” and VPN gear. “You’re dealing with just one device.”

The Cisco ASA 5510 costs US$3,500, while the ASA 5520 costs US$8,000 and the ASA 5540 costs US$17,000. All products are available now.

QuickLink: 052920

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now